Free Microsoft AZ-104 Exam Dumps Questions

- (Exam Topic 6)
Note This question is part of a series of questions that present the same seer Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Performance Monitor, you create a Data Collector Set (DCS)
Does this meet the goal?

Correct Answer:B
Network performance monitor allows you to monitor connectivity and latencies across hybrid network architectures, Expressroute circuits, and service/application endpoints.
With an data collector set we can count specified network traffic, but we cannot inspect it. For this we would need a network watcher Packet Capture.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

- (Exam Topic 6)
You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size.
You plan to make the following changes to VM1:
Change the size to D8s v3.
Add a 500-GB managed disk.
Add the Puppet Agent extension.
Attach an additional network interface. Which change will cause downtime for VM1?

Correct Answer:D
While resizing the VM it must be in a stopped state.
References: https://azure.microsoft.com/en-us/blog/resize-virtual-machines/

- (Exam Topic 6)
You have an A2ure virtual machine named VMV
The network interface for VM1 is configured as shown in the exhibit(Click the Exhibit tab.)

You deploy a web server on VM1. and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet. What should you do?

Correct Answer:D
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 3 (ports 60-500) and giving it a lower priority number will allow access on port 443.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because
lower numbers have higher priority. Once traffic matches a rule, processing stops. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

- (Exam Topic 5)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table:

User3 is the owner of Group1. Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Solution:
In the Users section, specify the users that the access review applies to. Access reviews can be for the members of a group or for users who were assigned to an application. You can further scope the access review to review only the guest users who are members (or assigned to the application), rather than reviewing all the users who are members or who have access to the application.

Present Use Case:
Group2 is a member of Group1 and User3 is the owner of Group1 So User3 can review both Group 1 and 2. But for review the scope says only Guest.
Solution:
User1 is a member not a guest so 1st statement ==> NO UserA is member not the guest so 2nd statement ==> No UserB is a guest so 3rd statement ==> Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

Does this meet the goal?

Correct Answer:A

- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?

Correct Answer:B
The default port for RDP is TCP port 3389 not UDP.
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic, Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation.
Here in the solution UDP traffic is allowed at virtual network level which is not tcp/rdp protocol. So this will not work to achieve the goal.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules

- (Exam Topic 6)
You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the following table.

You need to provide internet users with access to the applications that run in Cluster1. Which IP address should you include in the DNS record for Ousted?

Correct Answer:B
When any internet user will try to access the cluster which is behind a load balancer, traffic will first hit to load balancer front end IP. So in the DNS configuration you have to provide the IP address of the load balancer.
Reference:
https://stackoverflow.com/questions/43660490/giving-a-dns-name-to-azure-load-balancer