The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 171
You have an Azure subscription that contains the resource groups shown in the following table
| Name | Location |
|---|---|
| RG1 | West US |
| RG2 | East US |
RG1 contains the resources shown in the following table.
| Name | Type | Location |
|---|---|---|
| storage1 | Storage account | West US |
| VNET1 | Virtual network | West US |
- You can move storage1 to RG2.
- You can move NIC1 to RG2.
- If you move IP2 to RG1, the location of IP2 will change.
Answer:
You can move storage1 to RG2: Yes
You can move NIC1 to RG2: No
If you move IP2 to RG1, the location of IP2 will change: No
Question 172
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
A. From contoso.com, modify the Organization relationships settings.
*B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace.
Explanation:
With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-credentials command. When a user then interacts with the AKS cluster with kubectl, they’re prompted to sign in with their Azure AD credentials. This approach provides a single source for user account management and password credentials. The user can only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation. From inside of the Kubernetes cluster, Webhook Token Authentication is used to verify authentication tokens. Webhook token authentication is configured and managed as part of the AKS cluster.
Question 173
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther443 inbound security rule.
Does this meet the goal?
A. Yes
*B. No
Question 174
You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance.
You need to associate each virtual machine to a specific cost center.
What should you do?
A. Add an extension to the virtual machines.
B. Modify the inventory settings of the virtual machine.
*C. Assign tags to the virtual machines.
D. Configure locks for the virtual machine.
Explanation:
You apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name “Environment” and the value “Production” to all the resources in production.
Question 175
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
| Name | Role | Scope |
|---|---|---|
| User1 | Global administrator | Azure Active Directory |
| User2 | Global administrator | Azure Active Directory |
| User3 | User administrator | Azure Active Directory |
| User4 | Owner | Azure Subscription |
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
A. Yes
*B. No
Explanation:
Only a global administrator can add users to this tenant.
Question 176
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.
| Tier | Accessible from the Internet | Number of virtual machines |
|---|---|---|
| Front-end web server | Yes | 10 |
| Business logic | No | 100 |
| Microsoft SQL Server database | No | 5 |
You need to recommend a networking solution to meet the following requirements:
- Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
- Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines:
- An application gateway that uses the Standard tier
- An application gateway that uses the WAF tier
- An internal load balancer
- A network security group (NSG)
- A public load balancer
Protect the web servers from SQL injection attacks:
- An application gateway that uses the Standard tier
- An application gateway that uses the WAF tier
- An internal load balancer
- A network security group (NSG)
- A public load balancer
Answer:
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines: An internal load balancer
Protect the web servers from SQL injection attacks: An application gateway that uses the WAF tier
Explanation:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.
Question 177
You have an Azure Migrate project that has the following assessment properties:
- Target location: East US
- Storage redundancy: Locally redundant
- Comfort factor: 2.0
- Performance history: 1 month
- Percentile utilization: 95th
- Pricing tier: Standard
- Offer: Pay as you go
You discover the following two virtual machines:
- A virtual machine named VM1 that runs Windows Server 2016 and has 10 CPU cores at 20 percent utilization
- A virtual machine named VM2 that runs Windows Server 2012 and has four CPU cores at 50 percent utilization How many CPU cores will Azure Migrate recommend for each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
VM1:
- 2
- 4
- 10
- 20
VM2:
- 1
- 2
- 4
- 8
Answer:
VM1: 4
VM2: 4
Explanation:
The equation is: ‘core usage x comfort factor’. The comfort factor is 2.0.
So VM 1 is 10 cores at 20% utilization which equals 2 cores. Multiply that the comfort factor and you get 4 cores.
VM 2 is 4 cores at 50% utilization which equals 2 cores. Multiply that the comfort factor and you get 4 cores.
Question 178
You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
The backup that occurs on Saturday, March 1, will be retained for [answer choice].
- 30 days
- 10 weeks
- 36 months
- 10 years
The backup that occurs on Sunday, November 1, will be retained for [answer choice].
- 30 days
- 10 weeks
- 36 months
- 10 years
Answer:
The backup that occurs on Saturday, March 1, will be retained for [answer choice]: 10 years
The backup that occurs on Sunday, November 1, will be retained for [answer choice]: 36 months.
Explanation:
Box 1: 10 years
The yearly backup point occurs to 1 March and its retention period is 10 years.
Box 2: 36 months
The monthly backup point occurs on the 1st of every month and its retention period is 36 months.
Question 179
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?
A. Yes
*B. No
Question 180
You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?
A. Application Insights Search
B. Log analytics workspace
C. Client-side monitoring
*D. Live Metrics Stream in Application Insights
Explanation:
Live metrics stream includes such information as the number of incoming requests, the duration of those requests, and any failures that occur. You can also inspect critical performance metrics such as processor and memory.