Win IT Exam with Last Dumps 2024


Microsoft AZ-104 Exam

Page 33/55
Viewing Questions 321 330 out of 549 Questions
60.00%

Question 321
HOTSPOT
-
You have an Azure subscription that contains the container images shown in the following table.
AZ-104_321Q_1.png related to the Microsoft AZ-104 Exam
You plan to use the following services:
• Azure Container Instances
• Azure Container Apps
• Azure App Service
In which services can you run the images? To answer, select the options in the answer area.
NOTE: Each correct answer is worth one point.
AZ-104_321Q_2.png related to the Microsoft AZ-104 Exam
Image AZ-104_321R.png related to the Microsoft AZ-104 Exam

Question 322
You have an Azure AD tenant named contoso.com.
You have an Azure subscription that contains an Azure App Service web app named App1 and an Azure key vault named KV1. KV1 contains a wildcard certificate for contoso.com.
You have a user named [email protected] that is assigned the Owner role for App1 and KV1.
You need to configure App1 to use the wildcard certificate of KV1.
What should you do first?
A. Create an access policy for KV1 and assign the Microsoft Azure App Service principal to the policy.
B. Assign a managed user identity to App1.
C. Configure KV1 to use the role-based access control (RBAC) authorization system.
D. Create an access policy for KV1 and assign the policy to User1.

Question 323
You have an Azure subscription.
You plan to deploy the resources shown in the following table.
AZ-104_323Q.png related to the Microsoft AZ-104 Exam
You need to create a single Azure Resource Manager (ARM) template that will be used to deploy the resources.
Which resource should be added to the dependsOn section for VM1?
A. VNET1
B. NIC1
C. IP1
D. NSG1

Question 324
You have an Azure subscription.
You create the following Azure Resource Manager (ARM) template named Template.json.
AZ-104_324Q.png related to the Microsoft AZ-104 Exam
You need to deploy Template.json.
Which PowerShell cmdlet should you run from Azure Cloud Shell?
A. New-AzSubscriptionDeployment
B. New-AzManagementGroupDeployment
C. New-AzResourceGroupDeployment
D. New-AzTenantDeployment

Question 325
You have an Azure subscription that contains a resource group named RG1.
You plan to create a storage account named storage1.
You have a Bicep file named File1.
You need to modify File1 so that it can be used to automate the deployment of storage1 to RG1.
Which property should you modify?
A. kind
B. scope
C. sku
D. location


Question 326
HOTSPOT
-
Your company purchases a new Azure subscription.
You create a file named Deploy.json as shown in the following exhibit.
AZ-104_326Q_1.png related to the Microsoft AZ-104 Exam
You connect to the subscription and run the following cmdlet.
New-AzDeployment -Location westus -TemplateFile “deploy.json”
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
AZ-104_326Q_2.png related to the Microsoft AZ-104 Exam
Image AZ-104_326R.png related to the Microsoft AZ-104 Exam

Question 327
HOTSPOT -
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.
AZ-104_327Q_1.png related to the Microsoft AZ-104 Exam
You need to recommend a networking solution to meet the following requirements:
- Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
- Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_327Q_2.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_327R.jpg related to the Microsoft AZ-104 Exam
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

Question 328
Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter.
You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered.
You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters.
What should you create?
A. three Azure Application Gateways and one On-premises data gateway
B. three virtual hubs and one virtual WAN
C. three virtual WANs and one virtual hub
D. three On-premises data gateways and one Azure Application Gateway
Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about

Question 329
HOTSPOT -
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_329Q.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_329R.jpg related to the Microsoft AZ-104 Exam
Box 1: 5 -
A public and a private IP address can be assigned to a single network interface.
Box 2: 1 -
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-addresses

Question 330
You have an Azure subscription that contains the resources shown in the following table.
AZ-104_330Q_1.png related to the Microsoft AZ-104 Exam
LB1 is configured as shown in the following table.
AZ-104_330Q_2.png related to the Microsoft AZ-104 Exam
You plan to create new inbound NAT rules that meet the following requirements:
- Provide Remote Desktop access to VM1 from the internet by using port 3389.
- Provide Remote Desktop access to VM2 from the internet by using port 3389.
What should you create on LB1 before you can create the new inbound NAT rules?
A. a frontend IP address
B. a load balancing rule
C. a health probe
D. a backend pool