Black Friday / Cyber Monday Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

Home > Microsoft > Azure Administrator Associate > AZ-104

AZ-104 Microsoft Azure Administrator Question and Answers

Question # 4

You have an Azure subscription that contains the resources shown in the following table:

You assign a policy to RG6 as shown in the following table:

To RG6, you apply the tag: RGroup: RG6.

You deploy a virtual network named VNET2 to RG6.

Which tags apply to VNET1 and VNET2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 5

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.

You run Azure Network Watcher as shown in the following exhibit.

You run Network Watcher again as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 6

You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit:

Use the drop-down menus to select the answer choice that completes each statement based on the

information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 7

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

A.

Modify the address space of the local network gateway.

B.

Remove the public IP addresses from the virtual machines.

C.

Modify the address space of Subnet1.

D.

Create a deny rule in a network security group (NSG) that is linked to Subnet1.

Full Access
Question # 8

You have an Azure subscription.

You create the Azure Storage account shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 9

You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1.

You need to assign the User administrator administrative role to AdminUser1.

What should you do from the user account properties?

A.

From the Directory role blade, modify the directory role.

B.

From the Groups blade, invite the user account to a new group.

C.

From the Licenses blade, assign a new license.

Full Access
Question # 10

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.

Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.

You need to connect VNet1 to VNet2.

What should you do first?

A.

Move VNet1 to Subscription2.

B.

Modify the IP address space of VNet2.

C.

Provision virtual network gateways.

D.

Move VM1 to Subscription2.

Full Access
Question # 11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.

Solution: You create an Azure Log Analytics workspace and configure the data settings. You add an extension to VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 12

You have an Azure subscription.

You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.

What should you modify on VM1?

A.

Integration Services

B.

the network adapters

C.

the memory

D.

the hard drive

E.

the processor

Full Access
Question # 13

You have an Azure subscription named Subscription1.

You create an Azure Storage account named contosostorage, and then you create a file share named data.

Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access
Question # 14

You have an Azure subscription that contains an Azure Storage account.

You plan to create an Azure container instance named container1 that will use a Docker image namedImage1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.

You need to configure a storage service for Container1.

What should you use?

A.

Azure Files

B.

Azure Blob storage

C.

Azure Queue storage

D.

Azure Table storage

Full Access
Question # 15

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 16

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.

The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.

You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.

Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 17

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Full Access
Question # 18

You need to resolve the Active Directory issue.

What should you do?

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Full Access
Question # 19

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Full Access
Question # 20

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 21

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 22

Which blade should you instruct the finance department auditors to use?

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Full Access
Question # 23

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 24

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Full Access
Question # 25

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Full Access
Question # 26

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Full Access
Question # 27

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Full Access
Question # 28

Which blade should you instruct the finance department auditors to use?

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Full Access
Question # 29

You have an Azure Migrate project that has the following assessment properties:

  • Target location: East US
  • Storage redundancy: Locally redundant
  • Comfort factor: 2.0
  • Performance history: 1 month
  • Percentile utilization: 95th
  • Pricing tier: Standard
  • Offer: Pay as you go

You discover the following two virtual machines:

  • A virtual machine named VM1 that runs Windows Server 2016 and has 10 CPU cores at 20 percent utilization
  • A virtual machine named VM2 that runs Windows Server 2012 and has four CPU cores at 50 percent utilization

How many CPU cores will Azure Migrate recommend for each virtual machine? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 30

You need to meet the user requirement for Admin1.

What should you do?

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Full Access
Question # 31

You have an Azure subscription that contains the storage accounts shown in the following table.

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.

What should you identify?

A.

Storage1

B.

Storage2

C.

Storage3

D.

Storage4

Full Access
Question # 32

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 33

You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.

You create two user accounts that are configured as shown in the following table.

To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 34

You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.

You add 14 virtual machines to WEBPROD-AS-USE2.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 35

You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.

You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)

You configure the backup of VM1 to use Policy1 on Thursday, January 1.

You need to identify the number of available recovery points for VM1.

How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 36

You have an Azure virtual machine named VM1.

The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol VM1 is used as a web server only.

You need to ensure that users can connect to the website from the Internet.

What should you do?

A.

Change the priority of Rule3 to 450.

B.

Change the priority of Rule6 to 100

C.

DeleteRule1.

D.

Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.

E.

For Rule5, change the Action to Allow and change the priority to 401

Full Access
Question # 37

You have a sync group that has the endpoints shown in the following table.

Cloud tiering is enabled for Endpoint3.

You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.

You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 38

You have peering configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 39

You have an Azure subscription that contains a resource group named Test RG.

You use TestRG to validate an Azure deployment.

TestRG contains the following resources:

You need to delete TestRG.

What should you do first?

A.

Modify the backup configurations of VM1 and modify the resource lock type of VNET1.

B.

Turn off VM1 and delete all data in Vault1.

C.

Remove the resource lock from VNET1 and delete all data in Vault1.

D.

Turn off VM1 and remove the resource lock from VNET1.

Full Access
Question # 40

You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.

Which role should you assign to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 41

You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.

The users have the attributes shown in the following table.

You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.

Solution: You add an office phone number for User2.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 42

You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.

Which resources should you identify? To answer, select the appropriate options in the answer area.

Full Access
Question # 43

You have an Azure subscription that contains a resource group named RG26.

RG26 is sot to the West Europe location and is used to create temporary resources for a project. RG26 contains the resources shown in the following table.

SQLD01 is backed up to RGV1.

When the project is complete, you attempt to delete RG26 from the Azure portal. The deletion fails.

You need to delete RG26.

What should you do first?

A.

Stop the backup of SQLDB01.

B.

Delete sa001.

C.

Delete VM1.

D.

StopVM1.

Full Access
Question # 44

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.

You need to enable two-step verification for Azure users.

What should you do?

A.

Configure a playbook in Azure AD conditional access policy.

B.

Create an Azure AD conditional access policy.

C.

Create and configure the Identify Hub.

D.

Install and configure Azure AD Connect.

Full Access
Question # 45

You have a deployment template named Template1 that is used to deploy 10 Azure web apps.

You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs.

What should you identify?

A.

10 App Service plans

B.

one Azure Traffic Manager

C.

five Azure Application Gateways

D.

one App Service plan

E.

one Azure Application Gateway

Full Access
Question # 46

You have an Azure subscription that contains the following resources:

• a virtual network named VNet1

• a replication policy named ReplPolicy1

• a Recovery Services vault named Vault1

• an Azure Storage account named Storage1

You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server 2019.

You need to migrate VM1 to VNet1 by using Azure Site Recovery.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 47

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company’s Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.

After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.

To achieve this, the Per Enabled User setting must be set for the usage model.

Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data.

Does the solution meet the goal?

A.

Yes

B.

No

Full Access
Question # 48

You have an Azure subscription that contains 10 virtual machines.

You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.

What is the minimum number of rules and action groups that you require?

A.

three rules and three action groups

B.

one rule and one action group

C.

three rules and one action group

D.

one rule and three action groups

Full Access
Question # 49

You have an Azure subscription named Subscription 1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.

On a computer named Client1 that runs Windows 10, you configure a point to site VPN connection to VNet1.

You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on premises network. Client1 is unable to connect to VNet2.

You need to ensure that you can connect Client1 to VNet2.

What should you do?

A.

Select Allow gateway transit on VNet2.

B.

Select Allow gateway transit on VNet1.

C.

Download and te-install the VPN client configuration package on Client1.

D.

Enable BGP on VPNGW1

Full Access
Question # 50

You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?

A.

Application Insights Search

B.

Log analytics workspace

C.

Client-side monitoring

D.

Live Metrics Stream in Application Insights

Full Access
Question # 51

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You configure the network interfaces of the virtual machines to use the settings shown in the following table

From the settings of VNET1, you configure the DNS servers shown in the following exhibit.

The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 52

You have an Azure subscription that contains two virtual networks named VNET1 and VNET2 and the users shown in the following table:

Larger image

You need to identify which users can configure peering between VNET1 and VNET2.

Which users should you identify?

A.

User1 only

B.

User3 only

C.

User1 and User2 only

D.

User1 and User3 only

E.

User1, User2 and User3

Full Access
Question # 53

You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do?

A.

Deploy five virtual machines. Modify the Size setting for each virtual machine.

B.

Deploy live virtual machines. Modify the Availability Zones setting for each virtual machine.

C.

Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.

D.

Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode.

Full Access
Question # 54

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.

javascript:void(0)

You deploy virtual machine to Subscription1 as shown in the following table.

javascript:void(0)

You plan to deploy the virtual machines shown in the following table.

javascript:void(0)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 55

You have an Azure App Services web app named App1.

You plan to deploy App1 by using Web Deploy.

You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the principle of least privilege.

What should you do?

A.

Configure app-level credentials for FTPS.

B.

Assign The Website Contributor role to the developers.

C.

Assign the Owner role to the developers.

D.

Configure user-level credentials for FTPS.

Full Access
Question # 56

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 57

You need to move the blueprint files to Azure.

What should you do?

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Full Access
Question # 58

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Full Access
Question # 59

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Full Access
Question # 60

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Full Access