The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 141
You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Step 1: Install the Azure File Sync agent on Server1.
Step 2: Register Server1.
Step 3: Add a server endpoint
Explanation:
Step 1: Install the Azure File Sync agent on Server1.
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share.
Step 2: Register Server1.
Register Windows Server with Storage Sync Service.
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
A server endpoint represents a path on registered server.
Question 142
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
- Replicates synchronously.
- Remains available if a single data center in the region fails.
How should you configure the storage account? To answer, select the appropriate options in the answer area.
Answer:
Box 1: Zone-redundant storage (ZRS)
Box 2: StorageV2 (general purpose V2)
Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails. GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.
Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:
- Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability.
- Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.
Question 143
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?
A. blob, file, table, and queue
*B. blob and file only
C. file and table only
D. file only
E. blob, table, and queue only
Explanation:
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Incorrect Answers:
A, C, E: AzCopy does not support table and queue storage services.
D: AzCopy supports file storage services, as well as blob storage services.
Question 144
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.
Answer:
Blob storage: Azure Active Directory (Azure AD) and shared access signatures (SAS) only
File storage: Shared access signatures (SAS) only
Explanation:
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Box 1: Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Box 2: Only Shared Access Signature (SAS) token is supported for File storage.
Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Only Shared Access Signature (SAS) token is supported for File storage.
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Use this table as a guide:
- CHOOSE HOW YOU’LL PROVIDE AUTHORIZATION CREDENTIALS
- Blob storage: Azure AD & SAS
- Blob storage (hierarchical namespace): Azure AD & SAS
- File storage: SAS only
Question 145
You have an Azure subscription named Subscription1 that contains the resources shown in the following table:
| Name | Type | Location | Resource group |
|---|---|---|---|
| RG1 | Resource group | East US | Not applicable |
| RG2 | Resource group | West US | Not applicable |
| Vault1 | Recovery Services vault | West Europe | RG1 |
| storage1 | Storage account | East US | RG2 |
| storage2 | Storage account | West US | RG1 |
| storage3 | Storage account | West Europe | RG2 |
| Analytics1 | Log Analytics workspace | East US | RG1 |
| Analytics2 | Log Analytics workspace | West US | RG2 |
| Analytics3 | Log Analytics workspace | West Europe | RG1 |
You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.
Answer:
Box 1: storage3 only
Box 2: Analytics3
Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe.
Box 2: Analytics3
Vault1 and Analytics3 are both in West Europe.
Question 146
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?
A. Yes
*B. No
Explanation:
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.
Question 147
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Answer:
Internet users can connect to only the web server on VM1.
If you delete Rule2, Internet users can connect to the web server and DNS server on VM1.
Explanation:
Box 1: Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80.
Box 2: If Rule2 is removed internet users can reach the DNS server as well.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Question 148
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:
- Operating system: Windows Server 2016
- Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Answer:
When an administrator changes the virtual machine size, the size will be changed on up to 0 virtual machines simultaneously.
When a new build of the Windows Server 2016 image is released, the new build will be deployed to up to 4 virtual machines simultaneously.
Explanation:
The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine.
Box 1: 0
The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each existing VM.
Box 2: 4
Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all instances in the scale set.
Question 149
You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table:
| Name | IP address range |
|---|---|
| Subnet0 | 10.0.0.0/24 |
| Subnet1 | 10.0.1.0/24 |
| Subnet2 | 10.0.2.0/24 |
| GatewaySubnet | 10.0.254.0/24 |
Subnet1 contains a virtual appliance named VM1 that operates as a router.
You create a routing table named RT1.
You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area.
Answer:
Address prefix: 10.0.0.0/16
Next hop type: Virtual appliance
Assigned to: GatewaySubnet
Question 149
You have a virtual network named VNET1 that contains the subnets shown in the following table:
| Name | Subnet | Network security group (NSG) |
|---|---|---|
| Subnet1 | 10.10.1.0/24 | NSG1 |
| Subnet2 | 10.10.2.0/24 | None |
You have two Azure virtual machines that have the network configurations shown in the following table:
| Name | Subnet | IP address | NSG |
|---|---|---|---|
| VM1 | Subnet1 | 10.10.1.5 | NSG2 |
| VM2 | Subnet2 | 10.10.2.5 | None |
| VM3 | Subnet3 | 10.10.2.6 | None |
For NSG1, you create the inbound security rule shown in the following table:
| Priority | Source | Destination | Destination port | Action |
|---|---|---|---|---|
| 101 | 10.10.2.0/24 | 10.10.1.0/24 | TCP/1433 | Allow |
For NSG2, you create the inbound security rule shown in the following table:
| Priority | Source | Destination | Destination port | Action |
|---|---|---|---|---|
| 125 | 10.10.2.5 | 10.10.1.5 | TCP/1433 | Block |
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
VM2 can connect to the TCP port 1433 services on VM1.
VM1 can connect to the TCP port 1433 services on VM2.
VM2 can connect to the TCP port 1433 services on VM3.
Answer:
VM2 can connect to the TCP port 1433 services on VM1: Yes
VM1 can connect to the TCP port 1433 services on VM2: Yes
VM2 can connect to the TCP port 1433 services on VM3: Yes
Explanation:
VM2 can connect to the TCP port 1433 services on VM1: Yes
The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433
from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.
VM1 can connect to the TCP port 1433 services on VM2: Yes
No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.
VM2 can connect to the TCP port 1433 services on VM3: Yes
No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied.
Question 150
A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application.
You create a new web app named WebApp1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1.
What should you configure?
A. Access control (IAM)
B. Advanced Tools
C. Deployment credentials
*D. Authentication/Authorization