13

Questions and Answers

Match the actions needed to report costs for each department in order:

Assign a tag to each resource. = This action helps organize resources with metadata. From the Cost analysis blade, filter the view by tag. = This helps you analyze the costs associated with tagged resources. Download the usage report. = This action gives you a comprehensive overview in a downloadable format.

Where can you find the cost breakdown and burn rate in Azure?

In the Subscriptions blade (correct)

In the Azure DevOps portal

In the Resource groups blade

In the Cost analysis blade (correct)

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satis¬es the requirements.Your company has an azure subscription that includes a storage account, a resource group, a blob container and a ¬le share.A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Virtual Machine blade. Does the solution meet the goal?

False

Does the solution meet the goal by accessing the Container blade?

False

Which action should you take to resize a virtual machine in an availability set?

You should stop all three VMs.

What should you do first to attach a data disk to another Azure VM?

Stop the VM that includes the data disk.

What should you do to associate each VM with its respective department?

Assign tags to the virtual machines.

Accessing the multi-factor authentication page to alter user settings meets the goal to require Multi-Factor Authentication for the Global Administrators group.

False

What value should you configure for the platformFaultDomainCount property to ensure maximum availability?

Max Value

What value should you configure for the platformUpdateDomainCount property to ensure maximum VM accessibility?

20

Altering the session control of the Azure AD conditional access policy meets the goal to require Multi-Factor Authentication and an Azure AD-joined device.

False

Altering the grant control of the Azure AD conditional access policy meets the goal to require Multi-Factor Authentication and an Azure AD-joined device.

True

What is one method to achieve password protection in an ARM template?

Use Key Vault to store the password.

Which cmdlet should you use to create the virtual machine with a particular trusted root certification authority?

The Create-AzVM cmdlet.

Which PowerShell cmdlet uploads a generalized VHD to Azure?

Add-AzVhd

You can access VirtualNetworkB from a Windows 10 workstation after configuring virtual network peering?

False

Reconfiguring the existing usage model via the Azure portal allows new employees to use Multi-Factor Authentication.

False

Reconfiguring the existing usage model via the Azure CLI allows new employees to use Multi-Factor Authentication.

False

Does choosing the Allow gateway transit setting on VirtualNetworkA solve the connectivity issue?

False

Creating a new Multi-Factor Authentication provider with backup from the existing provider data meets the goal.

True

Match the following roles with their descriptions:

User Access Administrator = Has full access to all resources including delegation Logic App Contributor = Can manage logic apps but not access them Contributor = Can manage all resources and add resources DevTest Labs User = Can connect, start, restart, and shutdown virtual machines in Azure DevTest Labs

Using Active Directory Sites and Services to force replication of the Global Catalog on a domain controller meets the goal。

False

Restarting the NetLogon service on a domain controller can replicate user information to Azure AD immediately.

False

Which Azure storage redundancy option should you recommend for geo-clustered site resiliency?

Read-only geo-redundant storage

What should you do to ensure that 10 users can use all the Azure AD Premium features?

From the Licenses blade of Azure AD, assign a license

What should you do first to ensure an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent?

Deploy the IT Service Management Connector (ITSM)

What should you configure in Azure AD to add a user named [email protected] as an administrator on all computers joined to the Azure AD domain?

Device settings from the Devices blade

Running the Start-ADSyncSyncCycle -PolicyType Initial cmdlet meets the goal of replicating user information immediately to Azure AD.

True

The DevTest Labs User role allows the Developers group to create Azure logic apps in the Dev resource group.

False

Assigning the Contributor role to the Developers group enables them to create Azure logic apps in the Dev resource group.

True

What type of DNS record should you create to ensure Azure can verify the domain name contoso.com?

MX

From Azure AD in the Azure portal, you use the Bulk create user operation to create a guest user account in contoso.com for each of the 500 external users. Does this meet the goal?

No

You create a PowerShell script that runs the New-AzureADMSInvitation cmdlet for each external user. Does this meet the goal?

Yes

What should you do first to ensure access to AKS1 can be granted to the contoso.com users?

From contoso.com, create an OAuth 2.0 authorization endpoint.

Which two groups should you create for granting access to a temporary Microsoft SharePoint document library named Library1 that will be deleted automatically after 180 days?

A Microsoft 365 group that uses the Assigned membership type

Which resources can you move to a new Azure subscription named AZPT2?

VM1, storage1, VNET1, VM1Managed, and RVAULT1

What should you do to ensure Admin1 can deploy a Marketplace resource successfully?

From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet

What should you do from the user account properties to assign the User administrator administrative role to AdminUser1?

From the Directory role blade, modify the directory role

Does the solution of choosing the Allow gateway transit setting on VirtualNetworkB meet the goal of establishing a connection to VirtualNetworkB from the Windows 10 workstation?

No

Does the solution of downloading and re-installing the VPN client configuration package on the Windows 10 workstation meet the goal?

Yes

What should you configure to provide remote workers access to the VMs on VNet1?

Configure a Point-to-Site (P2S) VPN

Does setting an HTTP health probe on port 1433 meet the goal of configuring an Azure internal load balancer as a listener for an availability group?

No

Does setting Session persistence to Client IP meet the goal of configuring an Azure internal load balancer as a listener for the availability group?

No

Does enabling Floating IP meet the goal of configuring an Azure internal load balancer as a listener for the availability group?

Yes

What should you do to configure two Azure VMs with static internal IP addresses?

Run the Set-AzureStaticVNetIP PowerShell cmdlet

What is the least amount of network interfaces needed to deploy five VMs, each with both a public and private IP address?

5

What is the least amount of security groups needed for five virtual machines if inbound and outbound security rules must be identical?

1

Which of the following statements is true regarding recovering files from a VM infected with ransomware?

You can only recover the files to the infected VM

Which actions should you take when restoring a VM infected with data encrypting ransomware?

Restore the VM to any VM within the company's subscription

Which tool should you use to find the cause of performance issues on Azure infrastructure?

Azure Monitor

Which of the following VMs can you back up using Azure Backup? Choose all that apply.

VMs that have been shut down

Does creating a PowerShell script that runs the New-AzureADUser cmdlet for each external user meet the goal of creating guest user accounts in Azure AD?

No

Study Notes

Azure Resource Management and Administration

• Tags can be used to associate Virtual Machines (VMs) with their respective departments within a resource group in Azure.
• Multi-Factor Authentication (MFA) is required for Global Administrators accessing Azure AD from untrusted locations; this can be enforced through Conditional Access policies.

Conditional Access Policies

• Modifying user settings on the MFA page does not meet the requirements for implementing Conditional Access.
• Altering the grant control in the Azure portal can satisfy the policy requirements for Global Administrators under certain configurations.

VM Deployment

• To deploy an Ubuntu Server VM with a custom trusted root CA, the Create-AzVM cmdlet is utilized along with a Cloud-Init file.
• Using az vm create with the --custom-data parameter allows for specialized VM setups.

Multi-Factor Authentication Usage Models

• Existing usage models in MFA cannot be changed directly; creating a new provider and reactivating previously existing servers is essential after acquiring new companies or staff.
• The "Per Enabled User" setting is required to accommodate new employees under the MFA requirement.

Azure AD Sync and User Replication

• The Start-ADSyncSyncCycle -PolicyType Initial cmdlet triggers immediate replication of user accounts from on-premises Active Directory to Azure AD.
• Forced replication using Active Directory Sites and Services does not directly achieve Azure AD user synchronization.

Azure Storage Redundancy Options

• Read-only geo-redundant storage (RA-GRS) enables data access from secondary locations, offering increased availability for critical data during regional outages.
• Various storage options include locally redundant, zone-redundant, geo-redundant, and read-only geo-redundant, with RA-GRS being suitable for specific geographic resilience requirements.

Reviewing Azure Resource Manager (ARM) Templates

• To review an ARM template used for deployment, the Resource Group blade must be accessed rather than the Virtual Machine blade to gain insights about the deployment history.
• Successfully navigating through deployment history allows for reviewing the template utilized during the deployment process.### Azure Resource Manager (ARM) Templates and Deployment
• Deployment reviews require access to the Resource Group blade, not the Container blade, to examine used ARM templates.
• ARM templates standardize deployment and management of Azure resources, enhancing efficiency.

Virtual Machines and Availability Sets

• When resizing VMs in an availability set, all VMs must be stopped to avoid allocation failure due to dependency on the same physical hardware cluster.
• Each availability set can support various fault and update domains which help maintain VM accessibility during maintenance or failure.

Fault and Update Domains

• The platformFaultDomainCount property should be set to the maximum value permitted by the region to ensure high availability during fabric failures.
• The platformUpdateDomainCount property can be configured up to 20 update domains to manage concurrent reboots during updates.

Virtual Machine Data Disk Operations

• Detaching a data disk from one VM to attach it to another requires the original VM to be stopped first to minimize downtime.

Custom Scripts and Automation

• Implementing PowerShell scripts via SetupComplete.cmd can automate configuration tasks post-VM deployment.
• Custom Script Extensions can also be used to run scripts that modify VMs after deployment.

Uploading and Using VM Images

• The Add-AzVhd cmdlet is used to upload generalized on-premises VM images to Azure storage for future deployments.

Azure Virtual Network Peering

• Configuring VPN gateway transit settings is essential for ensuring connectivity across peered virtual networks; adjustments may be needed for point-to-site connections.

VPN Client Configuration

• To troubleshoot connectivity issues from a Windows workstation to an Azure virtual network, downloading and reinstalling the VPN client configuration package can resolve access problems.

Remote Access for Users

• Ensuring remote workers have access to VMs in an Azure virtual network requires correct configurations and potentially further adjustments to firewall settings and network gateways.### Remote Worker Access
• Configure a Point-to-Site (P2S) VPN gateway for secure connections to a virtual network from individual client computers.
• P2S VPN is suitable for remote workers needing secure access to organizational resources.

SQL Server Always On Availability Group

• Configuring an Azure internal load balancer as a listener requires correct health probes and session settings.
• An HTTP health probe on port 1433 does not meet the goal.
• Setting session persistence to Client IP also fails to satisfy the requirements.
• Enabling Floating IP is a correct solution for configuring the listener.

Static Internal IPs for VMs

• To set static internal IPs for Azure virtual machines, use the Set-AzureStaticVNetIP PowerShell cmdlet.
• Ensure that you remove any existing static IP before assigning a new one.

Network Interfaces and Security Groups Needed

• Deploying five virtual machines (VMs) with public and private IPs requires only one network interface.
• The same configuration can be achieved with just one security group for identical inbound and outbound rules across VMs.

Azure Backup and Ransomware Recovery

• Files from a VM infected with ransomware can only be recovered to the infected VM.
• For full VM restore operations, restoring to any VM within the subscription is allowed after addressing the ransomware infection.

Performance Monitoring in Azure

• Azure Monitor is the recommended tool for analyzing metrics related to performance issues within Azure infrastructure.
• Metrics stored in Azure Monitor are optimized for real-time alerting and performance detection.

Backup Compatibility with Azure Recovery Services

• Azure Backup can back up VMs running Windows 10, Windows Server 2012 or higher, and Debian 8.2+.
• Both shut down and actively running VMs can be backed up.

Azure Active Directory External User Management

• Creating guest user accounts for external users requires the New-AzureADMSInvitation cmdlet instead of New-AzureADUser cmdlet.
• Bulk creation through the Azure portal does not satisfy the requirement for inviting external users.

Role Assignment for Load Balancer Management

• Assign the Network Contributor role to administrators for managing internal and public load balancers while adhering to the principle of least privilege.

Granting Access to Azure Kubernetes Service

• To enable user access to an Azure Kubernetes Service (AKS) cluster, initial modifications must be made to the organizational relationships settings in Azure Active Directory.

Description

Prepare for the AZ-104 exam with this set of expert-verified practice questions. This quiz covers various topics including virtual machines and departmental management. Test your knowledge and boost your confidence before the exam!