Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 2

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

AZ-104 Microsoft Azure Administrator Exam Questions and Answers

Exam Question 131

Your company has a main office in London that contains 100 client computers.
Three years ago, you migrated to Azure Active Directory (Azure AD).
The company’s security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network.
You verify that User1 was able to join devices to Azure AD in the past.
You need to ensure that User1 can join the device to Azure AD.
What should you do?

A. Assign the User administrator role to User1.
B. From the Device settings blade, modify the Maximum number of devices per user setting.
C. Create a point-to-site VPN from the home network of User1 to Azure.
D. From the Device settings blade, modify the Users may join devices to Azure AD setting.

Correct Answer:
B. From the Device settings blade, modify the Maximum number of devices per user setting.

Answer Explanation:
The Maximum number of devices setting enables you to select the maximum number of devices that a user can have in Azure AD. If a user reaches this quota, they will not be able to add additional devices until one or more of the existing devices are removed.
Incorrect Answers:
C: Azure AD Join enables users to join their devices to Active Directory from anywhere as long as they have connectivity with the Internet.
D: The Users may join devices to Azure AD setting enables you to select the users who can join devices to Azure AD. Options are All, Selected and None. The default is All.

Exam Question 132

You have an existing Azure subscription that contains 10 virtual machines.
You need to monitor the latency between your on-premises network and the virtual machines.
What should you use?

A. Service Map
B. Connection troubleshoot
C. Network Performance Monitor
D. Effective routes

Correct Answer:
C. Network Performance Monitor

Answer Explanation:
Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.
You can monitor network connectivity across cloud deployments and on-premises locations, multiple data centers, and branch offices and mission-critical multitier applications or microservices. With Performance Monitor, you can detect network issues before users complain.

Exam Question 133

You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
Which target resource should you monitor in the alert rule?

A. virtual machine extension
B. virtual machine
C. metric alert
D. Azure Log Analytics workspace

Correct Answer:
D. Azure Log Analytics workspace

Answer Explanation:
For the first step to create the new alert tule, under the Create Alert section, you are going to select your Log Analytics workspace as the resource, since this is a log based alert signal.
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for analysis of details and correlations. Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
Azure Log Analytics workspace is also used for on-premises computers monitored by System Center Operations Manager.

Exam Question 134

You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?

A. From Azure Cost Management, view Cost Analysis
B. From Azure Advisor, modify the Advisor configuration
C. From Microsoft Azure Storage Explorer, view the Account Management properties
D. From Azure Cost Management, view Advisor Recommendations

Correct Answer:
D. From Azure Cost Management, view Advisor Recommendations

Answer Explanation:
From Home > Cost Management + Billing > Cost Management, scroll down on the options and select View Recommendations:

Azure Cost Management / Advisor
From here you will see the recommendations for your subscription, if you have orphaned disks, they will be listed.

Monitor and back up Azure resources

Overview

Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.

All the resources used by Litware are hosted on-premises.

Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the P1 pricing tier.

Existing Environment

The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone.

Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.

Litware.com contains a user named User1.

All the offices connect by using private connections.

Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.

All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Name Role Contains virtual machine
Server1 VMware vCenter server VM1
Server2 Hyper-V host VM2

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.

The Azure subscription contains the resources in the following table.

Name Type
VNet1 Virtual network
VM3 Virtual machine
VM4 Virtual machine

The network security team implements several network security groups (NSGs)

Requirements

Planned Changes

Litware plans to implement the following changes:

  • Deploy Azure ExpressRoute to the Montreal office.
  • Migrate the virtual machines hosted on Server1 and Server2 to Azure.
  • Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
  • Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

Technical Requirements

Litware must meet the following technical requirements:

  • Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
  • Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
  • Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
  • Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
  • Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
  • Connect the New York office to VNet1 over the Internet by using an encrypted connection.
  • Create a workflow to send an email message when the settings of VM4 are modified.
  • Create a custom Azure role named Role1 that is based on the Reader role.
  • Minimize costs whenever possible.

Exam Question 135

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommendation?

A. Azure AD B2C
B. dynamic groups and conditional access policies
C. Azure AD Identity Protection
D. an Azure logic app and the Microsoft Identity Management (MIM) client

Correct Answer:
B. dynamic groups and conditional access policies

Answer Explanation:
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.

Reference:
Microsoft Docs > Azure > Governance > Management Groups > What are Azure management groups?
Microsoft Docs >Azure > Governance > Management Groups > Manage your resources with management groups > Moving management groups and subscriptions

Exam Question 136

You have the Azure management groups shown in the following table:

Name In management group
Tenant Root Group Not applicable
ManagementGroup11 Tenant Root Group
ManagementGroup12 Tenant Root Group
ManagementGroup21 ManagementGroup11

You add Azure subscriptions to the management groups as shown in the following table:

Name Management group
Subscription1 ManagementGroup21
Subscription2 ManagementGroup12

You create the Azure policies shown in the following table:

Name Parameter Scope
Not allowed resource types virtualNetworks Tenant Root Group
Allowed resource types virtualNetworks ManagementGroup12

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:
Box 1: No
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: Yes
Virtual Machines can be created on a Management Group provided the user has the required RBAC permissions.
Box 3: Yes
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.

Exam Question 136

What is the effect of the policy?

A. You are prevented from creating Azure SQL servers anywhere in Subscription 1.
B. You can create Azure SQL servers in ContosoRG1 only.
C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
D. You can create Azure SQL servers in any resource group within Subscription 1.

Correct Answer:
B. You can create Azure SQL servers in ContosoRG1 only.

Answer Explanation:
You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1

Exam Question 137

You have an Azure subscription that contains the resources shown in the following table:

Name Type Resource group Tag
RG6 Resource group Not applicable None
VNET1 Virtual network RG6 Department: D1

You assign a policy to RG6 as shown in the following table:

Section Setting Value
Scope Scope Subscription1/RG6
Exclusions None
Basics Policy definition Apply tag and its default value
Assignment name Apply tag and its default value
Parameters Tag name Label
Tag value Value1

To RG6, you apply the tag: RGroup: RG6.
You deploy a virtual network named VNET2 to RG6.
Which tags apply to VNET1 and VNET2? To answer, select the appropriate options in the answer area.

Correct Answer:
VNET1: Department: D1, and Label: Value1 only.
Tags applied to the resource group or subscription are not inherited by the resources.
Note: Azure Policy allows you to use either built-in or custom-defined policy definitions and assign them to either a specific resource group or across a whole Azure subscription.
VNET2: Label: Value1 only.

Answer Explanation:
Incorrect Answers: RGROUP: RG6 Tags applied to the resource group or subscription are not inherited by the resources.
VNET1: Department: D1, and Label:Value1 only.
Tags applied to the resource group or subscription are not inherited by the resources.
Note: Azure Policy allows you to use either built-in or custom-defined policy definitions and assign them to either a specific resource group or across a whole Azure subscription.
VNET2: Label:Value1 only.

Reference:
Microsoft Docs > Assign policy definitions for tag compliance

Exam Question 138

You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit:

You create a shared access signature (SAS) named SAS1.
To answer, select the appropriate options in the answer area.

Correct Answer:
Box 1: Will have no access
The IP 193.77.134.1 does not have access on the SAS.
Box 2: Will have read, write, and list access The net use command is used to connect to file shares.

Reference:
Microsoft Docs > Grant limited access to Azure Storage resources using shared access signatures (SAS)
Microsoft Docs > Get started with Storage Explorer

Exam Question 139

You have Azure subscription that includes following Azure file shares:

Name In storage account Location
share1 storage1 West US
share2 storage2 West US

You have the following on-premises servers:

Name Folders
Server1 D:\Folder1, E:\Folder2
Server2 D:\Data

You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group.
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.

Answer Explanation:
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Yes, one or more server endpoints can be added to the sync group.
Yes, one or more server endpoints can be added to the sync group.

Reference:
Microsoft Docs > Deploy Azure File Sync

Exam Question 140

You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.

A. contosostorage.file.core.windows.net\data
B. data.file.core.windows.net\contosostorage
C. contosostorage.blob.core.windows.net\data
D. data.blob.core.windows.net\contosostorage

Correct Answer:
A. contosostorage.file.core.windows.net\data

Answer Explanation:
Box 1: contosostorage
The name of account
Box 2: file.core.windows.net
Box 3: data
The name of the file share is data.
<storageAccountName>.file.core.windows.net\<fileShareName>
Example:
Which UNC path should you include in a script that references files from the data file share?
Reference:
Microsoft Docs > Mount SMB Azure file share on Windows

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.