AZ-104 Free Practice Test

- (Topic 5)
You have an Azure subscription that contains the resources shown in the following table.

LB1 is configured as shown in the following table.

You plan to create new inbound NAT rules that meet the following requirements: Provide Remote Desktop access to VM2 from the internet by using port 3389.

1. A. A frontend IP address
2. B. A health probe
3. C. A load balancing rule
4. D. A backend pool

Correct Answer: A
To create an inbound NAT rule, you need to specify a frontend IP address and a frontend port for the load balancer to receive the traffic, and a backend IP address and a backend port for the load balancer to forward the traffic to1. According to the first table, LB1 has only one frontend IP address, which is 40.121.183.105. However, this frontend IP address is already used by the existing inbound NAT rule named rule1, which forwards port 80 to VM1 on port 802. Therefore, you cannot use the same frontend IP address and port for another inbound NAT rule.
To solve this problem, you need to create a new frontend IP address for LB1 before you can create the new inbound NAT rules. You can do this by using the Azure portal, PowerShell, or CLI3. After you create a new frontend IP address, you can use it to create the new inbound NAT rules that meet your requirements.

HOTSPOT - (Topic 5)
You have an Azure subscription that contains the virtual machines shown in the following table.

VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule;
• Priority: 100
• Name: Rule1
• Port: 3389
• Protocol: TCP
• Source: Any
• Destination: Any
• Action: Allow
NSG1 is associated to Subnet! NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Solution:
No: VM1 has default rules which denies any port open for inbound rules Yes: VM2 has custom rule allowing RDP port
Yes: VM1 and VM2 are in the same Vnet. by default, communication are allowed

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 5)
You deploy Azure virtual machines to three Azure regions.
Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.
Each subnet contains a network security group (NSG) that has defined rules.
A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.
Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

1. A. Azure Virtual Network Manager
2. B. IP flow verify
3. C. Azure Monitor Network Insights
4. D. Connection troubleshoot
5. E. elective security rules

Correct Answer: BD
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip- flow-verify-overview
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

- (Topic 5)
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2.
What is the effect of the move?

1. A. The App Service plan for WebApp1 moves to North Europ
2. B. Po1icy2 applies to WebApp1.
3. C. The App Service plan for WebApp1 remains in West Europ
4. D. Policy2 applies to WebApp1.
5. E. The App Service plan for WebApp1 moves to North Europ
6. F. Policy1 applies to WebApp1.
7. G. The App Service plan for WebApp1 remains in West Europ
8. H. Policy1 applies to WebApp1.

Correct Answer: B

HOTSPOT - (Topic 5)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure
Backup reports of Vault1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe. Box 2: Analytics1, Analytics2, Analytics3
https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault https://docs.microsoft.com/de-de/azure/backup/configure-reports

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A