Exam Logo

Microsoft (AZ-104) Exam Questions And Answers page 19

You plan to use Azure Network Watcher to perform the following tasks:

• Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
• Task2: Validate outbound connectivity from an Azure virtual machine to an external host.

Which feature should you use for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Monitor and back up Azure resources Configure and manage virtual networks in Azure
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:

• Subnet: 10.0.0.0/24
• Availability set: AVSet
• Network security group (NSG): None
• Private IP address: 10.0.0.4 (dynamic)
• Public IP address: 40.90.219.6 (dynamic)

You deploy a standard, Internet-facing load balancer named slb1.

You need to configure slb1 to allow connectivity to VM1.

Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Deploy and manage virtual machines (VMs) Configure and manage virtual networks in Azure
Your company has an Azure subscription that includes a number of Azure virtual machines (VMs), which are all part of the same virtual network.

Your company also has an on-premises Hyper-V server that hosts a VM, named VM1, which must be replicated to Azure.

Which of the following objects that must be created to achieve this goal? Answer by dragging the correct option from the list to the answer area.

Deploy and manage virtual machines (VMs) Deploy and manage virtual machines (VMs) in Azure
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription.

You want to implement an Azure AD conditional access policy.

The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.

Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.

Does the solution meet the goal?
Manage Azure identities and governance Manage identities and governance in Azure
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

• A virtual network that has a subnet named Subnet1
• Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
• A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections

NSG-Subnet1 has the default inbound security rules only.

NSG-VM1 has the default inbound security rules and the following custom inbound security rule:

• Priority: 100
• Source: Any
• Source port range: *
• Destination: *
• Destination port range: 3389
• Protocol: UDP
• Action: Allow

VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.

Does this meet the goal?
Deploy and manage virtual machines (VMs) Configure and manage virtual networks in Azure
You have an Azure subscription that contains two virtual machines named VM1 and VM2.

You create an Azure load balancer.

You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2.

Which two additional load balancer resources should you create before you can create the load balancing rule? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.
Deploy and manage virtual machines (VMs) in Azure Configure and manage virtual networks in Azure
You have an Azure File sync group that has the endpoints shown in the following table.


Cloud tiering is enabled for Endpoint3.

You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.

On which endpoints will File1 and File2 be available within 24 hours of adding the files? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Implement and manage storage Configure and manage virtual networks in Azure
You need to meet the user requirement for Admin1.

What should you do?
Manage identities and governance in Azure Implement and manage storage in Azure
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company s Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.

After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.

To achieve this, the Per Enabled User setting must be set for the usage model.

Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data.

Does the solution meet the goal?
Manage Azure identities and governance Manage identities and governance in Azure
You plan to use Azure Network Watcher to perform the following tasks:

• Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
• Task2: Validate outbound connectivity from an Azure virtual machine to an external host.

Which feature should you use for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Monitor and back up Azure resources Configure and manage virtual networks in Azure