The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 311
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first-in-first-out (FIFO) delivery of messages.
What should you do?
A. Set the Lock Duration setting to 10 seconds.
B. Enable duplicate detection.
C. Set the Max Size setting of the queue to 5 GB.
D. Enable partitioning.
*E. Enable sessions.
Explanation:
Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-first-out (FIFO) delivery of messages.
Question 312
You have a Microsoft SQL Server Always On availability group on Azure virtual machines.
You need to configure an Azure internal load balancer as a listener for the availability group.
What should you do?
*A. Enable Floating IP.
B. Set Session persistence to Client IP and protocol.
C. Set Session persistence to Client IP.
D. Create an HTTP health probe on port 1433.
Explanation:
Incorrect Answers:
D: The Health probe is created with the TCP protocol, not with the HTTP protocol.
Question 313
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
| Name | Member of |
|---|---|
| User1 | Domain Admins |
| User2 | Schema Admins |
| User3 | Incoming Forest Trust Builders |
| User4 | Replicator |
| User5 | Enterprise Admins |
Adatum.onmicrosoft.com contains the user accounts in the following table.
| Name | Role |
|---|---|
| UserA | Global administrator |
| UserB | User administrator |
| UserC | Security administrator |
| UserD | Service administrator |
You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Adatum.com:
- User1
- User2
- User3
- User4
- User5
Adatum.onmicrosoft.com:
- UserA
- UserB
- UserC
- UserD
Answer:
Adatum.com: User5
Adatum.onmicrosoft.com: UserA
Explanation:
Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
Question 314
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?
*A. Generate an automation script for RG1.
B. View the keys of storageaccount1.
C. Upload a blob to storageaccount1.
D. Start VM1.
Explanation:
Applying ReadOnly can lead to unexpected results because some operations that don’t seem to modify the resource actually require actions that are blocked by the lock. The ReadOnly lock can be applied to the resource or to the resource group containing the resource. Some common examples of the operations that are blocked by a ReadOnly lock are:
A ReadOnly lock on a storage account prevents all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations.
Question 315
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
*B. From Azure AD, add and verify a custom domain name.
C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
D. From the server that runs Azure AD Connect, modify the filtering options.
Explanation:
Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:
State: Verified Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials. State: Not verified Azure AD Connect found a matching custom domain in Azure AD, but it isn’t verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn’t verified. Action Required: Verify the custom domain in Azure AD.
Question 316
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants.
You need to configure the default sign-in tenant for the Azure portal.
What should you do?
A. From the Azure portal, configure the portal settings.
*B. From the Azure portal, change the directory.
C. From Azure Cloud Shell, run Set-AzureRmContext.
D. From Azure Cloud Shell, run Set-AzureRmSubscription.
Explanation:
Change the subscription directory in the Azure portal. The classic portal feature Edit Directory, that allows you to associate an existing subscription to your Azure Active Directory (AAD), is now available in Azure portal. It used to be available only to Service Admins with Microsoft accounts, but now it’s available to users with AAD accounts as well.
To get started:
- Go to Subscriptions.
- Select a subscription.
- Select Change directory.
Incorrect Answers:
C: The Set-AzureRmContext cmdlet sets authentication information for cmdlets that you run in the current session. The context includes tenant, subscription, and environment information.
Question 317
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10. You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone.
Does this meet the goal?
A. Yes
*B. No
Explanation:
Modify the Name Server (NS) record.
Question 318
You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do?
A. Create an PTR record named research in the adatum.com zone.
*B. Create an NS record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an A record named “.research in the adatum.com zone.
Explanation:
You need to create a name server (NS) record for the zone.
Question 319
You manage a virtual network named Vnet1 that is hosted in the West US Azure region. VNet hosts two virtual machines named VM1 and VM2 run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
A. Yes
*B. No
Explanation:
Connection Monitor only gives a ‘red/green’ status for a given connection, whereas the question states you need to see all traffic.
Question 320
You have an Azure subscription that contains the storage accounts shown in the following table.
| Name | Kind | Performance | Replication | Access tier |
|---|---|---|---|---|
| storage1 | Storage (general purpose v1) | Premium | Geo-redundant storage (GRS) | None |
| storage2 | StorageV2 (general purpose v2) | Standard | Locally-redundant storage (LRS) | Cool |
| storage3 | StorageV2 (general purpose v2) | Premium | Read-access geo-redundant storage (RA-GRS) | Hot |
| storage4 | BlobStorage | Standard | Locally-redundant storage (LRS) | Hot |
You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?
A. storage1
*B. storage2
C. storage3
D. storage4
Explanation:
ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
Incorrect Answers:
A, not C: Live migration is supported only for storage accounts that use LRS replication. If your account uses GRS or RA-GRS, then you need to first change your account’s replication type to LRS before proceeding. This intermediary step removes the secondary endpoint provided by GRS/RA-GRS.
Also, only standard storage account types support live migration. Premium storage accounts must be migrated manually.
D: ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.