The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 211
You have an Azure subscription that contains the virtual machines shown in the following table.
| Name | Public IP SKU | Connected to | Status |
|---|---|---|---|
| VM1 | None | VNET1/Subnet1 | Stopped (deallocated) |
| VM2 | Basic | VNET1/Subnet2 | Running |
You deploy a load balancer that has the following configurations:
- Name: LB1
- Type internal
- SKU: Standard
- Virtual network VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
A. Yes
*B. No
Explanation:
A Backend Pool configured by IP address has the following limitations:
* Standard load balancer only
You can only attach virtual machines in the same region and that have a standard SKU public IP configuration or no public IP configuration. All IP configurations must be on the same virtual network.
Question 212
You have an Azure subscription that contains the resources shown in the following table.
| Name | Type | Resource group | Location |
|---|---|---|---|
| RG1 | Resource group | Not applicable | Central US |
| RG2 | Resource group | Not applicable | West US |
| RG3 | Resource group | Not applicable | East US |
| VMSS1 | Virtual machine scale set | RG1 | West US |
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Resource group:
- RG1 only
- RG2 only
- RG1 or RG2 only
- RG1, RG3, or RG3
Location:
- West US only
- Central US only
- Central US or West US only
- East US, Central US, or West US
Explanation:
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored.
Box 2: West US only
Note: Virtual machine scale sets will support 2 distinct orchestration modes:
ScaleSetVM – Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle – creation, update, deletion – is managed by the scale set.
VM (virtual machines) – Virtual machines created outside of the scale set can be explicitly added to the scaleset.
Question 213
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule.
Does this meet the goal?
A. Yes
*B. No
Explanation:
The rule currently has the highest priority.
Question 214
You have the Azure management groups shown in the following table.
| Name | In management group |
|---|---|
| Tenant Root Group | Not applicable |
| ManagementGroup11 | Tenant Root Group |
| ManagementGroup12 | Tenant Root Group |
| ManagementGroup21 | ManagementGroup11 |
You add Azure subscriptions to the management groups as shown in the following table.
| Name | Management group |
|---|---|
| Subscription1 | ManagementGroup21 |
| Subscription2 | ManagementGroup12 |
You create the Azure policies shown in the following table.
| Name | Parameter | Scope |
|---|---|---|
| Not allowed resource types | virtualNetworks | Tenant Root Group |
| Allowed resource types | virtualNetworks | ManagementGroup12 |
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- You can create a virtual network in Subscription1: No
- You can create a virtual machine in Subscription1: Yes
- You can add Subscription1 to ManagementGroup11: Yes
Explanation:
Box 1: No
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: Yes
Virtual Machines can be created on a Management Group provided the user has the required RBAC permissions.
Box 3: Yes
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.
Question 215
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
| Name | Connected to subnet |
|---|---|
| VM1 | 172.16.1.0/24 |
| VM2 | 172.16.2.0/24 |
You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.
| Priority | Source | Destination | Protocol | Port | Action |
|---|---|---|---|---|---|
| 100 | 172.16.1.0/24 | 172.16.2.0/24 | TCP | Any | Allow |
| 101 | Any | 172.16.2.0/24 | TCP | Any | Deny |
You run Azure Network Watcher as shown in the following exhibit.
You run Network Watcher again as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- NSG1 limits VM1 traffic: No
- NSG1 applies to VM2: Yes
- VM1 and VM2 connect to the same virtual network: No
Explanation:
Box 1: No
It limits traffic to VM2, but not VM1 traffic.
Box 2: Yes
Yes, the destination is VM2.
Box 3: No
Question 216
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
- The virtual machines on Subnet1 will be able to connect to the virtual machines on Subnet3: Yes
- The virtual machines on ClientSubnet will be able to connect to the Internet: Yes
- The virtual machines on Subnet3 and Subnet4 will be able to connect to the Internet: Yes
Explanation:
Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices-VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.
All Azure resources connected to a VNet have outbound connectivity to the Internet by default. Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.
Question 217
You need to resolve the licensing issue before you attempt to assign the license again.
What should you do?
A. From the Groups blade, invite the user accounts to a new group.
*B. From the Profile blade, modify the usage location.
C. From the Directory role blade, modify the directory role.
Explanation:
Scenario: Licensing Issue
1. You attempt to assign a license in Azure to several users and receive the following error message: “Licenses not assigned. License agreement failed for one user.”
2. You verify that the Azure subscription has the available licenses.
Solution:
License cannot be assigned to a user without a usage location specified.
Some Microsoft services aren’t available in all locations because of local laws and regulations. Before you can assign a license to a user, you must specify the Usage location property for the user. You can specify the location under the User > Profile > Settings section in the Azure portal.
Question 218
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
*D. humongousinsurance.com
Explanation:
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of ‘alice@domain name.onmicrosoft.com’.
Scenario:
- Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
- Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
- Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
Question 219
You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Actions:
- From the Automation script blade of the resource group, click Deploy.
- From the Templates service, select the template, and then share the template to the web administrators.
- From the Automation script blade of the resource group, click Add to library.
- From the Automation Account service, add an automation account.
- Create a resource group, and then deploy a web app to the resource group.
- From the Automation script blade of the resource group, click the Parameter tab.
Answer:
- Create a resource group, and then deploy a web app to the resource group.
- From the Automation script blade of the resource group, click Add to library.
- From the Templates service, select the template, and then share the template to the web administrators.
Explanation:
Scenario:
- Web administrators will deploy Azure web apps for the marketing department.
- Each web app will be added to a separate resource group.
- The initial configuration of the web apps will be identical.
- The web administrators have permission to deploy web apps to resource groups.
Steps:
- Create a resource group, and then deploy a web app to the resource group.
- From the Automation script blade of the resource group , click Add to Library.
- From the Templates service, select the template, and then share the template to the web administrators.
Question 220
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
*B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Join the client computers in the Miami office to Azure AD.
D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
*E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Explanation:
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users’ Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com
E: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.