COM AZ 104 Renewal Exam (GRADED A) Questions and Answers | St. John's University

Document Content and Description Below

COM AZ 104 Renewal Exam (GRADED A) Questions and Answers 1. You plan to deploy the following Azure web apps: • WebApp1, that uses the .NET 6 runtime stack • WebApp2, that uses the ASP.NET V4.8 ... runtime stack • WebApp3, that uses the Java 17 runtime stack • WebApp4, that uses the PHP 8.0 runtime stack You need to create the app service plans for the web apps. What is the minimum number of app service plans that should be created? Answer :4 2. You plan to deploy an Azure web app that will have the following settings: • Name: WebApp1 • Publish: Code • Runtime stack: Java 11 • Operating system: Linux • Continuous deployment: Disable You need to ensure that you can integrate WebApp1 with GitHub Actions. Which setting should you modify? Select only one answer. Publish Runtime stack Operating system Continuous deployment 3. You plan to deploy an Azure web app that will have the following settings: • Name: WebApp1 • Publish: Docker container • Operating system: Windows • Region: West US • Windows Plan (West US): ASP-RG1-8bcf You need to ensure that WebApp1 uses the ASP.NET V4.8 runtime stack. Which setting should you modify? Select only one answer. Region Operating system Publish Windows Plan Publish setting should be changed to use the ASP.NET V4.8 runtime stack in this instance since the program is being released in a Docker container. This will guarantee that the program is placed in the appropriate container and uses the appropriate runtime stack. 4. You have the following Azure resources: • Azure Key Vault named KeyVault1 • Azure App Service named WebApp1 You need to ensure that WebApp1 can access KeyVault1 by using Azure Active Directory (Azure AD) authentication. Which two settings can be used to configure WebApp1? Each correct answer presents a complete solution. Select all answers that apply. User assigned managed identity Application settings TLS/SSL bindings App Service Authentication System assigned managed identity 5. You plan to create an Azure container instance named container1 that will use a Docker image named Image1. You need to ensure that container1 has persistent storage. Which Azure resources should you deploy for the persistent storage? Select only one answer. an Azure container registry an Azure Storage account and a file share an Azure Storage account and a blob container an Azure SQL database The Azure Storage platform is Microsoft's cloud storage solution for modern data storage scenarios. Azure Storage offers highly available, massively scalable, durable, and secure storage for a variety of data objects in the cloud. 6. You have an Azure container registry that stores an image named Image1 and a Windows Server 2022 Azure virtual machine named VM1. You need to ensure that you can run Image1 in VM1. What should you install in VM1? Select only one answer. Docker Hyper-V role Azure Portal .NET Framework 4.7 7. You have an Azure storage account named storage1. Three users use the following methods to access the data in storage1: • User1 uses the Azure portal • User2 uses the Azure Storage Explorer • User3 uses File Explorer in Windows 11 You generate a storage access signature named SAS1 for storage1. Which user or users can access storage1 by using SAS1? Select only one answer. User1 only User2 only User1 and User2 only User2 and User3 only User1, User2 and User3 8. Your Azure Active Directory contains three users named User1, User2, and User3. You have an Azure storage account named storage1 that has the following access: • User1 is assigned the Storage Account Contributor role on storage1 • User2 has a access key for storage1 • User3 has a shared access signature for storage1 You rotate the keys for storage1. Which user or users can access storage1? Select only one answer. User1 only User1 and User2 only User2 and User3 only User1, User2 and User3 9. You have an Azure virtual machine named VM1 that connects to a virtual network named VNET1. You create a private DNS zone named contoso.com and add an A record named host1 to the zone. You need to ensure that VM1 can resolve host1.contoso.com. What should you do? Select only one answer. Modify the Access control (IAM) settings of the zone. From the zone, add a virtual network link. From the properties of the network interface, modify the options of the DNS servers. From the properties of VNET1, modify the options of the DNS servers. 10. You have an Azure subscription that contains a storage account named storage1 and the following virtual machines: • VM1 has a public IP address of 13.68.158.24 and is connected to VNET1/Subnet1 • VM2 has a public IP address of 52.255.145.76 and is connected to VNET1/Subnet1 • VM3 has a public IP address of 13.68.158.50 and is connected to VNET1/Subnet2 The subnets have the following service endpoints: • Subnet1 has a Microsoft.Storage service endpoint • Subnet2 does NOT have any service endpoint Storage1 has a firewall configured to allow access from the 13.68.158.0/24 IP address range only. You need to identify which virtual machines can access storage1. What should you identify? Select only one answer. VM1 only VM3 only VM1 and VM2 only VM1 and VM3 only VM1, VM2, and VM3 11. You have an Azure virtual network named VNET1 that has an IP address space of 192.168.0.0/16 and the following subnets: • Subnet1- has an IP address range of 192.168.1.0/24 and is connected to 15 VMs • Subnet2- has an IP address range of 192.168.2.0/24 and does NOT have any VMs connected You need to ensure that you can deploy Azure Firewall to VNET1. What should you do? Select only one answer. Add a new subnet to VNET1. Add a service endpoint to Subnet2. Modify the subnet mask of Subnet2. Modify the IP address space of VNET1. 12. You have an Azure subscription that contains a virtual network named VNET1. VNET1 uses the following address spaces: • 10.10.1.0/24 • 10.10.2.0/28 VNET1 contains the following subnets: • Subnet1- has an address space of 10.10.1.0/24 • Subnet2- has an address space of 10.10.2.0/28 To Subnet1, you deploy a virtual machine named VM1 that runs Windows Server 2022. VM1 has Remote Desktop enabled. VM1 does NOT have a public IP address. You need to be able to deploy Azure Bastion to protect VM1. What should you do first? Add a new subnet to VNET1. Modify the address space of VNET1. Add a public IP address to VM1. Add an extension to VM1. 13. You have an Azure subscription that contains the following virtual machines: • VM1, a virtual machine that runs Windows Server 2019 • VM2, a virtual machine that runs Red Hat Enterprise Linux • VM3, a virtual machine that is configure with Azure Disk encryption and runs Windows Server 2022 You use Azure Backup to back up the three virtual machines. Which virtual machine or virtual machines can use file-level restore? Select only one answer. VM1 only VM1 and VM2 only VM1 and VM3 only VM1, VM2 and VM3 14. You have a Windows Server Azure virtual machine named VM1. You need to back up two folders in VM1 by using Azure Backup. The solution should minimize administrative effort. What should you deploy first? Select only one answer. Azure Backup Server Recovery Services agent Microsoft Monitoring agent Windows Server Backup role 15. You have an Azure Kubernetes Service (AKS) cluster named AKS1 that runs Kubernetes version 1.23.3. You need to ensure that you can run a Windows Server container in AKS1. What should you do first? Select only one answer. Add a node pool to AKS1. Modify the networking settings of AKS1. Integrate AKS1 and the Azure container registry. Upgrade AKS1 to a newer version of Kubernetes. 16. You have Azure Active Directory (Azure AD) tenant. You need to ensure that a user named Admin1 can create access reviews. The solution must use the principle of least privilege. Which role should you assign to Admin1? Select only one answer. User administrator Groups administrator Security administrator Compliance administrator 17. You have an Azure Active Directory tenant that contains the following identities: • User1, a user in Azure Active Directory • Group1, a security group that uses dynamic user membership • Group2, a Microsoft 365 group that uses assigned membership • Group3, a security group that uses assigned membership Which identity or identities can be added as members of Group3? Select only one answer. User1 only User1 and Group1 only User1 and Group2 only User1, Group1 and Group2 18. You have an Azure web service named Contoso2022 that runs in the Standard App Service plan. Contoso2022 has five deployment slots in use. A user named User1 has the Contributor role for Contoso2022. You need to ensure that User1 can create additional deployment slots to Contoso2022. What should you do? Select only one answer. Assign User1 the Owner role for Contoso2022. Assign User1 the Website Contributor role for Contoso2022. Scale up the Contoso2022 App Service plan. Scale out the Contoso2022 App Service plan. 19. You have a Docker image named Image1 that contains a corporate app. You need to deploy Image1 to Azure and make the app accessible to users. Which two Azure services should you deploy? Each correct answer presents complete solution. Select all answers that apply. Azure App service a virtual machine Azure Container Registry a container instance 20. You have an Azure container registry named Registry1. You create a container image named image1 on a Windows Server container host named Host1. You need to store image1 in Registry1. Which URL should you use to push image1 from Host1? Select only one answer. Registry1.azurecr.io Registry1.onmicrosoft.com azure.microsoft.com/Registry1 Registry1. file.core.windows.net container images. The URL for pushing an image from a Windows Server container host is Registry1.azurecr.io.This service allows you to store and manage Docker images for your applications. 21. You have an Azure Storage account named storage1 that uses following storage services: • Blobs • Files • Queues • Tables You plan to implement Microsoft Defender for Cloud. Which storage services can be protected by using Microsoft Defender for Cloud? Select only one answer. blobs only files only blobs and files only files and queues only blobs, files, tables, and queues Aspect Details Release state: General availability (GA) Pricing: Microsoft Defender for Storage is billed as shown on the pricing page Protected storage Blob Storage (Standard/Premium StorageV2, Block Blobs) types: Azure Files (over REST API and SMB) Azure Data Lake Storage Gen2 (Standard/Premium accounts with hierarchical namespaces enabled) Clouds: Commercial Azure Azure Connected AWS accounts China clouds Government 21Vianet 22. You have an Azure Storage account named storage1 that contains a file share named share1. You also have an on-premises Active Directory domain that contains a user named User1. You need to ensure that User1 can access share1 by using the SMB protocol. What should you do? Select only one answer. Provide User1 with the shared access signature (SAS) for storage1. Configure the Access control (IAM) settings of storage1. Configure the Firewalls and virtual networks settings of storage1. Provide User1 with the access key for storage1. • Assign the Storage File Data SMB Share Contributor role to User1 for share1. 23. You purchase a DNS domain named contoso.com. You create an Azure public DNS zone named contoso.com that contains a host record for Server1. You need to ensure that internet users can resolve the name server1.contoso.com. Which type of DNS record should you add to the domain registrar? Select only one answer. A NS SOA TXT 24. You have an Azure subscription that contains a virtual network named VNet1, a private DNS zone named contoso.com and the following resources that are connected to VNet1: • VM1, a virtual machine that is running Windows Server 2022 • VM2, a virtual machine that is running Linux • Container1, a container instance • LB1, a load balancer Contoso.com is linked to VNet1. Auto registration is enabled. Which resource or resources are registered in contoso.com? Select only one answer. VM1 only VM1 and VM2 only VM1, VM2 and Container1 only VM1, VM2 and LB1 only VM1, VM2, Container1 and LB1 25. You have an Azure virtual machine named VM1 that connects to a virtual network named VNET1. A network security group (NSG) named NSG1 allows connections to VM1 from VNET1 only. You need to add an inbound security rule to NSG1 that meets the following requirements: • Allows Azure Backup to back up VM1 • Minimizes the types of allowed inbound traffic What should you use as the source for the inbound security rule? Select only one answer. any IP address the IP address of VM1 a service tag for Azure Backup an application security group 26. You have an Azure subscription that includes the following resources: • VNet1, a virtual network • Subnet1, a subnet in VNet1 • WebApp1, a web app application service • NSG1, a network security group You create an application security group named ASG1. Which resource can use ASG1? Select only one answer. VNet1 Subnet1 WebApp1 NSG1 security group and not a networksecurity group, it can beused by VNet1. Subnet1 cannot use ASG1 because it is a subnet in VNet1 and not directly connected to the internet. WebApp1 cannot use ASG 27. You have a Recovery Services vault named Vault1 that has soft delete enabled. Vault1 stores backups for the following Azure resources: • an Azure virtual machine named VM1 • an Azure file share named share1 • a SQL Server on Azure virtual machine named SQL1 Which backups are protected by soft delete? Select only one answer. VM1 only share1 only VM1 and SQL1 only VM1, share1, and SQL1 Soft delete protection is available for these services: • Soft delete for Azure virtual machines • Sof t delete for SQL server in Azure VM and sof t delete for SAP HANA in Azure VM workloads • When you configure backup for the first time for any file share in a storage account, Azure Backup service enables sof t delete for all file shares in the respective storage account. 28. You have the following Azure resources: • a virtual machine named VM1 • a Recovery Services vault named Vault1 On January 1, you configure backups for VM1 by using the following backup policy: • Frequency: Daily • Time: 23:00 • Timezone: (UTC) Coordinated Universal Time • Retain instant recovery snapshot(s) for: 2 Day(s) • Retention of daily backup point: 7 Day(s) • Azure Backup Resource Group: Backup1RG How many restore point collections recovery points will be stored in Backup1RG on January 10? Select only one answer. 2 7 9 10 For the last seven days' backup (Retention of daily backup point) plus two monthly backups (second of month taken) seven plus two equals nine. 29. You plan to create an Azure Kubernetes cluster that will use the following settings: • Kubernetes cluster name: Kubernetes1 • Cluster preset configuration: Standard ($$) • Kubernetes version: 1.22.6 • Enable virtual nodes: Off • Network configuration: Kubenet You need to add a Windows Server node pool to Kubernetes1. Which setting should you modify? Select only one answer. Cluster preset configuration Kubernetes version Enable virtual nodes Network configuration 30. You have the following containerized applications: • App1 that runs in a Server Core installation of Windows Server container • App2 that runs in a Nano Server container • App3 that runs in a Linux container • App4 that runs in a Linux container What is the minimum number of Azure Kubernetes Service (AKS) node pools required to run all the applications? Select only one answer. 1 2 3 4 Additionally, we would need to build an AKS cluster with two nodes in each node pool, giving us a total of four nodes. Every application will be able to start on its own node without encountering any downtime or other problems as a result of resource congestion between apps running on various nodes as long as there are four nodes in a specific node pool. 31. You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1 that has the following users: • User1- Member • User2- Member • User3- Guest User1 is an owner of Group1. You create an access review that has the following settings: • Review name: Review1 • Start date: 05/15/2022 • Frequency: One time • End date: 06/14/2022 • Users to review: Members of a group • Scope: Everyone • Group: Group1 • Reviewers: Members (self) • Auto apply results to resource: Disable • If reviewers don’t respond: Remove access The users provide the following responses to the Do you require membership in Group1? access review question: • User1: No • User2: Yes • User3: did not answer Which users will be members of Group1 on 06/20/2022? Select only one answer. User2 only User1 and User2 only User2 and User3 only User1, User2, and User3 32. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named Ben Smith. You configure a Password protection for contoso.com that includes the following Custom banned passwords settings: • Enforce custom list: Yes • Custom banned password list: Contoso Which password can be used by Ben Smith? Select only one answer. FgRs01 C0nt0s0123 CONTOSO123 Conto123so 33. A company named Contoso, Ltd. has an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the following virtual networks: • VNET1- deployed in the East US location • VNET2- deployed in the East US location • VNET3- deployed in the West US location Contoso purchases a company named A. Datum Corporation. A. Datum has an Azure subscription that contains an Azure AD tenant named adatum.com. Adatum.com contains the following virtual networks: • VNETA- deployed in the East US location • VNETB- deployed in the West US location Which virtual networks can you peer to VNET1? Select only one answer. VNET2 only VNET2 and VNET3 only VNET2 and VNETA only VNET2, VNET3, and VNETA only VNET2, VNET3, VNETA, and VNETB be positioned in the different or similar regions. The potential of assets in one virtual network to connect with resources in another. A reduced, elevated connection between resources in different virtual networks is one of the advantages of using virtual network peering, if either global or local. 34. You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1 that has the following users: • User1- Member • User2- Member • User3- Guest User1 is an owner of Group1. You create an access review that has the following settings: • Review name: Review1 • Start date: 07/15/2020 • Frequency: One time • End date: 08/14/2020 • Users to review: Members of a group • Scope: Everyone • Group: Group1 • Reviewers: Members (self) • Auto apply results to resource: Disable • If reviewers don’t respond: Remove access The users provide the following responses to the Do you require membership in Group1? access review question: • User1: No • User2: Yes • User3: did not answer Which users will be members of Group1 on 08/20/2020? User2 only User1 and User2 only User2 and User3 only User1, User2, and User3 35. You have an Azure Kubernetes Service (AKS) cluster named AKS1 that runs Kubernetes version 1.21.9. You need to ensure that you can run a Windows Server container in AKS1. What should you do first? Select only one answer. Add a node pool to AKS1. Modify the networking settings of AKS1. Integrate AKS1 and the Azure container registry. Upgrade AKS1 to a newer version of Kubernetes. 36. You have an Azure storage account named storage1 that has the following settings: • container1: blob container • share1: file share • Table1: table • Queue1: queue You rotate an access key named key2 in storage1. Which resource or resources can you access by using key2? Select only one answer. container1 only share1 only container1 and share1 only Table1 and Queue1 only container1, share1, Table1 and Queue1 37. You have an Azure subscription that includes a network security group named NSG1. You plan to add an inbound security rule named Rule1 to NSG1. You need to configure a priority for Rule1. Rule1 must have the highest priority for inbound security rules in NSG1. Which priority should you configure for Rule1? Select only one answer. 0 1 10 100 1000 38. You have an Azure subscription that includes a virtual machine named VM1. You need to protect VM1 by using Azure Backup. Which Azure resource should you create first? Select only one answer. a backup vault a storage account a recovery services vault a backup policy After you protect VM1 by using Azure Backup, run the following command to create a backup: 39. You have an Azure subscription that includes following resources: • VNet1, a virtual network • Subnet1, a subnet in VNet1 • VM1, a virtual machine • NIC1, a network interface of VM1 • LB1, a load balancer You create a network security group named NSG1. To which two Azure resources can you associate NSG1? Select all answers that apply. LB1 VM1 NIC1 VNet1 Subnet1 40. You have an Azure virtual machine named Computer5 and a Recovery Services vault named Vault5. Computer5 contains the following data disks: • DiskA has a size of 512 GB • DiskB has a size of 30 TB • DiskC has a size of 26 TB • DiskD has a size of 2.0 TB Which data disks can you back up to Vault5? Select only one answer. DiskA only DiskB only DiskC only DiskD only DiskA, DiskB, DiskC, and DiskD 41. You have the following containerized applications: • App1 that runs in a Server Core installation of Windows Server container • App2 that runs in a Nano Server container • App3 that runs in a Linux container • App4 that runs in a Linux container What is the minimum number of Azure Kubernetes Service (AKS) node pools required to run all the applications? Select only one answer. 1 2 3 4 We would require two AKS node pools to execute all of the applications: one for App1 and one for App2. Additionally, we would need to build an AKS cluster with two nodes in each node pool, giving us a total of four nodes. Every application will be able to start on its own node without encountering any downtime or other problems as a result of resource congestion between apps running on various nodes as long as there are four nodes in a specific node pool. 42. You have a Recovery Services vault named Recovery1 that includes a backup policy named Policy1. You back up several Azure virtual machines to Recovery1 by using Policy1. You need to view the Azure Backup reports. What should you do first? Select only one answer. Create an Azure Log Analytics workspace. Modify the Backup Configuration settings of Recovery1. Configure the Diagnostics settings of Recovery1. 43. You have an Azure web app named WebApp1. You discover that backup options are unavailable for WebApp1. You need to back up WebApp1. What should you do first? Select only one answer. Modify the platform settings of WebApp1. Modify the Application settings of WebApp1. Scale up the app service plan. Scale out the app service plan. You can simply build app backups manually or on a schedule using Azure App Service's Backup and Restore functionality. Backups can be configured to be kept for an extended period of time. You can either overwrite the existing app or restore to another app to restore the app. 44. You have an Azure subscription that contains the following resources: • a storage account named storage123 • a container instance named AppContainer The subscription contains a virtual network named VirtualNet4 that has the following subnets: • SubnetA- storage123 is connected to SubnetA. • SubnetB- AppContainer is connected to SubnetB. • SubnetC- No resources. You plan to deploy an Azure container instance named container5 to VirtualNet4. To which subnets can you deploy container5? Select only one answer. SubnetB only SubnetC only SubnetB and SubnetC only SubnetA, SubnetB, and SubnetC 45. You have an Azure Storage account named storage1. You create the following encryption scopes for storage1: • Scope1 that has an encryption type of Microsoft-managed keys • Scope2 that has an encryption type of Customer-managed keys Which storage services can be used with Scope2? Select only one answer. blob only file only blob and file only table and queue only blob, file, table, and queue 46. You have an Azure Storage account named storage1. You need to provide time-limited access to storage1. What should you use? Select only one answer. an access key a role assignment an access policy a shared access signature (SAS) You can use SAS to grant limited access to storage resources cause you have control over how a client can access your data: What resources the client may access; What permissions they have to the storage; and How long the SAS is valid. 47. You have an Azure subscription that contains a virtual machine named VM1 and a storage account named storage1. You need to ensure that VM1 can access storage1 by using the Azure backbone. What should you configure? Select only one answer. a VPN gateway Peering a service endpoint a routing table 48. You have an Azure subscription that contains the following resources: • VM1- a virtual machine that runs Microsoft SQL Server and is deployed in the West US location • VM2- a virtual machine that runs Microsoft SQL Server and is deployed in the East US location • SQL1- an Azure SQL Server deployed to the West US location • Vault1- a Recovery Services vault deployed to the West US location Which resources can you back up to Vault1? Select only one answer. VM1 only VM1 and VM2 only VM1 and SQL1 only VM1, VM2, and SQL1 VM1 and SQL1 are both in the same region as Vault1 which is West US location, to create a vault to protect virtual machines, the vault must be in the same region as the virtual machine. If ever you have virtual machines in several regions, create a Recovery Services in each region. 49. You have an Azure subscription that contains an Azure container registry named Contoso2020. You plan to create an Azure Kubernetes Service (AKS) cluster named AKS1 that has the following settings: • Kubernetes version: 1.22.4 • Node pools:1 • Virtual nodes: Disabled • Authentication method: Service principal • Network configuration: Basic You need to ensure that you can integrate AKS1 and Contoso2020. Which AKS1 settings should you modify? Select only one answer. Kubernetes version Virtual nodes Authentication method Network configuration 50. You have an Azure subscription that contains a user named User1, a resource group named RG1, and a virtual machine named VM1. You enable a system-assigned managed identity for VM1. To which identities can you assign the Reports reader role? Select only one answer. User1 only User1 and RG1 only User1 and VM1 only User1, RG1, and VM1 User1 and RG1 only: Users with this role have access to usage reporting data in Microsof t 365 admin center, as well as the reports dashboard and the adoption context pack in Power BI. The role also gives you access to Azure AD sign-in reports and activity, as well as data from the Microsof t Graph reporting API. Only relevant usage and adoption indicators are available to users with the Reports Reader role. They do not have admin privileges to configure settings or access product-specific admin centers such as Exchange. [Show More]

Last updated: 1 year ago

Preview 1 out of 18 pages