Topic 6: Misc. Questions

You have an Azure AD tenant that contains the groups shown In the following table.

You purchase Azure Active Directory Premium P2 licenses. To which groups can you assign a license?

A.

Group 1 only

B.

Group1 and Group3 only

C.

Group3 and Group4 only

D.

Group1, Group2, and Group3 only

E. Group1, Group2, Group3, and Group4

B.   
Group1 and Group3 only


Explanation:
To assign a license to a group, the group must be a security group, not an Office 365 group or a mail-enabled security group1. According to the image, Group1 and Group3 are security groups, while Group2 and Group4 are Office 365 groups. Therefore, only Group1 and Group3 can be assigned a license.

To assign a license to a group, you need to follow these steps2:
Sign in to the Azure portal with a license administrator account.
Go to Azure Active Directory > Licenses and select the product license that you want to assign to groups.
Select Assign at the top of the page and then select Users and groups.
Search for and select the group that you want to assign the license to and then select OK.
Select Assignment options to enable or disable specific services within the product license and then select OK.
Select Assign at the bottom of the page to complete the assignment.

You have an Azure subscription that contains the resources shown in the following table.

A.

Create an Azure Resource Manager template.

B.

AddasubnettoVNET1.

C.

Remove Microsoft. Network/virtualNetworks from the policy.

D. Remove Microsoft.Compute/virtualMachines from the policy.

D.   Remove Microsoft.Compute/virtualMachines from the policy.

Option A (Create an Azure Resource Manager template): This wouldn't circumvent
the policy enforcement. Even with a template, you cannot create resources that the policy explicitly denies.
Option B (Add a subnet to VNET1): Adding a subnet does not address the policy restriction on creating virtual machines. Also, the existing VNET1 can already have multiple subnets.
Option C (Remove Microsoft.Network/virtualNetworks from the policy): This isn't necessary because you're not trying to create a new virtual network; you are connecting to an existing one, VNET1.
Option D (Remove Microsoft.Compute/virtualMachines from the policy): This is the correct action because it directly addresses the restriction that is preventing you from creating a new virtual machine in RG1. Removing the virtual machine resource type from the not allowed list in the policy will enable you to create VM2.
Remember, changes to policies might take a few minutes to propagate. After updating the policy, you should be able to create the new virtual machine VM2 and connect it to VNET1.

You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.
What should you create first?

A. an Azure Monitor Private Link Scope (AMPIS)

B. a private endpoint

C. a Log Analytics workspace

D. a data collection rule (DCR)

A.   an Azure Monitor Private Link Scope (AMPIS)

Explanation:
Azure Monitor for VM Insights is a feature of Azure Monitor that provides comprehensive monitoring and diagnostics for your Azure virtual machines and virtual machine scale sets. It collects performance data, process information, and network dependencies from your virtual machines and displays them in interactive charts and maps. You can use Azure Monitor for VM Insights to troubleshoot performance issues, optimize resource utilization, and identify network bottlenecks1.

To enable Azure Monitor for VM Insights, you need to install two agents on your virtual machines: the Azure Monitor agent (preview) and the Dependency agent. The Azure Monitor agent collects performance metrics and sends them to a Log Analytics workspace. The Dependency agent collects process information and network dependencies and sends them to the Insights Metrics table in the same workspace2.

By default, the agents communicate with Azure Monitor over the public internet. However, if you want to ensure that all the virtual machines only communicate with Azure Monitor through a virtual network named VNet1, you need to configure private network access for the agents.

Private network access allows the agents to communicate with Azure Monitor using a private endpoint, which is a special network interface that connects your virtual network to an Azure service without exposing it to the public internet. A private endpoint uses a private IP address from your virtual network address space, so you can secure and control the network traffic between your virtual machines and Azure Monitor3.

To configure private network access for the agents, you need to create an Azure Monitor Private Link Scope (AMPIS) first. An AMPIS is a resource that groups one or more Log Analytics workspaces together and associates them with a private endpoint. An AMPIS allows you to manage the private connectivity settings for multiple workspaces in one place4.

After creating an AMPIS, you need to create a private endpoint in VNet1 and link it to the AMPIS. This will enable the agents on your virtual machines to send data to the Log Analytics workspaces in the AMPIS using the private IP address of the private endpoint5.

You have an Azure subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

A. View file shares in storageacct1234.

B. Upload blob data to storageacct1234.

C. Assign roles to User2 for storageacctl234.

D. View blob data in storageacctl234.

E. Modify the firewall of storageacct1234.

A.   View file shares in storageacct1234.
C.   Assign roles to User2 for storageacctl234.

You have an Azure web app named App1. App1 has the deployment slots shown in the following table:

A. Redeploy App1

B. Swap the slots

C. Clone App1

D. Restore the backup of App1

B.   Swap the slots

When you swap deployment slots, Azure swaps the Virtual IP addresses of the source and destination slots, thereby swapping the URLs of the slots. We can easily revert the deployment by swapping back. Deployment slots are live apps with their own host names. App content and configurations elements can be swapped between two deployment slots, including the production slot. Deploying your application to a non-production slot has the following benefits: 1. You can validate app changes in a staging deployment slot before swapping it with the production slot. 2. Deploying an app to a slot first and swapping it into production makes sure that all instances of the slot are warmed up before being swapped into production. 


Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy- staging-slots

You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete. Which user attributes should you include in the file?

A.

The user principal name and usage location of each user only

B.

The user principal name of each user only

C.

The display name of each user only

D.

The display name and usage location of each user only

E. The display name and user principal name of each user only

B.   
The user principal name of each user only


Explanation:
To perform a bulk delete of users in Azure Active Directory, you need to create and upload a CSV file that contains the list of users to be deleted. The file should include the user principal name (UPN) of each user only. Therefore, the answer is B. The user principal name of each user only. When you use the bulk delete feature in the Azure Active Directory.

admin center, you need to specify the UPN for each user that you want to delete. The UPN is a unique identifier for each user in Azure AD and is the primary way that Azure AD identifies and manages user accounts. Including additional attributes like the display name or usage location is not required for the bulk delete operation, as the UPN is the only mandatory attribute for the user account. However, you may include additional attributes in the CSV file if you want to keep track of the metadata associated with each user account.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network in and Network Out.
Does this meet the goal?

A. Yes

B. No

B.   No

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.

You have an Azure AD tenant that is linked to 10 Azure subscriptions. You need to centrally monitor user activity across all the subscriptions. What should you use?

A.

Activity log filters

B.

Log Analytics workspace

C.

access reviews

D. Azure Application Insights Profiler

B.   
Log Analytics workspace


Explanation: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity- log?tabs=powershell#send-to-log-analytics-workspace

Send the activity log to a Log Analytics workspace to enable the Azure Monitor Logs feature, where you: - Consolidate log entries from multiple Azure subscriptions and tenants into one location for analysis together.

You need to configure a new Azure App Service app named WebApp1. The solution must meet the following requirements:

WebApp1 must be able to verify a custom domain name of app.contoso.com.
WebApp1 must be able to automatically scale up to eight instances.
Costs and administrative effort must be minimized.

Which pricing plan should you choose, and which type of record should you use to verify the domain? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
Page 16 out of 45 Pages
PreviousNext
910111213141516171819202122
Microsoft AZ-104 Practice Test Home