Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Microsoft AZ-104 Microsoft Azure Administrator Exam Practice Test

Page: 1 / 41
Total 408 questions

Microsoft Azure Administrator Questions and Answers

Question 1

You have an Anne container registry named Registry1 that contains an image named image1.

You receive an error message when you attempt to deploy a container instance by using image1.

You need to be able to deploy a container instance by using image1.

Solution: You assign the AcrPull role to ACR-Tasks-Network for Registry1.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 2

You have an Azure Storage account named storage1.

You need to enable a user named User1 to list and regenerate storage account keys for storage1.

Solution: You assign the Storage Account Key Operator Service Role to User1.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 3

You have a Standard Azure App Service plan named Plan1.

You need to ensure that Plan1 will scale automatically when the CPU usage of the web app exceeds 80 percent What should you select for Plan1?

Options:

A.

Automatic in the Scale out method settings

B.

Rules Based m the Scale out method settings

C.

Premium P1 in the Scale up (App Service plan) settings

D.

Standard S1 in the Scale up (App Service plan) settings

E.

Manual in the Scale out method settings

Question 4

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

a Security group that uses the Assigned membership type

B.

an Office 365 group that uses the Assigned membership type

C.

an Office 365 group that uses the Dynamic User membership type

D.

a Security group that uses the Dynamic User membership type

E.

a Security group that uses the Dynamic Device membership type

Question 5

You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the following table.

Question # 5

You need to provide internet users with access to the applications that run in Cluster1.

Which IP address should you include in the DNS record for Ousted?

Options:

A.

172.17.7.1

B.

131.107.2.1

C.

192.168.10.2

D.

10.0.10.11

Question 6

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

Question # 6

RG1 has a web app named WebApp1. WebApp1 is located in West Europe.

You move WebApp1 to RG2.

What is the effect of the move?

Options:

A.

The App Service plan for WebApp1 moves to North Europe. Po1icy2 applies to WebApp1.

B.

The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

C.

The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.

D.

The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.

Question 7

You have the App Service plan shown in the following exhibit.

Question # 7

The scale-in settings for the App Service plan are configured as shown in the following exhibit.

Question # 7

Question # 7

The scale out rule is configured with the same duration and cool down tile as the scale in rule.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Question # 7

Options:

Question 8

You have an Azure subscription. The subscription contains a storage account named storage1 that has the lifecycle management rules shown in the following table.

Question # 8

On June 1, you store two blobs in storage1 as shown in the following table.

Question # 8

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 8

Options:

Question 9

You have an Azure subscription.

You plan to create a storage account named storage1.

You need to configure a deny assignment for storage1.

What should you use?

Options:

A.

an Azure Resource Manager (ARM) template

B.

Azure Policy

C.

a landing zone

D.

a deployment stack

Question 10

You have a Microsoft Entra tenant that contains a user named External User

External User authenticates to the tenant by using extemall95@gmail.com.

You need to ensure that External User authenticates to the tenant by using contractor@gmail.com.

Which two settings should you configure from the Overview blade? To answer, select the appropriate settings in the answer area

NOTE: Each correct answer is worth one point.

Question # 10

Options:

Question 11

You have an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to configure cluster autoscaler for AKS1.

Which two tools should you use? Each correct answer presents a complete solution,

NOTE: Each correct selection is worth one point

Options:

A.

the set-AzAKs cmdlet

B.

the Azure portal

C.

The az aks command

D.

the kubect1 command

E.

the set Azure cmdlet

Question 12

You have an Azure subscription and a Microsoft Entra ID P1 license.

You need to perform the following actions:

* Enable self-service password reset (SSPR) for all users.

* Require the users to answer four questions when registering for SSPR.

Which two settings should you use? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Question # 12

Options:

Question 13

You have an on-premises server that contains a folder named D:\Folder1.

You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contoso data.

Which command should you run?

Options:

A.

https://contosodata.blob.core.windows.net/public

B.

azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot

C.

azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive

D.

az storage blob copy start-batch D:\Folder1 https://contosodata.blob.core.windows.net/public

Question 14

You have an Azure subscription that contains a storage account. The account stores website data.

You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location.

What should you configure?

Options:

A.

load balancing

B.

private endpoints

C.

Azure Firewall rules

D.

Routing preference

Question 15

You have an Azure subscription that contains a user named User1 and a storage account named storage 1. The storage1 account contains the resources shown in the following table.

Question # 15

User1 is assigned the following roles for storage 1:

• Storage Blob Data Reader

• Storage Table Data Contributor

• Storage File Data SMB Share Contributor

For storage1, you create a shared access signature (SAS) named SAS1 that has the settings shown in the following exhibit. (Click the Exhibit tab.)

Question # 15

To which resources can User1 write by using SAS1 and key1? To answer, select the appropriate options in the answer area.

Question # 15

Options:

Question 16

You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1. A user named User1 has the following roles for Subscription1:

• Reader

• Security Admin

• Security Reader

You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?

Options:

A.

Remove User1 from the Security Reader and Reader roles for Subscription1.

B.

Assign User1 the Owner role for VNet1.

C.

Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.

D.

Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1

Question 17

You have an Azure subscription that contains the public load balancers shown in the following table.

Question # 17

You plan to create six virtual machines and to load balance requests to the virtual machines. Each load balancer will load balance three virtual machines.

You need to create the virtual machines for the planned solution.

How should you create the virtual machines? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 17

Options:

Question 18

You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD tenant.

The tenant contains a user named User1, a security group named Group1, and a management group named MG1. User1 is a member of Group1.

Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five Azure functions.

You create the following role assignments for MG1:

• Group1: Reader

• User1: User Access Administrator

You assign User1 the Virtual Machine Contributor role for Sub1 and Sub2.

You assign User1 the Contributor role for RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 18

Options:

Question 19

You have an Azure Active Directory (Azure AD) tenant.

You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.

You need to create and upload a file for the bulk delete.

Which user attributes should you include in the file?

Options:

A.

The user principal name and usage location of each user only

B.

The user principal name of each user only

C.

The display name of each user only

D.

The display name and usage location of each user only

E.

The display name and user principal name of each user only

Question 20

You have an Azure subscription that contains a storage account named storage1.

You need to configure a shared access signature (SAS) to ensure that users can only download blobs securely by name.

Which two settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct answer is worth one point.

Question # 20

Options:

Question 21

You have an Azure subscription that contains the vaults shown in the following table.

Question # 21

You create a storage account that contains the resources shown in the following table.

Question # 21

To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.

Question # 21

Options:

Question 22

You need to move the blueprint files to Azure.

What should you do?

Options:

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Question 23

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

Options:

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Question 24

You need to meet the user requirement for Admin1.

What should you do?

Options:

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Question 25

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Options:

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Question 26

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 26

Options:

Question 27

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

Options:

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Question 28

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Question # 28

Options:

Question 29

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 29

Options:

Question 30

You need to configure Azure Backup to back up the file shares and virtual machines.

What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 30

Options:

Question 31

You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements.

Which storage account should you identify?

Options:

A.

storage4

B.

storage1

C.

storage2

D.

storage3

Question 32

You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.

Which role should you assign to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 32

Options:

Question 33

You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares. What should you do?

Options:

A.

On storagel and storage4, change the Account kind type to StorageV2 (general purpose v2).

B.

Recreate storage2 and set Hierarchical namespace to Enabled.

C.

On storage2, enable identity-based access for the file shares.

D.

Create a shared access signature (SAS) for storagel, storage2, and storage4.

Question 34

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 34

Options:

Question 35

You need to add VM1 and VM2 to the backend poo! of LB1. What should you do first?

Options:

A.

Create a new NSG and associate the NSG to VNET1/Subnet1.

B.

Connect VM2 to VNET1/Subnet1.

C.

Redeploy VM1 and VM2 to the same availability zone.

D.

Redeploy VM1 and VM2 to the same availability set.

Question 36

You need to configure the alerts for VM1 and VM2 to meet the technical requirements.

Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

Question # 36

Options:

Question 37

You need to create storage5. The solution must support the planned changes.

Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 37

Options:

Question 38

You need to implement the planned changes for the new containers.

Which Azure services can you use for each image? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 38

Options:

Question 39

You need to implement the planned changes for User1.

Which roles should you assign to User1, and for which resources? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 39

Options:

Question 40

You implement the planned changes for Scope1.

You need to ensure that Scope1 meets the technical requirements.

What can you encrypt by using Scope1?

Options:

A.

containers and blobs in storage2 only

B.

containers and blobs in storage1 and storage2

C.

containers, blobs, and file shares in storage2 only

D.

containers, blobs, and file shares in storage1 and storage2

E.

containers, blobs, file shares, queues, and tables in storage2 only

Question 41

You need to configure encryption for the virtual machines. The solution must meet the technical requirements.

Which virtual machines can you encrypt?

Options:

A.

VM1 and VM3

B.

VM2 and VM3

C.

VM2 and VM4

D.

VM4 and VM5

Question 42

You need to implement the planned changes for DCR1. Which type of query should you use?

Options:

A.

WQL

B.

T-SQL

C.

XPath

D.

KQL

Question 43

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

Options:

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Question 44

You need to resolve the Active Directory issue.

What should you do?

Options:

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Question 45

Which blade should you instruct the finance department auditors to use?

Options:

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Question 46

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Question 47

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 47

Options:

Question 48

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miamioffice.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Question 49

Which blade should you instruct the finance department auditors to use?

Options:

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Question 50

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Question 51

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Question 52

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 52

Options:

Question 53

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 53

Options:

Question 54

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 54

Options:

Question 55

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

Options:

A.

Create a user-defined route from VNET1 to VNET3.

B.

Assign VM4 an IP address of 10.0.1.5/24.

C.

Establish peering between VNET1 and VNET3.

D.

Create an NSG and associate the NSG to VMI and VM4.

Question 56

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 56

Options:

Question 57

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 57

Options:

Question 58

You need to meet the technical requirement for VM4.

What should you create and configure?

Options:

A.

an Azure Notification Hub

B.

an Azure Event Hub

C.

an Azure Logic App

D.

an Azure services Bus

Question 59

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

Options:

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Question 60

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 60

Options:

Question 61

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

Options:

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Page: 1 / 41
Total 408 questions