Microsoft - AZ-104: Microsoft Azure Administrator
Sample Questions
Question: 414
Measured Skill: Configure and manage virtual networking (30-35%)
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
- Name: LB1
- Type: Internal
- SKU: Standard
- Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?Correct answer: AExplanation:
The backend pool is a critical component of the load balancer. The backend pool defines the group of resources that will serve traffic for a given load-balancing rule.
There are two ways of configuring a backend pool:
- Network Interface Card (NIC)
- Combination of IP address and Virtual Network (VNET) Resource ID
Configure your backend pool by NIC when using existing virtual machines and virtual machine scale sets. This method builds the most direct link between your resource and the backend pool.
When preallocating your backend pool with an IP address range which you plan to later create virtual machines and virtual machine scale sets, configure your backend pool by IP address and VNET ID combination.
You can configure IP-based and NIC-based backend pools for the same load balancer however, you cannot create a single backend pool that mixes backed addresses targeted by NIC and IP addresses within the same pool.
Only VMs within the same region can be added to the backend pool of a standard SKU load balancer. In addition, the VMs either have to be assigned a public IP address of the SKU Standard or no public IP address. It doesn't matter whether the VM is on or off.
Reference: Backend pool management
Question: 415
Measured Skill: Manage Azure identities and governance (15-20%)
You configure the multi-factor authentication status for three users as shown in the following table.
You create a group named Group1 and add Admin1, Admin2, and Admin3 to the group.
For all cloud apps, you create a conditional access policy that includes Group1. The policy requires multi-factor authentication.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)| A | Admin1 must use multi-factor authentication ... by using a web browser: Yes
Admin2 must use multi-factor authentication ... by using a web browser: Yes
Admin3 must use multi-factor authentication ... by using a web browser: Yes |
| B | Admin1 must use multi-factor authentication ... by using a web browser: Yes
Admin2 must use multi-factor authentication ... by using a web browser: Yes
Admin3 must use multi-factor authentication ... by using a web browser: No |
| C | Admin1 must use multi-factor authentication ... by using a web browser: No
Admin2 must use multi-factor authentication ... by using a web browser: Yes
Admin3 must use multi-factor authentication ... by using a web browser: No |
| D | Admin1 must use multi-factor authentication ... by using a web browser: No
Admin2 must use multi-factor authentication ... by using a web browser: No
Admin3 must use multi-factor authentication ... by using a web browser: Yes |
| E | Admin1 must use multi-factor authentication ... by using a web browser: No
Admin2 must use multi-factor authentication ... by using a web browser: Yes
Admin3 must use multi-factor authentication ... by using a web browser: Yes |
| F | Admin1 must use multi-factor authentication ... by using a web browser: No
Admin2 must use multi-factor authentication ... by using a web browser: No
Admin3 must use multi-factor authentication ... by using a web browser: No |
Correct answer: AExplanation:
You can take one of two approaches for requiring two-step verification, both of which require using a global administrator account. The first option is to enable each user for Azure Multi-Factor Authentication (MFA). When users are enabled individually, they perform two-step verification each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on). The second option is to set up a conditional access policy that requires two-step verification under certain conditions.
User accounts in Azure Multi-Factor Authentication have the following three distinct states:
A user's state reflects whether an admin has enrolled them in Azure MFA, and whether they completed the registration process.
All users start out Disabled. When you enroll users in Azure MFA, their state changes to Enabled. When enabled users sign in and complete the registration process, their state changes to Enforced.
Note: Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses do not include Conditional Access as it will require users to perform MFA every time they sign in.
Reference: How to require two-step verification for a user
Question: 416
Measured Skill: Manage Azure identities and governance (15-20%)
You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?| A | From Azure Cost Management, view Cost Analysis. |
| B | From Azure Advisor, modify the Advisor configuration. |
| C | From Microsoft Azure Storage Explorer, view the Account Management properties. |
| D | From Azure Cost Management, view Advisor Recommendations. |
Correct answer: DExplanation:
We could use Azure Advisor or Advisor recommendations in Cost Management + Billing (both are the same) in order to identify unused or oversized resources.
Reference: Reduce service costs by using Azure Advisor
Question: 417
Measured Skill: Implement and manage storage (10-15%)
You have an Azure subscription that contains the file shares shown in the following table.
You have the on-premises file shares shown in the following table.
You create an Azure file sync group named Sync1 and perform the following actions:
- Add share1 as the cloud endpoint for Sync1.
- Add data1 as a server endpoint for Sync1.
- Register Server1 and Server2 to Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | You can add share3 as an additional cloud endpoint for Sync1: Yes
You can add data2 as an additional server endpoint for Sync1: Yes
You can add data3 as an additional server endpoint for Sync1: Yes |
| B | You can add share3 as an additional cloud endpoint for Sync1: Yes
You can add data2 as an additional server endpoint for Sync1: Yes
You can add data3 as an additional server endpoint for Sync1: No |
| C | You can add share3 as an additional cloud endpoint for Sync1: No
You can add data2 as an additional server endpoint for Sync1: Yes
You can add data3 as an additional server endpoint for Sync1: No |
| D | You can add share3 as an additional cloud endpoint for Sync1: No
You can add data2 as an additional server endpoint for Sync1: Yes
You can add data3 as an additional server endpoint for Sync1: Yes |
| E | You can add share3 as an additional cloud endpoint for Sync1: No
You can add data2 as an additional server endpoint for Sync1: No
You can add data3 as an additional server endpoint for Sync1: Yes |
| F | You can add share3 as an additional cloud endpoint for Sync1: No
You can add data2 as an additional server endpoint for Sync1: No
You can add data3 as an additional server endpoint for Sync1: No |
Correct answer: CExplanation:
Azure File Sync is used to centralize an organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
An Azure File Sync instance can have one or more sync groups. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint (and cannot have more than one single cloud endpoint), which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on a registered server. A server can have server endpoints in multiple sync groups. You can create as many sync groups as you need to appropriately describe your desired sync topology.
A cloud endpoint is a pointer to an Azure file share. All server endpoints will sync with a cloud endpoint, making the cloud endpoint the hub. The storage account for the Azure file share must be located in the same region as the Storage Sync Service. The entirety of the Azure file share will be synced, with one exception: A special folder, comparable to the hidden "System Volume Information" folder on an NTFS volume, will be provisioned. This directory is called ".SystemShareInformation". It contains important sync metadata that will not sync to other endpoints. Do not use or delete it!
A trust relationship between your on-premises servers and the storage sync service is required and established by registering the server with the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service only.
Reference: Deploy Azure File Sync
Question: 418
Measured Skill: Deploy and manage Azure compute resources (25-30%)
You are a cloud administrator for a company. You have the App Service plan shown in the following exhibit.
The scale-out settings for the App Service plan are configured as shown in the following exhibit.
The duration is set to 10 minutes. The scale-in rule is configured with the same duration and cool down time as the scale-out rule.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
(NOTE: Each correct selection is worth one point.)
| A | If after deployment CPU usage is 70 percent for one hour and ... will be 3.
If after deployment the CPU maintains consistant usage of 90 ... will be 1. |
| B | If after deployment CPU usage is 70 percent for one hour and ... will be 5.
If after deployment the CPU maintains consistant usage of 90 ... will be 3. |
| C | If after deployment CPU usage is 70 percent for one hour and ... will be 2.
If after deployment the CPU maintains consistant usage of 90 ... will be 2. |
| D | If after deployment CPU usage is 70 percent for one hour and ... will be 5.
If after deployment the CPU maintains consistant usage of 90 ... will be 2. |
| E | If after deployment CPU usage is 70 percent for one hour and ... will be 1.
If after deployment the CPU maintains consistant usage of 90 ... will be 5. |
| F | If after deployment CPU usage is 70 percent for one hour and ... will be 4.
If after deployment the CPU maintains consistant usage of 90 ... will be 4. |
Correct answer: EExplanation:
As long as the CPU usage does not exceed 70 percent, nothing happens. The app runs with the default number of instances (one). When the CPU usage exceeds 70 percent, the number of instances is increased by one. The number of instances is then increased by one every five minutes, as long as the CPU utilization does not drop to 70 percent or below and the maximum number of instances (five) has not been reached.
Cool down time is the amount of time to wait after a scale operation before scaling again. For example, if cooldown is 10 minutes and a scale operation just occurred, Autoscale will not attempt to scale again until after 10 minutes. This is to allow the metrics to stabilize first.
Reference: Create an Autoscale Setting for Azure resources based on performance data or a schedule