跳转至

Az104 final test

Topic 1

  1. Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.
  2. Run the Set-AzureStaticVNetIP PowerShell cmdlet
  3. To invite using Powershell one should use the "New-AzureADMSInvitation" cmdlet.
  4. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet
  5. Assign the User administrator administrative role to AdminUser1.
    • From the Directory role blade, modify the directory role
  6. You purchase 10 Azure AD Premium P2 licenses for the tenant.
    • From the Licenses blade of Azure AD, assign a license
  7. Deploy the IT Service Management Connector (ITSM)
  8. add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
    • A. Device settings from the Devices blade
  9. Event | search "error"
    • Event | where EventType == "error"
    • search in (Event) "error"
  10. You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
    • A. From the Users settings blade, modify the External collaboration settings.
  11. You need to create a name server (NS) record for the zone
    • Create an NS record named research in the adatum.com zone.
  12. You need to ensure that records created in the contoso.com zone are resolvable from the internet.
    • Modify the NS records in the DNS domain registrar.
  13. You have a domain name of contoso.com registered at a third-party registrar.
    • Add a custom name
    • Add a record to the public contoso.com DNS zone
    • Verify the domain
  14. You need to grant user management permissions to a local administrator in each office.
    • B. administrative units
  15. The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
    • A. Enable Active Directory Domain Service (AD DS) authentication for storage1.
  16. Can't assign policy to VM1, can't exclude policy from Tenant root group
  17. You can clone an in-built Azure role,
    • You CANNOT clone in-built Azure AD role
  18. Blob storage (hierarchical namespace): Microsoft Entra ID & SAS
    • File storage: SAS only
  19. Microsoft 365 group (Security Disabled) - You cannot assign licenses to security-disabled groups.
  20. Azure table storage:
    • General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts,
    • Azure blob storage:
      • General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
  21. Access Control (IAM)
    • Shared access signatures (SAS) We need temp access for App2, so we need to use SAS.
  22. synchronize the files in the file share named data to an on-premises server
    • Register Server1
    • Install the Azure File Sync agent on Server1
    • Create a sync group
  23. azcopy make 'https://mystorageaccount.blob.core.windows.net/vmimages'
  24. ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
  25. Server instance that requires persistent storage.
    • A. Azure Files
  26. Premium file shares => FileStorage account.
    • Archive access: Blob Storage and General Purpose v2 (GPv2) accounts.
  27. The SAS token is not supported in mounting Azure File share currently, it just supports the Azure storage account key.
  28. The lifecycle management feature is available in all Azure regions for (GPv2) accounts, blob storage accounts, block blobs storage accounts, and Azure Data Lake Storage Gen2 accounts.
  29. The SMB protocol requires TCP port 445 to be open
  30. Access policy can set retention policy.
  31. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive

Topic 2

  1. If you define more than one action on the same blob, lifecycle management applies the least expensive action to the blob.
  2. Only storage accounts that are configured for LRS, GRS, or RA-GRS support moving blobs to the archive tier.
    • The archive tier isn't supported for ZRS, GZRS, or RA-GZRS accounts.
  3. Conditions can be added to Containers and Queues.
  4. Default routing tier to Internet Routing / Encryption type
  5. View only specific blobs based on blob index tags
    • A. a role assignment condition
  6. The encryption scope in Azure Storage is available for Azure Blob / Data Lake Gen2 storage
  7. Azure Disk Encryption for volume encryption.
    • Creating a key vault.
    • Select Azure Disk Encryption for volume encryption.
  8. Linux doesn't support storage Explorer
  9. Azure Storage Account Contributor role can't access the file share
  10. You create an Azure Log Analytics workspace and configure the data settings.
    • You install the Microsoft Monitoring Agent on VM1.
    • You create an alert in Azure Monitor and specify the Log Analytics workspace as the source
  11. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
    • A. Upload a configuration script
    • D. Modify the extensionProfile section of the Azure Resource Manager template
  12. To install kubectl locally, use the az aks install-cli command.
  13. Upload a configuration to Azure Automation State Configuration
    • Compile a configuration into a node configuration
    • Check the compliance status of the node.
  14. To migrate a VM from a VNET to another VNET. The only option is to delete the VM and redeploy it using a new NIC and NIC connected to VNET2
  15. You need to configure cluster autoscaler for AKS1.
    • B: The az aks command.
    • D: Azure portal.

  16. Monitor the metrics and the logs of VM1.

    • Linux Diagnostic Extension (LAD) 3.0

  17. New-AzResource - creates an Azure resource

    • New-AzResourceGroupDeployment - adds a deployment to an existing resource group.
    • Use New-AzDeployment for deploying resources at the subscription level.
    • New-AzSubscriptionDeployment: used to deploy resources at the subscription level
  18. Multi-container groups currently support only Linux containers.
  19. Azure Firewall supports standard SKU public static IPv4 addresses. ( Regional)
  20. Windows: (Azure Container Instances / Azure App Service)
    • Linux: ACI / APS / Azure Container Apps
  21. You need to move the adatum.com zone to an Azure DNS zone in Subscription1.
    • A. Azure CLI
  22. Basic Load Balancer: Backend pool endpoints for Virtual machines in a single availability set or virtual machine scale set.
    • Standard Load Balancer: Any virtual machines or virtual machine scale sets in a single virtual network
  23. ensure that VM1 can be created in an Availability Zone.
    • A. Use managed disks
    • C. Availability options
  24. Export the client certificate from Computer1 and install the certificate on Computer2.
  25. IP flow verify: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
    • Connection troubleshoot: Validate outbound connectivity from an Azure virtual machine to an external host.
  26. You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
    • Solution: You create two Standard SKU public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine
  27. You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
    • Solution: You disassociate the public IP address from the network interface of VM2.
    • You can only attach virtual machines that are in the same location and on the same virtual network as the LB. Virtual machines must have a standard SKU public IP or no public IP.

Topic 3

  1. PolicyBased Basic VPN Gateway does not support Point-to-Site connectivity
    • So the existing policy-based VNG must be deleted so you can create a route based VPN
  2. Inspect all the network traffic from VM1 to VM2 for a period of three hours.
    • From Azure Network Watcher, you create a packet capture.
  3. You need to load balance HTTPS connections to vm1 and vm2 by using lb1.
    • Remove the Public IP addresses from vm1 and vm2
    • create a backend pool and health probes.
    • Create a load balancer rule.
  4. You need to connect site1 and site2 by using an Azure Virtual WAN.
    1. Create a virtual WAN
    2. Create virtual Hub
    3. Create VPN sites
    4. Connect a VPN site to a virtual hub
  5. VM1 has default rules which denies any port open for inbound rules
  6. VPN gateway supports only Dynamic IP (a basic SKU and a dynamic IP address assignment)
  7. Connection monitor resource: A region-specific Azure resource
  8. You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location.
    • C. Routing preference
  9. Ensure that Bastion1 can support 100 concurrent SSH users.
    • D. Upgrade Bastion1 to the Standard SKU
    • From Device1, you need to establish a Remote Desktop connection to VM1.
      • Upgrade Bastion1 to the Standard SkU.
      • From Bastion1, select Native Client Support.
      • From Azure CLI on Device1, run a network bastion rdp.
  10. Enable multi-user authorization (MAU) for Vault1.
    • A resource guard
  11. The Remote Desktop Connection client (mstscexe) can onlu support standard Bastion.
  12. Need to be able to configure DNS name label scope reuse for Azure container Instance.
    • B. the public networking type
  13. Bastion host: Subnet size must be /26 or larger (/25, /24 etc.).
    • Public IP: Standard SKU with a static allocation
  14. ensure that container(windows) can be configured to use private networking
    • Change: OS Type
    • Private networking is not supported for Windows containers.
  15. With a two-gate policy, administrators don't have the ability to use security questions
    • Billing / Security / Authentication / Application administrator
  16. Monitor the latency between your on-premises network and the virtual machines.
    • C. Network Performance Monitor
  17. You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
    • Centrally monitor user activity across all the subscriptions.
    • D. Azure Log Analytics workspace
  18. Identify unattached disks that can be deleted.
    • D. From Azure Cost Management, view Advisor Recommendations
  19. You need to back up Disk2 by using Azure Backup.
    • 1- Create an Azure backup vault.
    • 2- Create a backup policy and configure the backup
    • 3- Configure a managed identity
  20. Create an activity log alert in Azure Monitor?
    • A. a resource, a condition, and an action group
  21. All the virtual machines only communicate with Azure Monitor through VNet1.
    • C. an Azure Monitor Private Link Scope (AMPLS)
  22. Blob containers are backed up to Azure Backup vaults
    • Azure Files are backed up to Azure Recovery Services vaults
  23. Type of query used for data resource in DCR
    • B. XPath
  24. Use Connection Monitor to identify network latency between VM1 and DC1.
    • D. an Azure Monitor agent extension
  25. Use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
    • A. a Log Analytics workspace
    • E. a Data Collection Rule (DCR) in Azure Monitor
  26. Container1 with tier: Can be created in storage2 (storagev2) and Blobstorage.
    • Share with tier: Can be created in storage2 (storagev2) only
  27. Replication: storagev2 only
  28. move the blueprint files to Azure.
    • Use Azure Storage Explorer to copy the files.
  29. Get-AzRoleDefinition -name "Reader" |ConvertTo-Json
  30. B. dynamic groups and conditional access policies