AZ-104 Practice Questions — Page 21

Case study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York.

Existing Environment

Azure Environment

ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3.

The subscription contains the storage accounts shown in the following table.

The subscription contains the virtual machines shown in the following table.

The subscription has an Azure container registry that contains the images shown in the following table.

The subscription contains the resources shown in the following table.

Azure Key Vault

The subscription contains an Azure key vault named Vault1.

Vault1 contains the certificates shown in the following table.

Vault1 contains the keys shown in the following table.

Microsoft Entra Environment

ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.

The tenant contains the groups shown in the following table.

The adatum.com tenant has a custom security attribute named Attribute1.

Planned Changes

ADatum plans to implement the following changes:

• Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.

• In storage1, create a new container named cont2 that has the following access policies: o Three stored access policies named Stored1, Stored2, and Stored3 o A legal hold for immutable blob storage

• Whenever possible, use directories to organize storage account content.

• Grant User1 the permissions required to link Zone1 to VNet1.

• Assign Attribute1 to supported adatum.com resources.

• In storage2, create an encryption scope named Scope1.

• Deploy new containers by using Image1 or Image2.

Technical Requirements

ADatum must meet the following technical requirements:

• Use TLS for WebApp1.

• Follow the principle of least privilege.

• Grant permissions at the required scope only.

• Ensure that Scope1 is used to encrypt storage services.

• Use Azure Backup to back up cont1 and share1 as frequently as possible.

• Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.

You need to configure WebApp1 to meet the technical requirements.

Which certificate can you use from Vault1?

Case study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York.

Existing Environment

Azure Environment

ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3.

The subscription contains the storage accounts shown in the following table.

The subscription contains the virtual machines shown in the following table.

The subscription has an Azure container registry that contains the images shown in the following table.

The subscription contains the resources shown in the following table.

Azure Key Vault

The subscription contains an Azure key vault named Vault1.

Vault1 contains the certificates shown in the following table.

Vault1 contains the keys shown in the following table.

Microsoft Entra Environment

ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.

The tenant contains the groups shown in the following table.

The adatum.com tenant has a custom security attribute named Attribute1.

Planned Changes

ADatum plans to implement the following changes:

• Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.

• In storage1, create a new container named cont2 that has the following access policies: o Three stored access policies named Stored1, Stored2, and Stored3 o A legal hold for immutable blob storage

• Whenever possible, use directories to organize storage account content.

• Grant User1 the permissions required to link Zone1 to VNet1.

• Assign Attribute1 to supported adatum.com resources.

• In storage2, create an encryption scope named Scope1.

• Deploy new containers by using Image1 or Image2.

Technical Requirements

ADatum must meet the following technical requirements:

• Use TLS for WebApp1.

• Follow the principle of least privilege.

• Grant permissions at the required scope only.

• Ensure that Scope1 is used to encrypt storage services.

• Use Azure Backup to back up cont1 and share1 as frequently as possible.

• Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.

You need to meet the technical requirements for the KEK.

Which PowerShell cmdlet and key should you use?

You have an Azure subscription named Sub1.

You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:

✑ Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.

✑ Protect the web servers from SQL injection attacks.

Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter.

You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered.

You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters.

What should you create?

You have an Azure subscription that contains the resources shown in the following table.

LB1 is configured as shown in the following table.

You plan to create new inbound NAT rules that meet the following requirements:

✑ Provide Remote Desktop access to VM1 from the internet by using port 3389.

✑ Provide Remote Desktop access to VM2 from the internet by using port 3389.

What should you create on LB1 before you can create the new inbound NAT rules?

You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.

You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.

Which A records will be added to the adatum.com zone for each virtual machine? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area: