AZ 104 RENEWAL EXAM QUESTION AND ANSWER
UPDATED 2023/2024 GRADED A+
1) You have an Azure virtual network named VNET1 has and a network
security group (NSG) named NSG1. NSG1 has the following inbound
security rules:
• Rule1 has a priority of 100 and allows port 3389 on TCP protocol from
any source and to any destination
• Rule2 has a priority of 200 and allows ports 80 and 8080 on UDP
protocol from any source and to any destination
• Rule3 has a priority of 300 and denies ports 1-2000 on TCP protocol
from any source and to any destination
,AZ 104 RENEWAL EXAM QUESTION AND ANSWER
UPDATED 2023/2024 GRADED A+
• Rule4 has a priority of 400 and allows ports 50-500 on TCP protocol
from VirtualNetwork source and to any destination
• Rule5 has a priority of 500 and allows ports 80 and 443 on TCP protocol
from any source and to any destination
You need to allow http and https connections from the internet to VNET1.
What should you change for NSG1?
Select only one answer.
Priority for Rule4 to 250 Protocol for Rule2 to TCP Priority for Rule3
to 450 Priority for Rule5 to 250
2) You have an Azure virtual machine named VM1 that connects toa
virtual network named VNET1.
A network security group (NSG) named NSG1 allows connections to VM1
from VNET1 only.
You need to add an inbound security rule to NSG1 that meets the following
requirements:
• Allows Azure Backup to back up VM1
• Minimizes the types of allowed inbound traffic
What should you use as the source for the inbound security rule?
Select only one answer.
any IP address the IP address of VM1 a service tag for Azure Backup
an application security group
3) You have an Azure virtual network named VNET1 that has an IP
address space of 192.168.0.0/16 and the following subnets:
• Subnet1- has an IP address range of 192.168.1.0/24 and is connected
to 15 VMs
• Subnet2- has an IP address range of 192.168.2.0/24 and does not have
any VMs connected
You need to ensure that you can deploy Azure Firewall to VNET1.
What should you do?
Select only one answer.
, AZ 104 RENEWAL EXAM QUESTION AND ANSWER
UPDATED 2023/2024 GRADED A+
Add a new subnet to VNET1. Add a service endpoint to Subnet2.
Modify the subnet mask of Subnet2. Modify the IP address space of
VNET1.
4) You have an Azure subscription that contains a storage account
named storage1 and the following virtual machines:
• VM1 has a public IP address of 13.68.158.24 and is connected to
VNET1/Subnet1
• VM2 has a public IP address of 52.255.145.76 and is connected to
VNET1/Subnet1
• VM3 has a public IP address of 13.68.158.50 and is connected to
VNET1/Subnet2
The subnets have the following service endpoints:
• Subnet1 has a Microsoft.Storage service endpoint
• Subnet2 does not have any service endpoint
Storage1 has a firewall configured to allow access from the 13.68.158.0/24 IP
address range only.
You need to identify which virtual machines can access storage1.
What should you identify?
Select only one answer.
VM1 only VM3 only VM1 and VM2 only VM1 and VM3 only VM1,
VM2, and VM3
5) You plan to deploy an Azure web app that will have the following
settings:
• Name: WebApp1
• Publish: Docker container
• Operating system: Windows
• Region: West US
• Windows Plan (West US): ASP-RG1-8bcf
You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack.
Which setting should you modify?
Select only one answer.
Region Operating system Publish Windows Plan
UPDATED 2023/2024 GRADED A+
1) You have an Azure virtual network named VNET1 has and a network
security group (NSG) named NSG1. NSG1 has the following inbound
security rules:
• Rule1 has a priority of 100 and allows port 3389 on TCP protocol from
any source and to any destination
• Rule2 has a priority of 200 and allows ports 80 and 8080 on UDP
protocol from any source and to any destination
• Rule3 has a priority of 300 and denies ports 1-2000 on TCP protocol
from any source and to any destination
,AZ 104 RENEWAL EXAM QUESTION AND ANSWER
UPDATED 2023/2024 GRADED A+
• Rule4 has a priority of 400 and allows ports 50-500 on TCP protocol
from VirtualNetwork source and to any destination
• Rule5 has a priority of 500 and allows ports 80 and 443 on TCP protocol
from any source and to any destination
You need to allow http and https connections from the internet to VNET1.
What should you change for NSG1?
Select only one answer.
Priority for Rule4 to 250 Protocol for Rule2 to TCP Priority for Rule3
to 450 Priority for Rule5 to 250
2) You have an Azure virtual machine named VM1 that connects toa
virtual network named VNET1.
A network security group (NSG) named NSG1 allows connections to VM1
from VNET1 only.
You need to add an inbound security rule to NSG1 that meets the following
requirements:
• Allows Azure Backup to back up VM1
• Minimizes the types of allowed inbound traffic
What should you use as the source for the inbound security rule?
Select only one answer.
any IP address the IP address of VM1 a service tag for Azure Backup
an application security group
3) You have an Azure virtual network named VNET1 that has an IP
address space of 192.168.0.0/16 and the following subnets:
• Subnet1- has an IP address range of 192.168.1.0/24 and is connected
to 15 VMs
• Subnet2- has an IP address range of 192.168.2.0/24 and does not have
any VMs connected
You need to ensure that you can deploy Azure Firewall to VNET1.
What should you do?
Select only one answer.
, AZ 104 RENEWAL EXAM QUESTION AND ANSWER
UPDATED 2023/2024 GRADED A+
Add a new subnet to VNET1. Add a service endpoint to Subnet2.
Modify the subnet mask of Subnet2. Modify the IP address space of
VNET1.
4) You have an Azure subscription that contains a storage account
named storage1 and the following virtual machines:
• VM1 has a public IP address of 13.68.158.24 and is connected to
VNET1/Subnet1
• VM2 has a public IP address of 52.255.145.76 and is connected to
VNET1/Subnet1
• VM3 has a public IP address of 13.68.158.50 and is connected to
VNET1/Subnet2
The subnets have the following service endpoints:
• Subnet1 has a Microsoft.Storage service endpoint
• Subnet2 does not have any service endpoint
Storage1 has a firewall configured to allow access from the 13.68.158.0/24 IP
address range only.
You need to identify which virtual machines can access storage1.
What should you identify?
Select only one answer.
VM1 only VM3 only VM1 and VM2 only VM1 and VM3 only VM1,
VM2, and VM3
5) You plan to deploy an Azure web app that will have the following
settings:
• Name: WebApp1
• Publish: Docker container
• Operating system: Windows
• Region: West US
• Windows Plan (West US): ASP-RG1-8bcf
You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack.
Which setting should you modify?
Select only one answer.
Region Operating system Publish Windows Plan
