AZ-104 Azure Administrator Associate Study Stack, Exams of Computer Networks

AZ-104 Azure Administrator Associate Study Stack

Typology: Exams

2022/2023

Available from 05/04/2023

DrShirleyAurora
DrShirleyAurora 🇺🇸

4.4

(9)

6.2K documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
AZ-104 Azure Administrator Associate
Study Stack
You have an Azure subscription that contains an Azure Active Directory (Azure AD)
tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named
AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in
contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace. - Ans B. From contoso.com, create an OAuth 2.0
authorization endpoint.
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant
named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary
Microsoft SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are
deleted automatically after 180 days.
Which two groups should you create?
A. an Office 365 group that uses the Assigned membership type
B. a Security group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type - Ans A. an Office
365 group that uses the Assigned membership type
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download AZ-104 Azure Administrator Associate Study Stack and more Exams Computer Networks in PDF only on Docsity!

AZ- 104 Azure Administrator Associate

Study Stack

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users. What should you do first? A. From contoso.com, modify the Organization relationships settings. B. From contoso.com, create an OAuth 2.0 authorization endpoint. C. Recreate AKS1. D. From AKS1, create a namespace. - Ans B. From contoso.com, create an OAuth 2. authorization endpoint. You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? A. an Office 365 group that uses the Assigned membership type B. a Security group that uses the Assigned membership type C. an Office 365 group that uses the Dynamic User membership type D. a Security group that uses the Dynamic User membership type E. a Security group that uses the Dynamic Device membership type - Ans A. an Office 365 group that uses the Assigned membership type

C. an Office 365 group that uses the Dynamic User membership type You recently created a new Azure subscription that contains a user named Admin1. Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using AzurePowerShell and receives the following error message: "User failed validation to purchase resources. Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time. "You need to ensure that Admin1 can deploy the Marketplace resource successfully." What should you do? A. From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet B. From the Azure portal, register the Microsoft.Marketplace resource provider C. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet D. From the Azure portal, assign the Billing administrator role to Admin1 - Ans C. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts. You create a new user account named AdminUser1. You need to assign the User administrator administrative role to AdminUser1. What should you do from the user account properties? A. From the Licenses blade, assign a new license B. From the Directory role blade, modify the directory role C. From the Groups blade, invite the user account to a new group - Ans B. From the Directory role blade, modify the directory role You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant.

D. General settings from the Groups blade - Ans A. Device settings from the Devices blade You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.Subscription1 has a user named User1. User1 has the following roles: ✑ Reader ✑ Security Admin Security Reader - You need to ensure that User1 can assign the Reader role for VNet1 to other users.What should you do? A. Remove User 1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. B. Assign User1 the Owner role for VNet1. C. Remove User1 from the Security Reader and Reader roles for Subscription1. D. Assign User1 the Network Contributor role for RG1. - Ans B. Assign User1 the Owner role for VNet1. You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com. You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create? A. MX B. NSEC C. SRV D. NSEC3 - Ans A. MX You have an Azure Storage account named storage1.

You plan to use AzCopy to copy data to storage1. You need to identify the storage services in storage1 to which you can copy the data. What should you identify? A. blob, file, table, and queue B. blob and file only C. file and table only D. file only E. blob, table, and queue only - Ans B. blob and file only You have an Azure subscription that contains an Azure Storage account. You plan to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent storage. You need to configure a storage service for Container1. What should you use? A. Azure Files B. Azure Blob storage C. Azure Queue storage D. Azure Table storage - Ans D. Azure Table storage You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2. You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hostingVM1 and VM2. What should you include in the Availability Set? A. one update domain B. two fault domains

C. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range. D. From the Firewalls and virtual networks blade of account1, add VNet1. E. From the Service endpoints blade of VNet1, add a service endpoint. - Ans A. From the Firewalls and virtual networks blade of account1, select Selected networks. E. From the Service endpoints blade of VNet1, add a service endpoint. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment. Does this meet the goal? A. Yes B. No - Ans B. No You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script. Does this meet the goal? A. Yes B. No - Ans B. No You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.

Does this meet the goal? A. Yes B. No - Ans A. Yes You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use? A. Azure HDInsight B. Linux Diagnostic Extension (LAD) 3. C. the AzurePerformanceDiagnostics extension D. Azure Analysis Services - Ans C. the AzurePerformanceDiagnostics extension You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable. What should you deploy? A. all three virtual machines in a single Availability Zone B. all virtual machines in a single Availability Set C. each virtual machine in a separate Availability Zone D. each virtual machine in a separate Availability Set - Ans B. all virtual machines in a single Availability Set You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1.

A. the modified screen saver timeout B. the new desktop background C. the new files on drive D D. the new files on drive C - Ans A. the modified screen saver timeout You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Solution: You create an Azure Log Analytics workspace and configure the data settings. You add the Microsoft Monitoring Agent VM extension to VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source. Does this meet the goal? A. Yes B. No - Ans B. No You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source. Does this meet the goal? A. Yes B. No - Ans A. Yes You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the source.

Does this meet the goal? A. Yes B. No - Ans B. No You have a deployment template named Template1 that is used to deploy 10 Azure web apps. You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs. What should you identify? A. five Azure Application Gateways B. one App Service plan C. 10 App Service plans D. one Azure Traffic Manager E. one Azure Application Gateway - Ans B. one App Service plan You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size. You plan to make the following changes to VM1: ✑ Change the size to D8s v3. ✑ Add a 500-GB managed disk. ✑ Add the Puppet Agent extension. ✑ Enable Desired State Configuration Management. Which change will cause downtime for VM1? A. Enable Desired State Configuration Management B. Add a 500-GB managed disk C. Change the size to D8s v

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Enable Azure Network Watcher in the East US Azure region. B. Add an Azure Network Watcher connection monitor. C. Register the MicrosoftLogAnalytics provider. D. Create an Azure Storage account. E. Register the Microsoft.Insights resource provider. F. Enable Azure Network Watcher flow logs. - Ans A. Enable Azure Network Watcher in the East US Azure region. C. Register the MicrosoftLogAnalytics provider. D. Create an Azure Storage account. You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible.What should you do? A. Deploy five virtual machines. Modify the Availability Zones settings for each virtual machine. B. Deploy five virtual machines. Modify the Size setting for each virtual machine. C. Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode. D. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode. - Ans D. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider. Does this meet the goal? A. Yes B. No - Ans B. No You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You assign a built-in policy definition to the subscription. Does this meet the goal? A. Yes B. No - Ans B. No You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Does this meet the goal? A. Yes B. No - Ans A. Yes

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Enabled B. Idle Time-out (minutes) to 20 C. Protocol to UDP D. Session persistence to Client IP and Protocol - Ans D. Session persistence to Client IP and Protocol Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: ✑ A web app named webapp ✑ A virtual network named VNET You need to ensure that webapp1 can connect to Share1. What should you deploy? A. an Azure Application Gateway B. an Azure Active Directory (Azure AD) Application Proxy C. an Azure Virtual Network Gateway - Ans C. an Azure Virtual Network Gateway You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. Azure Active Directory (Azure AD) Application Proxy B. Azure Application Insights

C. Azure Custom Script Extension D. the New-AzConfigurationAssignement cmdlet - Ans C. Azure Custom Script Extension Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter. You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered. You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters. What should you create? A. three Azure Application Gateways and one On-premises data gateway B. three virtual hubs and one virtual WAN C. three virtual WANs and one virtual hub D. three On-premises data gateways and one Azure Application Gateway - Ans C. three virtual WANs and one virtual hub You have an Azure subscription that contains a virtual network named VNet1. VNet contains four subnets named Gateway, Perimeter, NVA, and Production. The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet. You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements: ✑ The NVAs must run in an active-active configuration that uses automatic failover. ✑ The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses. Which three actions should you perform? A. Deploy a basic load balancer B. Deploy a standard load balancer C. Add two load balancing rules that have HA Ports and Floating IP enabled

B. From Azure Monitor, create a workbook C. From Azure Monitor, create a Service Health alert D. From webapp1, turn on Application Logging - Ans A. From webapp1, enable Web server logging Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database - A web front end A processing middle tier Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements

  • Planned Changes
  • Contoso plans to implement the following changes to the infrastructure:

Move all the tiers of App1 to Azure. Move the existing product blueprint files to Azure Blob storage. Create a hybrid directory to support an upcoming Microsoft Office 365 migration project. Technical Requirements - Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers. Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet. Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary. Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines. Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. Minimize administrative effort whenever possible. User Requirements - Contoso identifies the following requirements for users: Ensure that only users who are part of a group named Pilot can join devices to Azure AD. Designate a new user named Admin1 as the service admin for the Azure subscription. Admin1 must receive email alerts regarding service outages. Ensure that a new user named User3 can create network objects for the Azure subscription. Question