March Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Microsoft > Azure Administrator Associate > AZ-104

AZ-104 Microsoft Azure Administrator Question and Answers

Question # 4

You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.

You add 14 virtual machines to WEBPROD-AS-USE2.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 5

You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table.

You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named conioso.com.

You create a virtual network link for contoso.com as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 6

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter. NVA and Production.

The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.

You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:

• The NVAs must run in an active-active configuration that uses automatic failover.

• The toad balancer must load balance traffic to two services on the Production subnet. The services have different IP addresses.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Add two load balancing rules that have HA Ports enabled and Floating IP disabled.

B.

Deploy a basic load balancer.

C.

Add a frontend IP configuration, a backend pool, and a health probe.

D.

Add two load balancing rules that have HA Ports and Floating IP enabled.

E.

Deploy a standard load balancer.

F.

Add a frontend IP configuration, two backend pools, and a health probe.

Full Access
Question # 7

You have an Azure subscription that contains the resources in the following table.

To which subnets can you apply NSG1?

A.

the subnets on VNet1 only

B.

the subnets on VNet2 only

C.

the subnets on VNet3 only

D.

the subnets on VNet2 and VNet3 only

E.

the subnets on VNet1 VNet2, and VNet3

Full Access
Question # 8

You have an Azure subscription.

Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.

You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.

You need to ensure that the connections to App1 are spread across all the virtual machines.

What are two possible Azure services that you can use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

a public load balancer

B.

Traffic Manager

C.

an Azure Content Delivery Network (CDN)

D.

an internal load balancer

E.

an Azure Application Gateway

Full Access
Question # 9

You have a deployment template named Template1 that is used to deploy 10 Azure web apps.

You need to identify what to deploy before you deploy Tempi ate 1. The solution must minimize Azure costs,

What should you identify?

A.

one App Service plan

B.

one Azure Traffic Manager

C.

five Azure Application Gateways

D.

10 App Service plans

E.

one Azure Application Gateway

Full Access
Question # 10

You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1. A user named User1 has the following roles for Subscription1:

• Reader

• Security Admin

• Security Reader

You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?

A.

Remove User1 from the Security Reader and Reader roles for Subscription1.

B.

Assign User1 the Owner role for VNet1.

C.

Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.

D.

Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1

Full Access
Question # 11

You have an Azure web app named App1. App1 has the deployment slots shown in the following table:

In webapp1-test, you test several changes to App1.

You back up App1.

You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues.

You need to revert to the previous version of App1 as quickly as possible.

What should you do?

A.

Redeploy App1

B.

Swap the slots

C.

Clone App1

D.

Restore the backup of App1

Full Access
Question # 12

You have an Azure subscription that contains a storage account named storage 1.

You need to ensure that the access keys for storage! rotate automatically.

What should you configure?

A.

a backup vault

B.

redundancy for storage!

C.

lifecycle management for storage1

D.

an Azure key vault

E.

a Recovery Services vault

Full Access
Question # 13

You have an Azure subscription that contains the resources in the following table.

You install the Web Server (IIS) server role on VM1 and VM2. and then add VM1 and VM2 to LB1.

LB1 is configured as shown in the LB1 exhibit. (Click the LB1 tab.)

Rule1 is configured as shown in the Rule1 exhibit (Click the Rule1 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 14

You have an Azure subscription.

You need to deploy a virtual machine by using an Azure Resource Manager (ARM) template.

How should you complete the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 15

You have a virtual network named VNETI that contains the subnets shown in the following table.

You have Azure virtual machines that have the network configurations shown in the following table.

For NSG2, you create the inbound security rule shown in the following table.

For NSG2, you create the inbound security rule shown in the following table.

For each of the following statements, select Yes If the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point

Full Access
Question # 16

You need to add VM1 and VM2 to the backend poo! of LB1. What should you do first?

A.

Create a new NSG and associate the NSG to VNET1/Subnet1.

B.

Connect VM2 to VNET1/Subnet1.

C.

Redeploy VM1 and VM2 to the same availability zone.

D.

Redeploy VM1 and VM2 to the same availability set.

Full Access
Question # 17

You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements.

Which storage account should you identify?

A.

storage4

B.

storage1

C.

storage2

D.

storage3

Full Access
Question # 18

You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares. What should you do?

A.

On storagel and storage4, change the Account kind type to StorageV2 (general purpose v2).

B.

Recreate storage2 and set Hierarchical namespace to Enabled.

C.

On storage2, enable identity-based access for the file shares.

D.

Create a shared access signature (SAS) for storagel, storage2, and storage4.

Full Access
Question # 19

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 20

You need to configure Azure Backup to back up the file shares and virtual machines.

What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 21

You need to create storage5. The solution must support the planned changes.

Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 22

You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.

Which role should you assign to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 23

You need to configure the alerts for VM1 and VM2 to meet the technical requirements.

Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 24

You need to move the blueprint files to Azure.

What should you do?

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Full Access
Question # 25

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Full Access
Question # 26

You need to resolve the Active Directory issue.

What should you do?

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Full Access
Question # 27

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Full Access
Question # 28

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 29

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Full Access
Question # 30

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Full Access
Question # 31

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Full Access
Question # 32

Which blade should you instruct the finance department auditors to use?

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Full Access
Question # 33

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 34

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 35

Which blade should you instruct the finance department auditors to use?

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Full Access
Question # 36

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Full Access
Question # 37

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 38

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 39

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 40

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access