Tuesday, January 25, 2022

Microsoft Azure Administrator (AZ-104) Certification

 


You have deployed in Azure an application App1, on two Azure virtual machines named VM1 and VM2. You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the servers hosting VM1 and VM2. What

should you include in the Availability Set?

A.      one fault domain

B.      one update domain

C.      two update domains

D.      two fault domains

Answer

C

You have a computer named Computer-01 that has a point-to-site VPN connection to an Azure virtual network named AZ-104-VNET. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer-02. You need to ensure that you can establish a point-to-site VPN connection to AZ-104-VNET from Computer- 02. Solution: You modify the Azure Active Directory (Azure AD) authentication policies. Does this meet the goal?

A.      No

B.      Yes

Answer

A

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named t3p.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create?

A.      a Security group that uses the Dynamic User membership type

B.      an Office 365 group that uses the Dynamic user membership type

C.      an Office 365 group that uses the Assigned membership type

D.      a Security group that uses the Dynamic Device membership type

E.       a Security group that uses the Assigned membership type

Answer

B,C

You want to monitor the metrics and the logs of your Linux virtual machine VM-01. Which of the following Azure services would you use for this task?

A.      Azure HDInsight

B.      Linux Diagnostic Extension (LAD) 3.0

C.      Azure Performance Diagnostics extension

D.      Azure Analysis Services

Answer

B

You have an Azure subscription named Subscription-Dev. Subscription- Dey contains a resource group named RG-01. RG-01 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG-01.

Solution: From the RG-01 blade, you click Deployments. Does this meet the goal?

A.      YES

B.      NO

Answer

A

You have an Azure subscription named Subscription-Dev. Subscription- Dey contains a resource group named RG-01. RG-01 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG-01.

Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers. Does this meet the goal?

A.      NO

B.      YES

Answer

A

You have an Azure Storage account named storage-01 that uses Azure Blob storage. You need to use AzCopy to copy data to blob storage, in storage account storage-01. Which authentication method should you use for blob storage?

A.      Azure Active Directory (Azure AD) only

B.      Access Keys and Sharped Access Signatures (SAS) only

C.      Azure Active Directory (Azure AD) and Shared Access Signatures (SAS) only

D.      Shared Access Signatures (SAS) only

Answer

C

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGS) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?

A.      NO

B.      YES

Answer

A

You have an Azure subscription named Subscription-Prod that contains a resource group named RG-01. In RG-01, you create a public load balancer named LB-02. You need to ensure that an administrator named Admin-01 can manage LB-02 and is allowed to add a health probe to LB-

02. The solution must follow the principle of least privilege. Which role should you assign to Admin-01 ?

A.      owner on LB-02

B.      Network Contributor on LB-02

C.      Network Contributor on RG-01

D.      Contributor on LB-02

Answer

C

You have an Azure subscription that contains an Azure Storage account. You need to create an Azure container instance that will use a Docker image. The image contains a Microsoft SQL Server instance that requires persistent storage. You need to configure a storage service for your container. What Azure service should you use?

A.      Azure Table Storage

B.      Azure Files

C.      Azure Blob Storage

D.      Azure Queue Storage

Answer

B

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1.

You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first?

A.      From the Azure portal, modify the Policies settings of RG1

B.      From the Azure portal, modify the Managed Identity settings of VM1

C.      From the Azure portal, modify the Access control (IAM) settings of RG1

D.      From the Azure portal, modify the Access control (IAM) settings of VM1

Answer

B

You have an Azure subscription named New-Subscription. New-Subscription contains two Azure virtual machines VM-01 and VM-02. VM-01 and VM-02 run Windows Server 2016. VM1 is backed up daily by Azure Backup without using the Azure Backup agent. VM-01 data has been compromised by a Ransomware attack, that encrypted all the data. You need to restore the latest backup of VM-01. To which location can you restore the backup?

You can restore VM-01 to .

A.      VM-01 or a new Azure virtual machine only

B.      VM -01 only

C.      Any Windows computer that has internet connectivity

D.      VM-01 and VM-02

Answer

A

You have an Azure subscription named New-Subscription. New- Subscription contains two Azure virtual machines VM-01 and VM-02. VM-01 and VM-02 run Windows Server 2016. VM-01 is backed up daily by Azure Backup without using the Azure Backup agent. VM-01 data has been compromised by a Ransomware attack, that encrypted all the data. VM-01 is not working, you need to restore the latest backup of VM-01. To

which location can you restore the backup?

You can perform a file recovery of VM-01 to

A.      VM-01 and VM-02

B.      VM-02 only

C.      VM-01 only

D.      VM-01 or a new Azure virtual machine only

Answer

B

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

What should you create to store the password?

A.      an Azure Key Vault and an access policy

B.      an Azure Storage account and an access policy

C.      a Recovery Services vault and a backup policy

D.      Azure Active Directory (AD) Identity Protection and an Azure policy

Answer

A

Your company has a main office in London that contains 100 client computers. Three years ago, you migrated to Azure Active Directory (Azure AD). The company's security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD. A remote user named User1 is unable to join a personal device to Azure AD from a home network. You verify that User1 was able to join devices to Azure AD in the past. You need to ensure that User1 can join the device to Azure AD. What should you do?

A.      Create a point-to-site VPN from the home network of User1 to Azure

B.      Assign the User administrator role to User1

C.      From the Device settings blade, modify the Maximum number of devices per user setting

D.      From the Device settings blade, modify the Users may join devices to Azure AD setting

Answer

C

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use from Azure Portal?

A.      Metrics

B.      Monitor

C.      Advisor

D.      Customer Insights

Answer

C

You have an Azure subscription named Subscription1 and an on- premises deployment of Microsoft System Center Service Manager. Subscription1 contains a virtual machine named VM1. You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first?

A.      Create an automation runbook

B.      Deploy the IT Service Management Connector (ITSM)

C.      Create a notification

D.      Deploy a function app

Answer

B

You have an Azure subscription that contains a user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.

Which role-based access control (RBAC) role should you assign to User1?

A.      Virtual Machine Administrator Login

B.      Owner

C.      Contributor

D.      Virtual Machine Contributor

Answer

C

You have an Azure Kubernetes Service (AKS) cluster named AKS1 and a computer named Computer1 that runs Windows 10. Computer1 that has the Azure CLI installed. You need to install the kubectl client on Computer1.

Which two options help to complete the command that you should you run?

A.      az

B.      /package

C.      docker

D.      aks

E.       msiexec.exe

Answer

A,D

You sign up for Azure Active Directory (Azure AD) Premium. You need to add a user named user1@t3p.com as an administrator on all the computers that will be joined to the Azure AD domain. What should you configure in Azure AD?

A.      Providers from the MFA Server blade

B.      Device settings from the Devices blade

C.      General settings from the Groups blade

D.      User settings from the Users blade

Answer

B

When you're creating an Azure Public Load Balancer, which option allows you to set the Load Balancer as Public?"

A.      SKU

B.      Туре

C.      Subscription

D.      Public IP Address

Answer

B

When creating an Azure Virtual Network Gateway, you choose the types of workloads, throughputs, features, and SLAS (service-level agreements). These items should satisfy your requirements for the gateway. Which Azure gateway object satisfies workloads, throughputs, features, and SLAS?

A.      License

B.      Data Transfer

C.      Vault

D.      SKUS

E.       None of the above

Answer

D

What is true with regard to the features of Azure-provided name resolution?

A.      It is high availability because you don't need to create and manage clusters of your own DNS servers.

B.      Name resolution can be used between VMs and role instances within the same cloud service, without the need for FQDN (fully qualified domain name).

C.      Administrators can use names that best describe deployments, instead of auto-generated names.

D.      Services can be used with already-owned DNS servers to resolve both on-premises and Azure host names.

E.       Azure-provided name resolution must be configured

F.       All the above.

Answer

A,B,C,D

How many security rules can be included in a network security group (NSG)?

A.      There is a limit of 100 security rules per NSG.

B.      There is a limit of 1000 security rules per NSG.

C.      There is no limit to the number of security rules, and zero security rules are also allowed  per NSG, depending on the subscription limits.

D.      There is no limit to the number of security rules, and zero security rules are also allowed  per NSG.

E.       NSGS must contain at least one security rule (zero rules are not allowed).

F.       There is a limit of one security rule per NSG.

G.      None of the above.

Answer

C

Azure ExpressRoute allows connectivity to Microsoft Cloud Services, including Azure Services and Office 365 Services. Which ExpressRoute option allows connectivity across geopolitical boundaries for the purpose of allowing access to all Microsoft Cloud Services in all regions across the world?

A.      ExpressRoute

B.      ExpressRouteLocal

C.      ExpressRoutePremium

D.      ExpressRouteDirect

E.       None of the above

F.       All of the above

Answer

C

To configure an Azure virtual WAN, which set of Azure CLI commands do you use?

A.      az network

B.      az network vwan

C.      az network virtual wan

D.      az network wan

Answer

B

When you're creating an Azure Kubernetes cluster, what is true about the VM Node Size property?

A.      The VM size can be changed in the Azure portal after the cluster has been deployed.

B.      The VM size can never be changed after the cluster has been deployed.

C.      The VM size can be changed with Azure CLI after the cluster has been deployed.

D.      The VM size can be changed with the Node Count property.

Answer

B

The steps to creating and configuring an app service are as follows. (Put the items in the correct sequence.)

Text

Description automatically generated            Text, letter

Description automatically generated

 

Match the following VNet description with concepts given in options:

A.      Allows Azure to assign resources to a private IP.

B.      Allows segmenting of virtual networks.

C.      Virtual network peering can connect virtual networks to these.

D.      VNet is scoped to this.

E.       Prefix-based standard for IP addresses and their routing.

F.       Secures subnets.

 

Match the type of Azure Storage description with the type of Azure Storage

A.      Can hold any type of object, including nonregular file types such as VM images, movies, pictures, and URIS. Includes Page, Append, and Block types.

B.      Can hold any regular file types such as Excel files, text files, and HTML files.

C.      Can hold any type of message.

D.      Can hold columns, rows, and keys in a generic format.

Diagram

Description automatically generated

 

What is true regarding Microsoft Azure Storage Explorer?

A.      Storage Explorer can be used to download and manage Azure blobs and files.

B.      Storage Explorer can be used to download and manage Azure blobs, files, and  queues, but not tables.

C.      Storage Explorer can be used to download and manage Azure blobs, files, queues,  and tables.

D.      Storage Explorer can be used to download and manage tables only.

E.       Storage Explorer cannot be used to manage CosmosDB or Azure Data Lake Storage.

Answer

C

Which Azure Storage access tier(s) may be set as default?

A.      Only hot

B.      Only cool

C.      Only archive

D.      Hot, cool, and archive

E.       Hot and cool

F.       Hot and archive

G.      Cool and archive

Answer

E

When you are using AZCopy, which of the following statements are true?

A.      AZCopy can be used to copy blobs to an Azure storage account.

B.      AZCopy can be used to copy files to an Azure storage account.

C.      AZCopy can be used to move blobs to an Azure storage account.

D.      AZCopy can be used to move files to an Azure storage account.

Answer

B,C

Alex is an Azure administrator who has just been assigned the task of managing licensing for over 5000 Active Directory users. Choose the following option that is the most efficient use of Alex's time.

A.      Use the Azure portal and choose each individual user to manage their license.

B.      Use the Azure portal and choose each group to manage licenses for that group, no matter  how many users are in it.

C.      Use a PowerShell script that utilizes the Microsoft Active Directory PowerShell Module  that manages individual users.

D.      Use a PowerShell script that utilizes the Microsoft Active Directory PowerShell Module  that manages groups.

E.       Use a PowerShell script that utilizes the Microsoft Active Directory PowerShell Module that manages users through location, department, and/or tenancy.

Answer

D

A company has an Azure subscription named T3P-Staging. They also have a resource group named T3P-RG. In the resource group they have created an internal load balancer named "T3P-internal" and a public load balancer named "T3P-public". Mary Ann, An employee of the company needs permissions to configure both the load balancers. The solution must follow the principle of least privilege.

Which role would you assign to the user to allow the addition of a backend pool to the load balancer "T3P-internal"?

A.      Network Contributor role on T3P-rg

B.      Contributor role on T3P-internal

C.      Owner role on T3P-internal

D.      Network Contributor role on T3P-internal

Answer

A

A company has setup a Load balancer that load balances traffic on port 80 and 443 across 3 virtual machines.

You have to ensure that all RDP traffic is directed towards a VM named testvm. How would you achieve this?

A.      By creating an inbound NAT rule

B.      By creating an inbound NAT rule

C.      By creating a new internal load balancer for testvm

D.      By creating a new public load balancer for testvm

Answer

B

Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named testvm1 and testvm2.

There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours. You propose a solution to

create a metric chart for Network In and Network Out

Does this solution fulfil the requirement

A.      No

B.      Yes

Answer

A

A company needs to create a storage account that needs to have the following requirements

*Users should be able to add files such as images and videos

*Ability to store archive data

*File shares need to be in place which can be accessed across several VM 's

*The data needs to be available even if a region goes down

*The solution needs to be cost effective

What is the type of replication that needs to be configured for the storage account?

A.      Geo-redundant storage (GRS)

B.      Locally redundant storage (LRS)

C.      Zone-redundant storage (ZRS)

D.      Read-access geo-redundant storage (RA-GRS)

Answer

A

Which of the following rule would you apply to the Network Security Group for the Network interface attached to the Web server?

A.      An outbound rule allowing traffic on port 80

B.      An outbound rule allowing traffic on port 443

C.      An inbound rule allowing traffic on port 443

D.      An inbound rule allowing traffic on port 80

Answer

C

You have created a storage account named T3P. You have created a file share named share1 using the file service. You need to ensure that users can connect to the file share from their home computers.

Which of the following port should be open to ensure the connectivity?

A.      3389

B.      445

C.      443

D.      80

Answer

B

In Azure, controlling access to all resources starts at what point?

A.      Subscription

B.      Tenant

C.      Billing

D.      Resource Group

Answer

A

What is the maximum number of accounts you can enable for MFA in your tenant

A.      Unlimited

B.      5000

C.      10000

D.      2000

Answer

A

Your company has a main office in Germany that contains 100 client computers. Three years ago, you migrated to Azure Active Directory (Azure AD).

The company's seçurity policy states that all personal devices and company-owned devices must be registered or joined to Azure AD.

A remote user named UserA is unable to join a personal device to Azure AD from a home network.

You verify that other users can join their devices to Azure AD.

You need to ensure that UserA can join the device to Azure AD. What should you do?

A.      From the Device settings blade, modify the Users may join devices to Azure AD setting.

B.      From the Device settings blade, modify the Maximum number of devices per user setting.

C.      Create a point-to-site VPN from the home network of UserA to Azure.

D.      Assign the User administrator role to UserA.

Answer

B

You have an Azure subscription named Subscription1. In Subscription1, you create an Azure web app named WebApp1.

WebApp1 will access an external service that requires certificate authentication.

You plan to require the use of HTTPS to access WebApp1.

You need to upload certificates to WebApp1.

In which Certificate format you will upload the certificate for HTTPS Access?

A.      CER

B.      PFX

C.      CRL

D.      CRT

Answer

B

You have an Azure storage account named T3P-1000.

You are going to use the AzCopy tool to copy data to the storage account.

You are going to be copying data to the blob storage and file storage in the storage account.

Which authentication method can be used for accessing File storage?

A.      Azure Active Directory only

B.      Shared Access Signature only

C.      Access Keys and Shared Access Signatures

D.      Azure Active Directory and Shared Access Signatures only

Answer

B

Your company has an on-premises file server named testserver that runs Windows Server 2016.

Your company also has an Azure subscription that contains an Azure file share.

You must deploy an Azure File Sync Storage Sync Service, so you go ahead and create a sync group. You now need to synchronize files from testserver to Azure.

Which of the following actions would you need to perform for this purpose?

Choose 3 answers from the options given below.

A.      Create an Azure on-premise data gateway

B.      Install the azure file sync agent on testserver

C.      Create a recovery service vault

D.      Register testserver

E.       Install the DFS replication server role on testserver

F.       Add a server endpoint

Answer

B,D

A company has an Azure subscription. They want to transfer around 6 TB of data to the subscription.They plan to use the Azure Import/Export service. Which of the following can they use as the destination for the imported data?

A.      Azure data lake storage

B.      Azure SQL database

C.      Azure blob storage

D.      Azure file sync storage

Answer

C

A company has an Azure subscription and an Azure tenant. The administrator has enabled multi-factor authentication for all users. The administrator needs to ensure that users can lock out their own account if they receive an unsolicited MFA request from Azure. Which of the following needs to be configured for this requirement?

A.      Configure block/unblock users

B.      Configure providers

C.      Configure fraud alerts

D.      Configure notifications

Answer

C

You have to deploy a web application for your company by using the Azure Web App Service. The backup and restore option should be available for the web application. Costs should also be minimized for hosting the application.

Which of the following would you choose as the underlying App Service Plan?

A.      Shared

B.      Basic

C.      Standard

D.      Premium

Answer

C

What types of Virtual Network Gateways are available in Azure?

A.      Point-to-Site and ExpressRoute

B.      VPN and Express Route

C.      a Site-to-Site and ExpressRoute

D.      Policy Based and Site-to-Site

Answer

B

Which of the following is NOT a valid Azure Site Recovery migration option?

A.      Migrate on-premises VirtualBox virtual machines to Azure

B.      Migrate physical on-premises servers to Azure

C.      Migrate on-premises Hyper-V virtual machines to Azure

D.      Migrate Azure virtual machies to a different region

Answer

A

Which statement regarding the shown inbound port rules is correct?

A.      Remote desktop protocol administration is allowed

B.      Remote desktop protocol administration is listed but disabled

C.      SSH administration is allowed

D.      LDAP traffic is allowed

Answer

A

Which PowerShell cmdlet and parameter creates a virtual machine and assigns it to an existing Availability Set?

A.      New-AzureRmVM, -Faultdomain

B.      New-AzureRmVM, -AvailabilitySetName

C.      New-AzureRmVM, -Updatedomain

D.      New-AzureRmVM, -ASName

Answer

B

A company has an Azure subscription. The Subscription contains a resource group named "demogroup".

Resources have been deployed to the resource group using templates.

You need to see the date and time when the resources were created in the resource group.

You decide to use the Subscriptions blade and then choose Programmatic

deployment. Would this fulfil the requirement?

A.      No

B.      Yes

Answer

A

A company has an Azure subscription. The Subscription contains a resource group named "demogroup".

Resources have been deployed to the resource group using templates.

You need to see the date and time when the resources were created in the resource group.

You decide to use the Subscriptions blade and then choose Resource providers Would this fulfil the requirement?

A.      No

B.      Yes

Answer

A

You are planning on hosting an application that will run on two Azure virtual machines named demovm1 and demovm2. You are planning on implementing an Availability set for the application. You have to ensure that the application is available during planned maintenance of the hardware that is hosting the two Azure virtual machines.

A.      One update domain

B.      One fault domain

C.      Two Update domains

D.      Two Fault Domains

Answer

C

A company called T3P has an Azure subscription and an Azure tenant. The administrator has enabled multifactor authentication for all users. The administrator needs to ensure that users can lock out their own account if they receive an unsolicited MFA request from Azure. Which of the following needs to be configured for this requirement?

A.      Configure Notifications

B.      Configure Providers

C.      Configure Fraud alerts

D.      Configure Block/unblock users

Answer

C


I hope it's helpful for you. If you have any queries, don't hesitate to contact me.

Name : Muhammad Sahal Qasim
E-mail : s.m.sahal789@gmail.com
Thank you.

0 comments:

Post a Comment

If you have any doubts, please let me know. I will help you.