Skip Navigation Links
 

Microsoft - AZ-104: Microsoft Azure Administrator

Sample Questions

Question: 435
Measured Skill: Monitor and back up Azure resources (10-15%)

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.

VM2 is backed up to RSV1.

You need to back up VM2 to RSV2.

What should you do first?

AFrom the RSV1 blade, click Backup items and stop the VM2 backup.
B From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup.
C From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.
D From the RSV1 blade, click Backup Jobs and export the VM2 job.

Correct answer: A

Explanation:

A Recovery Services vault is a management entity that stores recovery points created over time and provides an interface to perform backup related operations. These include taking on-demand backups, performing restores, and creating backup policies.

A virtual machine can be backed up by a single Recovery Services vault only. Prior to enable the backup for VM2 to RSV2, we have to stop the backup of VM2 to RSV1.

Reference: Back up Azure VMs in a Recovery Services vault



Question: 436
Measured Skill: Implement and manage storage (10-15%)

You have an Azure subscription that contains the storage accounts shown in the following table.



You plan to manage the data stored in the accounts by using lifecycle management rules.

To which storage accounts can you apply lifecycle management rules?

Astorage1 only
B storage1 and storage2 only
C storage3 and storage4 only
D storage1, storage2, and storage3 only
E storage1, storage2, storage3, and storage4

Correct answer: D

Explanation:

Data sets have unique lifecycles. Early in the lifecycle, people access some data often. But the need for access drops drastically as the data ages. Some data stays idle in the cloud and is rarely accessed once stored. Some data expires days or months after creation, while other data sets are actively read and modified throughout their lifetimes. Azure Blob Storage lifecycle management offers a rich, rule-based policy for GPv2 and blob storage accounts. Use the policy to transition your data to the appropriate access tiers or expire at the end of the data's lifecycle.

The lifecycle management policy lets you:

  • Transition blobs from cool to hot immediately if accessed to optimize for performance
  • Transition blobs, blob versions, and blob snapshots to a cooler storage tier (hot to cool, hot to archive, or cool to archive) if not accessed or modified for a period of time to optimize for cost
  • Delete blobs, blob versions, and blob snapshots at the end of their lifecycles
  • Define rules to be run once per day at the storage account level
  • Apply rules to containers or a subset of blobs (using name prefixes or blob index tags as filters)

Consider a scenario where data gets frequent access during the early stages of the lifecycle, but only occasionally after two weeks. Beyond the first month, the data set is rarely accessed. In this scenario, hot storage is best during the early stages. Cool storage is most appropriate for occasional access. Archive storage is the best tier option after the data ages over a month. By adjusting storage tiers in respect to the age of data, you can design the least expensive storage options for your needs. To achieve this transition, lifecycle management policy rules are available to move aging data to cooler tiers.

Availability and pricing

The lifecycle management feature is available in all Azure regions for general purpose v2 (GPv2) accounts, blob storage accounts, premium block blobs storage accounts, and Azure Data Lake Storage Gen2 accounts. In the Azure portal, you can upgrade an existing general purpose (GPv1) account to a GPv2 account.

The lifecycle management feature is free of charge. Customers are charged the regular operation cost for the Set Blob Tier API calls. Delete operation is free.

Reference: Optimize costs by automating Azure Blob Storage access tiers



Question: 437
Measured Skill: Deploy and manage Azure compute resources (25-30%)

You have an Azure subscription.

You need to use an Azure Resource Manager (ARM) template to create a virtual machine that will have multiple data disks.

How should you complete the template?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AP1: "copy": [
P2: "copyIndex": [
B P1: "copy": [
P2: "dependsOn": [
C P1: "copyIndex": [
P2: "copy": [
D P1: "copyIndex": [
P2: "dependsOn": [
E P1: "dependsOn": [
P2: "copy": [
F P1: "dependsOn": [
P2: "copyIndex": [

Correct answer: A

Explanation:

By adding copy loop to the resources section of your template, you can dynamically set the number of resources to deploy. You also avoid having to repeat template syntax.

You can also use copy loop with properties, variables, and outputs.

Add the copy element to the resources section of your template to deploy multiple instances of the resource. The copy element has the following general format:

"copy"
: {
  "name": "<name-of-loop>",
  "count": <number-of-iterations>,
  "mode": "serial" <or> "parallel",
  "batchSize": <number-to-deploy-serially>
}

The name property is any value that identifies the loop. The count property specifies the number of iterations you want for the resource type.

Use the mode and batchSize properties to specify if the resources are deployed in parallel or in sequence. 

The copyIndex() function returns the current iteration in the loop. copyIndex() is zero-based. 

By default, Resource Manager creates the resources in parallel. It applies no limit to the number of resources deployed in parallel, other than the total limit of 800 resources in the template. The order in which they're created isn't guaranteed.

Reference: Resource iteration in ARM templates



Question: 438
Measured Skill: Configure and manage virtual networking (30-35%)

You have an Azure subscription that contains the virtual networks shown in the following table.



The subscription contains the private DNS zones shown in the following table.



You add virtual network links to the private DNS zones as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AYou can enable auto registration for Link2: Yes
You can add a virtual network link for VNET1 to zone3.com: Yes
You can add a virtual network link for VNET2 to zone1.com and enable auto registration: Yes
B You can enable auto registration for Link2: Yes
You can add a virtual network link for VNET1 to zone3.com: Yes
You can add a virtual network link for VNET2 to zone1.com and enable auto registration: No
C You can enable auto registration for Link2: No
You can add a virtual network link for VNET1 to zone3.com: Yes
You can add a virtual network link for VNET2 to zone1.com and enable auto registration: No
D You can enable auto registration for Link2: No
You can add a virtual network link for VNET1 to zone3.com: Yes
You can add a virtual network link for VNET2 to zone1.com and enable auto registration: Yes
E You can enable auto registration for Link2: No
You can add a virtual network link for VNET1 to zone3.com: No
You can add a virtual network link for VNET2 to zone1.com and enable auto registration: Yes
F You can enable auto registration for Link2: No
You can add a virtual network link for VNET1 to zone3.com: No
You can add a virtual network link for VNET2 to zone1.com and enable auto registration: No

Correct answer: A

Explanation:

The Azure DNS private zones auto registration feature manages DNS records for virtual machines deployed in a virtual network. When you link a virtual network with a private DNS zone with this setting enabled. A DNS record gets created for each virtual machine deployed in the virtual network.

A private DNS zone can be linked to multiple virtual networks and the automatic registration can basically be activated for each of the linked virtual networks. Vice versa, a virtual network can be linked to several private DNS zones.

However, automatic registration can only be activated once for a virtual network. Each virtual network can have automatic registration activated for a single private DNS zone.

Note: The Private DNS zone service is global and not bound to a location. However, you must specify a location for the resource group where the metadata associated with the Private DNS zone will reside. 

Reference: LinkTWhat is the auto registration feature in Azure DNS private zones?



Question: 439
Measured Skill: Deploy and manage Azure compute resources (25-30%)

You have an Azure subscription.

You plan to use an Azure Resource Manager template to deploy a virtual network named VNET1 that will use Azure Bastion.

How should you complete the template?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AP1: AzureBastionSubnet",
P2: "10.10.10.0/30"
B P1: AzureBastionSubnet",
P2: "10.10.10.0/27"
C P1: "AzureFirewallSubnet",
P2: "10.10.10.0/30"
D P1: "LAN01",
P2: "10.10.10.0/29"
E P1: "RemoteAccessSubnet",
P2: "10.10.10.0/27"
F P1: "RemoteAccessSubnet",
P2: "10.10.10.0/29"

Correct answer: B

Explanation:

Azure Bastion is deployed to a virtual network and supports virtual network peering. Specifically, Azure Bastion manages RDP/SSH connectivity to VMs created in the local or peered virtual networks.

RDP and SSH are some of the fundamental means through which you can connect to your workloads running in Azure. Exposing RDP/SSH ports over the Internet isn't desired and is seen as a significant threat surface. This is often due to protocol vulnerabilities. To contain this threat surface, you can deploy bastion hosts (also known as jump-servers) at the public side of your perimeter network. Bastion host servers are designed and configured to withstand attacks. Bastion servers also provide RDP and SSH connectivity to the workloads sitting behind the bastion, as well as further inside the network.

Azure Bastion requires a subnet named AzureBastionSubnet within your VNet address space with a subnet mask /27 or larger.

References:

What is Azure Bastion?

Tutorial: Configure Bastion and connect to a Windows VM





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com