Advance Your Career by Using Online AZ-104 Dumps

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Network Contributor role at the subscription level to Admin1.

Does this meet the goal?

2. You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each request.

What should you configure?

3. You have an Azure Storage account named storage1.

You plan to use AzCopy to copy data to storage1.

You need to identify the storage services in storage1 to which you can copy the data.

What should you identify?

4. HOTSPOT

You have a virtual network named VNETI that contains the subnets shown in the following table.





You have Azure virtual machines that have the network configurations shown in the following table.





For NSG2, you create the inbound security rule shown in the following table.





For NSG2, you create the inbound security rule shown in the following table.





For each of the following statements, select Yes If the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point

5. HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.

You install and configure a web server and a DNS server on VM1.

VM1 has the effective network security rules shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

6. You have an Azure subscription that contains a storage account named storage1. The storage 1 account contains a container named container! You need to configure access to container 1.

The solution must meet the following requirements:

• Only allow read access

• Allow both HTTP and HTTPS protocols.

• Apply access permissions to all the content in the container

What should you use?

7. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table





In Azure Cloud Shell, you need to create a virtual machine by using an Azure Resource Manager (ARM) template.

How should you complete the command? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.

8. DRAG DROP

You have a Microsoft Entra tenant.

You need to ensure that when a new Microsoft 365 group is created, the group name is automatically formatted as follows:

.

Which three actions should you perform in sequence in the Microsoft Entra admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

9. You have an Azure subscription that contains the resources shown in the following table.





You need to manage outbound traffic from VNET1 by using Firewall1.

What should you do first?

10. You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

11. You have an Azure subscription named Subscription1 that contains the resources shown in the following table.





You create virtual machines in Subscription1 as shown in the following table.





You plan to use Vault1 for the backup of as many virtual machines as possible.

Which virtual machines can be backed up to Vault1?

12. You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements.

Which storage account should you identify?

13. You have an Azure subscription that contains the resources shown in the following table.





The Not allowed resource types Azure policy that has policy enforcement enabled is assigned to RG1 and uses the following parameters:

Microsoft.Network/virtualNetworks

Microsoft.Compute/virtualMachines

In RG1, you need to create a new virtual machine named VM2 which is connected toVNET1.

What should you do first?

14. You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.

A user named User1 has the following roles for Subscription1:

• Reader

• Security Admin

• Security Reader

You need to ensure that User1 can assign the Reader role for VNet1 to other users.

What should you do?

15. You have an Azure subscription named Subscription 1 and an on-premises deployment of Microsoft System Center Service Manager Subscription! contains a virtual machine named VM1.

You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.

What should you do first?

16. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:

• Name: LB1

• Type: Internal

• SKU: Standard

• Virtual network: VNET1

You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.

Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.

Does this meet the goal?

17. Your on-premises network contains an SMB share named Share1.

You have an Azure subscription that contains the following resources:

A web app named webapp1

A virtual network named VNET1

You need to ensure that webapp1 can connect to Share1.

What should you deploy?

18. You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARMIjson.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the VM1 Redeploy + reapply blade, you select Redeploy.

Does this meet the goal?

19. HOTSPOT

You need to implement the planned changes for User1.

Which roles should you assign to User1, and for which resources? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You assign a built-in policy definition to the subscription.

Does this meet the goal?

21. HOTSPOT

You have an Azure subscription

You plan to deploy a new storage account

You need to configure encryption for the account

The solution must meet the following requirements

• Use a customer-managed key stored in an key vault

• Use the maximum supported bit length.

Which type of key and which bit length should you use?

22. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: From Azure AD in the Azure portal, you use the Bulk create user operation.

Does this meet the goal?

23. HOTSPOT

You have an Azure subscription that has the Azure container registries shown in the following table.





You plan to use ACR Tasks and configure endpoint connections.

24. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, those questions will not appear in the review screen.

You have a Microsoft Entra tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk create user operation.

Does this meet the goal?

25. You have an Azure subscription that hat Traffic Analytics configured.

You deploy a new virtual machine named VM1 that has the following settings:

• Region- East US

• Virtual network: VNet1

• NIC network security group: NSG1

You need to monitor VM1 traffic by using Traffic Analytics.

Which settings should you configure?

26. You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.

VNet1 is in a resource group named RG1.

Subscription1 has a user named User1.

User1 has the following roles;

• Reader

• Security Admin

• Security Reader

You need to ensure that User1 can assign the Reader role for VNet1 to other users.

What should you do?

27. HOTSPOT

You have an Azure subscription that contains a storage account named storage1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named contoso.com that syncs to an on-premises Active Directory domain.

The domain contains the security principals shown in the following table.





In Azure AD, you create a user named User2.

The storage1 account contains a file share named share1 and has the following configurations.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

28. You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com.

What should you do first?

29. You have the Azure virtual machines shown in the following table.





You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services.

What should you do first?

30. You have an Azure subscription that contains the resources in the following table.





To which subnets can you apply NSG1?

31. HOTSPOT

You have an Azure Active Directory tenant named Contoso.com that includes following users:





Contoso.com includes following Windows 10 devices:





You create following security groups in Contoso.com:





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

32. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a Power Shell script that runs the New-MgUser cmdlet for each user.

Does this meet the goal?

33. HOTSPOT

You have a Microsoft Entra tenant that contains the groups shown in the following table.





The tenant contains the users shown in the following table.





Which users and groups can you delete? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

34. You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.





Adatum.com contains the users shown in the following table.





You assign the Azure AD Premium P2 license to Group l and User4.

Which users are assigned the Azure AD Premium P2 license?

35. HOTSPOT

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

36. HOTSPOT

You plan to use Azure Network Watcher to perform the following tasks:

- Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine

- Task2: Validate outbound connectivity from an Azure virtual machine to an external host

Which feature should you use for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

37. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.





The subscription contains the virtual machines shown in the following table.





Each virtual machine contains only a private IP address.

You create an Azure bastion for VNet1 as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

38. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure container registry named Registry1 that contains an image named image1. You receive an error message when you attempt to deploy a container instance by using image1. You need to be able to deploy a container instance by using image1.

Solution: You create a private endpoint connection for Registry1.

Does this meet the goal?

39. You have an Azure Storage account named storage1.

You need to enable a user named User1 to list and regenerate storage account keys for storage1.

Solution: You assign the Storage Account Contributor role to User1.

Does this meet the goal?

40. HOTSPOT

You have an Azure subscription that contains a virtual network named VNET in the East Us 2 region. A network interface named VM1-NI is connected to VNET1.

You successfully deploy the following Azure Resource Manager template.

41. You have an Azure Resource Manager that is used to deploy an Azure virtual machine.

Template1 contains the following text:





The variables section in Template1 contains the following text:

"location": "westeurope"

The resources section in Template1 contains the following text:





You need to deploy the virtual machine to the West US location by using Template1.

What should you do?

42. You have an Azure subscription that contains a storage account named storage.

You have the devices shown in the following table.





From which devices can you use AzCopy to copy data to storage1?

43. HOTSPOT

You have an Azure subscription.

You plan to deploy a storage account named storage' by using the following Azure Resource Manager (ARM) template.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

44. Topic 5, mix Ques



HOTSPOT

You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1.

VM1 has the following configurations:

✑ Subnet: 10.0.0.0/24

✑ Availability set: AVSet

✑ Network security group (NSG): None

✑ Private IP address: 10.0.0.4 (dynamic)

✑ Public IP address: 40.90.219.6 (dynamic)

You deploy a standard, Internet-facing load balancer named slb 1.

You need to configure slb1 to allow connectivity to VM 1.

Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription.

Does this meet the goal?

46. You have an Azure subscription named Subscription1.

Subscription1 contains the resource groups in the following table.





RG1 has a web app named WebApp1. WebApp1 is located in West Europe.

You move WebApp1 to RG2.

What is the effect of the move?

47. You have an Azure subscription that has a Recovery Services vault named Vault 1.

The subscription contains the virtual machines shown in the following table.





You plan to schedule backups to occur every night at 23:00.

Which virtual machines can you back up by using Azure Backup?

48. HOTSPOT

You have an Azure subscription. The subscription contains a virtual machine that runs Windows 10.

You need to join the virtual machine to an Active Directory domain.

How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

49. You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated to Subnet1, NSG1 on default rules.

You need to create a rule in NSG1 to prevent the hosts on Subnet1 from connecting to the azure portal. The hosts must be able to connect to other …

To what should you set Destination in the rule?

50. You have an Azure subscription that contains a storage account named storage 1.

You need to allow access to storage1 from selected networks and your home office. The solution must minimize administrative effort.

What should you do first for storage1?

51. HOTSPOT

You have an Azure subscription that contains a user named User1 and the resources shown in the following table.





NSG1 is associated to networkinterface1.

User1 has role assignments tor NSG1 as shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point.

52. You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.

You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

What should you create to store the password?

53. DRAG DROP

You have a windows 11 device named Device1 and an Azure subscription that contains the resources shown in the following table.





Device 1 has Azure PowerShell and Azure Command-Line Interface (CLI) installed.

From Device1, you need to establish a Remote Desktop connection to VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

54. You have an Azure subscription that contains a resource group named RG26.

RG26 is sot to the West Europe location and is used to create temporary resources for a project.

RG26 contains the resources shown in the following table.





SQLD01 is backed up to RGV1.

When the project is complete, you attempt to delete RG26 from the Azure portal. The deletion fails.

You need to delete RG26.

What should you do first?

55. You have an Azure subscription that contains an Azure Stream Analytics job named Job1.

You need to monitor input events for Job1 to identify the number of events that were NOT processed.

Which metric should you use?

56. You have an Azure subscription that contains eight virtual machines and the resources shown in the

following table.





You need to configure access for VNEI1.

The solution must meet the following requirements:

• The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone.

• The virtual machines connected to VNETl must be able to access storage1. Storage2, and Microsoft Entra ID by using the Microsoft backbone.

What is the minimum number of service endpoints you should add to VNET1?

57. You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

58. HOTSPOT

You have an Azure Storage accounts as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

59. You have an Azure AD tenant that is linked to 10 Azure subscriptions.

You need to centrally monitor user activity across all the subscriptions.

What should you use?

60. HOTSPOT

You have an Azure subscription that contains the vaults shown in the following table.





You create a storage account that contains the resources shown in the following table.





To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.

61. You have an Azure subscription that has the public IP addresses shown in the following table.





You plan to deploy an Azure Bastion Basic SKU host named Bastion1.

Which IP addresses can you use for Bastion1?

62. You have an Azure virtual network named VNetl that contains the following settings:

• IPv4 address space: 172.16.10.0/24

• Subnet name: Subnetl

• Subnet address range: 172.16.10.0/25

What is the maximum number of virtual machines that can connect to Subnetl?

63. HOTSPOT

You need to configure Azure Backup to back up the file shares and virtual machines.

What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

64. You have an Azure subscription that contains a resource group named RG1.

You plan to create a storage account named storage1.

You have a Bicep file named File1.

You need to modify File1 so that it can be used to automate the deployment of storage1 to RG1.

Which property should you modify?

65. HOTSPOT

You have two Azure virtual machines as shown in the following table.





You create the Azure DNS zones shown in the following table.





You perform the following actions:

To fabrikam.com, you add a virtual network link to vnet1 and enable auto registration.

For contoso.com, you assign vm1 and vm2 the Owner role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worm one point.

66. You implement the planned changes for Scope1.

You need to ensure that Scope1 meets the technical requirements.

What can you encrypt by using Scope1?

67. HOTSPOT

You have a Microsoft Entra user named User1 and a read-access geo-redundant storage (RA-GRS)

account named contoso2023.

You need to meet the following requirements:

• User1 must be able to write blob data to contoso2023.

• The contoso2023 account must fail over to its secondary endpoint.

Which two settings should you configure? To answer, select the appropriate settings in the answer area. NOTE Each correct selection is worth one point.

68. You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the following table.





You need to provide internet users with access to the applications that run in Cluster1.

Which IP address should you include in the DNS record for Ousted?

69. You have two Azure subscriptions named Sub1 and Sub2 that are linked to separate Microsoft Entra tenants.

You have the virtual networks shown in the following table.





You have two Azure subscriptions named Sub1 and Sub2 that are linked to separate Microsoft Entra tenants.

You have the virtual networks shown in the following table.

Which virtual networks can you peer with VNet1?

70. HOTSPOT

You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.

The subscription contains the virtual machines shown in the following table.

VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)





The Microsoft. Storage service endpoint has the service endpoint policy shown in the Microsoft. Storage exhibit. (Click the Microsoft. Storage tab.)





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

71. Topic 3, Contoso Ltd



Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.



Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

✑ File servers

✑ Domain controllers

✑ Microsoft SQL Server servers



Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.



You have a public-facing application named App 1.

App1 is comprised of the following three tiers:

✑ A SQL database

✑ A web front end

✑ A processing middle tier



Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.



Requirements

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

✑ Move all the tiers of App1 to Azure.

✑ Move the existing product blueprint files to Azure Blob storage.

✑ Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.



Technical Requirements

Contoso must meet the following technical requirements:

✑ Move all the virtual machines for App1 to Azure.

✑ Minimize the number of open ports between the App1 tiers.

✑ Ensure that all the virtual machines for App1 are protected by backups.

✑ Copy the blueprint files to Azure over the Internet.

✑ Ensure that the blueprint files are stored in the archive storage tier.

✑ Ensure that partner access to the blueprint files is secured and temporary.

✑ Prevent user passwords or hashes of passwords from being stored in Azure.

✑ Use unmanaged standard storage for the hard disks of the virtual machines.

✑ Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

✑ Minimize administrative effort whenever possible.



User Requirements

Contoso identifies the following requirements for users:

✑ Ensure that only users who are part of a group named Pilot can join devices to Azure AD.

✑ Designate a new user named Admin1 as the service administrator of the Azure subscription.

✑ Ensure that a new user named User3 can create network objects for the Azure subscription.



You need to meet the user requirement for Admin1.

What should you do?

72. HOTSPOT

Your company purchases a new Azure subscription.

You create a file named Deploy json as shown in the following exhibit





You connect to the subscription and run the following cmdlet:

New-AzDeployment -Location westus -TemplateFile “deploy.json”"

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

73. You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.

What should you do?

74. You are configuring Azure AD authentication for an Azure Storage account named storage1.

You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege.

Which two roles should you assign to Group1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

75. You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARMIjson.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the VM1 Updates blade, select One-time update.

Does this meet the goal?

76. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft Entra tenant named Adatum.com and an Azure Subscription named Subscription1. Adatum.com contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Dev, you assign the Logic App Contributor role to the Developers group.

Does this meet the goal?

77. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?

78. You create an App Service plan named plan1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for plan1.

What should you do first?

79. You have an Anne container registry named Registry1 that contains an image named image1.

You receive an error message when you attempt to deploy a container instance by using image1.

You need to be able to deploy a container instance by using image1.

Solution: You assign the AcrPull role to ACR-Tasks-Network for Registry1.

Does this meet the goal?

80. HOTSPOT

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

81. HOTSPOT

You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD tenant.

The tenant contains a user named User1, a security group named Group1, and a management group named MG1. User1 is a member of Group1.

Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five Azure functions.

You create the following role assignments for MG1:

• Group1: Reader

• User1: User Access Administrator

You assign User1 the Virtual Machine Contributor role for Sub1 and Sub2.

You assign User1 the Contributor role for RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

82. You have an Azure subscription that contains a user named User1.

You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.

Which role-based access control (RBAC) role should you assign to User1?

83. You have an Azure App Service app named App1 that contains two running instances.

You have an auto scale rule configured as shown in the following exhibit.





For the Instance limits scale condition setting, you set Maximum to 5.

During a 30-minute period, App1 uses 80 percent of the available memory.

What is the maximum number of instances for App1 during the 30-minute period?

84. HOTSPOT

You plan to use Azure Network Watcher to perform the following tasks:

Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine

Task2: Validate outbound connectivity from an Azure virtual machine to an external host

Which feature should you use for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

85. You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

86. You have the Azure virtual machines shown in the following table.





A DNS service is installed on VM1.

You configure the DNS server’s settings for each virtual network as shown in the following exhibit





You need to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM 1.

What should you do?

87. You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.

Which cmdlet should you run to deploy the template?

88. HOTSPOT

Peering for VNET2 is configured as shown in the following exhibit.





Peering for VNET3 is configured as shown in the following exhibit.





How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

89. HOTSPOT

You have an Azure subscription that contains the resource groups shown in the following table.





RG1 contains the resources shown in the following table.





RG2 contains the resources shown in the following table.





You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.

Which resources should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

90. HOTSPOT

You manage two Azure subscriptions named Subscription 1 and Subscription2.

Subscription! has following virtual networks:





The virtual networks contain the following subnets:





Subscnption2 contains the following virtual network:

- Name: VNETA

• Address space: 10.10.128.0/17

• Region: Canada Central

VNETA contains the following subnets:





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

91. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:

• Name: LB1

• Type: Internal

• SKU: Standard

• Virtual network: VNET1

You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.

Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.

Does this meet the goal?

92. You have a Recovery Services vault named RSV1. RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14 days.

RSV1 performs daily backups of VM1. VM1 hosts a static website that was updated eight days ago.

You need to recover VM1 to a point eight days ago. The solution must minimize downtime.

What should you do first?

93. You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.

VM1 hosts a frontend application that connects to VM2 to retrieve data.

Users report that the frontend application is slower than usual.

You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.

Which Azure Network Watcher feature should you use?

94. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a Power Shell script that runs the New-MgUser cmdlet for each user.

Does this meet the goal?

95. HOTSPOT

You purchase a new Azure subscription named Subscription1.

You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.

You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

96. HOTSPOT

You need to implement the planned changes for the new containers.

Which Azure services can you use for each image? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

97. You have an Azure Storage account named storage1.

For storage 1. you create an encryption scope named Scope1.

Which storage types can you encrypt by using Scope1?

98. You create an Azure Storage account.

You plan to add 10 blob containers to the storage account.

For one of the containers, you need to use a different key to encrypt data at rest.

What should you do before you create the container?

99. HOTSPOT

You have an Azure subscription that has offices in the East US and West US Azure regions.

You plan to create the storage account shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

100. HOTSPOT

You have Azure subscriptions named Subscription1 and Subscription2.

Subscription1 has following resource groups:





RG1 includes a web app named App1 in the West Europe location.

Subscription2 contains the following resource groups:





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

101. Topic 6, Datum Corporation New Case Study



Overview

A. Datum Corporation is a consulting firm that has a main office in Montreal and branch offices in Seattle and New York.



Azure Environment

A. Datum has an Azure subscription that contains three resource groups named RG1. RG2, and RG3.

The subscription contains the storage accounts shown in the following table.







The subscription .contains the virtual machines shown in the following table.







The subscription has an Azure container registry that contains the images shown in the following table.







The subscription contains the resources shown in the following table.







The subscription contains an Azure key vault named Vaultl.

Vault! contains the certificates shown in the following table.







Vaultl contains the keys shown in the following table.







Microsoft Entra Environment

A. Datum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.



The lenant contains the groups shown in the following table.







The adatum.com tenant has a custom security attribute named Attribute1.



Planned Changes

A. Datum plans to implement the following changes:

• Configure a data collection rule {DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.

• In storage1, create a new container named cont2 that has the following access policies:

o Three stored access policies named Stored 1, Stored2, and Stored3

o A legal hold for immutable blob storage

• Whenever possible, use directories to organize storage account content.

• Grant User1 the permissions required to link Zone1 to VNet1.

• Assign Attribute1 to supported adatum.com resources.

• In storage2, create an encryption scope named Scope"1.

• Deploy new containers by using Image1 or Image2.



Technical Requirements

A. Datum must meet the following technical requirements:

• UseTLSforWebApp1.

• Follow the principle of least privilege.

• Grant permissions at the required scope only.

• Ensure that Scope1 is used to encrypt storage services.

• Use Azure Backup to back up cont1 and share1 as frequently as possible.

• Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.



You need to implement the planned changes for DCR1.

Which type of query should you use?

A. WQL

B. T-SQL

C. XPath

D. KQL

102. HOTSPOT

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

103. HOTSPOT

You have an Azure subscription that contains the storage accounts shown in the following table.





You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier.

What should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.

104. Yon have an Azure Storage account named storage1 that contains a blob container named comainer1. You need to prevent new content added to contalner1 from being modified for one year.

What should you configure?

105. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.

Connections to App1 are managed by using an Azure Load Balancer.

The effective network security configurations for VM2 are shown in the following exhibit.





You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.

You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.

Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule.

Does this meet the goal?

106. You have an Azure subscription that contains multiple virtual machines in the West US Azure region.

You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.

Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

107. You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

108. HOTSPOT

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

109. DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.





You need to load balance HTTPS connections to vm1 and vm2 by using Ib1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

110. You plan to create an Azure Storage account named storage1 that will contain a file share named share1.

You need to ensure that share! can support SMB Multichannel. The solution must minimize costs.

How should you configure storage1?

111. You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.

You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

112. You have an Azure App Service app named Appl that contains two running instances.

You have an auto scale rule configured as shown in the following exhibit





For the instance limits stale condition setting, you set Maximum to 5.

During a 30-minute period. Appl uses 60 percent of the available memory.

What is the maximum number of instances tor Appl during the 30-minute pefiod:

113. You have an Azure subscription.

The subscription contains a storage account named storage1 that has the lifecycle management rules shown in the following table.





On June 1, you store a blob named File1 in the Hot access tier of storage1.

What is the state of File1 on June 7?

114. You have an Azure subscription that contains the resources shown in the following table.





You need to create a network interface named NIC1.

In which location can you create NIC1?