Skip Navigation Links
 

Microsoft - AZ-104: Microsoft Azure Administrator

Sample Questions

Question: 303
Measured Skill: Manage Azure identities and governance (15-20%)

You have an Azure Active Directory tenant named contoso.com that includes the following users:



Contoso.com includes the following Windows 10 devices:



You create following security groups in contoso.com:



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can add Device2 to Group1: Yes
User2 can add Device1 to Group1: Yes
User2 can add Device2 to Group2: Yes
B User1 can add Device2 to Group1: Yes
User2 can add Device1 to Group1: Yes
User2 can add Device2 to Group2: No
C User1 can add Device2 to Group1: Yes
User2 can add Device1 to Group1: No
User2 can add Device2 to Group2: No
D User1 can add Device2 to Group1: No
User2 can add Device1 to Group1: Yes
User2 can add Device2 to Group2: No
E User1 can add Device2 to Group1: No
User2 can add Device1 to Group1: No
User2 can add Device2 to Group2: Yes
F User1 can add Device2 to Group1: No
User2 can add Device1 to Group1: No
User2 can add Device2 to Group2: No

Correct answer: B

Explanation:

Groups can contain both registered and joined devices as members.

As a global administrator or cloud device administrator, you can manage the registered or joined devices. Intune Service administrators can update and delete devices. User administrator can manage users but not devices.

User1 is a cloud device administrator. He can add Device2 to Group1.

User2 is the owner of Group1. He can add Device1 to Group1.

Group2 is configured for dynmic membership. The properties on which the membership of a device in a group of the type dynamic device are defined cannot be changed by either an end user or an user administrator. User2 cannot add any device to Group2.

The following exhibit shows the device properties that can be used by a rule for dynamic membership in a device group:



Reference: Manage device identities using the Azure portal

Question: 304
Measured Skill: Implement and manage storage (10-15%)

You are an administrator for a company. You have several Azure virtual machines on a virtual network named VNet1.

You configure an Azure Storage account as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AThe virtual machines on the 10.2.0.0/24 subnet will always have network connectivity to the file shares in the storage account.
Azure Backup will always be able to back up the unmanaged hard disks of the virtual machines in the storage account.
B The virtual machines on the 10.2.0.0/24 subnet will never have network connectivity to the file shares in the storage account.
Azure Backup will always be able to back up the unmanaged hard disks of the virtual machines in the storage account.
C The virtual machines on the 10.2.0.0/24 subnet will during a backup have network connectivity to the file shares in the storage account.
Azure Backup will never be able to back up the unmanaged hard disks of the virtual machines in the storage account.
D The virtual machines on the 10.2.0.0/24 subnet will always have network connectivity to the file shares in the storage account.
Azure Backup will never be able to back up the unmanaged hard disks of the virtual machines in the storage account.

Correct answer: D

Explanation:

The storage account is integrated in VNet1 and the endpoint status is enabled. Resources deployed in VNet1 can access the storage account.

The "Allow trusted Microsoft services to access this storage account" is NOT enabled. Azure Backup is a trusted Microsoft service.

Question: 305
Measured Skill: Manage Azure identities and governance (15-20%)

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.



You deploy virtual machines to Subscription1 as shown in the following table.



You plan to deploy the virtual machines shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AYou can deploy VM3 to West US: Yes
You can deploy VM4 to West US: Yes
You can deploy VM5 to West US: Yes
B You can deploy VM3 to West US: Yes
You can deploy VM4 to West US: Yes
You can deploy VM5 to West US: No
C You can deploy VM3 to West US: Yes
You can deploy VM4 to West US: No
You can deploy VM5 to West US: No
D You can deploy VM3 to West US: No
You can deploy VM4 to West US: Yes
You can deploy VM5 to West US: No
E You can deploy VM3 to West US: No
You can deploy VM4 to West US: No
You can deploy VM5 to West US: Yes
F You can deploy VM3 to West US: No
You can deploy VM4 to West US: No
You can deploy VM5 to West US: No

Correct answer: C

Explanation:

The vCPU quotas for virtual machines and virtual machine scale sets are arranged in two tiers for each subscription, in each region. The first tier is the Total Regional vCPUs, and the second tier is the various VM size family cores such as the D-series vCPUs. Any time a new VM is deployed the vCPUs for the VM must not exceed the vCPU quota for the VM size family or the total regional vCPU quota. If either of those quotas are exceeded, the VM deployment will not be allowed. There is also a quota for the overall number of virtual machines in the region. The details on each of these quotas can be seen in the Usage + quotas section of the Subscription page in the Azure portal, or you can query for the values using PowerShell.

The total regional vCPUs for West US is 20. This means, we have a maximum total of 20 vCPUs across all the different VM sizes in West US available. VM1 and VM20 are using 18 of the maximum 20 vCPUs leaving only two vCPUs available.

Note: Quota is calculated based on the total number of cores in use both allocated and deallocated.

Reference: Check vCPU quotas using Azure PowerShell

Question: 306
Measured Skill: Configure and manage virtual networking (30-35%)

You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.



You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.

Which A records will be added to the adatum.com zone for each virtual machine?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AA records for VM1: None
A records for VM2: None
B A records for VM1: Private IP address only
A records for VM2: Private IP address only
C A records for VM1: Private IP address only
A records for VM2: None
D A records for VM1: Private IP address and public IP address
A records for VM2: Private IP address only
E A records for VM1: Public IP address only
A records for VM2: None
F A records for VM1: Private IP address and public IP address
A records for VM2: Private IP address and public IP address

Correct answer: B

Explanation:

The Azure DNS private zones auto registration feature takes the pain out of DNS record management for virtual machines deployed in a virtual network. When you link an virtual network with a private DNS zone and enable auto registration for all the virtual machines, the DNS records for the virtual machines deployed in the virtual network are automatically created in the private DNS zone. In addition to forward look records (A records), reverse lookup records (PTR records) are also automatically created for the virtual machines. If you add more virtual machines to the virtual network, DNS records for these virtual machines are also automatically created in the linked private DNS zone.

When you delete a virtual machine, the DNS records for the virtual machine are automatically deleted from the private DNS zone.

Restrictions
  • Autoregistration works only for virtual machines. For all other resources like internal load balancers etc., you can create DNS records manually in the private DNS zone linked to the virtual network.

  • DNS records are created automatically only for the primary virtual machine NIC . If your virtual machines have more than one NIC, you can manually create the DNS records for other network interfaces.

  • DNS records are created automatically only if the primary virtual machine NIC is using DHCP. If static IP addresses are configured (for example, to use multiple IP addresses in Azure), autoregistration doesn't create records for that virtual machine.

  • Autoregistration for IPv6 (AAAA records) is not supported.

Important: The primary DNS suffix configured on the Windows Server does NOT have to match the name of the private DNS zone to ensure that the IP address of the server is registered in the private zone.

Note: We don´t know if the private and public IP addresses are assigned to the same NIC or to different NICs. We also don´t know if the IP addresses are static or dynamic. We assume that each VM has two NICs and that the private IP addresses are dynamic (10.1.0.4, 10.1.0.5 in sequence). Public IP addresses are not registered to private DNS zones.

Reference: What is the autoregistration feature of Azure DNS private zones

Question: 307
Measured Skill: Configure and manage virtual networking (30-35%)

You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table.



You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.

You create a virtual network link for contoso.com as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AWhen VM1 starts, a record for VM1 is added to the contoso.com DNS zone: Yes
When VM2 starts, a record for VM2 is added to the contoso.com DNS zone: Yes
When VM3 starts, a record for VM3 is added to the adatum.com DNS zone: Yes
B When VM1 starts, a record for VM1 is added to the contoso.com DNS zone: Yes
When VM2 starts, a record for VM2 is added to the contoso.com DNS zone: Yes
When VM3 starts, a record for VM3 is added to the adatum.com DNS zone: No
C When VM1 starts, a record for VM1 is added to the contoso.com DNS zone: Yes
When VM2 starts, a record for VM2 is added to the contoso.com DNS zone: No
When VM3 starts, a record for VM3 is added to the adatum.com DNS zone: No
D When VM1 starts, a record for VM1 is added to the contoso.com DNS zone: No
When VM2 starts, a record for VM2 is added to the contoso.com DNS zone: Yes
When VM3 starts, a record for VM3 is added to the adatum.com DNS zone: No
E When VM1 starts, a record for VM1 is added to the contoso.com DNS zone: No
When VM2 starts, a record for VM2 is added to the contoso.com DNS zone: No
When VM3 starts, a record for VM3 is added to the adatum.com DNS zone: Yes
F When VM1 starts, a record for VM1 is added to the contoso.com DNS zone: No
When VM2 starts, a record for VM2 is added to the contoso.com DNS zone: No
When VM3 starts, a record for VM3 is added to the adatum.com DNS zone: No

Correct answer: B

Explanation:

The Azure DNS private zones auto registration feature takes the pain out of DNS record management for virtual machines deployed in a virtual network. When you link an virtual network with a private DNS zone and enable auto registration for all the virtual machines, the DNS records for the virtual machines deployed in the virtual network are automatically created in the private DNS zone. In addition to forward look records (A records), reverse lookup records (PTR records) are also automatically created for the virtual machines. If you add more virtual machines to the virtual network, DNS records for these virtual machines are also automatically created in the linked private DNS zone.

When you delete a virtual machine, the DNS records for the virtual machine are automatically deleted from the private DNS zone.

Restrictions
  • Autoregistration works only for virtual machines. For all other resources like internal load balancers etc., you can create DNS records manually in the private DNS zone linked to the virtual network.

  • DNS records are created automatically only for the primary virtual machine NIC . If your virtual machines have more than one NIC, you can manually create the DNS records for other network interfaces.

  • DNS records are created automatically only if the primary virtual machine NIC is using DHCP. If static IP addresses are configured (for example, to use multiple IP addresses in Azure), autoregistration doesn't create records for that virtual machine.

  • Autoregistration for IPv6 (AAAA records) is not supported.

Important: The primary DNS suffix configured on the Windows Server does NOT have to match the name of the private DNS zone to ensure that the IP address of the server is registered in the private zone.

Reference: What is the autoregistration feature of Azure DNS private zones



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com