Skip Navigation Links
 

Microsoft - AZ-104: Microsoft Azure Administrator

Sample Questions

Question: 122
Measured Skill: Manage Azure identities and governance (15-20%)

You have an Azure Active Directory tenant named contoso.com that includes the following users:



Contoso.com includes the following Windows 10 devices:



You create following security groups in contoso.com:



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can add Device2 to Group1: Yes
User2 can add Device1 to Group1: Yes
User2 can add Device2 to Group2: Yes
B User1 can add Device2 to Group1: Yes
User2 can add Device1 to Group1: Yes
User2 can add Device2 to Group2: No
C User1 can add Device2 to Group1: Yes
User2 can add Device1 to Group1: No
User2 can add Device2 to Group2: No
D User1 can add Device2 to Group1: No
User2 can add Device1 to Group1: Yes
User2 can add Device2 to Group2: No
E User1 can add Device2 to Group1: No
User2 can add Device1 to Group1: No
User2 can add Device2 to Group2: Yes
F User1 can add Device2 to Group1: No
User2 can add Device1 to Group1: No
User2 can add Device2 to Group2: No

Correct answer: C

Explanation:

Groups can contain both registered and joined devices as members.

As a global administrator or cloud device administrator, you can manage the registered or joined devices. Intune Service administrators can update and delete devices. User administrator can manage users but not devices.

The properties on which the membership of a device in a group of the type dynamic device are defined cannot be changed by either an end user or an user administrator. User2 cannot add any device to Group2.

The following exhibit shows the device properties that can be used by a rule for dynamic membership in a device group:



Reference: Manage device identities using the Azure portal

Question: 123
Measured Skill: Implement and manage storage (10-15%)

You have a sync group that has the endpoints shown in the following table.



Cloud tiering is enabled for Endpoint3.

You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.

You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.

What should you identify?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AFile1: Endpoint1 only
File2: Endpoint1 only
B File1: Endpoint2 and Endpoint3 only
File2: Endpoint2 and Endpoint3 only
C File1: Endpoint3 only
File2: Endpoint3 only
D File1: Endpoint1, Endpoint2, and Endpoint3
File2: Endpoint1, Endpoint2, and Endpoint3
E File1: Endpoint1 only
File2: Endpoint3 only
F File1: Endpoint1, Endpoint2, and Endpoint3
File2: Endpoint1 only

Correct answer: B

Explanation:

File1 and File2 will sync to Endpoint1 and Endpoint2. The new files will not sync to Endpoint3 until a user opens the tiered file from Endpoint3.

Cloud tiering is an optional feature of Azure File Sync in which frequently accessed files are cached locally on the server while all other files are tiered to Azure Files based on policy settings. When a file is tiered, the Azure File Sync file system filter (StorageSync.sys) replaces the file locally with a pointer, or reparse point. The reparse point represents a URL to the file in Azure Files. A tiered file has both the "offline" attribute and the FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS attribute set in NTFS so that third-party applications can securely identify tiered files.

When a user opens a tiered file, Azure File Sync seamlessly recalls the file data from Azure Files without the user needing to know that the file is stored in Azure.

Note: File1 and File2 are also "available" via endpoint3, but must first be loaded from the cloud endpoint when opening. Endpoint3 only contains a reference to the file that is stored in the cloud endpoint.

Reference: Cloud Tiering Overview

Question: 124
Measured Skill: Manage Azure identities and governance (15-20%)

Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.



You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.

You need to identify which objects are synced to Azure AD.

Which objects should you identify?

AUser1 and Group1 only
B User1, Group1, and Group2 only
C User1, Group1, Group2, and Computer1
D Computer1 only
E User1, Group1, and Computer1 only

Correct answer: E

Explanation:

Azure AD Connect synchronizes users, computers, and groups from Windows Server Active Directory to Azure Active Directory.

The synchronization process includes security groups with the Global and the Universal scope. Distribution groups are not synchronized.

Note: Azure AD Connect excludes built-in security groups from directory synchronization.

Question: 125
Measured Skill: Deploy and manage Azure compute resources (25-30%)

You plan to deploy five virtual machines to an Azure virtual network subnet. Each virtual machine will have a public IP address and a private IP address.

Each virtual machine requires the same inbound and outbound security rules.

What is the minimum number of network interfaces and network security groups that you require?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AMinimum number of network interfaces: 5
Minimum number of network security groups: 1
B Minimum number of network interfaces: 5
Minimum number of network security groups: 5
C Minimum number of network interfaces: 10
Minimum number of network security groups: 2
D Minimum number of network interfaces: 10
Minimum number of network security groups: 10
E Minimum number of network interfaces: 15
Minimum number of network security groups: 2
F Minimum number of network interfaces: 20
Minimum number of network security groups: 10

Correct answer: A

Explanation:

An Azure Virtual Machine (VM) has one or more network interfaces (NIC) attached to it. Any NIC can have one or more static or dynamic public and private IP addresses assigned to it.

A single network security group that is associated with the subnet that contains the virtual machines is sufficient. It would also be possible to link the same network security group to each individual virtual machine. A network security group can be used / linked several times.

Reference: Assign multiple IP addresses to virtual machines using the Azure portal

Question: 126
Measured Skill: Configure and manage virtual networking (30-35%)

You manage two Azure subscriptions named Subscription1 and Subscription2.

Subscription1 has the following virtual networks:



The virtual networks contain the following subnets:



Subscription2 contains the following virtual network:



VNetA contains the following subnets:



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AA Site-to-Site connection can be established between VNet1 and VNet2: Yes
VNet1 and VNet2 can be peered: Yes
VNet1 and VNetA can be peered: Yes
B A Site-to-Site connection can be established between VNet1 and VNet2: Yes
VNet1 and VNet2 can be peered: Yes
VNet1 and VNetA can be peered: No
C A Site-to-Site connection can be established between VNet1 and VNet2: Yes
VNet1 and VNet2 can be peered: No
VNet1 and VNetA can be peered: No
D A Site-to-Site connection can be established between VNet1 and VNet2: No
VNet1 and VNet2 can be peered: Yes
VNet1 and VNetA can be peered: Yes
E A Site-to-Site connection can be established between VNet1 and VNet2: No
VNet1 and VNet2 can be peered: Yes
VNet1 and VNetA can be peered: No
F A Site-to-Site connection can be established between VNet1 and VNet2: No
VNet1 and VNet2 can be peered: No
VNet1 and VNetA can be peered: No

Correct answer: A

Explanation:

Configuring a VNet-to-VNet connection is a simple way to connect VNets. When you connect a virtual network to another virtual network with a VNet-to-VNet connection type (VNet2VNet), it's similar to creating a Site-to-Site IPsec connection to an on-premises location. Both connection types use a VPN gateway to provide a secure tunnel with IPsec/IKE and function the same way when communicating. However, they differ in the way the local network gateway is configured.

Virtual networks can be in different regions and from different subscriptions. When you connect VNets from different subscriptions, the subscriptions don't need to be associated with the same Active Directory tenant.

You can configure peering between virtual networks that are located in different subscriptions and/or regions. However, a prerequisite is that the address range of the virtual network does not overlap.
  • VNet1 covers the IP addresses: 10.10.10.1 to 10.10.10.254
  • VNet2 covers the IP addresses: 172.16.0.1 to 172.16.255.254
  • VNetA covers the IP addresses: 10.10.128.1 to 10.10.255.254
References:

Configure a VNet-to-VNet VPN gateway connection by using the Azure portal

Virtual network peering



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com