The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 201
You have the App Service plans shown in the following table.
| Name | Operating system | Location |
|---|---|---|
| ASP1 | Windows | West US |
| ASP2 | Windows | Central US |
| ASP3 | Linux | West US |
You plan to create the Azure web apps shown in the following table.
| Name | Runtime stack | Location |
|---|---|---|
| WebApp1 | .NET Core 3.0 | West US |
| WebApp2 | ASP.NET 4.7 | West US |
You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
WebApp1:
- ASP1 only
- ASP3 only
- ASP1 and ASP2 only
- ASP1 and ASP3 only
- ASP1, ASP2, and ASP3
WebApp2:
- ASP1 only
- ASP3 only
- ASP1 and ASP2 only
- ASP1 and ASP3 only
- ASP1, ASP2, and ASP3
Answer:
WebApp1: ASP1 and ASP3 only
WebApp2: ASP1 only
Explanation:
Box 1: ASP1 ASP3
Asp1, ASP3: ASP.NET Core apps can be hosted both on Windows or Linux.
Not ASP2: The region in which your app runs is the region of the App Service plan it’s in.
Box 2: ASP1
ASP.NET apps can be hosted on Windows only.
Question 202
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected].
You need to ensure that the vendor can authenticate to the tenant by using [email protected].
What should you do?
A. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
B. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
C. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
*D. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
Explanation:
UserPrincipalName – contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in Contoso.com, the UPN would be [email protected]. Example:
To create the user, call the New-AzureADUser cmdlet with the parameter values:
powershell New-AzureADUser -AccountEnabled $True -DisplayName “Abby Brown”
-PasswordProfile$PasswordProfile -MailNickName “AbbyB” -UserPrincipalName “[email protected]”
Question 203
You have an Azure subscription that contains the following resources:
- 100 Azure virtual machines
- 20 Azure SQL databases
- 50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup.
What is the minimum number of backup policies that you must create?
A. 1
B. 2
*C. 3
D. 150
E. 170
Explanation:
There is a limit of 100 VMs that can be associated to the same backup policy from portal. We recommend that for more than 100 VMs, create multiple backup policies with same schedule or different schedule.
One policy for VMS, one for SQL databases, and one for the file shares.
Question 204
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that allows any traffic from the AzuteLoadBalancer source and has a cost of 150.
Does this meet the goal?
*A. Yes
B. No
Question 205
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Exhibit tab.)
You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- Admin1 can add admin2 as an owner of the subscription.
- Admin3 can add Admin2 as an owner of the subscription.
- Admin2 can create a resource group in the subscription.
Answer:
- Admin1 can add admin2 as an owner of the subscription: Yes
- Admin3 can add Admin2 as an owner of the subscription: Yes
- Admin2 can create a resource group in the subscription: No
Explanation:
They are all Global admins so they can all modify user permission. i.e add self as owner etc.
You can be GA in one of the subscription, it doesn’t mean that you can create the resources in all subscription.
As a Global Administrator in Azure Active Directory (Azure AD), you might not have access to all subscriptions and management groups in your directory. Azure AD and Azure resources are secured independently from one another. That is, Azure AD role assignments do not grant access to Azure resources, and Azure role assignments do not grant access to Azure AD.
However, if you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory.
Question 206
You have an Azure subscription that contains two virtual machines as shown in the following table.
| Name | Operating system | Location | IP address | DNS server |
|---|---|---|---|---|
| VM1 | Windows Server 2019 | West Europe | 10.0.0.4 | Default (Azure-provided) |
| VM2 | Windows Server 2019 | West Europe | 10.0.0.5 | Default (Azure-provided) |
You perform a reverse DNS lookup for 10.0.0.4 from VM2.
Which FQDN will be returned?
A. vm1.core.windows.net
B. vm1.internal.cloudapp.net
C. vm1.westeurope.cloudapp.azure.com
*D. vm1.azure.com
Question 207
VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.
RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- You can move storage1 to RG2.
- You can move NIC1 to RG2.
- If you move IP2 to RG1, the location of IP2 will change.
Answer:
- You can move storage1 to RG2: Yes
- You can move NIC1 to RG2: No
- If you move IP2 to RG1, the location of IP2 will change: No
Question 208
You have an azure subscription named Subscription that contains the resource groups shown in the following table.
| Name | Region |
|---|---|
| RG1 | East Asia |
| RG2 | East US |
In RG1, you create a virtual machine named VM1 in the East Asia location.
You plan to create a virtual network named VNET1.
You need to create VNET, and then connect VM1 to VNET1.
What are two possible ways to achieve this goal? Each correct answer presents a complete a solution.
NOTE: Each correct selection is worth one point.
*A. Create VNET1 in RG2, and then set East Asia as the location.
B. Create VNET1 in a new resource group in the West US location, and then set West US as the location.
*C. Create VNET1 in RG1, and then set East Asia as the location.
D. Create VNET1 in RG1, and then set East US as the location.
E. Create VNET1 in RG2, and then set East US as the location.
Explanation:
A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, also referred to as a region.
Note, Resource groups can span multiple Regions, but VNets only can hold resources (VMs, Network Adapters) that exists in the same region.
So in this scenario, you need to create VNET1 in any RG and set location as East Asia.
Question 209
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Actions:
- Create a Storage Sync Service
- Create a sync group
- Install the Azure File Sync agent
- Run Server Registration
Answer:
- Create a Storage Sync Service
- Create a sync group
Explanation:
As per the official MS doc:
The recommended steps to onboard on Azure File Sync for the first with zero downtime while preserving full file fidelity and access control list (ACL) are as follows:
1. Deploy a Storage Sync Service. –> This needs to be done on Azure .
2. Create a sync group. –> This needs to be done on Azure
3. Install Azure File Sync agent on the server with the full data set. –> This needs to be done on server1.
4. Register that server and create a server endpoint on the share. –> This needs to be done on server1.
5. Let sync do the full upload to the Azure file share (cloud endpoint).
6. After the initial upload is complete, install Azure File Sync agent on each of the remaining servers.
7. Create new file shares on each of the remaining servers.
8. Create server endpoints on new file shares with cloud tiering policy, if desired. (This step requires additional storage to be available for the initial setup.)
9. Let Azure File Sync agent do a rapid restore of the full namespace without the actual data transfer. After the full namespace sync, sync engine will fill the local disk space based on the cloud tiering policy for the server endpoint.
10. Ensure sync completes and test your topology as desired.
11. Redirect users and applications to this new share.
12. You can optionally delete any duplicate shares on the servers.
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Create a sync group
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on a registered server. A server can have server endpoints in multiple sync groups. You can create as many sync groups as you need to appropriately describe your desired sync topology.
Third action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service.
Question 210
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. Azure SQL Database
*B. Azure File Storage
C. An Azure Cosmos DB database
D. The Azure File Sync Storage Sync Service
E. Azure Data Factory
F. A virtual machine
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.