CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free AZ-104 Exam Braindumps (page: 41)

Page 40 of 132
PDF with 606 Questions
View Related Case Study

HOTSPOT (Drag and Drop is not supported)
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.


Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:

-A SQL database
-A web front end
-A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Technical requirements include:
-Move all the virtual machines for App1 to Azure.
-Minimize the number of open ports between the App1 tiers.


Reference:

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server



View Related Case Study

You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

  1. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  2. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  3. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  4. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Answer(s): A

Explanation:

Incoming and the web server subnet only, as users access the web front end by using HTTPS only.

Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
-A SQL database
-A web front end
-A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.



View Related Case Study

You need to configure WebApp1 to meet the technical requirements.

Which certificate can you use from Vault1?

  1. Cert1 only
  2. Cert1 or Cert2 only
  3. Cert1 or Cert3 only
  4. Cert3 or Cert4 only
  5. Cert1, Cert2 Cert3, or Cert4

Answer(s): B

Explanation:

Cert1 and Cert2 are PKCS certificates.

Scenario:
WebApp1 is an Azure App Service web app.
Use TLS for WebApp1.

Vault1 contains the certificates shown in the following table.



Note:
Import a certificate from Key Vault
If you use Azure Key Vault to manage your certificates, you can import a PKCS12 certificate into App Service from Key Vault if you met the requirements.

--
Private certificate requirements
The free App Service managed certificate and the App Service certificate already satisfy the requirements of App Service. If you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements:

Exported as a password-protected PFX file, encrypted using triple DES.
Contains private key at least 2048 bits long
Contains all intermediate certificates and the root certificate in the certificate chain.
To secure a custom domain in a TLS binding, the certificate has more requirements:

Contains an Extended Key Usage for server authentication (OID = 1.3.6.1.5.5.7.3.1)
Signed by a trusted certificate authority


Reference:

https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate



View Related Case Study

You need to meet the technical requirements for the KEK.

Which PowerShell cmdlet and key should you use?

  1. Set-AzVMDiskEncryptionExtension and Key2.
  2. Set-AzDiskEncryptionKey and Key2.
  3. Set-AzDiskDiskEncryptionKey and Key1.
  4. Set-AzVMDiskEncryptionExtension and Key1.

Answer(s): D

Explanation:

Use key1, not key2:
What size should I use for my key encryption key (KEK)?
Windows Server 2022 and Windows 11 include a newer version of BitLocker and currently doesn't work with RSA 2048 bit Key Encryption Keys. Until resolved, use an RSA 3072 or RSA 4096-bit keys.

For earlier version of Windows, you may instead use RSA 2048 Key Encryption Keys.

The Set-AzVMDiskEncryptionExtension cmdlet enables encryption on a running infrastructure as a service (IaaS) virtual machine in Azure. It enables encryption by installing the disk encryption extension on the virtual machine.

Scenario:
Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.

Vault1 contains the keys shown in the following table.



Incorrect:
Not C: The Set-AzDiskDiskEncryptionKey cmdlet sets the disk encryption key properties on a disk object.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-faq
https://learn.microsoft.com/en-us/powershell/module/az.compute/set-azvmdiskencryptionextension






Post your Comments and Discuss Microsoft AZ-104 exam with other Community members:

AZ-104 Exam Discussions & Posts