CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free AZ-104 Exam Braindumps (page: 39)

Page 38 of 132
PDF with 606 Questions

You have an Azure subscription that contains two peered virtual networks named VNet1 and VNet2.

You have a Network Virtual Appliance (NVA) named NetVA1.

You need to ensure that the traffic from VNet1 to VNet2 is inspected by using NetVA1.

What should you use?

  1. a local network gateway
  2. a route table that has custom routes
  3. a service endpoint
  4. IP address reservations

Answer(s): B

Explanation:

Service chaining
Service chaining enables you to direct traffic from one virtual network to a virtual appliance or gateway in a peered network through user-defined routes.

To enable service chaining, configure user-defined routes that point to virtual machines in peered virtual networks as the next hop IP address. User-defined routes could also point to virtual network gateways to enable service chaining.

You can deploy hub-and-spoke networks, where the hub virtual network hosts infrastructure components such as a network virtual appliance or VPN gateway. All the spoke virtual networks can then peer with the hub virtual network. Traffic flows through network virtual appliances or VPN gateways in the hub virtual network.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#service-chaining



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription.

You plan to deploy the following file named File1.bicep.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: No
No - The name of the virtual network will be the same as the location of the resource group.

The name of the virtual network is set to VNET1.
The location of the virtual network will be the same as the location of the resource group.

Box 2: Yes
Yes- Both subnet objects will be provisioned successfully.

Configure subnets by using the subnets property
Virtual networks contain subnets, which are logical groups of IP addresses within the virtual network. There are two ways to define subnets in Bicep: by using the subnets property on the virtual network resource, and by creating a child resource with type Microsoft.Network/virtualNetworks/subnets.

It's best to define your subnets within the virtual network definition, as in this example:

param location string = resourceGroup().location

var virtualNetworkName = 'my-vnet'
var subnet1Name = 'Subnet-1'
var subnet2Name = 'Subnet-2'

resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-11-01' = {
name: virtualNetworkName
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
subnets: [
{
name: subnet1Name
properties: {
addressPrefix: '10.0.0.0/24'
}
}
{
name: subnet2Name
properties: {
addressPrefix: '10.0.1.0/24'
}
}
]
}

resource subnet1 'subnets' existing = {
name: subnet1Name
}

resource subnet2 'subnets' existing = {
name: subnet2Name
}
}

Box 3: No
No - Deploying File1.bicep more than once will cause an error message.

Note: Although both approaches enable you to define and create your subnets, there is an important difference. When you define subnets by using child resources, the first time your Bicep file is deployed, the virtual network is deployed. Then, after the virtual network deployment is complete, each subnet is deployed. This sequencing occurs because Azure Resource Manager deploys each individual resource separately.

When you redeploy the same Bicep file, the same deployment sequence occurs. However, the virtual network is deployed without any subnets configured on it because the subnets property is effectively empty. Then, after the virtual network is reconfigured, the subnet resources are redeployed, which re-establishes each subnet. In some situations, this behavior causes the resources within your virtual network to lose connectivity during your deployment. In other situations, Azure prevents you from modifying the virtual network and your deployment fails.


Reference:

https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-virtual-networks



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains a resource group named RG1.

You have a file named File1.bicep as shown in the File1.bicep exhibit. (Click the File1.bicep tab.)



You create a file named File2.bicep as shown in the File2.bicep exhibit. (Click the File2.bicep tab.)



You run the following PowerShell commands.

New-AzResourceGroupDeployment -ResourceGroupName RG1 -TemplateFile Filel.bicep

New-AzResourceGroupDeployment -Whatif -ResourceGroupName RG1 -TemplateFile File2.bicep

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Yes VNet1 has CostCenter tag has a value of 12345.

Only File1.bicep will be used for the deployment, not File2.bicep due the -Whatif operation.
CostCenter is set to 12345 in File1.

Note: ARM template deployment what-if operation
Before deploying an Azure Resource Manager template (ARM template), you can preview the changes that will happen. Azure Resource Manager provides the what-if operation to let you see how resources will change if you deploy the template. The what-if operation doesn't make any changes to existing resources. Instead, it predicts the changes if the specified template is deployed.

Box 2: No
No - VNet1 has an IP address space of 10.0.0.0/16.
VNet1 has an IP address space of 10.0.0.0/24 in File1.

Box 3: No
No - VNet1 has two subnets.

File1 declares only one subnet.


Reference:

https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-what-if



DRAG DROP (Drag and Drop is not supported)
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains virtual machines that have Remote Desktop enabled.

Several users plan to work remotely and connect to the virtual machines from a home office.

You need to configure connectivity to the virtual machines to support a Point-to-Site (P2S) VPN connection for each user.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer.

Step 1: Create a new subnet in VNet1
Do I need a gateway subnet?
Yes. The gateway subnet contains the IP addresses that the virtual network gateway services use. You need to create a gateway subnet for your virtual network in order to configure a virtual network gateway.

Step 2: Add an IP address pool.
When you create the gateway subnet, you specify the number of IP addresses that the subnet contains. The IP addresses in the gateway subnet are allocated to the gateway service.

Some configurations require more IP addresses to be allocated to the gateway services than do others. Make sure that your gateway subnet contains enough IP addresses to accommodate future growth and possible new connection configurations.

Step 3: Create a VPN gateway


Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq
https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about






Post your Comments and Discuss Microsoft AZ-104 exam with other Community members:

AZ-104 Exam Discussions & Posts