Summary

This is a sample of Azure AZ-104 exam questions. The document contains multiple-choice and drag-and-drop questions related to Microsoft Azure load balancing, virtual networks, and network security groups.

Full Transcript

6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #76 Topic 5...

6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #76 Topic 5 DRAG DROP - You have an Azure subscription that contains the resources shown in the following table. You need to load balance HTTPS connections to vm1 and vm2 by using lb1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant-portal https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 381/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #77 Topic 5 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network In and Network Out. Does this meet the goal? A. Yes B. No Correct Answer: B Reference: https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection-monitor-in-all-public-regions/ Community vote distribution B (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 382/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #78 Topic 5 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a priority of 64999. Does this meet the goal? A. Yes B. No Correct Answer: B Reference: https://fastreroute.com/azure-network-security-groups-explained/ Community vote distribution B (96%) 4% https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 383/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #79 Topic 5 DRAG DROP - You have an Azure subscription that contains two on-premises locations named site1 and site2. You need to connect site1 and site2 by using an Azure Virtual WAN. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 384/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #80 Topic 5 HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. You have the virtual machines shown in the following table. You have the virtual network interfaces shown in the following table. Server1 is a DNS server that contains the resources shown in the following table. You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 385/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #81 Topic 5 You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.) No devices are connected to VNet1. You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16. You need to create the peering. What should you do first? A. Modify the address space of VNet1. B. Add a gateway subnet to VNet1. C. Create a subnet on VNet1 and VNet2. D. Configure a service endpoint on VNet2. Correct Answer: A The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq Community vote distribution A (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 386/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #82 Topic 5 You have the Azure virtual machines shown in the following table. VNET1 is linked to a private DNS zone named contoso.com that contains the records shown in the following table. You need to ping VM2 from VM1. Which DNS names can you use to ping VM2? A. comp2.contoso.com and comp4.contoso.com only B. comp1.contoso.com, comp2.contoso.com, comp3.contoso.com, and comp4.contoso.com C. comp2.contoso.com only D. comp1.contoso.com and comp2.contoso.com only E. comp1.contoso.com, comp2.contoso.com, and comp4.contoso.com only Correct Answer: B Reference: https://medium.com/azure-architects/exploring-azure-private-dns-be65de08f780 https://simpledns.plus/help/dns-record-types Community vote distribution C (97%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 387/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #83 Topic 5 HOTSPOT - You have a network security group (NSG) named NSG1 that has the rules defined in the exhibit. (Click the Exhibit tab.) NSG1 is associated to a subnet named Subnet1. Subnet1 contains the virtual machines shown in the following table. You need to add a rule to NSG1 to ensure that VM1 can ping VM2. The solution must use the principle of least privilege. How should you configure the rule? To answer, select the appropriate options in the answer area. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 388/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Reference: https://www.thomasmaurer.ch/2019/09/how-to-enable-ping-icmp-echo-on-an-azure-vm/ https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 389/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #84 Topic 5 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic. Does this meet the goal? A. Yes B. No Correct Answer: B Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site Community vote distribution B (100%) Question #85 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Session persistence to Client IP and protocol B. Protocol to UDP C. Session persistence to None D. Floating IP (direct server return) to Enabled Correct Answer: A Reference: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-distribution-mode?tabs=azure-portal Community vote distribution A (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 390/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #86 Topic 5 You have an Azure subscription that uses the public IP addresses shown in the following table. You need to create a public Azure Standard Load Balancer. Which public IP addresses can you use? A. IP1, IP2, and IP3 B. IP2 only C. IP3 only D. IP1 and IP3 only Correct Answer: C Matching SKUs are required for load balancer and public IP resources. You can't have a mixture of Basic SKU resources and standard SKU resources. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses Community vote distribution C (100%) Question #87 Topic 5 You have an Azure subscription. You are deploying an Azure Kubernetes Service (AKS) cluster that will contain multiple pods. The pods will use kubernet networking. You need to restrict network traffic between the pods. What should you configure on the AKS cluster? A. the Azure network policy B. the Calico network policy C. pod security policies D. an application security group Correct Answer: B Reference: https://docs.microsoft.com/en-us/azure/aks/use-network-policies Community vote distribution B (97%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 391/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #88 Topic 5 HOTSPOT - You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the VPN Gateway and subnets in the following table: Subnet1 contains a virtual appliance named VM1 that operates as a router. You create a routing table named RT1. You need to route all inbound traffic from the VPN gateway to VNet1 through VM1. How should you configure RT1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 392/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #89 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Enabled B. Floating IP (direct server return) to Disabled C. a health probe D. Session persistence to Client IP and Protocol Correct Answer: D With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer For Sticky Sessions set Session persistence to Client IP. On the following image you can see sticky session configuration: Note: There are several versions of this question in the exam. The question can have other incorrect answer options, including the following: 1. Idle Time-out (minutes) to 20 2. Protocol to UDP Reference: https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/ Community vote distribution D (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 393/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #90 Topic 5 HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table: VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections. Subnet1 and Subnet2 are in a virtual network named VNET1. The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules. NSG2 uses the default rules and the following custom incoming rule: ✑ Priority: 100 ✑ Name: Rule1 ✑ Port: 3389 ✑ Protocol: TCP ✑ Source: Any ✑ Destination: Any ✑ Action: Allow NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 394/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #91 Topic 5 You have an Azure subscription that contains two virtual machines named VM1 and VM2. You create an Azure load balancer. You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2. Which two additional load balancer resources should you create before you can create the load balancing rule? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. a frontend IP address B. an inbound NAT rule C. a virtual network D. a backend pool E. a health probe Correct Answer: DE Reference: https://docs.microsoft.com/en-us/azure/load-balancer/components Community vote distribution DE (83%) Other Question #92 Topic 5 You have an on-premises network that contains a database server named dbserver1. You have an Azure subscription. You plan to deploy three Azure virtual machines. Each virtual machine will be deployed to a separate availability zone. You need to configure an Azure VPN gateway for a site-to-site VPN. The solution must ensure that the virtual machines can connect to dbserver1. Which type of public IP address SKU and assignment should you use for the gateway? A. a basic SKU and a static IP address assignment B. a standard SKU and a static IP address assignment C. a basic SKU and a dynamic IP address assignment Correct Answer: C VPN gateway supports only Dynamic. Note: VPN gateway requires a public IP address for its configuration. A public IP address is used as the external connection point of the VPN. Specify in the values for Public IP address. These settings specify the public IP address object that gets associated to the VPN gateway. The public IP address is dynamically assigned to this object when the VPN gateway is created. The only time the Public IP address changes is when the gateway is deleted and re- created. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal Community vote distribution B (88%) 12% https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 395/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #93 Topic 5 HOTSPOT - You have the Azure virtual machines shown in the following table. VNET1, VNET2, and VNET3 are peered. VNET1 and VNET2 are linked to an Azure private DNS zone named contoso.com that contains the records shown in the following table. The virtual networks are configured to use the DNS servers shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Box 1: Yes - VM1 is in VNET1. In VNET1 Server1 resolves to 131.107.3.3 https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 396/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Box 2: No - VM2 is in VNET2. VNET2 uses custom DNS server 192.168.05 Box 3: Yes https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 397/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #94 Topic 5 HOTSPOT - You have two Azure virtual machines as shown in the following table. You create the Azure DNS zones shown in the following table. You perform the following actions: ✑ ‫׀‬¢‫ ¾׀‬fabrikam.com, you add a virtual network link to vnet1 and enable auto registration. ✑ For contoso.com, you assign vm1 and vm2 the Owner role. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Box 1: Yes - The DNS zone uses the Public IP address of vm1. Box 2: Yes - Fabrikam.com is a Private DNS zone. The private IP address is used. Note: The Azure DNS private zones auto registration feature manages DNS records for virtual machines deployed in a virtual network. When you link a virtual network with a private DNS zone with this setting enabled, a DNS record gets created for each virtual machine deployed in the virtual network. For each virtual machine, an A record and a PTR record are created. DNS records for newly deployed virtual machines are also automatically created in the linked private DNS zone. Note: If you use Azure Provided DNS then appropriate DNS suffix will be automatically applied to your virtual machines. For all other options you must either use Fully Qualified Domain Names (FQDN) or manually apply appropriate DNS suffix to your virtual machines. Box 3: Yes - https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 398/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Reference: https://docs.microsoft.com/en-us/azure/dns/dns-zones-records https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances Question #95 Topic 5 You have an on-premises datacenter and an Azure subscription. You plan to connect the datacenter to Azure by using ExpressRoute. You need to deploy an ExpressRoute gateway. The solution must meet the following requirements: ✑ Support up to 10 Gbps of traffic. ✑ Support availability zones. ✑ Support FastPath. ✑ Minimize costs. Which SKU should you deploy? A. ERGw1AZ B. ERGw2 C. ErGw3 D. ErGw3AZ Correct Answer: D ErGw3Az supports FastPath. The following table shows the features supported across each gateway type. Note: ExpressRoute virtual network gateways can use the following SKUs: Standard - HighPerformance - UltraPerformance - ErGw1Az - ErGw2Az - ErGw3Az - Reference: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways Community vote distribution D (61%) A (39%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 399/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #96 Topic 5 HOTSPOT - You have a virtual network named VNET1 that contains the subnets shown in the following table: You have Azure virtual machines that have the network configurations shown in the following table: For NSG1, you create the inbound security rule shown in the following table: For NSG2, you create the inbound security rule shown in the following table: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Box 1: Yes - The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433 from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule. Box 2: Yes - No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied. Box 3: Yes - https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 400/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 401/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #97 Topic 5 HOTSPOT - You have an Azure subscription named Subscription1. Subscription1 contains the virtual machines in the following table: Subscription1 contains a virtual network named VNet1 that has the subnets in the following table: VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3. You create a route table named RT1 that contains the routes in the following table: You apply RT1 to Subnet1 and Subnet2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: IP forwarding enables the virtual machine a network interface is attached to: ✑ Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface. Send network traffic with a different source IP address than the one assigned to one of a network interface's IP configurations. The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it. Box 1: Yes - The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 402/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Box 2: No - VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1. Box 3: Yes - The routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview https://www.quora.com/What-is-IP-forwarding Question #98 Topic 5 Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: ✑ A web app named webapp1 ✑ A virtual network named VNET1 You need to ensure that webapp1 can connect to Share1. What should you deploy? A. an Azure Application Gateway B. an Azure Active Directory (Azure AD) Application Proxy C. an Azure Virtual Network Gateway Correct Answer: C A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a VPN gateway, located on-premises that has an externally facing public IP address assigned to it. Incorrect Answers: B: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal Community vote distribution C (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 403/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #99 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. the Publish-AzVMDscConfiguration cmdlet B. Azure Application Insights C. Azure Custom Script Extension D. the New-AzConfigurationAssignement cmdlet Correct Answer: C Note: There are several versions of this question in the exam. The question has two correct answers: 1. a Desired State Configuration (DSC) extension 2. Azure Custom Script Extension The question can have other incorrect answer options, including the following: ✑ Deployment Center in Azure App Service ✑ a Microsoft Intune device configuration profile Reference: https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration Community vote distribution C (92%) 8% Question #100 Topic 5 Your on-premises network contains a VPN gateway. You have an Azure subscription that contains the resources shown in the following table. You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network. What should you configure? A. a network security group (NSG) B. service endpoints C. Azure Peering Service D. Azure Firewall Correct Answer: A Community vote distribution B (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 404/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #101 Topic 5 You plan to deploy route-based Site-to-Site VPN connections between several on-premises locations and an Azure virtual network. Which tunneling protocol should you use? A. IKEv1 B. PPTP C. IKEv2 D. L2TP Correct Answer: C A Site-to-Site (S2S) VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. IKEv2 supports 10 S2S connections, while IKEv1 only supports 1. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-classic-portal https://docs.microsoft.com/en- us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps Community vote distribution C (100%) Question #102 Topic 5 You have an Azure subscription that contains the resources shown in the following table. You configure Azure Site Recovery to replicate VM1 between the US East and West US regions. You perform a test failover of VM1 and specify VNET2 as the target virtual network. When the test version of VM1 is created, to which subnet will the virtual machine be connected? A. TestSubnet1 B. DemoSubnet1 C. RecoverySubnetA D. RecoverySubnetB Correct Answer: A Community vote distribution B (93%) 7% https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 405/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #103 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Protocol to UDP B. Session persistence to None C. Floating IP (direct server return) to Disabled D. Session persistence to Client IP Correct Answer: D Community vote distribution D (90%) 10% Question #104 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. the Publish-AzVMDscConfiguration cmdlet B. a Microsoft Endpoint Manager device configuration profile C. Deployment Center in Azure App Service D. a Desired State Configuration (DSC) extension Correct Answer: D Community vote distribution D (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 406/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #105 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Disabled B. Session persistence to Client IP C. Protocol to UDP D. Idle Time-out (minutes) to 20 Correct Answer: B Community vote distribution B (100%) Question #106 Topic 5 You have an Azure subscription that contains 20 virtual machines, a network security group (NSG) named NSG1, and two virtual networks named VNET1 and VNET2 that are peered. You plan to deploy an Azure Bastion Basic SKU host named Bastion1 to VNET1. You need to configure NSG1 to allow inbound access to the virtual machines via Bastion1. Which port should you configure for the inbound security rule? A. 22 B. 443 C. 389 D. 8080 Correct Answer: B Community vote distribution B (74%) A (26%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 407/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #107 Topic 5 HOTSPOT - Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table. You plan to migrate contoso.com to Azure. You create an Azure virtual network named VNET1 that has the following settings: Address space: 10.0.0.0/16 Subnet: o Name: Subnet1 o IPv4: 10.0.1.0/24 You need to move DC1 to VNET1. The solution must ensure that the member servers in contoso.com can resolve AD DS DNS names. How should you configure DC1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 408/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Correct Answer: Question #108 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Session persistence to None B. a health probe C. Session persistence to Client IP D. Idle Time-out (minutes) to 20 Correct Answer: C Community vote distribution C (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 409/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #109 Topic 5 You have an Azure subscription that contains the virtual networks shown in the following table. You need to deploy an Azure firewall named AF1 to RG1 in the West US Azure region. To which virtual networks can you deploy AF1? A. VNET1, VNET2, VNET3, and VNET4 B. VNET1 and VNET2 only C. VNET1 only D. VNET1, VNET2, and VNET4 only E. VNET1 and VNET4 only Correct Answer: C Community vote distribution C (70%) E (29%) Question #110 Topic 5 You have an on-premises network. You have an Azure subscription that contains three virtual networks named VNET1. VNET2. and VNET3. The virtual networks are peered and connected to the on-premises network. The subscription contains the virtual machines shown in the following table. You need to monitor connectivity between the virtual machines and the on-premises network by using Connection Monitor. What is the minimum number of connection monitors you should deploy? A. 1 B. 2 C. 3 D. 4 Correct Answer: B Community vote distribution B (77%) A (22%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 410/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #111 Topic 5 HOTSPOT - You plan to deploy the following Azure Resource Manager (ARM) template. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 411/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics For each of the following statements, select Yes if the statement is true. Otherwise, select No. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 412/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics NOTE: Each correct selection is worth one point. Correct Answer: Question #112 Topic 5 You have an Azure subscription that contains a storage account. The account stores website data. You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location. What should you configure? A. private endpoints B. Azure Firewall rules C. Routing preference D. load balancing Correct Answer: C Community vote distribution C (95%) 5% https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 413/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #113 Topic 5 You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1. You need to prevent VM1 from accessing VM2 on port 3389. What should you do? A. Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1. B. Configure Azure Bastion in VNet1. C. Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1. D. Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1. Correct Answer: A Community vote distribution A (89%) 11% Question #114 Topic 5 You have an Azure subscription that contains the resources shown in the following table. You need to manage outbound traffic from VNET1 by using Firewall1. What should you do first? A. Configure the Hybrid Connection Manager. B. Upgrade ASP1 to the Premium SKU. C. Create a route table. D. Create an Azure Network Watcher. Correct Answer: C Community vote distribution C (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 414/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #115 Topic 5 You have an Azure subscription that contains the resources shown in the following table. All the resources connect to a virtual network named VNet1. You plan to deploy an Azure Bastion host named Bastion1 to VNet1. Which resources can be protected by using Bastion1? A. VM1 only B. contoso.com only C. App1 and contoso.com only D. VM1 and contoso.com only E. VM1, App1, and contoso.com Correct Answer: A Community vote distribution A (98%) Question #116 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Session persistence to None B. a health probe C. Session persistence to Client IP and protocol D. Idle Time-out (minutes) to 20 Correct Answer: C Community vote distribution C (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 415/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #117 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. a health probe B. Floating IP (direct server return) to Enabled C. Session persistence to Client IP and protocol D. Protocol to UDP Correct Answer: C Community vote distribution C (100%) Question #118 Topic 5 You have an Azure subscription that contains 10 virtual machines and the resources shown in the following table. You need to ensure that Bastion1 can support 100 concurrent SSH users. The solution must minimize administrative effort. What should you do first? A. Resize the subnet of Bastion1 B. Configure host scaling. C. Create a network security group (NSG) D. Upgrade Bastion1 to the Standard SKU Correct Answer: D Community vote distribution D (77%) A (23%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 416/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #119 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Session persistence to Client IP and protocol B. Protocol to UDP C. Session persistence to None D. Floating IP (direct server return) to Disabled Correct Answer: A https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 417/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #120 Topic 5 DRAG DROP - You have a Windows 11 device named Device and an Azure subscription that contains the resources shown in the following table. Device1 has Azure PowerShell and Azure Command-Line Interface (CLI) installed. From Device1, you need to establish a Remote Desktop connection to VM1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 418/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #121 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Enabled B. Session persistence to Client IP C. Protocol to UDP D. Idle Time-out (minutes) to 20 Correct Answer: B Question #122 Topic 5 You have an Azure subscription that has the public IP addresses shown in the following table. You plan to deploy an Azure Bastion Basic SKU host named Bastion1. Which IP addresses can you use? A. IP1 only B. IP1 and IP2 only C. IP3, IP4, and IP5 only D. IP1, IP2, IP4, and IP5 only E. IP1, IP2, IP3, IP4, and IP5 Correct Answer: B Community vote distribution A (80%) B (20%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 419/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #123 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Disabled B. Floating IP (direct server return) to Enabled C. a health probe D. Session persistence to Client IP Correct Answer: D Question #124 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Enabled B. Idle Time-out (minutes) to 20 C. a health probe D. Session persistence to Client IP Correct Answer: D Community vote distribution D (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 420/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #125 Topic 5 You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a virtual machine named VM1 and a storage account named storage1. VM1 is associated to the resources shown in the following table. You need to move VM1 to Sub2. Which resources should you move to Sub2? A. VM1, Disk1, and NetInt1 only B. VM1, Disk1, and VNet1 only C. VM1, Disk1, and storage1 only D. VM1, Disk1, NetInt1, and VNet1 Correct Answer: D Community vote distribution D (94%) 6% Question #126 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Session persistence to Client IP and protocol B. Idle Time-out (minutes) to 20 C. Session persistence to None D. Floating IP (direct server return) to Enabled Correct Answer: A https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 421/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #127 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Disabled B. Idle Time-out (minutes) to 20 C. a health probe D. Session persistence to Client IP Correct Answer: D Community vote distribution D (100%) Question #128 Topic 5 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Session persistence to Client IP B. Idle Time-out (minutes) to 20 C. Session persistence to None D. Protocol to UDP Correct Answer: A https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 422/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #129 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. the Publish-AzVMDscConfiguration cmdlet B. a Microsoft Endpoint Manager device configuration profile C. Azure Application Insights D. a Desired State Configuration (DSC) extension Correct Answer: D Community vote distribution A (56%) D (44%) Question #130 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. Azure Custom Script Extension B. Deployment Center in Azure App Service C. the New-AzConfigurationAssignment cmdlet D. a Microsoft Endpoint Manager device configuration profile Correct Answer: A https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 423/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #131 Topic 5 You have an Azure subscription that contains a Recovery Services vault named Vault1. You need to enable multi-user authorization (MAU) for Vault1. Which resource should you create first? A. an administrative unit B. a managed identity C. a resource guard D. a custom Azure role Correct Answer: C Community vote distribution C (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 424/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #132 Topic 5 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You create an inbound security rule that allows any traffic from the AzureLoadBalancer source and has a priority of 150. Does this meet the goal? A. Yes B. No Correct Answer: A Community vote distribution A (76%) B (24%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 425/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #133 Topic 5 Your on-premises network contains a VPN gateway. You have an Azure subscription that contains the resources shown in the following table. You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network. What should you configure? A. Azure Application Gateway B. service endpoints C. Azure AD Application Proxy D. Azure Virtual WAN Correct Answer: B Community vote distribution B (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 426/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #134 Topic 5 You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit. (Click the Exhibit tab.) You need to enable Desired State Configuration for VM1. What should you do first? A. Connect to VM1. B. Start VM1. C. Capture a snapshot of VM1. D. Configure a DNS name for VM1. Correct Answer: B Community vote distribution B (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 427/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #135 Topic 5 HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. The subnets have the IP address spaces shown in the following table. You plan to create a container app named contapp1 in the East US Azure region. You need to create a container app environment named con-env1 that meets the following requirements: Uses its own virtual network. Uses its own subnet. Is connected to the smallest possible subnet. To which virtual networks can you connect con-env1, and which subnet mask should you use? To answer, select the appropriate options in the answer area. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 428/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics NOTE: Each correct selection is worth one point. Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 429/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #136 Topic 5 You have an Azure subscription that contains the virtual networks shown in the following table. All the virtual networks are peered. Each virtual network contains nine virtual machines. You need to configure secure RDP connections to the virtual machines by using Azure Bastion. What is the minimum number of Bastion hosts required? A. 1 B. 3 C. 9 D. 10 Correct Answer: B Community vote distribution A (65%) B (30%) 5% https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 430/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #137 Topic 5 HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. Each virtual machine contains only a private IP address. You create an Azure bastion for VNet1 as shown in the following exhibit. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 431/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 432/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 433/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #138 Topic 5 HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the subnets shown in the following table. The subscription contains the storage accounts shown in the following table. You create a service endpoint policy named Policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 434/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Correct Answer: Question #139 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. the New-AzConfigurationAssignment cmdlet B. Azure Application Insights C. the Publish-AzVMDscConfiguration cmdlet D. a Desired State Configuration (DSC) extension Correct Answer: D Community vote distribution D (100%) Question #140 Topic 5 You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1. You plan to create an Azure container instance named container1. You need to be able to configure DNS name label scope reuse for container1. What should you configure for container1? A. the private networking type B. the public networking type C. a new subnet on VNet1 D. a confidential SKU Correct Answer: B Community vote distribution B (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 435/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #141 Topic 5 HOTSPOT - You have the Azure virtual machines shown in the following table. VNET1, VNET2, and VNET3 are peered. VM4 has a DNS server that is authoritative for a zone named contoso.com and contains the records shown in the following table. The virtual networks are configured to use the DNS servers shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 436/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Correct Answer: Question #142 Topic 5 DRAG DROP - You have an Azure subscription that contains a resource group named RG1. You plan to create an Azure Resource Manager (ARM) template to deploy a new virtual machine named VM1. VM1 must support the capture of performance data. You need to specify resource dependencies for the ARM template. In which order should you deploy the resources? To answer, move all resources from the list of resources to the answer area and arrange them in the correct order. Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 437/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #143 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. a Desired State Configuration (DSC) extension B. a Microsoft Intune device configuration profile C. the Publish-AzVMDscConfiguration cmdlet D. the New-AzConfigurationAssignment cmdlet Correct Answer: A Community vote distribution A (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 438/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #144 Topic 5 You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. All the virtual machines have only private IP addresses. You deploy an Azure Bastion host named Bastion1 to VNet1. To which virtual machines can you connect through Bastion1? A. VM1 only B. VM1 and VM2 only C. VM1 and VM3 only D. VM1, VM2, and VM3 Correct Answer: B Community vote distribution B (72%) D (28%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 439/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #145 Topic 5 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. a Microsoft Intune device configuration profile B. a Desired State Configuration (DSC) extension C. Azure Application Insights D. Deployment Center in Azure App Service Correct Answer: D Community vote distribution B (100%) Question #146 Topic 5 You have an Azure subscription. You plan to migrate 50 virtual machines from VMware vSphere to the subscription. You create a Recovery Services vault. What should you do next? A. Configure an extended network. B. Create a recovery plan. C. Deploy an Open Virtualization Application (OVA) template to vSphere. D. Configure a virtual network. Correct Answer: D Community vote distribution D (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 440/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #147 Topic 5 HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. Each virtual network has 50 connected virtual machines. You need to implement Azure Bastion. The solution must meet the fallowing requirements: Support host scaling. Support uploading and downloading files. Support the virtual machines on both VNet1 and VNet2. Minimize the number of addresses on the Azure Bastion subnet. How should you configure Azure Bastion? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point. Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 441/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #148 Topic 5 You have an Azure subscription that contains the virtual networks shown in the following table. You need to ensure that all the traffic between VNet1 and VNet2 traverses the Microsoft backbone network. What should you configure? A. a private endpoint B. peering C. Express Route D. a route table Correct Answer: C Community vote distribution B (92%) 8% Question #149 Topic 5 You have the Azure virtual networks shown in the following table. Which virtual networks can you peer with VNet1? A. VNet2, VNet3, and VNet4 B. VNet2 only C. VNet3 and VNet4 only D. VNet2 and VNet3 only Correct Answer: B Community vote distribution C (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 442/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #150 Topic 5 You have an Azure subscription. You are creating a new Azure container instance that will have the following settings: Container name: cont1 SKU: Standard OS type: Windows Networking type: Public Memory (GiB): 2.5 Number of CPU cores: 2 You discover that the Private setting for Networking type is unavailable. You need to ensure that cont1 can be configured to use private networking. Which setting should you change? A. Memory (GiB) B. Networking type C. Number of CPU cores D. OS type E. SKU Correct Answer: B Community vote distribution D (56%) B (44%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 443/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Topic 6 - Question Set 6 Question #1 Topic 6 You have an Azure subscription that has a Recovery Services vault named Vault1. The subscription contains the virtual machines shown in the following table: You plan to schedule backups to occur every night at 23:00. Which virtual machines can you back up by using Azure Backup? A. VM1 and VM3 only B. VM1, VM2, VM3 and VM4 C. VM1 and VM2 only D. VM1 only Correct Answer: B Azure Backup supports backup of 64-bit Windows server operating system from Windows Server 2008. Azure Backup supports backup of 64-bit Windows 10 operating system. Azure Backup supports backup of 64-bit Ubuntu Server operating system from Ubuntu 12.04. Azure Backup supports backup of VM that are shutdown or offline. Reference: https://docs.microsoft.com/en-us/azure/backup/backup-support-matrix-iaas https://docs.microsoft.com/en-us/azure/virtual- machines/linux/endorsed-distros Community vote distribution B (100%) Question #2 Topic 6 You have an Azure subscription that contains a virtual machine named VM1. You plan to deploy an Azure Monitor alert rule that will trigger an alert when CPU usage on VM1 exceeds 80 percent. You need to ensure that the alert rule sends an email message to two users named User1 and User2. What should you create for Azure Monitor? A. an action group B. a mail-enabled security group C. a distribution group D. a Microsoft 365 group Correct Answer: A Community vote distribution A (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 444/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #3 Topic 6 You have the Azure virtual machines shown in the following table: You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first? A. Create a new Recovery Services vault B. Create a storage account C. Configure the extensions for VM3 and VM4 D. Create a new backup policy Correct Answer: A A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services Reference: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replicatio Community vote distribution A (100%) https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 445/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #4 Topic 6 HOTSPOT - You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table. You plan to monitor storage1 and to configure email notifications for the signals shown in the following table. You need to identify the minimum number of alert rules and action groups required for the planned monitoring. How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 446/555 6/18/24, 1:06 AM AZ-104 Exam - Free Actual Q&As, Page 1 | ExamTopics Question #5

Use Quizgecko on...
Browser
Browser