Pass AZ-104 Exam in First Attempt Guaranteed 2021 Dumps!
AZ-104 Dumps Full Questions - Exam Study Guide
NEW QUESTION 204
You have an Azure subscription named Subscroption1.
In Subscription1, you create an alert rule named Alert1.
The Alert1 action group is configured as shown in the following exhibit.
Alert1 alert criteria is triggered every minute.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: 60
One alert per minute will trigger one email per minute.
Box 2: 12
No more than 1 SMS every 5 minutes can be send, which equals 12 per hour.
Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable.
The rate limit thresholds are:
References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/monitoring-and-diagnostics/monitoring-overview-alerts.md
NEW QUESTION 205
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
- B. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
- C. Join the client computers in the Miami office to Azure AD.
- D. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
- E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Answer: D,E
Explanation:
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Topic 1, Humongous Insurance
Overview
Existing Environment
Huongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok. Each has 5000 users.
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com. The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
Default Azure system routes that will be the only routes used to route traffic A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2 A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4 You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups.
During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
NEW QUESTION 206
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
Answer:
Explanation:
Explanation

Box 1: Assignments, Users and Groups
When you configure the sign-in risk policy, you need to set:
The users and groups the policy applies to: Select Individuals and Groups
Box 2:
When you configure the sign-in risk policy, you need to set the type of access you want to be enforced.
Box 3:
When you configure the sign-in risk policy, you need to set:
The type of access you want to be enforced when your sign-in risk level has been met:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy
NEW QUESTION 207
You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
* A SQL database
* A web front end
* A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
* Technical requirements include:
* Move all the virtual machines for App1 to Azure.
* Minimize the number of open ports between the App1 tiers.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
NEW QUESTION 208
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the resources shown in the following table.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution: You move VM1 to RG2, and then you add a new network interface to VM1.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Section: [none]
Explanation:
Instead you should delete VM1. You recreate VM1, and then you add the network interface for VM1.
Note: When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. You can change the subnet a VM is connected to after it's created, but you cannot change the VNet.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview
NEW QUESTION 209
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a packet capture.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection-monitor-inall-public-regions/
NEW QUESTION 210
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2.
What should you do first?
- A. From the RSV1 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup.
- B. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.
- C. From the RSV1 blade, click Backup items and stop the VM2 backup.
- D. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
Answer: B
Explanation:
The Azure Site Recovery service contributes to your disaster recovery strategy by managing and orchestrating replication, failover, and failback of on-premises machines and Azure virtual machines (VMs).
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
NEW QUESTION 211
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?
- A. From the Groups blade of each user, invite the users to a group
- B. From the Directory role blade of each user, modify the directory role
- C. From the Azure AD domain, add an enterprise application
- D. From the Licenses blade of Azure AD, assign a license
Answer: D
Explanation:
Section: Manage Azure identities and governance
Explanation/Reference:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups
NEW QUESTION 212
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.
You plan to require the use of HTTPS to access WebApp1.
You need to upload certificates to WebApp1.
In which formats should you upload the certificate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A PFX file contains the public key file (SSL Certificate) and its unique private key file. This is required for HTTPS access. The web app will distribute the public key (in a CER file) to clients that connect to the web app.
The CER file is an SSL Certificate which has the public key of the external service. The external service will have the private key associated with the public key contained in the CER file.
NEW QUESTION 213
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.
Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
NEW QUESTION 214
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
- B. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
- C. Join the client computers in the Miami office to Azure AD.
- D. Add
http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office. - E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Answer: D,E
Explanation:
Explanation
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com
E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
NEW QUESTION 215
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Network Watcher Connection Monitor enables you to configure and track connection reachability, latency, and network topology changes. It helps reduce the amount of time to detect connectivity problems. The returned results can provide insights into whether a connectivity problem is due to a platform or a user configuration problem. This is not used in cases where we need to inspect for all the network traffic from one vm to another vm.
On the other hand Network Watcher packet capture allows you to create capture sessions to track traffic to and from a virtual machine. So in this scenario we need to use Network Watcher packet capture
References:
https://azure.microsoft.com/en-in/updates/general-availability-azure-network-watcher-connection-monitor-in-all-public-regions/#:~:text=Network%20Watcher%20Connection%20Monitor%20helps,or%20a%20user%20configuration%20problem
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-portal
NEW QUESTION 216
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
Explanation
As per the official MS doc:
The recommended steps to onboard on Azure File Sync for the first with zero downtime while preserving full file fidelity and access control list (ACL) are as follows:
1. Deploy a Storage Sync Service. --> This needs to be done on Azure .
2. Create a sync group. --> This needs to be done on Azure
3. Install Azure File Sync agent on the server with the full data set. --> This needs to be done on server1.
4. Register that server and create a server endpoint on the share. --> This needs to be done on server1.
5. Let sync do the full upload to the Azure file share (cloud endpoint).
6. After the initial upload is complete, install Azure File Sync agent on each of the remaining servers.
7. Create new file shares on each of the remaining servers.
8. Create server endpoints on new file shares with cloud tiering policy, if desired. (This step requires additional storage to be available for the initial setup.)
9. Let Azure File Sync agent do a rapid restore of the full namespace without the actual data transfer. After the full namespace sync, sync engine will fill the local disk space based on the cloud tiering policy for the server endpoint.
10. Ensure sync completes and test your topology as desired.
11. Redirect users and applications to this new share.
12. You can optionally delete any duplicate shares on the servers.
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Create a sync group
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on a registered server. A server can have server endpoints in multiple sync groups. You can create as many sync groups as you need to appropriately describe your desired sync topology.
Third action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service. ) Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=azure-portal
NEW QUESTION 217
DRAG DROP
You have an Azure subscription that contains the resources shown in the following table.
You need to load balance HTTPS connections to vm1 and vm2 by using lb1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant- portal
NEW QUESTION 218
You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unused disks that can be deleted.
What should you do?
- A. From the Azure portal, configure the Advisor recommendations.
- B. From Microsoft Azure Storage Explorer, view the Account Management properties.
- C. From Cloudyn, open the Optimizer tab and create a report.
- D. From Cloudyn, create a Cost Management report.
Answer: C
Explanation:
What is the Cloudyn service?
https://docs.microsoft.com/en-us/azure/cost-management/overview
You can determine optimal VM usage and identify idle VMs or remove idle VMs and unattached disks with Cloudyn. Using information in Sizing Optimization and Inefficiency reports, you can create a plan to down-size or remove idle VMs. However, optimization reports are not currently supported for CSP partner accounts or subscriptions.
If you provisioned AWS Reserved Instances, you can improve your reserved instances utilization with Optimization reports where you can view buying recommendations, modify unused reservations, and plan provisioning."
NEW QUESTION 219
You have an Azure subscription that contains the virtual machines shown in the following table:
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule:
* Priority: 100
* Name: Rule1
* Port: 3389
* Protocol: TCP
* Source: Any
* Destination: Any
* Action: Allow
NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 220
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take.
By defining conventions, you can control costs and more easily manage your resources.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
NEW QUESTION 221
You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?
- A. a performance test
- B. slots to the Testing in production blade
- C. a WebJob
- D. templates to the Automation script blade
Answer: B
Explanation:
Explanation
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
Example:
References:
https://stackify.com/azure-deployment-slots/
NEW QUESTION 222
You have an Azure subscription.
You create the Azure Storage account shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box1: LRS will keep minimum three copies.
Box2: Changing the access tier from hot to cool will reduce the cost. In performance, standard is cheap.
In the Account kind, GPV2 is giving best price. Can be checked yourself using the pricing calculator on below link.
Reference:
https://azure.microsoft.com/en-in/pricing/calculator/?service=storage
NEW QUESTION 223
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)
You assign the policy by using the following parameters:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Not allowed resource types (Deny): Prevents a list of resource types from being deployed. This means this policy specifically prevents a list of resource types from being deployed. So that refers that except deployment all the other operations like start/stop or move etc. are not prevented. But to be noted if the resource already exists, it just marks it as non-compliant.
Replicated this scenario in LAB keeping VM running and below are the outcome :
* VM is not deallocated
* Able to stop and start VM successfully.
* Not able to create new virtual network or VM.
* Not able to modify VM size.
* Not able change the address space of the virtual network.
* Successfully moved virtual network and VM in another resource group.
Statement 1 : Yes
Based on above experiment the policy will mark the VNET1 as non-compliant but it can be moved to RG2 .
Hence this statement is true.
Statement 2 : No
Based on above experiment the policy will mark the VM as non-compliant but it will still be running, not deallocated. Hence this statement is False.
Statement 3 : No
Based on above experiment the address space for VNET2 can not be modified. Hence this statement is False.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal
NEW QUESTION 224
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default and the following custom incoming rule:
* Priority: 100
* Name: Rule1
* Port: 3389
* Protocol: TCP
* Source: Any
* Destination: Any
* Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation
Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Box 2: Yes
NSG2 will allow this.
Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 225
Your network contains an Active Directory domain. The domain contains a user named User1. The domain is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
NEW QUESTION 226
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.
You run Azure Network Watcher as shown in the following exhibit.
You run Network Watcher again as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: No
It limits traffic to VM2, but not VM1 traffic.
Box 2: Yes
Yes, the destination is VM2.
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
NEW QUESTION 227
You have an azure subscription named Subscription that contains the resource groups shown in the following table.
In RG1, you create a virtual machine named VM1 in the East Asia location.
You plan to create a virtual network named VNET1.
You need to create VNET, and then connect VM1 to VNET1.
What are two possible ways to achieve this goal? Each correct answer presents a complete a solution.
NOTE: Each correct selection is worth one point.
- A. Create VNET1 in RG1, and then set East US as the location.
- B. Create VNET1 in RG2, and then set East Asia as the location.
- C. Create VNET1 in RG2, and then set East US as the location.
- D. Create VNET1 in RG1, and then set East Asia as the location
- E. Create VNET1 in a new resource group in the West US location, and then set West US as the location.
Answer: B,D
Explanation:
Explanation
A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, also referred to as a region.
Note, Resource groups can span multiple Regions, but VNets only can hold resources (VMs, Network Adapters) that exists in the same region.
So in this scenario, you need to create VNET1 in any RG and set location as East Asia.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION 228
......
Microsoft Azure Administrator Associate Free Certification Exam Material from Real4Prep with 455 Questions: https://www.real4prep.com/AZ-104-exam.html
Use Real AZ-104 - 100% Cover Real Exam Questions: https://drive.google.com/open?id=1OI_33XETBU4BbhTL_OheExxXs9k2c6s1