Renewal Microsoft Azure Administrator AZ-104 Test Preparation

NEW QUESTION 1

You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. a Data Collection Rule (OCR) in Azure Monitor
• B. a Log Analytics workspace
• C. an Azure Monitor workbook
• D. a storage account
• E. a Microsoft Sentinel workspace

Answer: BD

Explanation:
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud. References:
✑ Traffic analytics - Azure Network Watcher | Microsoft Learn
✑ Traffic analytics FAQ - Azure Network Watcher | Microsoft Learn

NEW QUESTION 2

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?

• A. Modify the address space of the local network gateway.
• B. Remove the public IP addresses from the virtual machines.
• C. Modify the address space of Subnet1.
• D. Create a deny rule in a network security group (NSG) that is linked to Subnet1

Answer: D

Explanation:
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network. Users on your on-premises network connect by using the RDP orSSH protocol over the site-to-site VPN connection. You have to deny direct RDP or SSH access over the internet through an NSG.
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices

NEW QUESTION 3

You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RABC) roles to storage1
Which storage1 services support conditions when assigning roles?

• A. containers only
• B. file shares only
• C. tables only
• D. queues only
• E. containers and queues only
• F. files shares and tables only

Answer: A

Explanation:
"Currently, conditions can be added to built-in or custom role assignments that have blob storage or queue storage data actions. " https://learn.microsoft.com/en-us/azure/role- based-access-control/conditions-overview#where-can-conditions-be-added

NEW QUESTION 4
HOTSPOT
You have a hybrid deployment of Azure AD that contains the users shown in the following
table.

You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the attributes from Azure AD? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

You need to create an Azure Storage account named storage1. The solution must meet the following requirements:
• Support Azure Data Lake Storage.
• Minimize costs for infrequently accessed data.
• Automatically replicate data to a secondary Azure region.
Which three options should you configure for storage1? Each correct answer presents part of the solution.
NOTE: Each correct answer is worth one point.

• A. the Cool access tier
• B. the Hot access tier
• C. hierarchical namespace
• D. zone-redundant storage (ZRS)
• E. geo-redundant storage (GRS)

Answer: ACE

Explanation:
To create an Azure Storage account that supports Azure Data Lake Storage, you need to enable the hierarchical namespace option. This option allows you to organize andmanipulate files and folders efficiently in a data lake. It also enables compatibility with the Hadoop Distributed File System (HDFS) API, which is widely used for big data analytics. For more information, see Azure Data Lake Storage Gen2 Introduction.
To minimize costs for infrequently accessed data, you can choose the Cool access tier for your storage account. This tier offers lower storage costs than the Hot access tier, but higher access and transaction costs. The Cool access tier is suitable for data that is infrequently accessed or modified, such as short-term backup, disaster recovery, or archival data. Data in the Cool access tier should be stored for at least 30 days. For more information, see Access tiers for blob data.
To automatically replicate data to a secondary Azure region, you can choose the geo- redundant storage (GRS) option for your storage account. This option replicates your data synchronously three times within the primary region, and then asynchronously to the secondary region. GRS provides the highest level of durability and availability for your data, and protects against regional outages or disasters. For more information, see Data redundancy.

NEW QUESTION 6
HOTSPOT
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

You have an Azure AD tenant that contains the groups shown In the following table.

You purchase Azure Active Directory Premium P2 licenses. To which groups can you assign a license?

• A. Group 1 only
• B. Group1 and Group3 only
• C. Group3 and Group4 only
• D. Group1, Group2, and Group3 only
• E. Group1, Group2, Group3, and Group4

Answer: B

Explanation:
To assign a license to a group, the group must be a security group, not an Office 365 group or a mail-enabled security group1. According to the image, Group1 and Group3 are security groups, while Group2 and Group4 are Office 365 groups. Therefore, only Group1 and Group3 can be assigned a license.
To assign a license to a group, you need to follow these steps2:
✑ Sign in to the Azure portal with a license administrator account.
✑ Go to Azure Active Directory > Licenses and select the product license that you want to assign to groups.
✑ Select Assign at the top of the page and then select Users and groups.
✑ Search for and select the group that you want to assign the license to and then select OK.
✑ Select Assignment options to enable or disable specific services within the product license and then select OK.
✑ Select Assign at the bottom of the page to complete the assignment.

NEW QUESTION 8

You have an Azure App Service app named Appl that contains two running instances. You havean autoscale rule configured as shown in the following exhibit


For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory.
What is the maximum number of instances tor Appl during the 30-minute pefiod:

• A. 2
• B. 3
• C. 4
• D. 5

Answer: C

Explanation:
The exhibit shows that you have an autoscale rule configured for your App Service app named App1. The rule is based on the memory percentage metric, which measures the average amount of memory used by all the instances of your app. The rule has the following settings:
✑ Scale out action: Add 1 instance when the memory percentage is greater than or
equal to 80% for a duration of 10 minutes.
✑ Scale in action: Remove 1 instance when the memory percentage is less than or equal to 60% for a duration of 10 minutes.
✑ Instance limits: The minimum number of instances is 2, and the maximum number of instances is 5.
According to the question, during a 30-minute period, App1 uses 60% of the available memory. This means that the scale in action is triggered, but not the scale out action. Therefore, one instance is removed from App1 every 10 minutes, until the minimum number of instances is reached.
Since App1 initially has two running instances, after the first 10 minutes, one instance is removed and App1 has one instance left. However, since the minimum number of instances is set to 2, another instance is added back to App1 to meet the minimum requirement. Therefore, after the first 10 minutes, App1 still has two instances.
After the second 10 minutes, the same process repeats. One instance is removed due to the scale in action, and another instance is added back due to the minimum requirement. Therefore, after the second 10 minutes, App1 still has two instances.
After the third 10 minutes, there is no change in the number of instances, because App1 already has the minimum number of instances. Therefore, after the third 10 minutes, App1 still has two instances.
Therefore, during the 30-minute period, App1 never has more than two instances running at any given time. However, since one instance is removed and added back every 10 minutes, there are four different instances that are used by App1 during the period. Hence, the maximum number of instances for App1 during the period is four.

NEW QUESTION 9

You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution, NOTE: Each correct selection is worth one point

• A. the set-AzAKs cmdlet
• B. the Azure portal
• C. The az aks command
• D. the kubect1 command
• E. the set Azure cmdlet

Answer: BC

Explanation:
AKS clusters can scale in one of two ways: - The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes. - The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand. Reference: https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler

NEW QUESTION 10
HOTSPOT
You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.
The subscription contains the virtual machines shown in the following table.
VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)

The Microsoft. Storage service endpoint has the service endpoint policy shown in the Microsoft. Storage exhibit. (Click the Microsoft. Storage tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 11

You plan to create the Azure web apps shown in the following Table.

What is the minimum number of App Service plans you should create for the web apps?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: B

Explanation:
NET Core 3.0: Windows and Linux ASP .NET V4.7: Windows only PHP 7.3: Windows and Linux Ruby 2.6: Linux only Also, you can’t use Windows and Linux Apps in the same App Service Plan, because when you create a new App Service plan you have to choose the OS type. You can't mix Windows and Linux apps in the same App Service plan. So, you need 2 ASPs. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview

NEW QUESTION 12

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users. You need to create a quest user account in contoso.com for each of the 500 external users.
Solution: from Azure AD in the Azure portal, you use the Bulk create user operation. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
"Bulk Create" is for new Azure AD Users. For Guests:
- Use "Bulk invite users" to prepare a comma-separated value (.csv) file with the user information and invitation preferences
- Upload the .csv file to Azure AD
- Verify the users were added to the directory

NEW QUESTION 13
HOTSPOT
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table

In Azure Cloud Shell, you need to create a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the command? To answer, select the appropriate options in the answer area,
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create virtual machines in Subscription1 as shown in the following table.

You plan to use Vault1 for the backup of as many virtual machines as possible. Which virtual machines can be backed up to Vault1?

• A. VM1, VM3, VMA, and VMC only
• B. VM1 and VM3 only
• C. VM1, VM2, VM3, VMA, VMB, and VMC
• D. VM1 only
• E. VM3 and VMC only

Answer: A

Explanation:
To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines. If you have virtual machines in several regions, create a Recovery Services vault in each region.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault

NEW QUESTION 16
HOTSPOT
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 17
HOTSPOT
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1. Which authentication method should you use for each type of storage? To answer, select
the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 18
......