Skip to Content

Exam AZ-104 Microsoft Azure Administrator Questions and Answers – Page 4

The latest Microsoft AZ-104 Azure Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-104 Azure Administrator exam and earn Microsoft AZ-104 Azure Administrator certification.

AZ-104 Microsoft Azure Administrator Exam Questions and Answers

Exam Question 321

You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:

  • Name: VM1
  • Location: West US
  • Connected to: VNET1
  • Private IP address: 10.1.0.4
  • Public IP address: 52.186.85.63
  • DNS suffix in Windows Server: Adatum.com

You create the Azure DNS zones shown in the following table.

Name Type Location
Adatum.pri Private West Europe
Contoso.pri Private Central US
Adatum.com Public West Europe
Contoso.com Public North Europe

You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.

DNS zones that you can link to VNET1:

  • Adatum.com only
  • Adatum.pri and adatum.com only
  • The private zones only
  • The public zones only

DNS zones to which VM1 can automatically register:

  • Adatum.com only
  • Adatum.pri and adatum.com only
  • The private zones only
  • The public zones only

Correct Answer:
DNS zones that you can link to VNET1: The private zones only
DNS zones to which VM1 can automatically register: The private zones only

Exam Question 322

You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table.

Name IP address
VM1 10.0.1.4
VM2 10.0.2.4
VM3 10.

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

Name Address space Connected virtual machine
Subnet1 10.0.1.0/24 VM1
Subnet2 10.0.2.0/24 VM2
Subnet3 10.0.3.0/24 VM3

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

Address prefix Next hop type Next hop address
10.0.1.0/24 Virtual appliance 10.0.3.4
10.0.2.0/24 Virtual appliance 10.0.3.4

You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Network traffic from VM3 can reach VM1.
  • If VM3 is turned off, network traffic from VM2 can reach VM1.
  • Network traffic from VM1 can reach VM2.

Correct Answer:

  • Network traffic from VM3 can reach VM1: Yes
  • If VM3 is turned off, network traffic from VM2 can reach VM1: No
  • Network traffic from VM1 can reach VM2: Yes

Answer Explanation:
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.
Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.

Exam Question 323

You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?

A. the Docker container and an App Service plan that uses the SI pricing
B. the Docker container and an App Service plan that uses the Bl1 pricing tier
C. the Windows operating system and the App Service plan hosting plan
D. the Windows operating system and the Consumption plan hosting plan

Correct Answer:
D. the Windows operating system and the Consumption plan hosting plan

Answer Explanation:
Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to handle load, and scaled down when code is not running.

Exam Question 324

You have an Azure subscription that contains the resources shown in the following table.

Name Type Resource group
VNET1 Virtual network RG1
VM1 Virtual machine RG1

The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines

In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1.
What should you do first?

A. Remove Microsoft.Compute/virtualMachines from the policy.
B. Add a subnet to VNET1.
C. Remove Microsoft.Network/virtualNetworks from the policy.
D. Create an Azure Resource Manager template.

Correct Answer:
A. Remove Microsoft.Compute/virtualMachines from the policy.

Answer Explanation:
The Not allowed resource types Azure policy prohibits the deployment of specified resource types.
You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.

Exam Question 324

You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table:

Name IP address
VM1 10.0.1.4
VM2 10.0.2.4
VM3 10.0.3.4

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table:

Name Address space Connected virtual machine
Subnet1 10.0.1.0/24 VM1
Subnet2 10.0.2.0/24 VM2
Subnet3 10.0.3.0/24 VM3

VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1 that contains the routes in the following table:

Address prefix Next hop type Next hop address
10.0.1.0/24 Virtual appliance 10.0.3.4
10.0.2.0/24 Virtual appliance 10.0.3.4

You apply RT1 to Subnet1 and Subnet2.
Choose all that apply:

A. VM3 can establish a network connection to VM1
B. if VM3 is turned off, VM2 can establish network connection to VM1
C. VM1 can establish a network connection to VM2

Correct Answer:
A. VM3 can establish a network connection to VM1
C. VM1 can establish a network connection to VM2

Answer Explanation:
IP forwarding enables the virtual machine a network interface is attached to:

  • Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.
  • Send network traffic with a different source IP address than the one assigned to one of a network interface’s IP configurations.

The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it.

The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.

VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.

Reference:
Microsoft Docs > Virtual network traffic routing

Exam Question 325

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?

A. Azure Active Directory (Azure AD) Application Proxy
B. Azure Application Insights
C. Azure Custom Script Extension
D. the New-AzConfigurationAssignement cmdlet

Correct Answer:
C. Azure Custom Script Extension

Answer Explanation:
The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.

There are several versions of this question in the exam. The question has two correct answers:

  1. a Desired State Configuration (DSC) extension
  2. Azure Custom Script Extension

The question can have other incorrect answer options, including the following:

  • Deployment Center in Azure App Service
  • a Microsoft Intune device configuration profile

Reference:
Microsoft Docs > Custom Script Extension for Windows
Microsoft Docs > Microsoft Azure Well-Architected Framework > Operational Excellence > Automation > Configure infrastructure

Exam Question 326

You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require?

Minimum number of network interfaces:

  • 5
  • 10
  • 15
  • 20

Minimum number of network security groups:

  • 1
  • 2
  • 5
  • 10

Correct Answer:
Minimum number of network interfaces: 10
Minimum number of network security groups: 1

Answer Explanation:
A public and a private IP address can be assigned to a single network interface.
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.

Reference:
Microsoft Docs > Add, change, or remove IP addresses for an Azure network interface

Exam Question 327

You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.

Name Private IP address Public IP address Virtual network name DNS suffix configured in Windows Server
VM1 10.1.0.4 52.186.85.63 VNET1 Adatum.com
VM2 10.1.0.5 13.92.168.13 VNET1 Contoso.com

You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.
Which A records will be added to the adatum.com zone for each virtual machine?

A records for VM1:

  • None
  • Private IP address only
  • Public IP address only
  • Private IP address and Public IP address

A records for VM2:

  • None
  • Private IP address only
  • Public IP address only
  • Private IP address and Public IP address

Correct Answer:
A records for VM1: Private IP address only
A records for VM2: Private IP address only

Answer Explanation:
The virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses.

Reference:
Microsoft Docs > What is Azure Private DNS?
Microsoft Docs > Azure DNS Private zones scenarios

Exam Question 328

You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VNet1 contains one subnet named Sunet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.

Resources to create:

  • An Azure Event Grid
  • An Azure Log analytics workspace
  • An Azure Storage account

Resources on which to enable diagnostics:

  • ILB1
  • NSG1
  • The Azure virtual machine

Correct Answer:
Resources to create: An Azure Log analytics workspace
Resources on which to enable diagnostics: ILB1

Answer Explanation:
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions.

Reference:
Microsoft Docs > Create a Log Analytics workspace in the Azure portal
Microsoft Docs > Resource logging for a network security group

Exam Question 329

You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table.

Name Virtual network DNS suffix configured in Windows Server
VM1 VNET2 Contoso.com
VM2 VNET2 None
VM3 VNET2 Adatum.com

You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.
You create a virtual network link for contoso.com as shown in the following exhibit.
You create a virtual network link for contoso.com as shown in the following exhibit.
Choose all that apply:

A. When VM1 starts, a record for VM1 is added to the contoso.com DNS zone
B. When VM2 starts, a record for VM2 is added to the contoso.com DNS zone
C. When VM2 starts, a record for VM3 is added to the adatum.com DNS zone

Correct Answer:
A. When VM1 starts, a record for VM1 is added to the contoso.com DNS zone
B. When VM2 starts, a record for VM2 is added to the contoso.com DNS zone

Answer Explanation:
If you enable autoregistration on a virtual network link, the DNS records for the virtual machines on that virtual network are registered in the private zone. When autoregistration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its’ IP address, or is deleted.

Reference:
Microsoft Docs > Name resolution for resources in Azure virtual networks

Exam Question 330

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.

Virtual network Address space Subnet Peering
VNet1 10.1.0.0/16 10.1.0.0/24
10.1.1.0/26
VNet2
VNet2 10.2.0.0/16 10.2.0.0/24 VNet1

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence?

A. Remove peering from VNet1 and VNet2, Add the 10.33.0.0/16 address space to VNet1,Recreate peering between VNet1 and VNet2
B. Add the 10.33.0.0/16 address space to VNet1, Remove peering from VNet1 and VNet2, Recreate peering between VNet1 and VNet2

Correct Answer:
A. Remove peering from VNet1 and VNet2, Add the 10.33.0.0/16 address space to VNet1,Recreate peering between VNet1 and VNet2

Answer Explanation:
You can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network.
To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.

Reference:
Microsoft Docs > Create, change, or delete a virtual network peering

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.