Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 2 Part 2

By: Author Alex Lim

Posted on

Categories Exam

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

Question 151

Your company has a main office in Australia and several branch offices in Asia.
The company’s data center uses a VMware virtualization infrastructure to host several virtualized servers.
You purchase an Azure subscription and plan to move all virtual machines to Azure to a resource group in the Australia Southeast location.
You need to create an Azure Migrate migration project.
Which geography should you select?

A. Central India
B. Australia Central
*C. Australia Southeast
D. United States

Explanation:

InProject Details, specify the project name, and geography in which you want to create the project. Review supported geographies for public and government clouds.

Review supported geographies for public and government clouds.

Question 152

Which blade should you instruct the finance department auditors to use?

A. Partner information
B. Overview
C. Payment methods
*D. Invoices

Explanation:

You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.

  • Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click Invoices then Email my invoice.
  • Click Opt in and accept the terms.

Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.

Question 153

You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Azure Active Directory (AD) Identity Protection and an Azure policy
*B. A Recovery Services vault and a backup policy
C. An Azure Key Vault and an access policy
*D. An Azure Storage account and an access policy

Explanation:

D: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.

B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users’ Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com

Question 154

You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?

A. Join the client computers in the Miami office to Azure AD.
*B. Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
*D. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication
E. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Explanation:

Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of ‘alice@domain name.onmicrosoft.com’. Scenario:

  • Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
  • Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
  • Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.

Question 155

You need to resolve the Active Directory issue.
What should you do?

A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
*B. Run idfix.exe, and then use the Edit action.
C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
D. From Azure AD Connect, modify the outbound synchronization rule.

Explanation:

IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.

Question 156

Which blade should you instruct the finance department auditors to use?

A. invoices
B. partner information
*C. cost analysis
D. External services

Explanation:

Cost analysis: Correct Option
In cost analysis blade of Azure, you can see all the detail for custom time span. You can use this to determine expenditure of last few day, weeks, and month. Below options are available in Cost analysis blade for filtering information by time span:last 7 days, last 30 days, and custom date range. Choosing the first option (last 7 days) auditors can view the costs by time span.
Cost analysis shows data for the current month by default. Use the date selector to switch to common date ranges quickly. Examples include the last seven days, the last month, the current year, or a custom date range. Pay-as-you-go subscriptions also include date ranges based on your billing period, which isn’t bound to the calendar month, like the current billing period or last invoice. Use the PREVIOUS and NEXT links at the top of the menu to jump to the previous or next period, respectively. For example, PREVIOUS link will switch from theLast 7 days to 8-14 days ago or 15-21 days ago.

For example, PREVIOUS link will switch from theLast 7 days to 8-14 days ago or 15-21 days ago.

Invoice: Incorrect Option
Invoices can only be used for past billing periods not for current billing period, i.e. if your requirement is to know the last week’s cost then that also not filled by invoices because Azure generates invoice at the end of the month. Even though Invoices have custom timespan, but when you put in dates for a week, the pane would be empty. Below is from Microsoft document:

Invoices can only be used for past billing periods not for current billing period.

Resource Provider: Incorrect Option
When deploying resources, you frequently need to retrieve information about the resource providers and types. For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. This resource provider offers a resource type called vaults for creating the key vault. This is not useful for reviewing all Azure costs from the past week which is required for audit.
Payment method: Incorrect Option
Payment methods is not useful for reviewing all Azure costs from the past week which is required for audit.

Question 157

You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. A load balancing rule
B. A new public load balancer for VM3
*C. An inbound NAR rule
D. A frontend IP configuration

Explanation:

To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
Create a load balancer inbound network address translation (NAT) rule to forward traffic from a specific port of the front-end IP address to a specific port of a back-end VM.
Hence this option is Correct
a load balancing rule : Incorrect Choice
A load balancer rule defines how traffic is distributed to the VMs. The rule defines the front-end IP configuration for incoming traffic, the back-end IP pool to receive the traffic, and the required source and destination ports.
a new public load balancer for VM3 : Incorrect Choice
This option will not help you since this will route all traffic to VM3 only.
a frontend IP configuration : Incorrect Choice
When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with rules. The health probe referenced by the rule is used to determine how new flows are sent to a node in the backend pool. The frontend (aka VIP) is defined by a 3-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool.

Question 158

You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?

*A. Linux Diagnostic Extension (LAD) 3.0
B. Azure Analysis Services
C. the AzurePerformanceDiagnostics extension
D. Azure HDInsight

Explanation:

You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

Question 159

You have an Azure Storage account named storage1.
You have an Azure App Service app named app1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1 for the next 30 days.
What should you configure in storage1 for each app?

App1:

  • Access keys
  • Advanced security
  • Access control (IAM)
  • Shared access signatures (SAS)

App2:

  • Access keys
  • Advanced security
  • Access control (IAM)
  • Shared access signatures (SAS)

Answer:
App1: Shared access signatures (SAS)
App2: Shared access signatures (SAS)

Explanation:

With Shared access signature you can limit the resources for access and at the same time can control the duration of the access.
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.

Question 160

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Actions:

  • Configure company branding.
  • Add an Azure AD tenant.
  • Verify the domain.
  • Create an Azure DNS zone.
  • Add a custom domain name.
  • Add a record to the public contoso.com DNS zone.

Answer:

  1. Add a custom domain name.
  2. Add a record to the public contoso.com DNS zone.
  3. Verify the domain.

Explanation:

The process is simple:

  1. Add the custom domain name to your directory
  2. Add a DNS entry for the domain name at the domain name registrar
  3. Verify the custom domain name in Azure AD