Win IT Exam with Last Dumps 2024


Microsoft AZ-104 Exam

Page 36/55
Viewing Questions 351 360 out of 549 Questions
65.45%

Question 351
HOTSPOT -
You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.
AZ-104_351Q_1.png related to the Microsoft AZ-104 Exam
Subscription1 contains the virtual machines in the following table.
AZ-104_351Q_2.png related to the Microsoft AZ-104 Exam
In Subscription1, you create a load balancer that has the following configurations:
- Name: LB1
- SKU: Basic
- Type: Internal
- Subnet: Subnet12
- Virtual network: VNET1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_351Q_3.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_351R.jpg related to the Microsoft AZ-104 Exam
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview

Question 352
HOTSPOT -
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
- Name: VM1
- Location: West US
- Connected to: VNET1
- Private IP address: 10.1.0.4
- Public IP addresses: 52.186.85.63
- DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
AZ-104_352Q_1.png related to the Microsoft AZ-104 Exam
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_352Q_2.png related to the Microsoft AZ-104 Exam
Image AZ-104_352R.png related to the Microsoft AZ-104 Exam
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

Question 353
DRAG DROP -
You have an on-premises network that you plan to connect to Azure by using a site-so-site VPN.
In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16 VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24.
You need to create a site-to-site VPN to Azure.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choice is correct. You will receive credit for any of the correct orders you select.
Select and Place:
AZ-104_353Q.png related to the Microsoft AZ-104 Exam
Image AZ-104_353R.png related to the Microsoft AZ-104 Exam

Question 354
You have an Azure subscription that contains the resources in the following table.
AZ-104_354Q_1.png related to the Microsoft AZ-104 Exam
VM1 and VM2 are deployed from the same template and host line-of-business applications.
You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit tab.)
AZ-104_354Q_2.jpg related to the Microsoft AZ-104 Exam
You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?
A. Disassociate the NSG from a network interface
B. Change the Port_80 inbound security rule.
C. Associate the NSG to Subnet1.
D. Change the DenyWebSites outbound security rule.
You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

Question 355
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
A. Move VM1 to Subscription2.
B. Move VNet1 to Subscription2.
C. Modify the IP address space of VNet2.
D. Provision virtual network gateways.
The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.
Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.
The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal


Question 356
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
AZ-104_356Q_1.png related to the Microsoft AZ-104 Exam
The planned disk configurations for VM1 are shown in the following exhibit.
AZ-104_356Q_2.jpg related to the Microsoft AZ-104 Exam
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Use managed disks
B. OS disk type
C. Availability options
D. Size
E. Image
A: Your VMs should use managed disks if you want to move them to an Availability Zone by using Site Recovery.
C: When you create a VM for an Availability Zone, Under Settings > High availability, select one of the numbered zones from the Availability zone dropdown.
AZ-104_356E.png related to the Microsoft AZ-104 Exam
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone

Question 357
HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.
AZ-104_357Q_1.png related to the Microsoft AZ-104 Exam
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_357Q_2.png related to the Microsoft AZ-104 Exam
Image AZ-104_357R.png related to the Microsoft AZ-104 Exam
Box 1: RG1, RG2, or RG3 -
The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored.
Box 2: West US only -
Note: Virtual machine scale sets will support 2 distinct orchestration modes:
ScaleSetVM - Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle - creation, update, deletion - is managed by the scale set.
VM (virtual machines) - Virtual machines created outside of the scale set can be explicitly added to the scaleset.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

Question 358
HOTSPOT -
You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3.
Peering for VNET1 is configured as shown in the following exhibit.
AZ-104_358Q_1.png related to the Microsoft AZ-104 Exam
Peering for VNET2 is configured as shown in the following exhibit.
AZ-104_358Q_2.png related to the Microsoft AZ-104 Exam
Peering for VNET3 is configured as shown in the following exhibit.
AZ-104_358Q_3.png related to the Microsoft AZ-104 Exam
How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_358Q_4.png related to the Microsoft AZ-104 Exam
Image AZ-104_358R.png related to the Microsoft AZ-104 Exam
Box 1. VNET2 and VNET3 -
Box 2: VNET1 -
Gateway transit is disabled.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Question 359
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet the goal?
A. Yes
B. No
Instead export the client certificate from Computer1 and install the certificate on Computer2.
Note:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

Question 360
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You join Computer2 to Azure Active Directory (Azure AD).
Does this meet the goal?
A. Yes
B. No
A client computer that connects to a VNet using Point-to-Site must have a client certificate installed.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site