Easter Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Microsoft AZ-104 Microsoft Azure Administrator Exam Practice Test

Page: 1 / 40
Total 397 questions

Microsoft Azure Administrator Questions and Answers

Question 1

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 1

Options:

Question 2

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

Options:

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Question 3

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

Options:

A.

Create a user-defined route from VNET1 to VNET3.

B.

Assign VM4 an IP address of 10.0.1.5/24.

C.

Establish peering between VNET1 and VNET3.

D.

Create an NSG and associate the NSG to VMI and VM4.

Question 4

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 4

Options:

Question 5

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

Options:

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Question 6

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 6

Options:

Question 7

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 7

Options:

Question 8

You need to meet the technical requirement for VM4.

What should you create and configure?

Options:

A.

an Azure Notification Hub

B.

an Azure Event Hub

C.

an Azure Logic App

D.

an Azure services Bus

Question 9

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Question 10

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miamioffice.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Question 11

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 11

Options:

Question 12

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Question 13

You need to resolve the Active Directory issue.

What should you do?

Options:

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Question 14

Which blade should you instruct the finance department auditors to use?

Options:

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Question 15

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 15

Options:

Question 16

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Question 17

Which blade should you instruct the finance department auditors to use?

Options:

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Question 18

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

Options:

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Question 19

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 19

Options:

Question 20

You need to add VM1 and VM2 to the backend poo! of LB1. What should you do first?

Options:

A.

Create a new NSG and associate the NSG to VNET1/Subnet1.

B.

Connect VM2 to VNET1/Subnet1.

C.

Redeploy VM1 and VM2 to the same availability zone.

D.

Redeploy VM1 and VM2 to the same availability set.

Question 21

You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.

The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Exhibit tab.)

Question # 21

You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Exhibit tab.)

Question # 21

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 21

Options:

Question 22

You need to generate a shared access signature (SAS). The solution must meet the following requirements:

• Ensure that the SAS can only be used to enumerate and download blobs stored in container1.

• Use the principle of least privilege,

Which three settings should you enable? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Question # 22

Options:

Question 23

You have an Azure subscription that contains a virtual machine named VM1.

You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure.

You need to use Connection Monitor to identify network latency between VM1 and DC1.

What should you install on DC1?

Options:

A.

the Log Analytics agent

B.

the Azure Network Watcher Agent virtual machine extension

C.

an Azure Monitor agent extension

D.

the Azure Connected Machine agent for Azure Arc-enabled servers

Question 24

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Azure Monitor, you create a metric on Network in and Network Out.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 25

You have an Azure subscription that contains the resource groups shown in the following table.

Question # 25

RG1 contains the resources shown in the following table.

Question # 25

VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.

RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 25

Options:

Question 26

You are configuring Azure AD authentication for an Azure Storage account named storage1.

You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege.

Which two roles should you assign to Group1? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Storage Blob Data Contributor

B.

Reader

C.

Storage Blob Data Reader

D.

Contributor

E.

Storage Account Contributor

Question 27

You have an Azure subscription named Subscription1 that contains the following resource group:

Name: RG1

Region: West US

Tag: “tag1”: “value1”

You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:

Exclusions: None

Policy definition: Append tag and its default value

Assignment name: Policy1

Parameters:

- Tag name: Tag2

- Tag value: Value2

After Policy1 is assigned, you create a storage account that has the following configurations:

Name: storage1

Location: West US

Resource group: RG1

Tags: “tag3”: “value3”

You need to identify which tags are assigned to each resource.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 27

Options:

Question 28

You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2.

You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup.

What should you create first and what should you use to exclude Fokier2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 28

Options:

Question 29

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to Appl are managed by using an Azure Load Balancer.

The effective network security configurations for VM2 are shown in the following exhibit.

Question # 29

You discover that connections 10 Appl from 131.107.100.50 over TCP port 443 fail.

You verity that the Load Balancer rules are configured correctly.

You need to ensure that connections to Appl can be established successfully from 131.107.100.50 over TCP port 443.

Solution: You create an inbound security rule that allows any traffic from the Azureload Balancer source and has a priority of 150.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 30

You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.

Question # 30

You assign an Azure policy that has the following settings:

Scope: Sub1

Exclusions: Sub1/RG1/VNET1

Policy definition: Append a tag and its value to resources

Policy enforcement: Enabled

Tag name: Tag4

Tag value: value4

You assign tags to the resources as shown in the following table.

Question # 30

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 30

Options:

Question 31

You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:

Subnet: 10.0.0.0/24

Availability set: AVSet

Network security group (NSG): None

Private IP address: 10.0.0.4 (dynamic)

Public IP address: 40.90.219.6 (dynamic)

You deploy a standard, Internet-facing load balancer named slb1.

You need to configure slb1 to allow connectivity to VM1.

Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 31

Options:

Question 32

You have an Azure subscription that uses the public IP addresses shown in the following table.

Question # 32

You need to create a public Azure Standard Load Balancer.

Which public IP addresses can you use?

Options:

A.

IP1 and IP3 only

B.

IP1, IP2, and IP3

C.

IP2 only

D.

IP3 only

Question 33

You have an Azure subscription that contains the virtual networks shown in the following table.

Question # 33

Each virtual network has 50 connected virtual machines.

You need to implement Azure Bastion. The solution must meet the following requirements:

• Support host scaling.

• Support uploading and downloading files.

• Support the virtual machines on both VNet1 and VNet2.

• Minimize the number of addresses on the Azure Bastion subnet.

How should you configure Azure Bastion? To answer, select the options in the answer area.

NOTE: Each correct answer is worth one point.

Question # 33

Options:

Question 34

You have an Azure subscription that contains the resources shown in the following table.

Question # 34

You configure Azure Site Recovery to replicate VM1 between the East US and W«t US regions.

You perform a test failove of VM1 and specify VNET2 as the target v>riual network.

When the test version of VM1 is created, to which subnet will the virtual machine be connected?

Options:

A.

Testsubnet1

B.

RecoverySubnetB

C.

DemoSubnrt1

D.

RecovetySubnelA

Question 35

You have an Azure App Service plan named ASP1.

CPU usage for ASP1 is shown in the following exhibit.

Question # 35

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question # 35

Options:

Question 36

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.

VM1 hosts a frontend application that connects to VM2 to retrieve data.

Users report that the frontend application is slower than usual.

You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.

Which Azure Network Watcher feature should you use?

Options:

A.

NSG flow logs

B.

Connection troubleshoot

C.

IP flow verify

D.

Connection monitor

Question 37

You have an Azure subscription that contains the resources in the following table.

Question # 37

To which subnets can you apply NSG1?

Options:

A.

the subnets on VNet1 only

B.

the subnets on VNet2 only

C.

the subnets on VNet3 only

D.

the subnets on VNet2 and VNet3 only

E.

the subnets on VNet1 VNet2, and VNet3

Question 38

You have an Azure subscription That contains a Recovery Services vault named Vault1.

You need to enable multi-user authorization (MAU) for Vaultl.

Which resource should you create first?

Options:

A.

a managed identity

B.

a resource guard

C.

an administrative unit

D.

a custom Azure role

Question 39

You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:

Question # 39

You plan to use the Azure Import/Export service to export data from Subscription1.

Which account can be used to export the data.

What should you identify?

Options:

A.

storage1

B.

storage2

C.

storage3

D.

storage4

Question 40

You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.

You need to create a custom RBAC role named CR1 that meets the following requirements:

Can be assigned only to the resource groups in Subscription1

Prevents the management of the access permissions for the resource groups

Allows the viewing, creating, modifying, and deleting of resource within the resource groups

What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 40

Options:

Question 41

You need to implement the planned changes for DCR1. Which type of query should you use?

Options:

A.

WQL

B.

T-SQL

C.

XPath

D.

KQL

Question 42

You need to configure Azure Backup to meet the technical requirements for cont1 and share1.

To what should you set the backup frequency for each resource? To answer, select the appropriate options in the answer area.  

NOTE: Each correct selection is worth one point.  

Question # 42

Options:

Question 43

You implement the planned changes for Scope1.

You need to ensure that Scope1 meets the technical requirements.

What can you encrypt by using Scope1?

Options:

A.

containers and blobs in storage2 only

B.

containers and blobs in storage1 and storage2

C.

containers, blobs, and file shares in storage2 only

D.

containers, blobs, and file shares in storage1 and storage2

E.

containers, blobs, file shares, queues, and tables in storage2 only

Question 44

You implement the planned changes for cont2.

What is the maximum number of additional access policies you can create for cont2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 44

Options:

Question 45

You need to implement the planned changes for the new containers.

Which Azure services can you use for each image? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 45

Options:

Question 46

You need to implement the planned changes for User1.

Which roles should you assign to User1, and for which resources? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 46

Options:

Question 47

You need to implement the planned changes for the storage account content. Which containers and file shares can you use to organize the content?

Options:

A.

share1 only

B.

cont1 and share1 only

C.

share1 and share2 only

D.

cont1, share1, and share2 only

E.

cont1, cont2, share1, and share2

Question 48

You need to configure encryption for the virtual machines. The solution must meet the technical requirements.

Which virtual machines can you encrypt?

Options:

A.

VM1 and VM3

B.

VM2 and VM3

C.

VM2 and VM4

D.

VM4 and VM5

Question 49

You need to configure WebApp1 to meet the technical requirements.

Which certificate can you use from Vault1?

Options:

A.

Cert1 only

B.

Cert1 or Cert2 only

C.

Cert1 or Cert3 only

D.

Cert3 or Cert4 only

E.

Cert1, Cert2, Cert3, or Cert4

Question 50

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Options:

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Question 51

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 51

Options:

Question 52

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Question # 52

Options:

Question 53

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 53

Options:

Question 54

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

Options:

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Question 55

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

Options:

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Question 56

You need to move the blueprint files to Azure.

What should you do?

Options:

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Question 57

You need to meet the user requirement for Admin1.

What should you do?

Options:

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Page: 1 / 40
Total 397 questions