Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 1

The latest Exam AZ-104 Microsoft Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AZ-104 Microsoft Azure Administrator exam and earn AZ-104 Microsoft Azure Administrator certification.

Exam Question 31

You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.
What should you include in the Availability Set?
A. one update domain
B. two fault domains
C. one fault domain
D. two update domains

Correct Answer:
D. two update domains
Answer Description:
The hardware in a location is divided in to multiple update domains and fault domains. An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time. VMs in the same fault domain share common storage as well as a common power source and network switch.
Microsoft updates, which Microsoft refers to as planned maintenance events, sometimes require that VMs be rebooted to complete the update. To reduce the impact on VMs, the Azure fabric is divided into update domains to ensure that not all VMs are rebooted at the same time.
Incorrect Answers:
A: An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
B, C: A fault domain shares common storage as well as a common power source and network switch. It is used to protect against unplanned system failure.
References:
Microsoft Docs > Create and deploy virtual machines in an availability set using Azure PowerShell
Microsoft Azure > Understanding Azure Availability Sets

Exam Question 32

You have an on-premises server that contains a folder named D:\Folder1.
You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contosodata.
Which command should you run?
A. https://contosodata.blob.core.windows.net/public
B. azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot
C. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive
D. az storage blob copy start-batch D:\Folder1 https://contosodata.blob.core.windows.net/public

Correct Answer:
C. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public –recursive
Answer Description:
The azcopy copy command copies a directory (and all of the files in that directory) to a blob container. The result is a directory in the container by the same name.
Incorrect Answers:
B: The azcopy sync command replicates the source location to the destination location. However, the file is skipped if the last modified time in the destination is more recent.
D: The az storage blob copy start-batch command copies multiple blobs to a blob container.
References:
Microsoft Docs > Transfer data
Microsoft Docs > azcopy copy

Exam Question 33

You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:

NameTypeLocation
Storage1StorageFile
Storage2StorageV2 (general purpose v2)File, Table
Storage3StorageV2 (general purpose v2)Queue
Storage4BlobStorageBlob
You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:

You plan to use the Azure Import/Export service to export data from Subscription1.
You need to identify which storage account can be used to export the data.
What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4

Correct Answer:
D. storage4
Answer Description:
Azure Import/Export service supports the following of storage accounts:

  • Standard General Purpose v2 storage accounts (recommended for most scenarios)
  • Blob Storage accounts
  • General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments),

Azure Import/Export service supports the following storage types:

  • Import supports Azure Blob storage and Azure File storage
  • Export supports Azure Blob storage

References:
Microsoft Docs > Azure Import/Export system requirements

Exam Question 34

You have Azure subscription that includes data in following locations:

NameType
container1Blob container
share1Azure file share
DB1SQL database
Table1Azure Table
You have Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?
A. DB1
B. container1
C. Share1
D. Table1

Correct Answer:
B. container1
Answer Description:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.

Exam Question 35

You have an Azure subscription that contains the resources in the following table.

NameType
RG1Resource group
store1Azure Storage account
Sync1Azure File Sync
You have an Azure subscription that contains the resources in the following table.

Store1 contains a file share named data. Data contains 5,000 files.
You need to synchronize the files in the file share named data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a container instance
B. Register Server1
C. Install the Azure File Sync agent on Server1
D. Download an automation script
E. Create a sync group
Correct Answer:
B. Register Server1
C. Install the Azure File Sync agent on Server1
E. Create a sync group
Answer Description:
Step 1 (C): Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (B): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (E): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

Exam Question 36

You have an Azure subscription that contains the storage accounts shown in the following table.

NameKindPerformanceReplicationAccess tier
storage1Storage (general purpose v1)PremiumGeo-redundant storage (GRS)None
storage2StorageV2 (general purpose v2)StandardLocally-redundant storage (LRS)Cool
storage3StorageV2 (general purpose v2)PremiumRead-access geo-redundant storage (RA-GRS)Hot
storage4BlobStorageStandardLocally-redundant storage (LRS)Hot
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4

Correct Answer:
B. storage2
Answer Description:
ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
Incorrect Answers:
A, not C: Live migration is supported only for storage accounts that use LRS replication. If your account uses GRS or RA-GRS, then you need to first change your account’s replication type to LRS before proceeding. This intermediary step removes the secondary endpoint provided by GRS/RA-GRS.
Also, only standard storage account types support live migration. Premium storage accounts must be migrated manually.
D: ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
References:
Microsoft Docs > Azure Storage redundancy

Exam Question 37

You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The onpremises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:

  • Ensure that you can upload the disk files to account1.
  • Ensure that you can attach the disks to VM1.
  • Prevent all other access to account1.

Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From the Firewalls and virtual networks blade of account1, select Selected networks.
B. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
C. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
D. From the Firewalls and virtual networks blade of account1, add VNet1.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Correct Answer:
A. From the Firewalls and virtual networks blade of account1, select Selected networks.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Answer Description:
A: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal

  1. Navigate to the storage account you want to secure.
  2. Click on the settings menu called Firewalls and virtual networks.
  3. To deny access by default, choose to allow access from ‘Selected networks’. To allow traffic from all networks, choose to allow access from ‘All networks’.
  4. Click Save to apply your changes.

E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.

By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References:
Microsoft Docs > Configure Azure Storage firewalls and virtual networks

Exam Question 38

You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. an XML manifest file
B. a dataset CSV file
C. a JSON configuration file
D. a PowerShell PS1 file
E. a driveset CSV file
Correct Answer:
B. a dataset CSV file
E. a driveset CSV file
Answer Description:
B: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
E: Modify the driveset.csv file in the root folder where the tool resides.

Exam Question 39

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?
A. From the Recovery Service vault, delete the backup data.
B. Modify the disaster recovery properties of each virtual machine.
C. Modify the locks of each virtual machine.
D. From the Recovery Service vault, stop the backup of each backup item.

Correct Answer:
D. From the Recovery Service vault, stop the backup of each backup item.
Answer Description:
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can’t, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

Exam Question 40

You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. an Azure Cosmos DB database
B. Azure Blob storage
C. Azure Data Lake Store
D. the Azure File Sync Storage Sync Service

Correct Answer:
B. Azure Blob storage
Answer Description:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. The maximum size of an Azure Files Resource of a file share is 5 TB.

Implement and manage storage: Testlet 2

Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

  • File servers
  • Domain controllers
  • Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:

  • A SQL database
  • A web front end
  • A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

  • Move all the tiers of App1 to Azure.
  • Move the existing product blueprint files to Azure Blob storage.
  • Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

  • Move all the virtual machines for App1 to Azure.
  • Minimize the number of open ports between the App1 tiers.
  • Ensure that all the virtual machines for App1 are protected by backups.
  • Copy the blueprint files to Azure over the Internet.
  • Ensure that the blueprint files are stored in the archive storage tier.
  • Ensure that partner access to the blueprint files is secured and temporary.
  • Prevent user passwords or hashes of passwords from being stored in Azure.
  • Use unmanaged standard storage for the hard disks of the virtual machines.
  • Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
  • Minimize administrative effort whenever possible.

User Requirements

Contoso identifies the following requirements for users:

  • Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
  • Designate a new user named Admin1 as the service admin for the Azure subscription.
  • Admin1 must receive email alerts regarding service outages.
  • Ensure that a new user named User3 can create network objects for the Azure subscription.