Skip Navigation Links
 

Microsoft - AZ-104: Microsoft Azure Administrator

Sample Questions

Question: 712
Measured Skill: Manage Azure identities and governance (20–25%)

You have a Microsoft Entra ID tenant that contains the groups shown in the following table.



The tenant contains the users shown in the following table.



Which users and groups can you delete?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUsers: User4 only
Groups: Group2 only
B Users: User1 and User4 only
Groups: Group2 and Group4 only
C Users: User2 and User4 only
Groups: Group1, Group2, Group3, and Group4
D Users: User2 and User4 only
Groups: Group2 and Group3 only
E Users: User1, User2, User3, and User4
Groups: Group2 and Group4 only
F Users: User1, User2, User3, and User4
Groups: Group1, Group2, Group3, and Group4

Correct answer: E

Explanation:

We can delete all users whether a license is assigned directly or via inheritance from a group membership.

Groups with active license assignments cannot be deleted. For groups the license must be removed first.



Question: 713
Measured Skill: Deploy and manage Azure compute resources (20–25%)

You have an Azure subscription that contains the virtual networks shown in the following table.



The subscription contains the virtual machines shown in the following table.



The subscription contains the Azure App Service web apps shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AWebApp1 can communicate with VM2: Yes
NSG1 controls inbound traffic to WebApp1: Yes
WebApp2 can communicate with VM1: Yes
B WebApp1 can communicate with VM2: Yes
NSG1 controls inbound traffic to WebApp1: Yes
WebApp2 can communicate with VM1: No
C WebApp1 can communicate with VM2: Yes
NSG1 controls inbound traffic to WebApp1: No
WebApp2 can communicate with VM1: No
D WebApp1 can communicate with VM2: No
NSG1 controls inbound traffic to WebApp1: Yes
WebApp2 can communicate with VM1: No
E WebApp1 can communicate with VM2: No
NSG1 controls inbound traffic to WebApp1: Yes
WebApp2 can communicate with VM1: Yes
F WebApp1 can communicate with VM2: No
NSG1 controls inbound traffic to WebApp1: No
WebApp2 can communicate with VM1: No

Correct answer: C

Explanation:

Virtual network integration gives your app access to resources in your virtual network, but it doesn't grant inbound private access to your app from the virtual network. Virtual network integration is used only to make outbound calls from your app into your virtual network. 

Using virtual network integration enables your app to access:

  • Resources in the virtual network you're integrated with.
  • Resources in virtual networks peered to the virtual network your app is integrated with including global peering connections.
  • Resources across Azure ExpressRoute connections.
  • Service endpoint-secured services.
  • Private endpoint-enabled services.

The Isolated and IsolatedV2 tiers run dedicated Azure VMs on dedicated Azure Virtual Networks. It provides network isolation on top of compute isolation to your apps. 

Virtual network integration isn't available for Isolated plan apps.

References:

Integrate your app with an Azure virtual network

Azure App Service plan overview



Question: 714
Measured Skill: Deploy and manage Azure compute resources (20–25%)

You have an Azure subscription that contains an Azure container registry named ContReg1.

You enable the Admin user for ContReg1.

Which username can you use to sign in to ContReg1?

ARoot
B Admin
C Administrator
D ContReg1

Correct answer: B

Explanation:

Each container registry includes an admin user account, which is disabled by default. You can enable the admin user and manage its credentials in the Azure portal, or by using the Azure CLI, Azure PowerShell, or other Azure tools. The admin account has full permissions to the registry.

The admin account is currently required for some scenarios to deploy an image from a container registry to certain Azure services. For example, the admin account is needed when you use the Azure portal to deploy a container image from a registry directly to Azure Container Instances or Azure Web Apps for Containers.

The admin account is provided with two passwords, both of which can be regenerated. New passwords created for admin accounts are available immediately. Regenerating passwords for admin accounts will take 60 seconds to replicate and be available. Two passwords allow you to maintain connection to the registry by using one password while you regenerate the other. If the admin account is enabled, you can pass the username and either password to the docker login command when prompted for basic authentication to the registry.

The username of the admin account is Admin.

Reference: Authenticate with an Azure container registry



Question: 715
Measured Skill: Implement and manage virtual networking (15–20%)

You have an Azure subscription that contains the virtual networks shown in the following table.



You need to ensure that all the traffic between VNet1 and VNet2 traverses the Microsoft backbone network.

What should you configure?

AA private endpoint
B Peering
C Express Route
D A route table

Correct answer: B

Explanation:

Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft's private network only.

Azure supports the following types of peering:

  • Virtual network peering: Connecting virtual networks within the same Azure region.

  • Global virtual network peering: Connecting virtual networks across Azure regions.

The benefits of using virtual network peering, whether local or global, include:

  • A low-latency, high-bandwidth connection between resources in different virtual networks.

  • The ability for resources in one virtual network to communicate with resources in a different virtual network.

  • The ability to transfer data between virtual networks across Azure subscriptions, Microsoft Entra tenants, deployment models, and Azure regions.

  • The ability to peer virtual networks created through the Azure Resource Manager.

  • The ability to peer a virtual network created through Resource Manager to one created through the classic deployment model.

  • No downtime to resources in either virtual network when creating the peering, or after the peering is created.

Network traffic between peered virtual networks is private. Traffic between the virtual networks is kept on the Microsoft backbone network. No public Internet, gateways, or encryption is required in the communication between the virtual networks.

Reference: Virtual network peering



Question: 716
Measured Skill: Implement and manage virtual networking (15–20%)

You have an Azure subscription that contains the resources shown in the following table.



You need to ensure that data transfers between storage1 and VM1 do NOT traverse the internet.

What should you configure for storage1?

AData protection
B A private endpoint
C Public network access in the Firewalls and virtual networks settings
D A shared access signature (SAS)

Correct answer: B

Explanation:

You can use private endpoints for your Azure Storage accounts to allow clients on a virtual network (VNet) to securely access data over a Private Link. The private endpoint uses a separate IP address from the VNet address space for each storage account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.

Using private endpoints for your storage account enables you to:

  • Secure your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service.
  • Increase security for the virtual network (VNet), by enabling you to block exfiltration of data from the VNet.
  • Securely connect to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private-peering.

Reference: Use private endpoints for Azure Storage





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com