The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 231
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:
- Create files on drive C.
- Create files on drive 0.
- Modify the screen saver timeout.
- Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
*A. the modified screen saver timeout
B. the new desktop background
C. the new files on drive
D. The new files on drive C
Question 232
You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Containers will be assigned an IP address in the [answer choice] subnet.
- 10.244.0.0/16
- 10.0.0.0/16
- 172.17.0.1/16
Services in the AKS cluster will be assigned an IP address in the [answer choice] subnet.
- 10.244.0.0/16
- 10.0.0.0/16
- 172.17.0.1/16
Answer:
Containers will get the IP address from the virtual network subnet CIDr which is 10.244.0.0/16
Services in the AKS cluster will be assigned an IP address in the service CIDR which is 10.0.0.0/16
Question 233
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Before a virtual machine on VNet1 can receive an IP address from 192.168.1.0/24, you must first:
- add a network interface
- add a subnet
- add an address space
- delete a subnet
- delete an address space
Before a virtual machine on VNet1 can receive an IP address from 10.2.1.0/24, you must first:
- add a network interface
- add a subnet
- add an address space
- delete a subnet
- delete an address space
Answer:
Before a virtual machine on VNet1 can receive an IP address from 192.168.1.0/24, you must first: add an address space
Before a virtual machine on VNet1 can receive an IP address from 10.2.1.0/24, you must first: add a subnet
Explanation:
Box 1: add an address space
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the address space of the subnet they are connected to. We need to add the 192.168.1.0/24 address space.
Box 2: add a subnet
Address space is present but need to add subnet
Question 234
You have an Azure subscription named Subscription1 that contains the resources in the following table.
| Name | Type |
|---|---|
| VM1 | Virtual machine |
| VM2 | Virtual machine |
| LB1 | Load balancer |
You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- VM1 is in the same availability set as VM2.
- If Probe1.htm is present on VM1 and VM2, LB1 will balance TCP port 80 between VM1 and VM2.
- If you delete Rule1, LB1 will balance all the requests between VM1 and VM2 for all the ports.
Answer:
- VM1 is in the same availability set as VM2: Yes
- If Probe1.htm is present on VM1 and VM2, LB1 will balance TCP port 80 between VM1 and VM2: Yes
- If you delete Rule1, LB1 will balance all the requests between VM1 and VM2 for all the ports: No
Explanation:
To load balance with basic load balancer backend pool virtual machines has to be in a single availability set or virtual machine scale set.
A health probe is used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance is healthy and can receive traffic.
A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. So if you delete the rule, load balancing won’t happen.
Question 235
You create an Azure subscription named Subscription1 and an associated Azure Active Directory (Azure AD) tenant named Tenant1. Tenant1 contains the users in the following table.
| Name | Tenant role | Subscription role |
|---|---|---|
| [email protected] | Global Administrator | Owner |
| [email protected] | Global Administrator | Contributor |
| [email protected] | Security Administrator | Security Admin |
| [email protected] | Conditional Access Administrator | Security Admin |
You need to add an Azure AD Privileged Identity Management application to Tenant1.
Which account can you use?
A. [email protected]
*B. [email protected]
C. [email protected]
D. [email protected]
Explanation:
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
Only owner can create an subscription and only global administrator can perform Privileged Identity Management changes. So you can create subscription with external user and then promote him to global administrator to get things done.
As it is mentioned as it is associated with azure tenant so that tenant has an AD domain. So in azure AD the default domain ends with onmicrosoft.com. So you can’t have Hotmail IDs there. Moreover always remember the principle of least privileges, when you can get your job done with Global Administrator then you should not look for owner for security purpose.
[email protected] : Correct Choice
As Admin1 is Global Administrator and part of default AD domain so Admin1 can add an Azure AD Privileged Identity Management application to Tenant1
[email protected] : Incorrect Choice
As per the above explanation Admin3 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
As per the above explanation Admin2 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
Although this user is Global Administrator but referring to the least privileges principal and default domain consideration this option is incorrect.
Question 236
You have Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following resource groups:
| Name | Region | Lock type |
|---|---|---|
| RG1 | West Europe | None |
| RG2 | West Europe | Read Only |
RG1 includes a web app named App1 in the West Europe location.
Subscription2 contains the following resource groups:
| Name | Region | Lock type |
|---|---|---|
| RG3 | East Europe | Delete |
| RG4 | Central US | None |
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- App1 can be moved to RG2
- App1 can be moved to RG3
- App1 can be moved to RG4
Answer:
- App1 can be moved to RG2: Yes
- App1 can be moved to RG3: Yes
- App1 can be moved to RG4: Yes
Explanation:
App1 present in RG1 and in RG1 there is no lock available. So you can move App1 to other resource groups, RG2, RG3, RG4.
Note: App Service resources can only be moved from the resource group in which they were originally created. If an App Service resource is no longer in its original resource group, move it back to its original resource group.
Question 237
You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?
*A. slots to the Testing in production blade
B. a performance test
C. a WebJob
D. templates to the Automation script blade
Explanation:
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
Example:
Question 238
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone.
Does this meet the goal?
A. Yes
*B. No
Explanation:
Modify the Name Server (NS) record.
A NS record would be created automatically and you cannot modify it (but you can add to it to support co-hosting domains). You can add additional name servers to this NS record set, to support co-hosting domains with more than one DNS provider. You can also modify the TTL and metadata for this record set. However, you cannot remove or modify the pre-populated Azure DNS name servers.
Question 239
You have a general purpose v1 storage account named storageaccount1 that has a private container named container1. You need to allow read access to the data inside container1, but only within a 14 day window. How do you accomplish this?
A. Create a stored access policy
B. Create a service SAS
*C. Create a shared access signatures
D. Upgrade the storage account to general purpose v2
Explanation:
A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).
A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access.
Question 240
You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
- Assign tags to the virtual machines
- Check the compliance status of the node
- Compile a configuration into a node configuration
- Upload a configuration to Azure Automation State Configuration
- Create a management group
Answer:
- Upload a configuration to Azure Automation State Configuration
- Compile a configuration into a node configuration
- Assign tags to the virtual machines
Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration.
Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Assign the node configuration
Step 4: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status — whether the node is “Compliant”, the configuration “Failed”, or the node is “Not Compliant”