The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 161
You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Number of virtual networks:
- 1
- 2
- 3
Number of subnets:
- 1
- 2
- 3
Answer:
Number of virtual networks: 1
Number of subnets: 3
Explanation:
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
- A SQL database
- A web front end
- A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.
Question 162
You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?
*A. Create a sign-in risk policy in Azure AD Identity Protection
B. Enable Azure AD Privileged Identity Management.
C. Create and configure the Identity Hub.
D. Configure a security policy in Azure Security Center.
Explanation:
Identity Protection analyzes signals from each sign-in, both real-time and offline, and calculates a risk score based on the probability that the sign-in wasn’t performed by the user. Administrators can make a decision based on this risk score signal to enforce organizational requirements. Administrators can choose to block access, allow access, or allow access but require multi-factor authentication.
If risk is detected, users can perform multi-factor authentication to self-remediate and close the risky sign-in event to prevent unnecessary noise for administrators.
With Azure Active Directory Identity Protection, you can:
- require users to register for multi-factor authentication
- handle risky sign-ins and compromised users
Question 163
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.
You add a network interface named VM1173 to VM1 as shown in the exhibit. (Click the Exhibit tab.)
From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.
A. Change the priority of the RDP rule.
B. Delete the DenyAlllnBound rule.
*C. Start VM1.
D. Attach a network interface.
Explanation:
Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Question 164
You have an Azure subscription named Subscription1. You have a virtualization environment that contains the virtualization server in the following table.
| Name | Hypervisor | Run virtual machine |
|---|---|---|
| Server1 | Hyper-V | VM1, VM2, VM3 |
| Server2 | VMWare | VMA, VMB, VMC |
The virtual machines are configured as shown on the following table.
| Name | Generation | Memory | Operating System (OS) disk | Data disk | OS |
|---|---|---|---|---|---|
| VM1 | 1 | 4 GB | 200 GB | 800 GB | Windows Server 2012 R2 |
| VM2 | 1 | 12 GB | 12 GB | 200 GB | RedHat Enterprise Linux 7.2 |
| VM3 | 2 | 32 GB | 100 GB | 1 TB | Windows Server 2016 |
| VMA | Not applicable | 8 GB | 100 GB | 2 TB | Windows Server 2012 R2 |
| VMB | Not applicable | 16 GB | 150 GB | 1 TB | RedHat Enterprise Linux 7.2 |
| VMC | Not applicable | 24 GB | 500 GB | 6TB | Windows Server 2016 |
All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to use Azure Site Recovery to migrate the virtual machines to Azure.
Which virtual machines can you migrate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Virtual machines that can be migrated from Server1.
- VM1 only
- VM2 only
- VM3 only
- VM1 and VM2 only
- VM1 and VM3 only
- VM1, VM2, and VM3
Virtual machines that can be migrated from Server2.
- VMA only
- VMB only
- VMC only
- VMA and VMB only
- VMA and VMC only
- VMA, VMB, and VMC
Answer:
Virtual machines that can be migrated from Server1: VM3 only
Virtual machines that can be migrated from Server2: VMA and VMB only
Explanation:
Not VM1 because it has BitLocker enabled.
Not VM2 because the OS disk is larger than 2TB.
Not VMC because the Data disk is larger than 4TB.
Question 165
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to reses clients connect n on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Actions:
- Mount a VHD.
- Copy the files by using File Explorer.
- Download and run a script.
- Select a restore point.
- Copy the files by using AZCopy.
- From the Azure portal, click Restore VM from the vault.
- From the Azure portal, click File Recovery from the vault.
Answer:
- From the Azure portal, click File Recovery from the vault.
- Select a restore point.
- Download and run a script.
- Copy the files by using AZCopy.
Explanation:
To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine’s menu, click Backup to open the Backup dashboard.
Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download Script (for Linux
Azure VM, a python script is generated).
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.
Question 166
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
Answer:
Assignments: Users and groups
Assignments: Cloud apps
Access controls: Grant
Question 167
You have an Azure subscription that contains the following resources:
- a virtual network named VNet1
- a replication policy named ReplPolicy1
- a Recovery Services vault named Vault1
- an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server
2019.
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Actions:
- Install Azure Site Recovery Unified Setup.
- Create an Azure Migrate project
- Enable Windows PowerShell remoting on VM1
- Deploy an EC2 virtual machine as a configuration server.
- Enable replication for VM1.
Answer:
- Deploy an EC2 virtual machine as a configuration server.
- Install Azure Site Recovery Unified Setup.
- Enable replication for VM1.
Explanation:
Step 1: Deploy an EC2 virtual machine as a configuration server. Prepare source include:
- Use an EC2 instance that’s running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.
- Configure the proxy on the EC2 instance VM you’re using as the configuration server so that it can access the service URLs.
Step 2: Install Azure Site Recovery Unified Setup. Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you’re using as the configuration server.
Step 3: Enable replication for VM1. Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.
Question 168
You have an Active Directory domain named contoso.com that contains the objects shown in the following table.
| Name | Type | In organizational unit (OU) |
|---|---|---|
| User1 | User | OU1 |
| User2 | User | OU1 |
| User3 | User | OU1 |
| Group1 | Security Group – Global | OU1 |
| User4 | User | OU2 |
| Group2 | Security Group – Global | OU2 |
The groups have the memberships shown in the following table.
| Group | Member |
|---|---|
| Group1 | User1 |
| Group2 | User2, Group1 |
OU1 and OU2 are synced to Azure Active Directory (Azure AD).
You modify the synchronization settings and remove OU1 from synchronization. You sync Active Directory and Azure AD.
Which objects are in Azure AD?
A. User4 and Group2 only
B. User2, Group1, User4, and Group2 only
*C. User1, User2, Group1, User4, and Group2 only
D. User1, User2, User3, User4, Group1, and Group2
Question 169
You have an Azure resource manager template that will be used to deploy 10 Azure Web Apps.
You have to ensure to deploy the pre-requisites before the deployment of the template.
You have to minimize the costs associated with the implementation.
Which of the following would you deploy as pre-requisites?
A. An Azure Load Balancer
B. An Application Gateway
C. 10 Azure App Service Plans
*D. One App Service Plan
Explanation:
In App Service (Web Apps, API Apps, or Mobile Apps), an app always runs in an App Service plan. An App Service plan defines a set of compute resources for a web app to run.
One App Service Plan: Correct Choice
For an Azure Web App, you need to have an Azure App Service Plan in place. You can associate multiple Azure Web Apps with the same App Service Plan. Hence to save on costs, you can just have one Azure App Service Plan in place.
An Azure Load Balancer: Incorrect Choice
An Azure load balancer is a Layer-4 (TCP, UDP) load balancer that provides high availability by distributing incoming traffic among healthy VMs. A load balancer health probe monitors a given port on each VM and only distributes traffic to an operational VM An Application Gateway: Incorrect Choice Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
10 Azure App Service Plans: Incorrect Choice
For an Azure Web App, you need to have an Azure App Service Plan in place. You can associate multiple Azure Web Apps with the same App Service Plan. Hence to save on costs, you can just have one Azure App Service Plan in place. So there is no need for 10 App Service Plans.
Question 170
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Monitor, you create a metric on Network in and Network Out.
Does this meet the goal?
A. Yes
*B. No
Explanation:
You should use Azure Network Watcher.