AZ-104 Practice Test Questions

319 Questions


Topic 5: Mix Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?


A. Yes


B. No





B.   No

Explanation: The Logic App Operator role only grants the ability to read, enable, disable, and run logic apps. It does not grant the ability to create logic apps. To create logic apps, you need to assign the Logic App Contributor role or a higher-level role such as Owner or Contributor. Then, References: [Built-in roles for Azure resources] [Azure Logic Apps permissions and access control]

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.


A. a Security group that uses the Assigned membership type


B. an Office 365 group that uses the Assigned membership type


C. an Office 365 group that uses the Dynamic User membership type


D. a Security group that uses the Dynamic User membership type


E. a Security group that uses the Dynamic Device membership type





B.   an Office 365 group that uses the Assigned membership type

C.   an Office 365 group that uses the Dynamic User membership type

Explanation:
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?


A. Create an PTR record named research in the adatum.com zone.


B. Create an NS record named research in the adatum.com zone.


C. Modify the SOA record of adatum.com.


D. Create an A record named *. research in the adatum.com zone





B.   Create an NS record named research in the adatum.com zone.

You have an Azure subscription that contains the resource groups shown in the following table.






You have an Azure subscription that contains an Azure Storage account named storageaccount1.
You export storageaccount1 as an Azure Resource Manager template. The template contains the following sections.






You plan to move a distributed on-premises app named App1 to an Azure subscription.
After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create?


A. one virtual machine scale set that has 10 virtual machines instances


B. one Availability Set that has three fault domains and one update domain


C. one Availability Set that has 10 update domains and one fault domain


D. one virtual machine scale set that has 12 virtual machines instances





D.   one virtual machine scale set that has 12 virtual machines instances

Explanation:
A virtual machine scale set is a group of identical virtual machines that are automatically distributed across fault domains and update domains in one or more placement groups1. A fault domain is a logical group of underlying hardware that share a common power source and network switch, and a failure in one fault domain will not affect virtual machines in other fault domains2. An update domain is a logical group of underlying hardware that can undergo maintenance or be rebooted at the same time3.

By creating a virtual machine scale set with 12 instances, you can ensure that App1 has high availability and scalability. You can configure the scale set to have a minimum number of instances that must always be running, and a maximum number of instances that can be scaled up or down based on demand or a schedule. You can also configure the scale set to use automatic OS image upgrades, which will apply updates to the virtual machines in batches, ensuring that at least one instance is always running during the upgrade process.

You have two Azure virtual machines as shown in the following table.






You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine
Task2: Validate outbound connectivity from an Azure virtual machine to an external host
Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.






You have an Azure subscription that contains a virtual machine named VM1.
To VM1, you plan to add a 1-TB data disk that meets the following requirements:
• Provides data resiliency in the event of a datacenter outage.
• Provides the lowest latency and the highest performance.
• Ensures that no data loss occurs if a host fails.
You need to recommend which type of storage and host caching to configure for the new data disk.






You have a Microsoft Entra tenant that contains the groups shown in the following table.






Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?


A. Yes


B. No





B.   No

Explanation:
No, this does not meet the goal. Unregistering the Microsoft.ClassicNetwork provider does not affect the creation of network security groups (NSGs) in the subscription. The Microsoft.ClassicNetwork provider is used for managing classic deployment model resources, such as virtual networks, network interfaces, and public IP addresses1. However, NSGs are only supported for Resource Manager deployment model resources2. Therefore, unregistering the Microsoft.ClassicNetwork provider will not automatically block TCP port 8080 between the virtual networks.

To meet the goal, you need to create a custom policy definition that enforces a default security rule for NSGs. A policy definition is a set of rules and actions that Azure performs when evaluating your resources3. You can use a policy definition to specify the required properties and values for NSGs, such as the direction, protocol, source, destination, and port of the security rule. You can then assign the policy definition to the subscription scope, so that it applies to all the resource groups and virtual networks in the subscription.

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?


A. The App Service plan for WebApp1 moves to North Europe. Po1icy2 applies to WebApp1.


B. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.


C. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.


D. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.





B.   The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.


Page 11 out of 27 Pages
Previous