Win IT Exam with Last Dumps 2024


Microsoft AZ-104 Exam

Page 55/55
Viewing Questions 541 549 out of 549 Questions
100.00%

Question 541
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
A. Diagram in VNet1
B. Diagnostic settings in Azure Monitor
C. Diagnose and solve problems in Traffic Manager profiles
D. The security recommendations in Azure Advisor
E. IP flow verify in Azure Network Watcher
Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen,
IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Question 542
You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort.
What should you do?
A. Create an NSG and associate the NSG to VM1 and VM4.
B. Establish peering between VNET1 and VNET3.
C. Assign VM4 an IP address of 10.0.1.5/24.
D. Create a user-defined route from VNET1 to VNET3.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Question 543
HOTSPOT -
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_543Q.png related to the Microsoft AZ-104 Exam
Image AZ-104_543R.png related to the Microsoft AZ-104 Exam
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see
Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
- Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the
VNet.
- Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
- Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
- Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
AZ-104_543E.jpg related to the Microsoft AZ-104 Exam
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn

Question 544
HOTSPOT -
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_544Q.jpg related to the Microsoft AZ-104 Exam
Image AZ-104_544R.jpg related to the Microsoft AZ-104 Exam
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
AZ-104_544E.png related to the Microsoft AZ-104 Exam
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
- A SQL database
- A web front end
- A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server

Question 545
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
- A SQL database
- A web front end
- A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.


Question 546
HOTSPOT -
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_546Q.png related to the Microsoft AZ-104 Exam
Image AZ-104_546R.jpg related to the Microsoft AZ-104 Exam
Box 1: No -
NSG2 blocks RDP to VM2 -
Box 2: Yes -
ICMP is not blocked -
Box 3: No -
NSG2 blocks RDP from VM2 -
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

Question 547
You need to add VM1 and VM2 to the backend pool of LB1.
What should you do first?
A. Connect VM2 to VNET1/Subnet1.
B. Redeploy VM1 and VM2 to the same availability zone.
C. Redeploy VM1 and VM2 to the same availability set.
D. Create a new NSG and associate the NSG to VNET1/Subnet1.
VM1 is already in VNET1/Subnet1.
VM2 is on VNET1/Subnet2, and must be moved to VNET1/Subnet1.
Note:
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
AZ-104_547E.png related to the Microsoft AZ-104 Exam
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-internal-portal

Question 548
You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.
What should you do?
A. Create a user-defined route from VNET1 to VNET3.
B. Create an NSG and associate the NSG to VM1 and VM4.
C. Assign VM4 an IP address of 10.0.1.5/24.
D. Establish peering between VNET1 and VNET3.

Question 549
HOTSPOT -
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-104_549Q.png related to the Microsoft AZ-104 Exam
Image AZ-104_549R.png related to the Microsoft AZ-104 Exam