Special Black Friday Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Microsoft AZ-104 Microsoft Azure Administrator Exam Practice Test

Page: 1 / 47
Total 472 questions

Microsoft Azure Administrator Questions and Answers

Question 1

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Options:

Question 2

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 3

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Question 4

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Question 5

Which blade should you instruct the finance department auditors to use?

Options:

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Question 6

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Question 7

You need to resolve the Active Directory issue.

What should you do?

Options:

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Question 8

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

Options:

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Question 9

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Question 10

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Options:

Question 11

Which blade should you instruct the finance department auditors to use?

Options:

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Question 12

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

Options:

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Question 13

You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN.

In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16. VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24.

You need to create a site-to-site VPN to Azure.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Options:

Question 14

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1.

You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

Options:

A.

an Azure Cosmos DB database

B.

Azure File Storage

C.

the Azure File Sync Storage Sync Service

D.

Azure Data Factory

Question 15

You have an Azure subscription named Subscription1.

In Subscription1, you create an Azure file share named share1.

You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 16

You have an Azure subscription named Subscription1 that contains the following resource group:

  • Name: RG1
  • Region: West US
  • Tag: “tag1”: “value1”

You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:

  • Exclusions: None
  • Policy definition: Append tag and its default value
  • Assignment name: Policy1
  • Parameters:

- Tag name: Tag2

- Tag value: Value2

After Policy1 is assigned, you create a storage account that has the following configurations:

  • Name: storage1
  • Location: West US
  • Resource group: RG1
  • Tags: “tag3”: “value3”

You need to identify which tags are assigned to each resource.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 17

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 18

STION NO: 25 HOTSPOT

You have an Azure subscription named Subscription1.

Subscription1 contains the virtual machines in the following table.

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.

You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

You apply RT1 to Subnet1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 19

You have an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to configure cluster autoscaler for AKS1.

Which two tools should you use? Each correct answer presents a complete solution,

NOTE: Each correct selection is worth one point

Options:

A.

the set-AzAKs cmdlet

B.

the Azure portal

C.

The az aks command

D.

the kubect1 command

E.

the set Azvm cmdlet

Question 20

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

Options:

A.

Modify the address space of the local network gateway.

B.

Remove the public IP addresses from the virtual machines.

C.

Modify the address space of Subnet1.

D.

Create a deny rule in a network security group (NSG) that is linked to Subnet1.

Question 21

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.

You run Azure Network Watcher as shown in the following exhibit.

You run Network Watcher again as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 22

You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.

You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.

What should you include in the Availability Set?

Options:

A.

one update domain

B.

two fault domains

C.

one fault domain

D.

two update domains

Question 23

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.

You purchase 10 Azure AD Premium P2 licenses for the tenant.

You need to ensure that 10 users can use all the Azure AD Premium features.

What should you do?

Options:

A.

From the Groups blade of each user, invite the users to a group.

B.

From the Licenses blade of Azure AD, assign a license.

C.

From the Directory role blade of each user, modify the directory role.

D.

From the Azure AD domain, add an enterprise application.

Question 24

You have an app named App1 that runs on an Azure web app named webapp1.

The developers at your company upload an update of App1 to a Git repository named GUI.

Webapp1 has the deployment slots shown in the following table.

You need to ensure that the App1 update is tested before the update is made available to users. Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Stop webapp1 prod.

B.

Stop webapp1-test

C.

Deploy the App1 update to webapp1-test, and then test the update.

D.

Deploy the App1 update to webapp1-prod, and then test the update.

E.

Swap the slots.

Question 25

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

Options:

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Question 26

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Options:

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Question 27

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

Options:

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Question 28

You need to meet the user requirement for Admin1.

What should you do?

Options:

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Question 29

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 30

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Options:

Question 31

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 32

You need to move the blueprint files to Azure.

What should you do?

Options:

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Question 33

You have the Azure virtual machines shown in the following table.

VNET1, VNET2, and VNET3 are peered.

VM4 has a DNS server that is authoritative for a zone named Contoso.com and contains the records shown in the following table.

VNET1 and VNET2 are linked to an Azure private DNS zone named Contoso.com that contains the records shown in the following table.

The virtual networks are configured to use the DNS servers shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 34

You have an Azure subscription that contains a user account named User1.

You need to ensure that User1 can assign a policy to the tenant root management group.

What should you do?

Options:

A.

Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.

B.

Assign the Global administrator role to User1, and then modify the default conditional access policies.

C.

Assign the Owner role to User1. and then modify the default conditional access policies.

D.

Assign the Owner role to User1. and then instruct User1 to configure access management for Azure resources.

Question 35

You have the Azure resources shown on the following exhibit.

You plan to track resource usage and prevent the deletion of resources.

To which resources can you apply locks and tags? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 36

You have a Basic App Service plan named ASP1 that hosts an Azure App Service named App1.

You need to configure a custom domain and enable backups for App1.

What should you do first?

Options:

A.

Configure a WebJob for App1.

B.

Scale up ASP1.

C.

Scale out ASP1.

D.

Configure the application settings for App1.

Question 37

You have an Azure virtual machine named VM1.

Azure collects events from VM1.

You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.

You need to specify which resource type to monitor.

What should you specify?

Options:

A.

metric alert

B.

Azure Log Analytics workspace

C.

virtual machine

D.

virtual machine extension

Question 38

You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.

Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Options:

Question 39

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.

VM2 is protected by RSV1.

You need to use RSV2 to protect VM2.

What should you do first?

Options:

A.

From the RSV1 blade, click Backup items and stop the VM2 backup.

B.

From the RSV1 blade, click Backup Jobs and export the VM2 backup.

C.

From the RSV1 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup.

D.

From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.

Question 40

You create an Azure VM named VM1 that runs Windows Server 2019.

VM1 is configured as shown in the exhibit. (Click the Exhibit button.)

You need to enable Desired State Configuration for VM1.

What should you do first?

Options:

A.

Configure a DNS name for VM1.

B.

Start VM1.

C.

Connect to VM1.

D.

Capture a snapshot of VM1.

Question 41

You have the Azure virtual machines shown in the following table.

A DNS service is install on VM1.

You configure the DNS server settings for each virtual network as shown in the following exhibit.

You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?

Options:

A.

Add service endpoints on VNET2 and VNET3.

B.

Configure peering between VNE11, VNETT2, and VNET3.

C.

Configure a conditional forwarder on VM1

D.

Add service endpoints on VNET1.

Question 42

You have an Azure subscription that contains an Azure file share.

You have an on-premises server named Server1 that runs Windows Server 2016.

You plan to set up Azure File Sync between Server1 and the Azure file share.

You need to prepare the subscription for the planned Azure File Sync.

Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Options:

Question 43

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.

Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 44

You have an Azure subscription that contains the following resources:

  • 100 Azure virtual machines
  • 20 Azure SQL databases
  • 50 Azure file shares

You need to create a daily backup of all the resources by using Azure Backup.

What is the minimum number of backup policies that you must create?

Options:

A.

1

B.

2

C.

3

D.

150

E.

170

Question 45

You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop. You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit button.)

You need to prevent users of VM1 and VM2 from accessing websites on the Internet.

What should you do?

Options:

A.

Associate the NSG to Subnet1.

B.

Disassociate the NSG from a network interface.

C.

Change the DenyWebSites outbound security rule.

D.

Change the Port_80 inbound security rule.

Question 46

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create virtual machines in Subscription1 as shown in the following table.

You plan to use Vault1 for the backup of as many virtual machines as possible.

Which virtual machines can be backed up to Vault1?

Options:

A.

VM1, VM3, VMA, and VMC only

B.

VM1 and VM3 only

C.

VM1, VM2, VM3, VMA, VMB, and VMC

D.

VM1 only

E.

VM3 and VMC only

Question 47

Your company has an Azure subscription named Subscription1.

The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.

You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:

  • The DNS Manager console
  • Azure PowerShell
  • Azure CLI 2.0

You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.

What should you use?

Options:

A.

Azure PowerShell

B.

Azure CLI

C.

the Azure portal

D.

the DNS Manager console

Question 48

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

a Security group that uses the Assigned membership type

B.

an Office 365 group that uses the Assigned membership type

C.

an Office 365 group that uses the Dynamic User membership type

D.

a Security group that uses the Dynamic User membership type

E.

a Security group that uses the Dynamic Device membership type

Page: 1 / 47
Total 472 questions