Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 2

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

AZ-104 Microsoft Azure Administrator Exam Questions and Answers

Exam Question 141

You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:
Step 1: Install the Azure File Sync agent on Server1.
Step 2: Register Server1.
Step 3: Add a server endpoint

Answer Explanation:
Step 1: Install the Azure File Sync agent on Server1.
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share.
Step 2: Register Server1.
Register Windows Server with Storage Sync Service.
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
A server endpoint represents a path on registered server.

Reference:
Microsoft Docs > Deploy Azure File Sync

Exam Question 142

You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:

  • Replicates synchronously.
  • Remains available if a single data center in the region fails.

How should you configure the storage account? To answer, select the appropriate options in the answer area.

Correct Answer:
Box 1: Zone-redundant storage (ZRS)
Box 2: StorageV2 (general purpose V2)

Answer Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails. GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:

  • Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability.
  • Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.

Reference:
Microsoft Docs > Azure Storage redundancy

Exam Question 143

You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?

A. blob, file, table, and queue
B. blob and file only
C. file and table only
D. file only
E. blob, table, and queue only

Correct Answer:
B. blob and file only

Answer Explanation:
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Incorrect Answers:
A, C, E: AzCopy does not support table and queue storage services.
D: AzCopy supports file storage services, as well as blob storage services.

Reference:
Microsoft Docs > Get started with AzCopy

Exam Question 144

You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.

Correct Answer:
Blob storage: Azure Active Directory (Azure AD) and shared access signatures (SAS) only
File storage: Shared access signatures (SAS) only

Answer Explanation:
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Box 1: Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Box 2: Only Shared Access Signature (SAS) token is supported for File storage.
Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Only Shared Access Signature (SAS) token is supported for File storage.
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Use this table as a guide:

  • CHOOSE HOW YOU’LL PROVIDE AUTHORIZATION CREDENTIALS
  • Blob storage: Azure AD & SAS
  • Blob storage (hierarchical namespace): Azure AD & SAS
  • File storage: SAS only

Reference:
Microsoft Docs > Get started with AzCopy

Exam Question 145

You have an Azure subscription named Subscription1 that contains the resources shown in the following table:

Name Type Location Resource group
RG1 Resource group East US Not applicable
RG2 Resource group West US Not applicable
Vault1 Recovery Services vault West Europe RG1
storage1 Storage account East US RG2
storage2 Storage account West US RG1
storage3 Storage account West Europe RG2
Analytics1 Log Analytics workspace East US RG1
Analytics2 Log Analytics workspace West US RG2
Analytics3 Log Analytics workspace West Europe RG1

You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.

Correct Answer:
Box 1: storage3 only
Box 2: Analytics3

Answer Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe.
Box 2: Analytics3
Vault1 and Analytics3 are both in West Europe.

Reference:
Microsoft Docs > Configure Azure Backup reports

Exam Question 146

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?

A. Yes
B. No

Correct Answer:
B. No

Answer Explanation:
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.

Exam Question 147

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit:

VM1 has the effective network security rules shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Correct Answer:
Internet users can connect to only the web server on VM1.
If you delete Rule2, Internet users can connect to the web server and DNS server on VM1.

Answer Explanation:
Box 1: Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80.
Box 2: If Rule2 is removed internet users can reach the DNS server as well.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

Exam Question 148

You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:

  • Operating system: Windows Server 2016
  • Size: Standard_D1_v2

You run the get-azvmss cmdlet as shown in the following exhibit:

You run the get-azvmss cmdlet as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Correct Answer:
When an administrator changes the virtual machine size, the size will be changed on up to 0 virtual machines simultaneously.
When a new build of the Windows Server 2016 image is released, the new build will be deployed to up to 4 virtual machines simultaneously.

Answer Explanation:
The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine.
Box 1: 0
The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each existing VM.
Box 2: 4
Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all instances in the scale set.

Reference:
Microsoft Docs > Modify a virtual machine scale set
Microsoft Docs > Azure virtual machine scale set automatic OS image upgrades

Exam Question 149

You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table:

Name IP address range
Subnet0 10.0.0.0/24
Subnet1 10.0.1.0/24
Subnet2 10.0.2.0/24
GatewaySubnet 10.0.254.0/24

Subnet1 contains a virtual appliance named VM1 that operates as a router.
You create a routing table named RT1.
You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area.

Correct Answer:
Address prefix: 10.0.0.0/16
Next hop type: Virtual appliance
Assigned to: GatewaySubnet

Exam Question 149

You have a virtual network named VNET1 that contains the subnets shown in the following table:

Name Subnet Network security group (NSG)
Subnet1 10.10.1.0/24 NSG1
Subnet2 10.10.2.0/24 None

You have two Azure virtual machines that have the network configurations shown in the following table:

Name Subnet IP address NSG
VM1 Subnet1 10.10.1.5 NSG2
VM2 Subnet2 10.10.2.5 None
VM3 Subnet3 10.10.2.6 None

For NSG1, you create the inbound security rule shown in the following table:

Priority Source Destination Destination port Action
101 10.10.2.0/24 10.10.1.0/24 TCP/1433 Allow

For NSG2, you create the inbound security rule shown in the following table:

Priority Source Destination Destination port Action
125 10.10.2.5 10.10.1.5 TCP/1433 Block

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

VM2 can connect to the TCP port 1433 services on VM1.
VM1 can connect to the TCP port 1433 services on VM2.
VM2 can connect to the TCP port 1433 services on VM3.

Correct Answer:
VM2 can connect to the TCP port 1433 services on VM1: Yes
VM1 can connect to the TCP port 1433 services on VM2: Yes
VM2 can connect to the TCP port 1433 services on VM3: Yes

Answer Explanation:
VM2 can connect to the TCP port 1433 services on VM1: Yes
The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433
from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.
VM1 can connect to the TCP port 1433 services on VM2: Yes
No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.
VM2 can connect to the TCP port 1433 services on VM3: Yes
No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied.

Reference:
Microsoft Docs > Network security groups

Exam Question 150

A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application.
You create a new web app named WebApp1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1.
What should you configure?

A. Access control (IAM)
B. Advanced Tools
C. Deployment credentials
D. Authentication/Authorization

Correct Answer:
D. Authentication/Authorization

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.