CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free AZ-104 Exam Braindumps (page: 34)

Page 33 of 132
PDF with 521 Questions

HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the virtual networks shown in the following table.



The subscription contains the virtual machines shown in the following table.



Each virtual machine contains only a private IP address.

You create an Azure bastion for VNet1 as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
VM1 and Bastion1 is in the same VNET.

Note: To connect to the secure host, you have to RDP into the bastion host first, and from there open a second RDP session to connect to the internal private network address of the secure host. A Windows Compute Instance with an external address can be connected to via RDP using the RDP button that appears next to Windows Compute instances in the Compute Instance summary page.

When connected to a Windows server, you can launch the Microsoft RDP client using the command mstsc.exe, or you can search for Remote Desktop Manager from the Start menu. This will allow you to connect from the bastion host to other compute instances on the same VPC (virtual private cloud) even if those instances do not have a direct internet connection themselves.

Box 2: Yes
VM2 and Bastion1 is in the same region, but in different VNETs.

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don't have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host.

Azure Bastion works with the following types of peering:

Virtual network peering: Connect virtual networks within the same Azure region.
Global virtual network peering: Connecting virtual networks across Azure regions.

Once you provision the Azure Bastion service in your virtual network, the RDP/SSH experience is available to all your VMs in the same VNet and peered VNets. This means you can consolidate Bastion deployment to single VNet and still reach VMs deployed in a peered VNet, centralizing the overall deployment.

Note: You can create an SSH connection to your Linux VMs located in an Azure virtual network directly through the Azure portal.

Box 3: No
VM3 and Bastion1 are in different regions, and in different VNETs.

Note:
Create an SSH connection to a Windows VM using Azure Bastion
You can create an SSH connection to your Windows VMs located in an Azure virtual network directly through the Azure portal.


Reference:

https://www.cloudskillsboost.google/focuses/1737?parent=catalog
https://learn.microsoft.com/en-us/azure/bastion/vnet-peering
https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-vm-ssh-windows
https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-vm-rdp-windows



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the virtual networks shown in the following table.



The subscription contains the subnets shown in the following table.



The subscription contains the storage accounts shown in the following table.



You create a service endpoint policy named Policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Policy1 is a service endpoint policy in the South Central US Azure region.
Subnet3 is in VNET3 with a Microsoft.Storage endpoint.
VNet3 is in the South Central US region.

Note: Virtual network service endpoint policies for Azure Storage
Virtual Network service endpoint policies allow you to filter egress virtual network traffic to Azure Storage accounts over service endpoint, and allow data exfiltration to only specific Azure Storage accounts. Endpoint policies provide granular access control for virtual network traffic to Azure Storage when connecting over service endpoint.

Box 2: No
VNet2 is in the Southeast Asia region.
Storage1 is in West Europe and is StorageV2.
Storage2 is in South Central US and is BlobStorage.
Storage3 is in Southeast Asia and is StorageV2.

Box 3: Yes
Vnet3 is in the South Central US region.
Storage2 is also in South Central US.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-overview



You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1.

You plan to create an Azure container instance named container1.

You need to be able to configure DNS name label scope reuse for container1.

What should you configure for container1?

  1. the private networking type
  2. the public networking type
  3. a new subnet on VNet1
  4. a confidential SKU

Answer(s): B

Explanation:

Note: Deploy an Azure Container Instances (ACI) container group with DNS name reuse policy

For Azure portal users, you can set the DNS name reuse policy on the Networking tab during the container instance creation process using the DNS name label scope reuse field.


Reference:

https://learn.microsoft.com/en-us/azure/container-instances/how-to-reuse-dns-names



HOTSPOT (Drag and Drop is not supported)
You have the Azure virtual machines shown in the following table.



VNET1, VNET2, and VNET3 are peered.

VM4 has a DNS server that is authoritative for a zone named contoso.com and contains the records shown in the following table.



The virtual networks are configured to use the DNS servers shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
VM1 is in VNET1. In VNET1 Server1 resolves to 131.107.3.3



Box 2: No
VM2 is in VNET2. VNET2 uses custom DNS server 192.168.05

Box 3: Yes






Post your Comments and Discuss Microsoft AZ-104 exam with other Community members:

AZ-104 Exam Discussions & Posts