Azure : AZ-104 exam 1.0
- Your company has serval departments. Each department has a number of virtual machines (VMs). The company has an Azure subscription that contains a resource group named RG1. All VMs are located in RG1. You want to associate each VM with its respective department. What should you do?
A. Create Azure Management Groups for each department.
B. Create a resource group for each department.
C. Assign tags to the virtual machines.
D. Modify the settings of the virtual machines.
Explanation:
A. Create Azure Management Groups for each department.This would not be the correct approach for the given scenario. Azure Management Groups are designed to manage access, policies, and compliance across multiple Azure subscriptions.
B. Create a resource group for each department. This approach would involve restructuring the resources, and you’d have to move VMs between resource groups. It’s a more disruptive approach than simply tagging the VMs.
C. Assign tags to the virtual machines. This is the correct approach. Tags allow you to categorize resources without changing their actual configuration or moving them between resource groups.
D. Modify the settings of the virtual machines. This is too vague and doesn’t specify which settings would be changed. Simply modifying VM settings wouldn’t inherently associate a VM with a department.
2. The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings. Does the solution meet the goal?
A. Yes
B. No
To implement the required conditional access policy, the following steps should be taken:
Create a new Conditional Access policy in Azure AD portal. Set the policy to require Multi-Factor Authentication and Azure AD device registration.In the policy’s “Users and Groups” section, specify the Global Administrators group as the target.In the policy’s “Conditions” section, specify the locations that are considered untrusted. Save the policy. Simply accessing the multi-factor authentication page and altering user settings does not provide a comprehensive solution to meet the stated goal.
3.Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. Does the solution meet the goal?
A. Yes
B. No
You alter the grant control, not session control
Under Access controls > Grant, select Grant access, Require multi-factor authentication, and select Select. https://docs.microsoft.com/enus/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
4.Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. Does the solution meet the goal?
A. Yes
B. No
Answer is A. The Answer “A” is correct- Instead of the MFA page mentioned above, you have to go the route of Conditional Access Policy →Grant Control mentioned here for this question. Under Grant Control you are given the option of setting MFA and requiring AD joined devices in the exact same window.
5.You are planning to deploy an Ubuntu Server virtual machine to your company’s Azure subscription. You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA). Which of the following should you use to create the virtual machine?
A. The New-AzureRmVm cmdlet.
B. The New-AzVM cmdlet.
C. The Create-AzVM cmdlet.
D. The az vm create command
The az vm create command. you need to create an Ubuntu Linux VM using a cloud-init script for configuration. For example, az vm create -g MyResourceGroup -n MyVm — image debian — custom-data MyCloudInitScript.ymlhttps://docs.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latesthttps://cloudinit.readthedocs.io/en/latest/topics/examples.html
This getting update …twice a week :)