Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 3 Part 2

By: Author Alex Lim

Posted on

Categories Exam

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

Question 251

You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:

  • Can be assigned only to the resource groups in Subscription1
  • Prevents the management of the access permissions for the resource groups
  • Allows the viewing, creating, modifying, and deleting of resources within the resource groups

What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question: What should you specify in the assignable scopes and the permission elements of the definition of CR1?

Answer:
Answer: What should you specify in the assignable scopes and the permission elements of the definition of CR1?

Question 252

You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.

Name Group type Membership type Membership rule
Group1 Security Dynamic user (user.city -startsWith “m”)
Group2 Microsoft Office 365 Dynamic user (user.department -noIn[“human resource”])
Group3 Microsoft Office 365 Assigned Not applicable

You create two user accounts that are configured as shown in the following table.

Name City Department Office 365 license assigned
User1 Montreal Human resources Yes
User2 Melbourne Marketing No

To which groups do User1 and User2 belong? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

User1:

  • Group1 only
  • Group2 only
  • Group3 only
  • Group1 and Group2 only
  • Group1 and Group3 only
  • Group2 and Group3 only
  • Group1, Group2, and Group3

User2:

  • Group1 only
  • Group2 only
  • Group3 only
  • Group1 and Group2 only
  • Group1 and Group3 only
  • Group2 and Group3 only
  • Group1, Group2, and Group3

Answer:
User1: Group1 only
User2: Group1 and Group2 only

Explanation:

Box 1: Group 1 only –
First rule applies –
Box 2: Group1 and Group2 only –
Both membership rules apply.

Question 253

You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.

Name Type Source
User1 Member Azure AD
User2 Member Windows Server Active Directory
User3 Guest Microsoft account

You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the attributes from Azure AD? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

JobTitle:

  • User1 only
  • User1 and User2 only
  • User1 and User3 only
  • User1, User2, and User3

UsageLocation:

  • User1 only
  • User1 and User2 only
  • User1 and User3 only
  • User1, User2, and User3

Answer:
JobTitle: User1 and User3 only
UsageLocation: User1, User2, and User3

Explanation:

Box 1: User1 and User3 only –
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active
Directory.
Box 2: User1, User2, and User3 –

Question 254

You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do?

*A. Create an NS record named research in the adatum.com zone.
B. Create an PTR record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an A record named *.research in the adatum.com zone.

Explanation:

You need to create a name server (NS) record for the zone.

Question 255

You have Azure Storage accounts as shown in the following exhibit.
You have Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

You can use [answer choice] for Azure Table Storage:

  • storageaccount1 only
  • storageaccount2 only
  • storageaccount3 only
  • storageaccount1 and storageaccount2 only
  • storageaccount2 and storageaccount3 only

You can use [answer choice] for Azure Blob storage:

  • storageaccount3 only
  • storageaccount2 and storageaccount3 only
  • storageaccount1 and storageaccount3 only
  • all the storage accounts

Answer:
You can use [answer choice] for Azure Table Storage: storageaccount1 and storageaccount2 only
You can use [answer choice] for Azure Blob storage: all the storage accounts

Explanation:

Box 1: storageaccount1 and storageaccount2 only
Box 2: All the storage accounts –
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.

  • General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
  • Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
  • General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.

Question 256

You have an Azure Storage account named storage1.
You have an Azure App Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:

  • Minimize the number of secrets used.
  • Ensure that App2 can only read from storage1 for the next 30 days.

What should you configure in storage1 for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

App1:

  • Access keys
  • Advanced security
  • Access control (IAM)
  • Shared access signatures (SAS)

App2:

  • Access keys
  • Advanced security
  • Access control (IAM)
  • Shared access signatures (SAS)

Answer:
App1: Access keys
App2: Shared access signatures (SAS)

Explanation:

App1: Access keys –
App2: Shared access signature (SAS)
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a
SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.

Question 257

You need to create an Azure Storage account that meets the following requirements:

  • Minimizes costs
  • Supports hot, cool, and archive blob tiers
  • Provides fault tolerance if a disaster affects the Azure region where the account resides

How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

How should you complete the command?

Answer:

Answer: How should you complete the command?
Explanation:

Box 1: StorageV2 –
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts do not support tiering.
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS –
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
Incorrect Answers:
Locally-redundant storage (LRS): A simple, low-cost replication strategy. Data is replicated within a single storage scale unit.
Read-access geo-redundant storage (RA-GRS): Cross-regional replication with read access to the replica. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across two regions, but is more expensive compared to GRS.

Question 258

You have an Azure subscription that contains the resources shown in the following table.

Name Type Resource group
VNET1 Virtual network RG1
VNET2 Virtual network RG2
VM1 Virtual machine RG2

The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)
You assign an Azure policy as shown in the exhibit.
You assign the policy by using the following parameters:
Microsoft.ClassicNetwork/virtualNetworks
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • An administrator can move VNET1 to RG2: No
  • The state of VM1 changed to dealloctaed: Yes
  • An administrator can modify the address space of VNET2: No

Question 259

You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

  • From the Azure portal, update the import job
  • From the Azure portal, create an import job
  • Attach an external disk to Server1 and then run waimportexport.exe
  • Detach the external disks from Server1 and ship the disk to an Azure data center

Answer:

  1. Attach an external disk to Server1 and then run waimportexport.exe
  2. From the Azure portal, create an import job
  3. Detach the external disks from Server1 and ship the disk to an Azure data center
  4. From the Azure portal, update the import job

Explanation:

At a high level, an import job involves the following steps:
Step 1: Attach an external disk to Server1 and then run waimportexport.exe
Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage.
Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker.
Step 2: From the Azure portal, create an import job.
Create an import job in your target storage account in Azure portal. Upload the drive journal files.
Step 3: Detach the external disks from Server1 and ship the disks to an Azure data center.
Provide the return address and carrier account number for shipping the drives back to you.
Ship the disk drives to the shipping address provided during job creation.
Step 4: From the Azure portal, update the import job
Update the delivery tracking number in the import job details and submit the import job.
The drives are received and processed at the Azure data center.
The drives are shipped using your carrier account to the return address provided in the import job.

Question 260

You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages.
You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which command should you run?

Answer:
Answer: Which command should you run?
Explanation:

azcopy make – Create a container or file share represented by the given resource URL.
Examples: azcopy make “https://[account-name].[blob,file,dfs].core.windows.net/[top-level-resource-name]”