Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 3 Part 1

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

Question 221

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • The virtual machines on Subnet1 will be able to resolve the hosts in the humongousinsurance local zone: Yes
  • The virtual machines on ClientSubnet will be able to register the hostname records in the humongousinsurance local zone: Yes
  • The virtual machines on Subnet4 will be able to register the hostname records in the humongousinsurance local zone: No

Explanation:

Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks. Automatic registration of virtual machines from a virtual network that’s linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local

Question 222

You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

From the Azure portal:

  • Create an ExpressRoute circuit only.
  • Create a virtual network gateway only.
  • Create a virtual network gateway and a local network gateway.
  • Create an ExpressRoute circuit and an on-premises data gateway.
  • Create a virtual network gateway and an on-premises data gateway.

In the New York office:

  • Deploy ExpressRoute.
  • Deploy a DirectAccess server.
  • Implement a Web Application Proxy.
  • Configure a site-to-site VPN connection.

Answer:
From the Azure portal: Create a virtual network gateway and a local network gateway.
In the New York office: Configure a site-to-site VPN connection.

Explanation:

Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:

  • Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
  • Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
  • Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
  • Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.

The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.

Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.

Incorrect Answers: Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet.

Question 223

You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Which command should you run before you create Role1?

Answer:
Get-AzureRmRoleDefinition – Name “Reader” | ConvertTo-Json

Question 224

You need to meet the technical requirement for VM4.
What should you create and configure?

A. an Azure Notification Hub
*B. an Azure Event Hub
C. an Azure Logic App
D. an Azure services Bus

Explanation:

Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks – without you writing any code.

Question 225

You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.

You need to configure the Device settings to meet the technical requirements and the user requirements.

Answer:

Answer: You need to configure the Device settings to meet the technical requirements and the user requirements.
Explanation:

Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Require Multi-Factor Auth to join devices.
From scenario:

  • Ensure that only users who are part of a group named Pilot can join devices to Azure AD
  • Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

Question 226

You need to recommend an identify solution that meets the technical requirements.
What should you recommend?

*A.federated single-on (SSO) and Active Directory Federation Services (AD FS)
B.password hash synchronization and single sign-on (SSO)
C. cloud-only user accounts
D. Pass-through Authentication and single sign-on (SSO)

Explanation:

Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure.

Question 227

You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?

A. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
B. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
*C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Explanation:

As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Question 228

You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Contoso requires a storage account that supports Blob storage.
  • Contoso requires a storage account that supports Azure Table storage.
  • Contoso requires a storage account that supports Azure File storage.

Answer:

  • Contoso requires a storage account that supports Blob storage: Yes
  • Contoso requires a storage account that supports Azure Table storage: No
  • Contoso requires a storage account that supports Azure File storage: No

Explanation:

Statement 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.
Statement 2: No
Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data. Common uses of Table storage include:
1. Storing TBs of structured data capable of serving web scale applications
2. Storing datasets that don’t require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
3. Quickly querying data using a clustered index
4. Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries
Statement 3: No
File Storage can be used if your business use case needs to deal mostly with standard File extensions like *.docx, *.png and *.bak then you should probably go with this storage option.

Question 229

Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.

Name Type Member of
User1 User Group1
Group1 Global security group None
Group2 Universal distribution group None
Computer1 Computer Group1

You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to identify which objects are synced to Azure AD.
Which objects should you identify?

A. User1 and Group1 only
*B. User1, Group1, and Group2 only
C. User1, Group1, Group2, and Computer1
D. Computer1 only

Question 230

You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

Name Role Scope
User1 Global administrator Azure Active Directory
User2 Global administrator Azure Active Directory
User3 User administrator Azure Active Directory
User4 Owner Azure Subscription
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.

*A. Yes
B. No

Explanation:

Only a global administrator can add users to this tenant.