Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Microsoft AZ-104 Microsoft Azure Administrator Exam Practice Test

Page: 1 / 55
Total 545 questions

Microsoft Azure Administrator Questions and Answers

Question 1

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 1

Options:

Question 2

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 2

Options:

Question 3

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 3

Options:

Question 4

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

Options:

A.

Create a user-defined route from VNET1 to VNET3.

B.

Assign VM4 an IP address of 10.0.1.5/24.

C.

Establish peering between VNET1 and VNET3.

D.

Create an NSG and associate the NSG to VMI and VM4.

Question 5

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

Options:

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Question 6

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

Options:

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Question 7

You need to meet the technical requirement for VM4.

What should you create and configure?

Options:

A.

an Azure Notification Hub

B.

an Azure Event Hub

C.

an Azure Logic App

D.

an Azure services Bus

Question 8

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 8

Options:

Question 9

You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.

You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)

Question # 9

You configure the backup of VM1 to use Policy1 on Thursday, January 1.

You need to identify the number of available recovery points for VM1.

How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 9

Options:

Question 10

You have an Azure subscription that contains the resources shown in the following table.

Question # 10

You need to create a network interface named NIC1.

In which location can you create NIC1?

Options:

A.

East US and North Europe only.

B.

East US and West Europe only.

C.

East US, West Europe, and North Europe.

D.

East US only.

Question 11

You have an Azure subscription that contains the resources shown in the following table.

Question # 11

All virtual machines run Windows Server 2016.

On VM1, you back up a folder named Folder1 as shown in the following exhibit.

Question # 11

You plan to restore the backup to a different virtual machine.

You need to restore the backup to VM2.

What should you do first?

Options:

A.

From VM2, install the Microsoft Azure Recovery Services Agent

B.

From VM1, install the Windows Server Backup feature

C.

From VM2, install the Windows Server Backup feature

D.

From VM1, install the Microsoft Azure Recovery Services Agent

Question 12

You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt.

You on-premises network contains servers that run Windows Server 2016. The servers are configured as shown in the following table.

Question # 12

You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 12

Options:

Question 13

You have an Azure Migrate project that has the following assessment properties:

  • Target location: East US
  • Storage redundancy: Locally redundant
  • Comfort factor: 2.0
  • Performance history: 1 month
  • Percentile utilization: 95th
  • Pricing tier: Standard
  • Offer: Pay as you go

You discover the following two virtual machines:

  • A virtual machine named VM1 that runs Windows Server 2016 and has 10 CPU cores at 20 percent utilization
  • A virtual machine named VM2 that runs Windows Server 2012 and has four CPU cores at 50 percent utilization

How many CPU cores will Azure Migrate recommend for each virtual machine? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 13

Options:

Question 14

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

  • A virtual network that has a subnet named Subnet1
  • Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
  • A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections

NSG-Subnet1 has the default inbound security rules only.

NSG-VM1 has the default inbound security rules and the following custom inbound security rule:

  • Priority: 100
  • Source: Any
  • Source port range: *
  • Destination: *
  • Destination port range: 3389
  • Protocol: UDP
  • Action: Allow

VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 15

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

  • A virtual network that has a subnet named Subnet1
  • Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
  • A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections

NSG-Subnet1 has the default inbound security rules only.

NSG-VM1 has the default inbound security rules and the following custom inbound security rule:

  • Priority: 100
  • Source: Any
  • Source port range: *
  • Destination: *
  • Destination port range: 3389
  • Protocol: UDP
  • Action: Allow

VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 16

You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.

Question # 16

You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.

Question # 16

You need to identify the minimum number of alert rules and action groups required for the planned monitoring.

How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 16

Options:

Question 17

You have an Azure subscription that contains an Azure file share.

You have an on-premises server named Server1 that runs Windows Server 2016.

You plan to set up Azure File Sync between Server1 and the Azure file share.

You need to prepare the subscription for the planned Azure File Sync.

Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Question # 17

Options:

Question 18

You have a pay-as-you-go Azure subscription that contains the virtual machines shown in the following table.

Question # 18

You create the budget shown in the following exhibit.

Question # 18

The AG1 action group contains a user named admin@contoso.com only.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question # 18

Options:

Question 19

Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.

Question # 19

You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.

You need to identify which objects are synced to Azure AD.

Which objects should you identify?

Options:

A.

User1 and Group1 only

B.

User1, Group1, and Group2 only

C.

User1, Group1, Group2, and Computer1

D.

Computer1 only

Question 20

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

Question # 20

You create virtual machines in Subscription1 as shown in the following table.

Question # 20

You plan to use Vault1 for the backup of as many virtual machines as possible.

Which virtual machines can be backed up to Vault1?

Options:

A.

VM1, VM3, VMA, and VMC only

B.

VM1 and VM3 only

C.

VM1, VM2, VM3, VMA, VMB, and VMC

D.

VM1 only

E.

VM3 and VMC only

Question 21

You have an Azure subscription that contains a resource group named Test RG.

You use TestRG to validate an Azure deployment.

TestRG contains the following resources:

Question # 21

You need to delete TestRG.

What should you do first?

Options:

A.

Modify the backup configurations of VM1 and modify the resource lock type of VNET1.

B.

Turn off VM1 and delete all data in Vault1.

C.

Remove the resource lock from VNET1 and delete all data in Vault1.

D.

Turn off VM1 and remove the resource lock from VNET1.

Question 22

You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.

Question # 22

You create two user accounts that are configured as shown in the following table.

Question # 22

To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 22

Options:

Question 23

You need to add VM1 and VM2 to the backend poo! of LB1. What should you do first?

Options:

A.

Create a new NSG and associate the NSG to VNET1/Subnet1.

B.

Connect VM2 to VNET1/Subnet1.

C.

Redeploy VM1 and VM2 to the same availability zone.

D.

Redeploy VM1 and VM2 to the same availability set.

Question 24

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.

An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.

You need to ensure that access to AKS1 can be granted to the contoso.com users.

What should you do first?

Options:

A.

From contoso.com, modify the Organization relationships settings.

B.

From contoso.com, create an OAuth 2.0 authorization endpoint.

C.

Recreate AKS1.

D.

From AKS1, create a namespace.

Question 25

You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.

Question # 25

Question # 25

You add 14 virtual machines to WEBPROD-AS-USE2.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question # 25

Options:

Question 26

You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.

Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.

You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 26

Options:

Question 27

You have an Azure subscription that contains a storage account named account1.

You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.

You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.

You need to configure account1 to meet the following requirements:

  • Ensure that you can upload the disk files to account1.
  • Ensure that you can attach the disks to VM1.
  • Prevent all other access to account1.

Which two actions should you perform? Each correct selection presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.

B.

From the Firewalls and virtual networks blade of account1, select Selected networks.

C.

From the Firewalls and virtual networks blade of acount1, add VNet1.

D.

From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.

E.

From the Service endpoints blade of VNet1, add a service endpoint.

Question 28

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

a Security group that uses the Assigned membership type

B.

an Office 365 group that uses the Assigned membership type

C.

an Office 365 group that uses the Dynamic User membership type

D.

a Security group that uses the Dynamic User membership type

E.

a Security group that uses the Dynamic Device membership type

Question 29

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Options:

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Question 30

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 30

Options:

Question 31

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

Options:

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Question 32

You need to meet the user requirement for Admin1.

What should you do?

Options:

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Question 33

You need to move the blueprint files to Azure.

What should you do?

Options:

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Question 34

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 34

Options:

Question 35

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

Options:

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Question 36

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Question # 36

Options:

Question 37

You have an Azure subscription named Subscription 1 and an on-premises deployment of Microsoft System Center Service Manager Subscription! contains a virtual machine named VM1.

You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first?

Options:

A.

Create a notification.

B.

Create an automation runbook.

C.

Deploy the IT Service Management Connector (ITSM).

D.

Deploy a function app.

Question 38

You have an Azure subscription that contains the resources shown in the following table:

Question # 38

You assign a policy to RG6 as shown in the following table:

Question # 38

To RG6, you apply the tag: RGroup: RG6.

You deploy a virtual network named VNET2 to RG6.

Which tags apply to VNET1 and VNET2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 38

Options:

Question 39

You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:

Question # 39

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.

You need to view the template used for the deployment.

From which blade can you view the template that was used for the deployment?

Options:

A.

RG1

B.

VM1

C.

Storage1

D.

Container1

Question 40

You have the Azure virtual machines shown in the following table.

Question # 40

You have a Recovery Services vault that protects VM1 and VM2.

You need to protect VM3 and VM4 by using Recovery Services.

What should you do first?

Options:

A.

Configure the extensions for VM3 and VM4.

B.

Create a new Recovery Services vault.

C.

Create a storage account.

D.

Create a new backup policy.

Question 41

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.

You purchase 10 Azure AD Premium P2 licenses for the tenant.

You need to ensure that 10 users can use all the Azure AD Premium features.

What should you do?

Options:

A.

From the Groups blade of each user, invite the users to a group.

B.

From the Licenses blade of Azure AD, assign a license.

C.

From the Directory role blade of each user, modify the directory role.

D.

From the Azure AD domain, add an enterprise application.

Question 42

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 43

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.

Question # 43

Each virtual machine uses a static IP address.

You need to create network security groups (NSGs) to meet following requirements:

  • Allow web requests from the internet to VM3, VM4, VM5, and VM6.
  • Allow all connections between VM1 and VM2.
  • Allow Remote Desktop connections to VM1.
  • Prevent all other network traffic to VNET1.

What is the minimum number of NSGs you should create?

Options:

A.

1

B.

3

C.

4

D.

12

Question 44

You have an Azure virtual machine named VM1 that runs Windows Server 2019.

You save VM1 as a template named Template1 to the Azure Resource Manager library.

You plan to deploy a virtual machine named VM2 from Template1.

What can you configure during the deployment of VM2?

Options:

A.

virtual machine size

B.

operating system

C.

administrator username

D.

resource group

Question 45

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.

The effective network security configurations for VM2 are shown in the following exhibit.

Question # 45

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.

You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.

Solution: You create an inbound security rule that allows any traffic from the AzureLoadBalancer source and has a cost of 150.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 46

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.

You need to view the error events from a table named Event.

Which query should you run in Workspace1?

Options:

A.

Event | where EventType is "error"

B.

Event | search "error"

C.

select * from Event where EventType == "error"

D.

Get-Event Event | where {$_.EventType -eq "error"}

Question 47

You purchase a new Azure subscription named Subscription1.

You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.

You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 47

Options:

Question 48

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the RG1 blade, you click Automation script.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 49

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.

You need to delete the Recovery Services vault.

What should you do first?

Options:

A.

From the Recovery Service vault, stop the backup of each backup item.

B.

From the Recovery Service vault, delete the backup data.

C.

Modify the disaster recovery properties of each virtual machine.

D.

Modify the locks of each virtual machine.

Question 50

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?

Options:

A.

a load balancing rule

B.

a new public load balancer for VM3

C.

an inbound NAT rule

D.

a frontend IP configuration

Question 51

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to deploy a YAML file to AKS1.

Solution: From the Azure CLI, you run the kubectl client.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 52

You have an Azure subscription named Subscription1 that has the following providers registered:

  • Authorization
  • Automation
  • Resources
  • Compute
  • KeyVault
  • Network
  • Storage
  • Billing
  • Web

Subscription1 contains an Azure virtual machine named VM1 that has the following con figurations:

* Private IP address: 10.0.0.4 (dynamic)

* Network security group (NSG): NSG1

* Public IP address: None

* Availability set: AVSet

* Subnet: 10.0.0.0/24

* Managed disks: No

* Location: East US

You need to record all the successful and failed connection attempts to VM1.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Register the Microsoft.Insights resource provider

B.

Add an Azure Network Watcher connection monitor

C.

Register the Microsoft.LogAnalytics provider

D.

Enable Azure Network Watcher in the East US Azure region

E.

Create an Azure Storage account

F.

Enable Azure Network Watcher flow logs

Question 53

You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:

  • Name: VM1
  • Location: West US
  • Connected to: VNET1
  • Private IP address: 10.1.0.4
  • Public IP address: 52.186.85.63
  • DNS suffix in Windows Server: Adatum.com

You create the Azure DNS zones shown in the following table.

Question # 53

You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.

Which zones should you identify? To answer, select the appropriate options in the answer area.

Question # 53

Options:

Question 54

You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.

VM1 is backed up daily by Azure Backup without using the Azure Backup agent.

VM1 is affected by ransomware that encrypts data.

You need to restore the latest backup of VM1.

To which location can you restore the backup? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 54

Options:

Question 55

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Create a local site VPN gateway.

B.

Create a VPN gateway that uses the VpnGw1 SKU.

C.

Create a VPN gateway that uses the Basic SKU.

D.

Create a gateway subnet.

E.

Create a connection.

Question 56

You have an on-premises file server named Server1 that runs Windows Server 2016.

You have an Azure subscription that contains an Azure file share.

You deploy an Azure File Sync Storage Sync Service, and you create a sync group.

You need to synchronize files from Server1 to Azure.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 56

Options:

Question 57

You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.

Question # 57

Adatum.com contains the users shown in the following table.

Question # 57

You assign an Azure Active Directory Premium P2 license to Group1 as shown in the following exhibit.

Question # 57

Group2 is NOT directly assigned a license.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point

Question # 57

Options:

Question 58

You have an Azure subscription that contains a user named User1.

You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.

Which role-based access control (RBAC) role should you assign to User1?

Options:

A.

Owner

B.

Virtual Machine Administrator Login

C.

Contributor

D.

Virtual Machine Contributor

Question 59

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the virtual machines shown in the following table.

Question # 59

You deploy a load balancer that has the following configurations:

  • Name: LB1
  • Type: Internal
  • SKU: Standard
  • Virtual network: VNET1

You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.

Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 60

You have an Azure subscription that contains two virtual networks named VNET1 and VNET2 and the users shown in the following table:

Larger image

Question # 60

You need to identify which users can configure peering between VNET1 and VNET2.

Which users should you identify?

Options:

A.

User1 only

B.

User3 only

C.

User1 and User2 only

D.

User1 and User3 only

E.

User1, User2 and User3

Question 61

You have an Azure subscription that contains the resources in the following table.

Question # 61

To which subnets can you apply NSG1?

Options:

A.

the subnets on VNet1 only

B.

the subnets on VNet2 only

C.

the subnets on VNet3 only

D.

the subnets on VNet2. VNet2, and VNet3

E.

the subnets on VNet2 and VNet3 only

Question 62

You have an Azure subscription named Subcription1 that contains the storage accounts shown in the following table.

Question # 62

You plan 10 use the Azure Import/Export service to export data from Subscription1.

Options:

A.

storage1

B.

storage2

C.

storage3

D.

storage4

Question 63

You have two Azure App Service apps named App1 and App2. Each app has a production deployment slot and a test deployment slot. The Backup Configuration settings for the production slots are shown in the following table.

Question # 63

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 63

Options:

Question 64

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named Cluster1. Cluster1 hosts a node pool named Pool1 that has four nodes. You need to perform a coordinated upgrade of Cluster1. The solution must meet the following requirements:

• Deploy two new nodes to perform the upgrade.

• Minimize costs.

How should you complete the command

Options:

Question 65

Your company has a main office in Australia and several branch offices in Asia.

The company’s data center uses a VMware virtualization infrastructure to host several virtualized servers.

You purchase an Azure subscription and plan to move all virtual machines to Azure to a resource group in the Australia Southeast location.

You need to create an Azure Migrate migration project.

Which geography should you select?

Options:

A.

Central India

B.

Australia Central

C.

Australia Southeast

D.

United States

Question 66

You are configuring Azure Active Directory (Azure AD) authentication for an Azure Storage account named storage1.

You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege.

Which two roles should you configure for storage!? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point

Options:

A.

Reader

B.

Storage Blob Data Contributor

C.

Storage Account Contributor

D.

Storage Blob Data Reader

E.

Contributor

Question 67

You have an Azure subscription that contains 10 network security groups (NSGs), 10 virtual machines, and a Log Analytics workspace named Workspaces Each NSG is connected to a virtual machine.

You need to configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected.

What should you do first?

Options:

A.

Deploy Connection Monitor.

B.

Configure a private link.

C.

Configure NSG flow logs.

D.

Configure data collection endpoints.

Question 68

You have an Azure subscription that contains the virtual networks shown in the following table.

Question # 68

You have the virtual machines shown in the following table.

Question # 68

You have the virtual network interfaces shown in the following table.

Question # 68

Server1 is a DNS server that contains the resources shown in the following table.

Question # 68

You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.

Question # 68

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 68

Options:

Question 69

Your on-premises network contains a VPN gateway.

You have an Azure subscription that contains the resources shown in the following table.

Question # 69

You need to ensure that all the traffic from VM1 to storage! travels across the Microsoft backbone network.

What should you configure?

Options:

A.

service endpoints

B.

Azure Active Directory (Azure AD) Application Proxy

C.

a network security group (NSG)

D.

Azure Virtual WAN

Question 70

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the Overview blade, you move the virtual machine to a different resource group.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 71

You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2016 Datacenter by using an Azure Marketplace image.

You need to complete the storageProfile section of the template.

How should you complete the storageProfile section? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 71

Options:

Question 72

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 73

Your company has offices in New York and Los Angeles.

You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.

Each network uses the address spaces shown in the following table.

Question # 73

You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 73

Options:

Question 74

You have two Azure virtual machines as shown in the following table.

Question # 74

You create the Azure DNS zones shown in the following table.

Question # 74

You perform the following actions:

  • To fabrikam.com, you add a virtual network link to vnet1 and enable auto registration.
  • For contoso.com, you assign vm1 and vm2 the Owner role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worm one point.

Question # 74

Options:

Question 75

You plan to deploy the following Azure Resource Manager (ARM) template.

Question # 75

Question # 75

Options:

Question 76

You have an Azure subscription that contains an Azure Storage account storageaccount1.

You export storage account as an Azure Resource Manager template. The template contains the following sections.

Question # 76

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 76

Options:

Question 77

You have an Azure subscription,

You have an on-premises virtual machine named VM1, The settings for VM" are shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that you can use the disks attached to VM’ as a template for Azure virtual machines,

What should you modify on VM1?

Options:

A.

Integration Services

B.

the processor

(C. the hard drive

D, the network adapters

C.

the memory

Question 78

You have an Azure subscription that contains 10 virtual machines.

You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.

What is the minimum number of rules and action groups that you require?

Options:

A.

three rules and three action groups

B.

one rule and one action group

C.

three rules and one action group

D.

one rule and three action groups

Question 79

You have an Azure subscription named Subscription1. You have a virtualization environment that contains the virtualization server in the following table.

Question # 79

The virtual machines are configured as shown on the following table.

Question # 79

All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker). You plan to use Azure Site Recovery to migrate the virtual machines to Azure.

Which virtual machines can you migrate? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 79

Options:

Question 80

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

Question # 80

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.

An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.

You need to move the custom application to Vnet2. The solution must minimize administrative effort.

Which two actions should you perform? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 80

Options:

Question 81

You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2016 Datacenter by using an Azure Marketplace image.

You need to complete the storageProfile section of the template.

How should you complete the storageProfile section? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 81

Options:

Question 82

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a Power Shell script that runs the New-AZureADUser cmdlet for each user.

Does this meet the goal?

Options:

A.

Yes

B.

NO

Question 83

You have an Azure subscription that contains two om-premises locations named site1 and site2.

You need to connect site1 and site2 by using an Azure Virtual WAN.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 83

Options:

Question 84

You have an Azure subscription.

You are deploying an Azure Kubemetes Service (AKS) cluster that will contain multiple pods. The pods will use kubermetes networking,

You need to restrict network traffic between the pods.

What should you configure on the AKS cluster?

Options:

A.

pod security policies

B.

the Calico network policy

C.

an application security group

D.

the Azure network policy

Question 85

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

ad.humongousinsurance.com

B.

humongousinsurance.onmicrosoft.com

C.

humongousinsurance.local

D.

humongousinsurance.com

Question 86

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Question 87

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 87

Options:

Question 88

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

Options:

A.

From the Groups blade, invite the user accounts to a new group.

B.

From the Profile blade, modify the usage location.

C.

From the Directory role blade, modify the directory role.

Question 89

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Options:

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Question 90

You need to resolve the Active Directory issue.

What should you do?

Options:

A.

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

B.

Run idfix.exe, and then use the Edit action.

C.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

D.

From Azure AD Connect, modify the outbound synchronization rule.

Question 91

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

Options:

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Question 92

Which blade should you instruct the finance department auditors to use?

Options:

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Question 93

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 93

Options:

Question 94

Which blade should you instruct the finance department auditors to use?

Options:

A.

invoices

B.

partner information

C.

cost analysis

D.

External services

Question 95

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Question # 95

Options:

Page: 1 / 55
Total 545 questions