Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 3

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

AZ-104 Microsoft Azure Administrator Exam Questions and Answers

Exam Question 231

You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:

  • Create files on drive C.
  • Create files on drive 0.
  • Modify the screen saver timeout.
  • Change the desktop background.

You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?

A. the modified screen saver timeout
B. the new desktop background
C. the new files on drive
D. The new files on drive C

Correct Answer:
A. the modified screen saver timeout

Exam Question 232

You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.
You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Containers will be assigned an IP address in the [answer choice] subnet.

  • 10.244.0.0/16
  • 10.0.0.0/16
  • 172.17.0.1/16

Services in the AKS cluster will be assigned an IP address in the [answer choice] subnet.

  • 10.244.0.0/16
  • 10.0.0.0/16
  • 172.17.0.1/16

Correct Answer:
Containers will get the IP address from the virtual network subnet CIDr which is 10.244.0.0/16
Services in the AKS cluster will be assigned an IP address in the service CIDR which is 10.0.0.0/16

Exam Question 233

You have a virtual network named VNet1 that has the configuration shown in the following exhibit.
You have a virtual network named VNet1 that has the configuration.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Before a virtual machine on VNet1 can receive an IP address from 192.168.1.0/24, you must first:

  • add a network interface
  • add a subnet
  • add an address space
  • delete a subnet
  • delete an address space

Before a virtual machine on VNet1 can receive an IP address from 10.2.1.0/24, you must first:

  • add a network interface
  • add a subnet
  • add an address space
  • delete a subnet
  • delete an address space

Correct Answer:

Before a virtual machine on VNet1 can receive an IP address from 192.168.1.0/24, you must first: add an address space

Before a virtual machine on VNet1 can receive an IP address from 10.2.1.0/24, you must first: add a subnet

Answer Explanation:
Box 1: add an address space
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the address space of the subnet they are connected to. We need to add the 192.168.1.0/24 address space.
Box 2: add a subnet
Address space is present but need to add subnet

Exam Question 234

You have an Azure subscription named Subscription1 that contains the resources in the following table.

Name Type
VM1 Virtual machine
VM2 Virtual machine
LB1 Load balancer

You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)
LB1 is configured as shown in the LB1 exhibit.
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • VM1 is in the same availability set as VM2.
  • If Probe1.htm is present on VM1 and VM2, LB1 will balance TCP port 80 between VM1 and VM2.
  • If you delete Rule1, LB1 will balance all the requests between VM1 and VM2 for all the ports.

Correct Answer:

  • VM1 is in the same availability set as VM2: Yes
  • If Probe1.htm is present on VM1 and VM2, LB1 will balance TCP port 80 between VM1 and VM2: Yes
  • If you delete Rule1, LB1 will balance all the requests between VM1 and VM2 for all the ports: No

Answer Explanation:
To load balance with basic load balancer backend pool virtual machines has to be in a single availability set or virtual machine scale set.
A health probe is used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance is healthy and can receive traffic.
A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. So if you delete the rule, load balancing won’t happen.
A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. So if you delete the rule, load balancing won't happen.

Exam Question 235

You create an Azure subscription named Subscription1 and an associated Azure Active Directory (Azure AD) tenant named Tenant1. Tenant1 contains the users in the following table.

Name Tenant role Subscription role
[email protected] Global Administrator Owner
[email protected] Global Administrator Contributor
[email protected] Security Administrator Security Admin
[email protected] Conditional Access Administrator Security Admin

You need to add an Azure AD Privileged Identity Management application to Tenant1.
Which account can you use?

A. [email protected]
B. [email protected]
C. [email protected]
D. [email protected]

Correct Answer:
B. [email protected]

Answer Explanation:
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
Only owner can create an subscription and only global administrator can perform Privileged Identity Management changes. So you can create subscription with external user and then promote him to global administrator to get things done.
As it is mentioned as it is associated with azure tenant so that tenant has an AD domain. So in azure AD the default domain ends with onmicrosoft.com. So you can’t have Hotmail IDs there. Moreover always remember the principle of least privileges, when you can get your job done with Global Administrator then you should not look for owner for security purpose.
[email protected] : Correct Choice
As Admin1 is Global Administrator and part of default AD domain so Admin1 can add an Azure AD Privileged Identity Management application to Tenant1
[email protected] : Incorrect Choice
As per the above explanation Admin3 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
As per the above explanation Admin2 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
Although this user is Global Administrator but referring to the least privileges principal and default domain consideration this option is incorrect.

Exam Question 236

You have Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following resource groups:

Name Region Lock type
RG1 West Europe None
RG2 West Europe Read Only

RG1 includes a web app named App1 in the West Europe location.
Subscription2 contains the following resource groups:

Name Region Lock type
RG3 East Europe Delete
RG4 Central US None

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • App1 can be moved to RG2
  • App1 can be moved to RG3
  • App1 can be moved to RG4

Correct Answer:

  • App1 can be moved to RG2: Yes
  • App1 can be moved to RG3: Yes
  • App1 can be moved to RG4: Yes

Answer Explanation:
App1 present in RG1 and in RG1 there is no lock available. So you can move App1 to other resource groups, RG2, RG3, RG4.
Note: App Service resources can only be moved from the resource group in which they were originally created. If an App Service resource is no longer in its original resource group, move it back to its original resource group.

Exam Question 237

You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?

A. slots to the Testing in production blade
B. a performance test
C. a WebJob
D. templates to the Automation script blade

Correct Answer:
A. slots to the Testing in production blade

Answer Explanation:
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
Example:
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production.

Exam Question 238

Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone.
Does this meet the goal?

A. Yes
B. No

Correct Answer:
B. No

Answer Explanation:
Modify the Name Server (NS) record.

A NS record would be created automatically and you cannot modify it (but you can add to it to support co-hosting domains). You can add additional name servers to this NS record set, to support co-hosting domains with more than one DNS provider. You can also modify the TTL and metadata for this record set. However, you cannot remove or modify the pre-populated Azure DNS name servers.

Exam Question 239

You have a general purpose v1 storage account named storageaccount1 that has a private container named container1. You need to allow read access to the data inside container1, but only within a 14 day window. How do you accomplish this?

A. Create a stored access policy
B. Create a service SAS
C. Create a shared access signatures
D. Upgrade the storage account to general purpose v2

Correct Answer:
C. Create a shared access signatures

Answer Explanation:
A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).

A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access.

Exam Question 240

You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

  • Assign tags to the virtual machines
  • Check the compliance status of the node
  • Compile a configuration into a node configuration
  • Upload a configuration to Azure Automation State Configuration
  • Create a management group

Correct Answer:

  1. Upload a configuration to Azure Automation State Configuration
  2. Compile a configuration into a node configuration
  3. Assign tags to the virtual machines

Answer Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration.

Import the configuration into the Automation account.

Step 2: Compile a configuration into a node configuration.

A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.

Step 3: Assign the node configuration

Step 4: Check the compliance status of the node

Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.

On the blade for an individual report, you can see the following status information for the corresponding consistency check:

The report status — whether the node is “Compliant”, the configuration “Failed”, or the node is “Not Compliant”

Reference:
Microsoft Docs > Get started with Azure Automation State Configuration

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.