AZ-104: Microsoft Azure Administrator Part 5
Question #: 312
Topic #: 4
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
A. operating system
B. administrator username
C. virtual machine size
D. resource group
Selected Answer: D
Question #: 313
Topic #: 2
You have three offices and an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You need to grant user management permissions to a local administrator in each office.
What should you use?
A. Azure AD roles
B. administrative units
C. access packages in Azure AD entitlement management
D. Azure roles
Selected Answer: B
Question #: 314
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
✑ Name: LB1
✑ Type: Internal
✑ SKU: Standard
✑ Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 315
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 316
Topic #: 4
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances.
At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?
A. Add the Azure Performance Diagnostics agent to VM1.
B. Modify the VM size property of VM1.
C. Add VM1 to a scale set.
D. Increase the vCPU quota for the subscription.
E. Add a Desired State Configuration (DSC) extension to VM1.
Selected Answer: B
Question #: 317
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
✑ Name: LB1
✑ Type: Internal
✑ SKU: Standard
✑ Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 318
Topic #: 6
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.
What should you create first?
A. a data collection rule (DCR)
B. a Log Analytics workspace
C. an Azure Monitor Private Link Scope (AMPLS)
D. a private endpoint
Selected Answer: C
Question #: 319
Topic #: 3
You have an on-premises server that contains a folder named D:\Folder1.
You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contosodata.
Which command should you run?
A. az storage blob copy start D:\Folder1 https://contosodata.blob.core.windows.net/public
B. azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public –snapshot
C. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public –recursive
D. az storage blob copy start-batch D:\Folder1 https://contosodata.blob.core.windows.net/public
Selected Answer: C
Question #: 323
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
✑ Name: LB1
✑ Type: Internal
✑ SKU: Standard
✑ Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard SKU public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 324
Topic #: 4
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
A. Deployment Center in Azure App Service
B. A Desired State Configuration (DSC) extension
C. the New-AzConfigurationAssignment cmdlet
D. a Microsoft Intune device configuration profile
Selected Answer: B
Question #: 327
Topic #: 2
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
A. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
B. Assign User1 the Owner role for VNet1.
C. Assign User1 the Contributor role for VNet1.
D. Assign User1 the Network Contributor role for VNet1.
Selected Answer: B
Question #: 328
Topic #: 6
You have an Azure subscription that contains an Azure Stream Analytics job named Job1.
You need to monitor input events for Job1 to identify the number of events that were NOT processed.
Which metric should you use?
A. Out-of-Order Events
B. Output Events
C. Late Input Events
D. Backlogged Input Events
Selected Answer: D
Question #: 329
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You export the client certificate from Computer1 and install the certificate on Computer2.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 332
Topic #: 3
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. an Azure Cosmos DB database
B. Azure File Storage
C. Azure SQL Database
D. a virtual machine
Selected Answer: B
Question #: 333
Topic #: 5
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
A. Modify the protocol of Rule4
B. Delete Rule1
C. For Rule5, change the Action to Allow and change the priority to 401
D. Create a new inbound rule that allows TCP protocol 443 and configure the rule to have a priority of 501.
Selected Answer: C
Question #: 334
Topic #: 6
You have an Azure subscription that contains an Azure SQL database named DB1.
You plan to use Azure Monitor to monitor the performance of DB1. You must be able to run queries to analyze log data.
Which destination should you configure in the Diagnostic settings of DB1?
A. Send to a Log Analytics workspace.
B. Archive to a storage account.
C. Stream to an Azure event hub.
Selected Answer: A
Question #: 335
Topic #: 2
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do first?
A. Enable Active Directory Domain Service (AD DS) authentication for storage1.
B. Grant share-level permissions by using File Explorer.
C. Mount share1 by using File Explorer.
D. Create a private endpoint.
Selected Answer: A
Question #: 336
Topic #: 3
You have an Azure subscription that contains the resources shown in the following table.
You need to perform the tasks shown in the following table.
Which tasks can you perform by using Azure Storage Explorer?
A. Task1 and Task3 only
B. Task1, Task2, and Task3 only
C. Task1, Task3, and Task4 only
D. Task2, Task3, and Task4 only
E. Task1, Task2, Task3, and Task4
Selected Answer: D
Question #: 337
Topic #: 6
You have an Azure subscription. The subscription contains virtual machines that run Windows Server.
You have a data collection rule (DCR) named Rule1.
You plan to use the Azure Monitor Agent to collect events from Windows System event logs.
You only need to collect system events that have an ID of 1001.
Which type of query should you use for the data source in Rule1?
A. SQL
B. XPath
C. KQL
Selected Answer: B
Question #: 338
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 339
Topic #: 4
You have an Azure virtual machine named VM1 that runs Windows Server 2019. The VM was deployed using default drive settings.
You sign in to VM1 as a user named User1 and perform the following actions:
✑ Create files on drive C.
✑ Create files on drive D.
✑ Modify the screen saver timeout.
✑ Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
A. the modified screen saver timeout
B. the new desktop background
C. the new files on drive D
D. the new files on drive C
Selected Answer: C
Question #: 342
Topic #: 6
You have an Azure subscription that contains a virtual machine named VM1.
You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure.
You need to use Connection Monitor to identify network latency between VM1 and DC1.
What should you install on DC1?
A. the Azure Connected Machine agent for Azure Arc-enabled servers
B. the Azure Network Watcher Agent virtual machine extension
C. the Log Analytics agent
D. an Azure Monitor agent extension
Selected Answer: D
Question #: 343
Topic #: 2
You have 15 Azure subscriptions.
You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You plan to purchase additional Azure subscription.
You need to ensure that Group1 can manage role assignments for the existing subscriptions and the planned subscriptions. The solution must meet the following requirements:
✑ Use the principle of least privilege.
✑ Minimize administrative effort.
What should you do?
A. Assign Group1 the Owner role for the root management group.
B. Assign Group1 the User Access Administrator role for the root management group.
C. Create a new management group and assign Group1 the User Access Administrator role for the group.
D. Create a new management group and assign Group1 the Owner role for the group.
Selected Answer: B
Question #: 344
Topic #: 4
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?
A. the memory
B. the network adapters
C. the hard drive
D. the processor
E. Integration Services
Selected Answer: C
Question #: 347
Topic #: 3
You have an Azure subscription that contains a storage account named storage1.
You plan to create a blob container named container1.
You need to use customer-managed key encryption for container1.
Which key should you use?
A. an EC key that uses the P-384 curve only
B. an EC key that uses the P-521 curve only
C. an EC key that uses the P-384 curve or P-521 curve only
D. an RSA key with a key size of 4096 only
E. an RSA key type with a key size of 2048, 3072, or 4096 only
Selected Answer: E
Question #: 348
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 349
Topic #: 6
You have an Azure subscription that has Traffic Analytics configured.
You deploy a new virtual machine named VM1 that has the following settings:
• Region: East US
• Virtual network: VNet1
• NIC network security group: NSG1
You need to monitor VM1 traffic by using Traffic Analytics.
Which settings should you configure?
A. Diagnostic settings for VM1
B. NSG flow logs for NSG1
C. Diagnostic settings for NSG1
D. Insights for VM1
Selected Answer: B
Question #: 351
Topic #: 6
You have an Azure subscription. The subscription contains 10 virtual machines that run Windows Server. Each virtual machine hosts a website in IIS and has the Azure Monitor Agent installed.
You need to collect the IIS logs from each virtual machine and store them in a Log Analytics workspace.
What should you configure first?
A. a data collection endpoint
B. an Azure Monitor Private Link Scope (AMPLS)
C. Diagnostic settings
D. VM insights
E. a private endpoint
Selected Answer: A
Question #: 352
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther443 inbound security rule.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 353
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.
Does that meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 354
Topic #: 4
You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table:
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
A. VM1
B. RG1
C. storage2
D. container1
Selected Answer: B
Question #: 357
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 358
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 359
Topic #: 4
You have an Azure web app named App1. App1 has the deployment slots shown in the following table:
In webapp1-test, you test several changes to App1.
You back up App1.
You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues.
You need to revert to the previous version of App1 as quickly as possible.
What should you do?
A. Redeploy App1
B. Swap the slots
C. Clone App1
D. Restore the backup of App1
Selected Answer: B
Question #: 362
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
Does that meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 363
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 364
Topic #: 3
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. Azure Blob Storage
B. Azure Data Lake Store
C. Azure SQL Database
D. a virtual machine
Selected Answer: A
Question #: 367
Topic #: 3
You have an Azure subscription. The subscription contains a storage account named storage1 that has the lifecycle management rules shown in the following table.
On June 1, you store a blob named File1 in the Hot access tier of storage1.
What is the state of File1 on June 7?
A. stored in the Cool access tier
B. stored in the Archive access tier
C. stored in the Hot access tier
D. deleted
Selected Answer: D
Question #: 368
Topic #: 5
You have an Azure subscription.
You plan to deploy an Azure Kubernetes Service (AKS) cluster to support an app named App1. On-premises clients connect to App1 by using the IP address of the pod.
For the AKS cluster, you need to choose a network type that will support App1.
What should you choose?
A. kubenet
B. Azure Container Networking Interface (CNI)
C. Hybrid Connection endpoints
D. Azure Private Link
Selected Answer: B
Question #: 369
Topic #: 4
You plan to back up an Azure virtual machine named VM1.
You discover that the Backup Pre-Check status displays a status of Warning.
What is a possible cause of the Warning status?
A. VM1 is stopped.
B. VM1 does not have the latest version of the Azure VM Agent (WaAppAgent.exe) installed.
C. VM1 has an unmanaged disk.
D. A Recovery Services vault is unavailable.
Selected Answer: B
Question #: 371
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
✑ Name: LB1
✑ Type: Internal
✑ SKU: Standard
✑ Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You disassociate the public IP address from the network interface of VM2.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 372
Topic #: 2
You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.
Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Assign roles to User2 for storageacct1234.
B. Upload blob data to storageacct1234.
C. Modify the firewall of storageacct1234.
D. View blob data in storageacct1234.
E. View file shares in storageacct1234.
Selected Answer: BD
Question #: 373
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
