CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free AZ-104 Exam Braindumps (page: 21)

Page 20 of 154
PDF with 611 Questions

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?

  1. a Desired State Configuration (DSC) extension
  2. the New-AzConfigurationAssignment cmdlet
  3. Azure Application Insights
  4. a Microsoft Endpoint Manager device configuration profile

Answer(s): A

Explanation:

The PowerShell DSC Extension for Windows is published and supported by Microsoft. The extension uploads and applies a PowerShell DSC Configuration on an Azure VM. The DSC Extension calls into PowerShell DSC to enact the received DSC configuration on the VM.

Note 1: Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.

Note 2:
Create Custom Script Extension definition
When you define a virtual machine scale set with an Azure template, the Microsoft.Compute/virtualMachineScaleSets resource provider can include a section on extensions. The extensionsProfile details what is applied to the VM instances in a scale set. To use the Custom Script Extension, you specify a publisher of Microsoft.Azure.Extensions and a type of CustomScript.

The fileUris property is used to define the source install scripts or packages. To start the install process, the required scripts are defined in commandToExecute. The following example defines a sample script from GitHub that installs and configures the NGINX web server:

"extensionProfile": {
"extensions": [
{
"name": "AppInstall",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"https://raw.githubusercontent.com/Azure-Samples/compute-automation-configurations/master/automate_nginx.sh"
],
"commandToExecute": "bash automate_nginx.sh"
}
}
}
]
}


Reference:

https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows



You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.


You need to configure access for VNET1. The solution must meet the following requirements:

•The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone.
•The virtual machines connected to VNET1 must be able to access storage1, storage2, and Azure AD by using the Microsoft backbone.

What is the minimum number of service endpoints you should add to VNET1?

  1. 1
  2. 2
  3. 3
  4. 5

Answer(s): B

Explanation:

First service endpoint: One service endpoint for Microsoft.Storage added to VNET1.
The question asks how many to add to VNET1. When adding service endpoints on the VNET1 side you only get to choose the service ( Microsoft.Storage ) not the actual storage accounts. Once you add this service endpoint it can be then linked to on the storage side for both accounts.
Second Service Endpoint: Microsoft.AzureActiveDirectory.



You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com. What should you do first?

  1. Create A records named www.contoso.com and asuid.contoso.com.
  2. Create a TXT record named asuid that contains the domain verification ID.
  3. Create a CNAME record named asuid that contains the domain verification ID.
  4. Create a TXT record named www.contoso.com that has a value of contoso.azurewebsites.net.

Answer(s): B



You have an Azure subscription that contains 10 network security groups (NSGs), 10 virtual machines, and a Log Analytics workspace named Workspace1. Each NSG is connected to a virtual machine.

You need to configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected.

What should you do first?

  1. Deploy Connection Monitor.
  2. Configure data collection endpoints.
  3. Configure a private link.
  4. Configure NSG flow logs.

Answer(s): D

Explanation:

Azure Monitor Network Insights is structured around these key components of monitoring:

Topology
Network health and metrics
Connectivity
Traffic
Diagnostic Toolkit

Traffic
The Traffic tab provides access to all NSGs configured for NSG flow logs and Traffic Analytics for the selected set of subscriptions, grouped by location. The search functionality provided on this tab enables you to identify the NSGs configured for the searched IP address. You can search for any IP address in your environment. The tiled regional view will display all NSGs along with the NSG flow logs and Traffic Analytics configuration status.

The Alert box on the right side of the page provides a view of all Traffic Analytics workspace-based alerts across all subscriptions. Select the alert counts to go to a detailed alerts page.

Why use Flow Logs?
It is vital to monitor, manage, and know your own network for uncompromised security, compliance, and performance. Knowing your own environment is of paramount importance to protect and optimize it. You often need to know the current state of the network, who is connecting, where they're connecting from, which ports are open to the internet, expected network behavior, irregular network behavior, and sudden rises in traffic.


Reference:

https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview






Post your Comments and Discuss Microsoft AZ-104 exam with other Community members:

AZ-104 Discussions & Posts