CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free AZ-104 Exam Braindumps (page: 33)

Page 32 of 132
PDF with 521 Questions

You have an Azure subscription that contains a Recovery Services vault named Vault1.

You need to enable multi-user authorization (MAU) for Vault1.

Which resource should you create first?

  1. an administrative unit
  2. a managed identity
  3. a resource guard
  4. a custom Azure role

Answer(s): C

Explanation:

Create a Resource Guard and enable Multi-user authorization in Azure Backup

Prerequisites
Before you start:

Ensure the Resource Guard and the Recovery Services vault are in the same Azure region.
Ensure the Backup admin does not have Contributor permissions on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
*-> Ensure that your subscriptions containing the Recovery Services vault as well as the Resource Guard (in different subscriptions or tenants) are registered to use the Microsoft.RecoveryServices provider.


Reference:

https://learn.microsoft.com/en-us/azure/backup/multi-user-authorization



You create an Azure VM named VM1 that runs Windows Server 2019.

VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)



You need to enable Desired State Configuration for VM1.

What should you do first?

  1. Connect to VM1.
  2. Start VM1.
  3. Capture a snapshot of VM1.
  4. Configure a DNS name for VM1.

Answer(s): B

Explanation:

Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with Azure.
The VM needs to be started.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the virtual networks shown in the following table.



The subnets have the IP address spaces shown in the following table.



You plan to create a container app named contapp1 in the East US Azure region.

You need to create a container app environment named con-env1 that meets the following requirements:

•Uses its own virtual network.
•Uses its own subnet.
•Is connected to the smallest possible subnet.

To which virtual networks can you connect con-env1, and which subnet mask should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: VNet1, Vnet2, or VNet3
All three have large enough subnets, and Subnet Address Range Restrictions does not apply.

Note 1: Custom VNet configuration
As you create a custom VNet, keep in mind the following situations:

If you want your container app to restrict all outside access, create an internal Container Apps environment.

When you provide your own VNet, you need to provide a subnet that is dedicated to the Container App environment you deploy. This subnet isn't available to other services.

Network addresses are assigned from a subnet range you define as the environment is created.

You can define the subnet range used by the Container Apps environment.
You can restrict inbound requests to the environment exclusively to the VNet by deploying the environment as internal.


Note 2: Subnet Address Range Restrictions
Subnet address ranges can't overlap with the following ranges reserved by AKS:

169.254.0.0/16
172.30.0.0/16
172.31.0.0/16
192.0.2.0/24

Box 2: /26
/26 is the smallest smaller than /27.

Note: Environment Selection
There are two environments in Container Apps: the Consumption only environment supports only the Consumption plan (GA) and the workload profiles environment that supports both the Consumption + Dedicated plan structure (preview). The two environments share many of the same networking characteristics. However, there are some key differences.

* Workload profiles environment (preview) Supports user defined routes (UDR) and egress through NAT Gateway. The minimum required subnet size is /27.

As workload profiles are currently in preview, the number of supported regions is limited.

* Consumption only environment
Doesn't support user defined routes (UDR) and egress through NAT Gateway. The minimum required subnet size is /23.


Reference:

https://learn.microsoft.com/en-us/azure/container-apps/networking



You have an Azure subscription that contains the virtual networks shown in the following table.



All the virtual networks are peered. Each virtual network contains nine virtual machines.

You need to configure secure RDP connections to the virtual machines by using Azure Bastion.

What is the minimum number of Bastion hosts required?

  1. 1
  2. 3
  3. 9
  4. 10

Answer(s): A






Post your Comments and Discuss Microsoft AZ-104 exam with other Community members:

AZ-104 Exam Discussions & Posts