Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free Microsoft AZ-104 Exam Braindumps (page: 38)

Page 13 of 137
PDF with 542 Questions

You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. a Log Analytics workspace
  2. an Azure Monitor workbook
  3. a storage account
  4. a Microsoft Sentinel workspace
  5. a Data Collection Rule (DCR) in Azure Monitor

Answer(s): A,C

Explanation:

To use traffic analytics, you need the following components:
Network Watcher: A regional service that you can use to monitor and diagnose conditions at a network- scenario level in Azure. You can use Network Watcher to turn NSG flow logs on and off.
Log Analytics: A tool in the Azure portal that you use to work with Azure Monitor Logs data. Azure Monitor Logs is an Azure service that collects monitoring data and stores the data in a central repository. This data can include events, performance data, or custom data that's provided through the Azure API. After this data is collected, it's available for alerting, analysis, and export. Monitoring applications such as network performance monitor and traffic analytics use Azure Monitor Logs as a foundation.
(A, C) Log Analytics workspace: The environment that stores Azure Monitor log data that pertains to an Azure account.


Reference:

https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains two storage accounts named contoso101 and contoso102. The subscription contains the virtual machines shown in the following table.


VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)


The Microsoft.Storage service endpoint has the service endpoint policy shown in the Microsoft.Storage exhibit. (Click the Microsoft.Storage tab.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Yes
VM1 is connected to VNet1/Subnet1, and has Basic Public IP address SKU. Subnet1 contains one Microsoft.Storage Service Endpoint.
The service endpoint policy contains the contoso1 Storage account.
Note: Service endpoints include:
Azure Storage (Microsoft.Storage): Generally available in all Azure regions. Grant access from a virtual network
You can configure storage accounts to allow access only from specific subnets. The allowed subnets can belong to a virtual network in the same subscription or a different subscription, including those that belong to a different Microsoft Entra tenant. With cross-region service endpoints, the allowed subnets can also be in different regions from the storage account.
Etc.
Box 2: No
VM2 is connected to VNet1/Subnet2, and has Standard Public IP address SKU. Subnet2 contains one Microsoft.AzureActiveDirectory Service Endpoint.
Box 3: No
VM2 is connected to VNet1/Subnet2, and has Standard Public IP address SKU. Subnet2 contains one Microsoft.AzureActiveDirectory Service Endpoint.
Data Lake Storage public IP address – Use the public IP address for your target Data Lake Storage Gen1 accounts (see note 2 below).
Note: Service endpoints include:
Azure Data Lake Store Gen 1 (Microsoft.AzureActiveDirectory): Generally available in all Azure regions where ADLS Gen1 is available.
Virtual network integration for Data Lake Storage Gen1 makes use of the virtual network service endpoint security between your virtual network and Microsoft Entra ID to generate additional security claims in the access token. These claims are then used to authenticate your virtual network to your Data Lake Storage Gen1 account and allow access.
Note 2:
Optimal routing with Data Lake Storage Gen1 virtual network integration
A key benefit of virtual network service endpoints is optimal routing from your virtual network. You can perform
the same route optimization to Data Lake Storage Gen1 accounts. Use the following user-defined routes from your virtual network to your Data Lake Storage Gen1 account.
Data Lake Storage public IP address – Use the public IP address for your target Data Lake Storage Gen1 accounts.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-network-security



You have an Azure subscription that has Traffic Analytics configured.
You deploy a new virtual machine named VM1 that has the following settings: Region: East US
Virtual network: VNet1
NIC network security group: NSG1
You need to monitor VM1 traffic by using Traffic Analytics. Which settings should you configure?

  1. Diagnostic settings for VM1
  2. NSG flow logs for NSG1
  3. Diagnostic settings for NSG1
  4. Insights for VM1

Answer(s): B

Explanation:

Traffic analytics Prerequisites Traffic analytics requires:
A Network Watcher enabled subscription.
*-> NSG flow logs enabled for the network security groups you want to monitor. An Azure Log Analytics workspace with read and write access.


Reference:

https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics



You have an Azure subscription that contains a virtual machine named VM1.
You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure.
You need to use Connection Monitor to identify network latency between VM1 and DC1. What should you install on DC1?

  1. the Azure Connected Machine agent for Azure Arc-enabled servers
  2. the Azure Network Watcher Agent virtual machine extension
  3. the Log Analytics agent
  4. an Azure Monitor agent extension

Answer(s): D

Explanation:

Configure Connection Monitor for ExpressRoute
Monitoring agents are installed on multiple servers, both on-premises and in Azure. The agents communicate with each other by sending TCP handshake packets. The communication between the agents allows Azure to map the network topology and path the traffic could take.
Install and configure agents on-premises Download the agent setup file
Navigate to the Log Analytics workspace and select Agents management under Settings. Download the agent that corresponds to your machine's operating system.


Next, copy the Workspace ID and Primary Key to Notepad.
3. Etc.
Note:
Connection Monitor is a cloud-based network monitoring solution that monitors connectivity between Azure cloud deployments and on-premises locations (Branch offices, etc.). Connection Monitor is part of Azure Monitor logs. The extension also lets you monitor network connectivity for your private and Microsoft peering connections. When you configure Connection Monitor for ExpressRoute, you can detect network issues to identify and eliminate.
With Connection Monitor for ExpressRoute you can:
Monitor loss and latency across various VNets and set alerts. Monitor all paths (including redundant paths) on the network.
Troubleshoot transient and point-in-time network issues that are difficult to replicate.
Help determine a specific segment on the network that is responsible for degraded performance.


Reference:

https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-connection-monitor






Post your Comments and Discuss Microsoft AZ-104 exam prep with other Community members:

AZ-104 Exam Discussions & Posts