Free AZ-104 Exam Braindumps

- (Exam Topic 6)
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then created a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet. What should you do?

1. A. Modify the action of Rule1.
2. B. Change the priority of Rule6 to 100.
3. C. For Rule4, change the protocol from UDP to Any.
4. D. / For Rule5, change the Action to Allow and change the priority to 401.

Correct Answer: D

- (Exam Topic 1)
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?

1. A. Diagram in VNet1
2. B. the security recommendations in Azure Advisor
3. C. Diagnostic settings in Azure Monitor
4. D. Diagnose and solve problems in Traffic Manager Profiles
5. E. IP flow verify in Azure Network Watcher

Correct Answer: E
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

- (Exam Topic 6)
You have an Azure subscription named Subscription 1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point to site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2
from the on premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2. What should you do?

1. A. Select Allow gateway transit on VNet2.
2. B. Select Allow gateway transit on VNet1.
3. C. Download and te-install the VPN client configuration package on Client1.
4. D. Enable BGP on VPNGW1

Correct Answer: C
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

- (Exam Topic 5)
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features. What should you do?

1. A. From the Groups blade of each user, invite the users to a group.
2. B. From the Licenses blade of Azure AD, assign a license.
3. C. From the Directory role blade of each user, modify the directory role.
4. D. From the Azure AD domain, add an enterprise application.

Correct Answer: B
Many Azure Active Directory (Azure AD) services require you to license each of your users or groups (and associated members) for that service. Only users with active licenses will be able to access and use the licensed Azure AD services for which that's true. Licenses are applied per tenant and do not transfer to other tenants.
Not all Microsoft services are available in all locations. Before a license can be assigned to a group, you must specify the Usage location for all members. You can set this value in the Azure Active Directory > Users > Profile > Settings area in Azure AD. Any user whose usage location is not specified inherits the location of the Azure AD organization.
You can add the licensing rights to users or to an entire group. Check the reference link for the steps. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups

- (Exam Topic 6)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)

You assign the policy by using the following parameters:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Solution:
Not allowed resource types (Deny): Prevents a list of resource types from being deployed. This means this policy specifically prevents a list of resource types from being deployed. So that refers that except deployment all the other operations like start/stop or move etc. are not prevented. But to be noted if the resource already exists, it just marks it as non-compliant.
Replicated this scenario in LAB keeping VM running and below are the outcome :
· VM is not deallocated
· Able to stop and start VM successfully.
· Not able to create new virtual network or VM.
· Not able to modify VM size.
· Not able change the address space of the virtual network.
· Successfully moved virtual network and VM in another resource group. Statement 1 : Yes
Based on above experiment the policy will mark the VNET1 as non-compliant but it can be moved to RG2 . Hence this statement is true.
Statement 2 : No
Based on above experiment the policy will mark the VM as non-compliant but it will still be running, not deallocated. Hence this statement is False.
Statement 3 : No
Based on above experiment the address space for VNET2 can not be modified. Hence this statement is False.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A