Win IT Exam with Last Dumps 2024


Microsoft AZ-104 Exam

Page 41/55
Viewing Questions 401 410 out of 549 Questions
74.55%

Question 401
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?



Use the Connection Monitor feature of Azure Network Watcher.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Question 402
DRAG DROP -
You have an Azure subscription that contains the resources shown in the following table.
AZ-104_402Q_1.png related to the Microsoft AZ-104 Exam
You need to load balance HTTPS connections to vm1 and vm2 by using lb1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-104_402Q_2.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_402R.jpg related to the Microsoft AZ-104 Exam



Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant-portal

Question 403
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Monitor, you create a metric on Network In and Network Out.
Does this meet the goal?



Reference:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection-monitor-in-all-public-regions/

Question 404
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
AZ-104_404Q.jpg related to the Microsoft AZ-104 Exam
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a priority of 64999.
Does this meet the goal?



Reference:
https://fastreroute.com/azure-network-security-groups-explained/

Question 405
DRAG DROP -
You have an Azure subscription that contains two on-premises locations named site1 and site2.
You need to connect site1 and site2 by using an Azure Virtual WAN.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-104_405Q.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_405R.jpg related to the Microsoft AZ-104 Exam



Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal


Question 406
HOTSPOT -
You have an Azure subscription that contains the virtual networks shown in the following table.
AZ-104_406Q_1.png related to the Microsoft AZ-104 Exam
You have the virtual machines shown in the following table.
AZ-104_406Q_2.png related to the Microsoft AZ-104 Exam
You have the virtual network interfaces shown in the following table.
AZ-104_406Q_3.png related to the Microsoft AZ-104 Exam
Server1 is a DNS server that contains the resources shown in the following table.
AZ-104_406Q_4.png related to the Microsoft AZ-104 Exam
You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.
AZ-104_406Q_5.png related to the Microsoft AZ-104 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_406Q_6.png related to the Microsoft AZ-104 Exam
Image AZ-104_406R.png related to the Microsoft AZ-104 Exam




Question 407
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)
AZ-104_407Q.png related to the Microsoft AZ-104 Exam
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?



The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq

Question 408
You have the Azure virtual machines shown in the following table.
AZ-104_408Q_1.png related to the Microsoft AZ-104 Exam
VNET1 is linked to a private DNS zone named contoso.com that contains the records shown in the following table.
AZ-104_408Q_2.png related to the Microsoft AZ-104 Exam
You need to ping VM2 from VM1.
Which DNS names can you use to ping VM2?



Reference:
https://medium.com/azure-architects/exploring-azure-private-dns-be65de08f780
https://simpledns.plus/help/dns-record-types

Question 409
HOTSPOT -
You have a network security group (NSG) named NSG1 that has the rules defined in the exhibit. (Click the Exhibit tab.)
AZ-104_409Q_1.jpg related to the Microsoft AZ-104 Exam
NSG1 is associated to a subnet named Subnet1. Subnet1 contains the virtual machines shown in the following table.
AZ-104_409Q_2.png related to the Microsoft AZ-104 Exam
You need to add a rule to NSG1 to ensure that VM1 can ping VM2. The solution must use the principle of least privilege.
How should you configure the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_409Q_3.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_409R.jpg related to the Microsoft AZ-104 Exam



Reference:
https://www.thomasmaurer.ch/2019/09/how-to-enable-ping-icmp-echo-on-an-azure-vm/

Question 410
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic.
Does this meet the goal?



Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site