The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.
Question 321
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
- Name: VM1
- Location: West US
- Connected to: VNET1
- Private IP address: 10.1.0.4
- Public IP address: 52.186.85.63
- DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
| Name | Type | Location |
|---|---|---|
| Adatum.pri | Private | West Europe |
| Contoso.pri | Private | Central US |
| Adatum.com | Public | West Europe |
| Contoso.com | Public | North Europe |
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
DNS zones that you can link to VNET1:
- Adatum.com only
- Adatum.pri and adatum.com only
- The private zones only
- The public zones only
DNS zones to which VM1 can automatically register:
- Adatum.com only
- Adatum.pri and adatum.com only
- The private zones only
- The public zones only
Answer:
DNS zones that you can link to VNET1: The private zones only
DNS zones to which VM1 can automatically register: The private zones only
Question 322
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table.
| Name | IP address |
|---|---|
| VM1 | 10.0.1.4 |
| VM2 | 10.0.2.4 |
| VM3 | 10. |
Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.
| Name | Address space | Connected virtual machine |
|---|---|---|
| Subnet1 | 10.0.1.0/24 | VM1 |
| Subnet2 | 10.0.2.0/24 | VM2 |
| Subnet3 | 10.0.3.0/24 | VM3 |
VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.
| Address prefix | Next hop type | Next hop address |
|---|---|---|
| 10.0.1.0/24 | Virtual appliance | 10.0.3.4 |
| 10.0.2.0/24 | Virtual appliance | 10.0.3.4 |
You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- Network traffic from VM3 can reach VM1: Yes
- If VM3 is turned off, network traffic from VM2 can reach VM1: No
- Network traffic from VM1 can reach VM2: Yes
Explanation:
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.
Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.
Question 323
You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?
A. the Docker container and an App Service plan that uses the SI pricing
B. the Docker container and an App Service plan that uses the Bl1 pricing tier
C. the Windows operating system and the App Service plan hosting plan
*D. the Windows operating system and the Consumption plan hosting plan
Explanation:
Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to handle load, and scaled down when code is not running.
Question 324
You have an Azure subscription that contains the resources shown in the following table.
| Name | Type | Resource group |
|---|---|---|
| VNET1 | Virtual network | RG1 |
| VM1 | Virtual machine | RG1 |
The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1.
What should you do first?
*A. Remove Microsoft.Compute/virtualMachines from the policy.
B. Add a subnet to VNET1.
C. Remove Microsoft.Network/virtualNetworks from the policy.
D. Create an Azure Resource Manager template.
Explanation:
The Not allowed resource types Azure policy prohibits the deployment of specified resource types.
You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
Question 324
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table:
| Name | IP address |
|---|---|
| VM1 | 10.0.1.4 |
| VM2 | 10.0.2.4 |
| VM3 | 10.0.3.4 |
Subscription1 contains a virtual network named VNet1 that has the subnets in the following table:
| Name | Address space | Connected virtual machine |
|---|---|---|
| Subnet1 | 10.0.1.0/24 | VM1 |
| Subnet2 | 10.0.2.0/24 | VM2 |
| Subnet3 | 10.0.3.0/24 | VM3 |
VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1 that contains the routes in the following table:
| Address prefix | Next hop type | Next hop address |
|---|---|---|
| 10.0.1.0/24 | Virtual appliance | 10.0.3.4 |
| 10.0.2.0/24 | Virtual appliance | 10.0.3.4 |
You apply RT1 to Subnet1 and Subnet2.
Choose all that apply:
*A. VM3 can establish a network connection to VM1
B. if VM3 is turned off, VM2 can establish network connection to VM1
*C. VM1 can establish a network connection to VM2
Explanation:
IP forwarding enables the virtual machine a network interface is attached to:
- Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.
- Send network traffic with a different source IP address than the one assigned to one of a network interface’s IP configurations.
The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it.
The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.
VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.
Question 325
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
A. Azure Active Directory (Azure AD) Application Proxy
B. Azure Application Insights
*C. Azure Custom Script Extension
D. the New-AzConfigurationAssignement cmdlet
Explanation:
The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.
There are several versions of this question in the exam. The question has two correct answers:
- a Desired State Configuration (DSC) extension
- Azure Custom Script Extension
The question can have other incorrect answer options, including the following:
- Deployment Center in Azure App Service
- a Microsoft Intune device configuration profile
Question 326
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require?
Minimum number of network interfaces:
- 5
- 10
- 15
- 20
Minimum number of network security groups:
- 1
- 2
- 5
- 10
Answer:
Minimum number of network interfaces: 10
Minimum number of network security groups: 1
Explanation:
A public and a private IP address can be assigned to a single network interface.
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
Question 327
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.
| Name | Private IP address | Public IP address | Virtual network name | DNS suffix configured in Windows Server |
|---|---|---|---|---|
| VM1 | 10.1.0.4 | 52.186.85.63 | VNET1 | Adatum.com |
| VM2 | 10.1.0.5 | 13.92.168.13 | VNET1 | Contoso.com |
You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.
Which A records will be added to the adatum.com zone for each virtual machine?
A records for VM1:
- None
- Private IP address only
- Public IP address only
- Private IP address and Public IP address
A records for VM2:
- None
- Private IP address only
- Public IP address only
- Private IP address and Public IP address
Answer:
A records for VM1: Private IP address only
A records for VM2: Private IP address only
Explanation:
The virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses.
Question 328
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VNet1 contains one subnet named Sunet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
Resources to create:
- An Azure Event Grid
- An Azure Log analytics workspace
- An Azure Storage account
Resources on which to enable diagnostics:
- ILB1
- NSG1
- The Azure virtual machine
Answer:
Resources to create: An Azure Log analytics workspace
Resources on which to enable diagnostics: ILB1
Explanation:
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions.
Question 329
You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table.
| Name | Virtual network | DNS suffix configured in Windows Server |
|---|---|---|
| VM1 | VNET2 | Contoso.com |
| VM2 | VNET2 | None |
| VM3 | VNET2 | Adatum.com |
You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.
You create a virtual network link for contoso.com as shown in the following exhibit.
Choose all that apply:
*A. When VM1 starts, a record for VM1 is added to the contoso.com DNS zone
*B. When VM2 starts, a record for VM2 is added to the contoso.com DNS zone
C. When VM2 starts, a record for VM3 is added to the adatum.com DNS zone
Explanation:
If you enable autoregistration on a virtual network link, the DNS records for the virtual machines on that virtual network are registered in the private zone. When autoregistration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its’ IP address, or is deleted.
Question 330
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.
| Virtual network | Address space | Subnet | Peering |
|---|---|---|---|
| VNet1 | 10.1.0.0/16 | 10.1.0.0/24 10.1.1.0/26 |
VNet2 |
| VNet2 | 10.2.0.0/16 | 10.2.0.0/24 | VNet1 |
You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence?
*A. Remove peering from VNet1 and VNet2, Add the 10.33.0.0/16 address space to VNet1,Recreate peering between VNet1 and VNet2
B. Add the 10.33.0.0/16 address space to VNet1, Remove peering from VNet1 and VNet2, Recreate peering between VNet1 and VNet2
Explanation:
You can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network.
To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.