Azure 104 Exam question

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.VM1 hosts a frontend application that connects to VM2 to retrieve data.Users report that the frontend application is slower than usual.You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.Which Azure Network Watcher feature should you use?

The connection monitor:-  A (Correct Answer)

The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint

The IP flow:- B

The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.

Network Security:-C

The Network Security Groups flow log capability allows you to log the source and destination IP address, port, protocol, and whether traffic was allowed or denied by an Network Security Groups.

connection troubleshoot:- D

The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does.

From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit. What caused AlexW to be blocked?

Answer 3

Blob storage supports three types of blobs (block, page and append blobs), and three access tiers (hot, cool, and archive).


https://docs.microsoft.com/en-us/rest/api/storageservices/understanding-block-blobs--append-blobs--and-page-blobs

Azure Monitor is a single-pane of glass for accessing Azure metrics, tenant and resource diagnostic logs, Log Analytics, service health, and alerts.

Azure Monitor is a single-pane of glass for accessing Azure metrics, tenant and resource diagnostic logs, Log Analytics, service health, and alerts.

You can configure alerts based on metric alerts (captured from Azure Metrics) to Activity Log alerts that can notify only with an Azure Automation Runbook (and not by email).

Explanation

You can configure alerts based on metric alerts (captured from Azure Metrics) to Activity Log alerts that can notify by email, web hook, SMS, Logic Apps, or even an Azure Automation Runbook.

You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the GlobalAdministrators group authenticate to Azure AD from untrusted locations.You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.What should you do?

Explanation

There are two types of controls:  Grant controls " To gate access  Session controls " To restrict access to a sessionGrant controls oversee whether a user can complete authentication and reach the resource that they're attempting to sign-in to.

If you have multiple controls selected, you can configure whether all of them are required when your policy is processed.

The current implementation of Azure Active Directory enables you to set the following grant control requirements:

Reference: https://blog.lumen21.com/2017/12/15/conditional-access-in-azure-active-directory/


You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.

From Azure, you download and install the VPN client configuration package on a computer named Computer2.You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.

Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Does this meet the goal?

Explanation

Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails. References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

The Standard performance tier uses

Explanation

The Standard performance tier uses magnetic disks and supports all services. The Premium tier uses solid-state disks and is only used for unmanaged VM disks.
https://www.danielstocker.net/what-is-the-difference-between-azure-standard-storage-and-azure-premium-storage/

Role-based access control allows you to grant users, groups, and service principals access to Azure resources at the subscription, resource group, or resource scopes with RBAC inheritance. The three core roles are Owner, Administrator, and Guest.

Explanation

Role-based access control allows you to grant users, groups, and service principals access to Azure resources at the subscription, resource group, or resource scopes with RBAC inheritance. The three core roles are Owner, Contributor, and Reader.

You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?

Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-troubleshoot-password-hash-synchronization#no-passwords- are-synchronized-troubleshoot-by-using-the-troubleshooting-task

You have an Active Directory forest named contoso.com.You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.You need to ensure that the synchronization completes successfully.

What should you do?

Answers

·      Run Azure AD Connect and set the SSO method to Pass-through Authentication.

·      From Synchronization Service Manager, run a full import.

·      From Azure PowerShell, run Start-AdSyncSyncCycle ?PolicyType Initial.

·      Run Azure AD Connect and disable staging mode.

 


Advertisement

Explanation (click to expand)

Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.

Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals. It provides the following features:

Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises AD password with Azure AD.

Pass-through authentication - A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.

Federation integration - Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.

Synchronization - Responsible for creating users, groups, and other objects. As well as, making sure identity information for your on-premises users and groups is matching the cloud. This synchronization also includes password hashes.

Health Monitoring - Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.

 You have an Azure Active Directory (Azure AD) tenant.

All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on-premises network.
What should you configure?

  • A. the default for all the roles in Azure AD Privileged Identity Management
  • B. an Azure AD Identity Protection user risk policy
  • C. an Azure AD Identity Protection sign-in risk policy
  • D. the multi-factor authentication service settings
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Top of Form

You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop.You configure the network security group (Network Security Groups) shown in the picture.

You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80. What should you do?

·        

Change the Port_80 inbound security rule.

·        

Change the DenyWebSites outbound security rule.

·        

Disassociate the Network Security Groups from a network interface.

·        

Associate the Network Security Groups to Subnet1.

Bottom of Form

Explanation

You can associate or dissociate a network security group from a network interface or subnet.The Network Security Groups has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.

References: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

 

Comments

Post a Comment

Popular posts from this blog

MCSA and MCSE

Blog Reference https://www.exam-labs.com/exam/70-410 http://www.gocertify.com/quizzes/microsoft/transcender-70-410-practice-questions.html http://www.tech-faq.com/70-410-installing-and-configuring-microsoft-windows-server.html http://mcsa-70-410.blogspot.co.nz/https://mcsa2012r2.wordpress.com/70-410/410_powershell_commands/ https://quizlet.com/84966162/70-410-objective-63-flash-cards/ 70-410 Exam Dumps https://drive.google.com/drive/folders/0BzvHmopxY91iQTQydzdLLThscFU?usp=sharing
Read more
Image
https://medium.com/@kyleake/exam-az-900-microsoft-azure-fundamentals-most-complete-preparation-guide-ever-76614d31a59c What is Exam AZ-900: Microsoft Azure Fundamentals? “This exam is designed for candidates looking to demonstrate foundational level knowledge of cloud services and how those services are provided with Microsoft Azure. The exam is intended for candidates with non-technical backgrounds, such as those involved in selling or purchasing cloud based solutions and services or who have some involvement with cloud based solutions and services, as well as those with a technical background who have a need to validate their foundational level knowledge around cloud services. Technical IT experience is not required however some general IT knowledge or experience would be beneficial. This exam can be taken as an optional first step in learning about cloud services and how those concepts are exemplified by Microsoft Azure. It can be taken as a precursor to Microsoft Azure o
Read more

MASTERING AZURE WITH CLOUD SHELL

Image
https://www.thomasmaurer.ch/2019/01/azure-cloud-shell/ https://www.itexams.com/exam/AZ-900 https://az900.blogspot.com/2020/01/how-i-passed-az-900-in-week.html https://www.exam-answer.com/microsoft/az-900/question15 MASTERING AZURE WITH CLOUD SHELL POSTED IN  CLOUD ,  MICROSOFT ,  MICROSOFT AZURE ,  POWERSHELL ,  VISUAL STUDIO ,  VISUAL STUDIO CODE ,  WINDOWS TERMINAL ,  WORK There are multiple ways to interact and manage resources in  Microsoft Azure . You can use the Azure Portal or command line tools like the Azure PowerShell module or the Azure CLI, which you can install on your local machine. However, to set up a cloud management workstation for administrators and developers can be quite a lot of work. Especially if you have multiple computers, keeping consistency between these machines can be challenging. Another challenge is keeping the environment secure and all the tools up to date. The Azure Cloud Shell addresses this any many more things. Cloud Shell is not bra
Read more