Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Microsoft AZ-104 Microsoft Azure Administrator Exam Practice Test

Page: 1 / 52
Total 520 questions

Microsoft Azure Administrator Questions and Answers

Question 1

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each request.

What should you configure?

Options:

A.

Floating IP (direct server return) to Enabled

B.

Idle Time-out (minutes) to 20

C.

Protocol to UDP

D.

Session persistence to Client IP and Protocol

Question 2

You have an on-premises server that contains a folder named D:\Folder1.

You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contoso data.

Which command should you run?

Options:

B.

azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot

C.

azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive

D.

az storage blob copy start-batch D:\Folder1 https://

contosodata.blob.core.windows.net/public

Question 3

You create the following resources in an subscription:

• An Azure Container Registry instance named Registry1

• An Azure Kubernetes Service (AKS) cluster named Cluster1

You create a container image named App 1 on your administrative workstation.

You need to deploy App1 to cluster 1.

What should you do first?

Options:

A.

Create a host pool on Cluster1

B.

Run the docker push command.

C.

Run the kubect1 apply command.

D.

Run the az aks create command.

Question 4

You have an Azure subscription named AZPT1 that contains the resources shown in the following table:

You create a new Azure subscription named AZPT2.

You need to identify which resources can be moved to AZPT2.

Which resources should you identify?

Options:

A.

VM1, storage1, VNET1, and VM1Managed only

B.

VM1 and VM1Managed only

C.

VM1, storage1, VNET1, VM1Managed, and RVAULT1

D.

RVAULT1 only

Question 5

You have an Azure subscription that contains the virtual machines shown in the following table:

VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.

Subnet1 and Subnet2 are in a virtual network named VNET1.

The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.

NSG2 uses the default rules and the following custom incoming rule:

  • Priority: 100
  • Name: Rule1
  • Port: 3389
  • Protocol: TCP
  • Source: Any
  • Destination: Any
  • Action: Allow

NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 6

You have the App Service plan shown in the following exhibit.

The scale-in settings for the App Service plan are configured as shown in the following exhibit.

The scale out rule is configured with the same duration and cool down tile as the scale in rule.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Options:

Question 7

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.

VM1 hosts a frontend application that connects to VM2 to retrieve data.

Users report that the frontend application is slower than usual.

You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.

Which Azure Network Watcher feature should you use?

Options:

A.

NSG flow logs

B.

Connection troubleshoot

C.

IP flow verify

D.

Connection monitor

Question 8

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.

You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.

You add a network interface named Interface1 to VM1 as shown in the exhibit (Click the Exhibit button.)

From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.

You need to establish a Remote Desktop connection to VM1.

What should you do first?

Options:

A.

Start VM1.

B.

Attach a network interface.

C.

Delete the DenyAllOutBound outbound port rule.

D.

Delete the DenyAllInBound inbound port rule.

Question 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the RG1 blade, you click Deployments.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 10

You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.

You need to use AzCopy to copy data to the blob storage and file storage in storage1.

Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 11

You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.

You need to view the template used for the deployment.

From which blade can you view the template that was used for the deployment?

Options:

A.

RG1

B.

VM1

C.

Storage1

D.

Container1

Question 12

You have an app named App1 that runs on an Azure web app named webapp1.

The developers at your company upload an update of App1 to a Git repository named GUI.

Webapp1 has the deployment slots shown in the following table.

You need to ensure that the App1 update is tested before the update is made available to users. Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Stop webapp1 prod.

B.

Stop webapp1-test

C.

Deploy the App1 update to webapp1-test, and then test the update.

D.

Deploy the App1 update to webapp1-prod, and then test the update.

E.

Swap the slots.

Question 13

You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table.

Subnet1 contains a virtual appliance named VM1 that operates as a router.

You create a routing table named RT1.

You need to route all inbound traffic to VNet1 through VM1.

How should you configure RT1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 14

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.

Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the source.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 15

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.

You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.

What should you do first?

Options:

A.

From the on-premises network, deploy Active Directory Federation Services (AD FS).

B.

From Azure AD, add and verify a custom domain name.

C.

From the on-premises network, request a new certificate that contains the Active Directory domain name.

D.

From the server that runs Azure AD Connect, modify the filtering options.

Question 16

You have the Azure virtual machines shown in the following table.

VNNET1 is linked to a private DNS zone named contoso.com that contains the records shown in the following table.

Which DNS names can you use to ping VM2?

Options:

A.

comp1.contoso.com and comp2.contoso.com only

B.

comp2.contoso.com and comp4.contoso.com only

C.

comp2.contoso.cam only

D.

comp1.contoso.com, comp2.contoso.com, and comp4.contoso.com only

E.

comp1.contoso.com, comp2.contoso.com, comp3.contoso.com, and comp4.contoso.com

Question 17

You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery. The Hyper-V environment is managed by using Microsoft System Center Virtual Machine Manager (VMM).

The Hyper-V environment contains the virtual machines in the following table.

Which virtual machine can be migrated by using Azure Site Recovery?

Options:

A.

DC1

B.

FS1

C.

CA1

D.

SQL1

Question 18

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription.

You want to implement an Azure AD conditional access policy.

The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.

Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.

Does the solution meet the goal?

Options:

A.

Yes

B.

No

Question 19

You have an Azure subscription.

You activate Enterprise Mobility + Security E5 licenses for all users.

You need the users to request approval before they can create virtual machines.

What should you configure first?

Options:

A.

Azure Active Directory (Azure AD) conditional access policies

B.

Azure Active Directory (Azure AD) Authentication methods

C.

Azure Active Directory (Azure AD) Privileged Identity Management for the Azure resource roles

D.

Azure Active Directory (Azure AD) Privileged Identity Management for the Azure AD directory roles

Question 20

You have an Azure virtual machine named VM1.

The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a web server on VM1, and then created a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.

You need to ensure that users can connect to the website from the internet.

What should you do?

Options:

A.

Modify the action of Rule1.

B.

Change the priority of Rule6 to 100.

C.

For Rule4, change the protocol from UDP to Any.

D.

/ For Rule5, change the Action to Allow and change the priority to 401.

Question 21

You are configuring serverless computing in Azure.

You need to receive an email message whenever a resource is created in or deleted from a resource group. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 22

You have an Azure Active Directory (Azure AD) tenant named Tenant1 and an Azure subscription named You enable Azure AD Privileged Identity Management.

You need to secure the members of the Lab Creator role. The solution must ensure that the lab creators request access when they create labs.

What should you do first?

Options:

A.

From Azure AD Privileged Identity Management, edit the role settings for Lab Creator.

B.

From Subscription1 edit the members of the Lab Creator role.

C.

From Azure AD Identity Protection, creates a user risk policy.

D.

From Azure AD Privileged Identity Management, discover the Azure resources of Conscription.

Question 23

You have an Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Options:

Question 24

You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com.

You have a Microsoft account that you use to sign in to both tenants.

You need to configure the default sign-in tenant for the Azure portal.

What should you do?

Options:

A.

From the Azure portal, configure the portal settings.

B.

From the Azure portal, change the directory.

C.

From Azure Cloud Shell, run Set-AzureRmContext.

D.

From Azure Cloud Shell, run Set-AzureRmSubscription.

Question 25

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.

After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.

To achieve this, the Per Enabled User setting must be set for the usage model.

Solution: You reconfigure the existing usage model via the Azure portal.

Does the solution meet the goal?

Options:

A.

Yes

B.

No

Question 26

You have an Azure subscription that contains 100 virtual machines.

You regularly create and delete virtual machines.

You need to identify unattached disks that can be deleted.

What should you do?

Options:

A.

From Microsoft Azure Storage Explorer, view the Account Management properties.

B.

From Azure Cost Management, create a Cost Management report.

C.

From the Azure portal, configure the Advisor recommendations.

Question 27

You need to meet the technical requirement for VM4.

What should you create and configure?

Options:

A.

an Azure Notification Hub

B.

an Azure Event Hub

C.

an Azure Logic App

D.

an Azure services Bus

Question 28

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 29

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 30

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 31

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

Options:

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Question 32

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

Options:

A.

Create a user-defined route from VNET1 to VNET3.

B.

Assign VM4 an IP address of 10.0.1.5/24.

C.

Establish peering between VNET1 and VNET3.

D.

Create an NSG and associate the NSG to VMI and VM4.

Question 33

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 34

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

Options:

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Question 35

You need to meet the user requirement for Admin1.

What should you do?

Options:

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Question 36

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

Options:

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Question 37

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

Options:

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Question 38

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Options:

Question 39

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Options:

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Question 40

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Question 41

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Options:

Question 42

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Options:

Question 43

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Question 44

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Question 45

You need to resolve the Active Directory issue.

What should you do?

Options:

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Question 46

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Question 47

Which blade should you instruct the finance department auditors to use?

Options:

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Question 48

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

Options:

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Question 49

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 50

Which blade should you instruct the finance department auditors to use?

Options:

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Question 51

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

  • A virtual network that has a subnet named Subnet1
  • Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
  • A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections

NSG-Subnet1 has the default inbound security rules only.

NSG-VM1 has the default inbound security rules and the following custom inbound security rule:

  • Priority: 100
  • Source: Any
  • Source port range: *
  • Destination: *
  • Destination port range: 3389
  • Protocol: UDP
  • Action: Allow

VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 52

You have an Azure subscription that contains a resource group named Test RG.

You use TestRG to validate an Azure deployment.

TestRG contains the following resources:

You need to delete TestRG.

What should you do first?

Options:

A.

Modify the backup configurations of VM1 and modify the resource lock type of VNET1.

B.

Turn off VM1 and delete all data in Vault1.

C.

Remove the resource lock from VNET1 and delete all data in Vault1.

D.

Turn off VM1 and remove the resource lock from VNET1.

Page: 1 / 52
Total 520 questions