AZ-104 : Microsoft Azure Administrator : Part 02

  1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

    You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

    Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
    The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.

  2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

    You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

    Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    You would need the Logic App Contributor role.

  3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

    You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

    Solution: On Dev, you assign the Contributor role to the Developers group.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    The Contributor role can manage all resources (and add resources) in a Resource Group.

  4. DRAG DROP

    You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.

    You need to send a report to the finance department. The report must detail the costs for each department.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    AZ-104 Part 02 Q04 022 Question
    AZ-104 Part 02 Q04 022 Question
    AZ-104 Part 02 Q04 022 Answer
    AZ-104 Part 02 Q04 022 Answer

    Explanation:

    Box 1: Assign a tag to each resource.

    You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource group can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources in that resource group.

    Box 2: From the Cost analysis blade, filter the view by tag
    After you get your services running, regularly check how much they’re costing you. You can see the current spend and burn rate in Azure portal.

    1. Visit the Subscriptions blade in Azure portal and select a subscription.
    You should see the cost breakdown and burn rate in the popup blade.
    2. Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service for the data to populate.
    3. You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and Download if you want to export the view to a Comma-Separated Values (.csv) file.

    Box 3: Download the usage report

  5. You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.You need to view the error event from a table named Event.Which query should you run in Workspace1?

    • Get-Event Event | where {$_.EventType == "error"}
    • search in (Event) "error"
    • select * from Event where EventType == "error"
    • Get-Event Event | where {$_.EventTye –eq "error"}
    Explanation:
    To search a term in a specific table, add the table-name just after the search operator

    Note:
    There are several versions of this question in the exam. The question has two possible correct answers:
    search in (Event) “error”
    Event | search “error”

    Other incorrect answer options you may see on the exam include the following:
    select * from Event where EventType is “error”
    Event | where EventType is “error”
    search in (Event) * | where EventType –eq “error”

  6. HOTSPOT

    You have an Azure subscription that contains a virtual network named VNET1 in the East US 2 region. A network interface named VM1-NI is connected to VNET1.

    You successfully deploy the following resources in an Azure Resource Manager template.

    AZ-104 Part 02 Q06 023
    AZ-104 Part 02 Q06 023

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    AZ-104 Part 02 Q06 024 Question
    AZ-104 Part 02 Q06 024 Question
    AZ-104 Part 02 Q06 024 Answer
    AZ-104 Part 02 Q06 024 Answer

    Explanation:

    Box 1: Yes

    Box 2: Yes
    VM1 is in Zone1, while VM2 is on Zone2.

    Box 3: No

  7. You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

    AZ-104 Part 02 Q07 025
    AZ-104 Part 02 Q07 025

    RG1 has a web app named WebApp1. WebApp1 is located in West Europe.

    You move WebApp1 to RG2.

    What is the effect of the move?

    •  The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.
    • The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.
    • The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.
    • The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
    Explanation:
    You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
    The region in which your app runs is the region of the App Service plan it’s in. However, you cannot change an App Service plan’s region.
  8. HOTSPOT

    You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.

    You need to create a custom RBAC role named CR1 that meets the following requirements:

    – Can be assigned only to the resource groups in Subscription1
    – Prevents the management of the access permissions for the resource groups
    – Allows the viewing, creating, modifying, and deleting of resources within the resource groups

    What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    AZ-104 Part 02 Q08 026 Question
    AZ-104 Part 02 Q08 026 Question
    AZ-104 Part 02 Q08 026 Answer
    AZ-104 Part 02 Q08 026 Answer
  9. You have an Azure subscription.

    Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.

    You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.

    You need to ensure that the connections to App1 are spread across all the virtual machines.

    What are two possible Azure services that you can use? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • an internal load balancer
    • a public load balancer
    • an Azure Content Delivery Network (CDN)
    • Traffic Manager
    • an Azure Application Gateway
    Explanation:
    Network traffic from the VPN gateway is routed to the cloud application through an internal load balancer. The load balancer is located in the front-end subnet of the application.
  10. You have an Azure subscription.

    You have 100 Azure virtual machines.

    You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.

    Which blade should you use?

    • Monitor
    • Advisor
    • Metrics
    • Customer insights
    Explanation:

    Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

  11. HOTSPOT

    You have an Azure Active Directory (Azure AD) tenant.

    You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.

    Which three settings should you configure? To answer, select the appropriate settings in the answer area.

    NOTE: Each correct selection is worth one point.

    AZ-104 Part 02 Q11 027 Question
    AZ-104 Part 02 Q11 027 Question
    AZ-104 Part 02 Q11 027 Answer
    AZ-104 Part 02 Q11 027 Answer
  12. You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

    The User administrator role is assigned to a user named Admin1.

    An external partner has a Microsoft account that uses the [email protected] sign in.

    Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user [email protected] ­– Generic authorization exception.”

    You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

    What should you do?

    • From the Users blade, modify the External collaboration settings.
    • From the Custom domain names blade, add a custom domain.
    • From the Organizational relationships blade, add an identity provider.
    • From the Roles and administrators blade, assign the Security administrator role to Admin1.
  13. You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1.

    You need to ensure that User1 can assign a policy to the tenant root management group.

    What should you do?

    • Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.
    • Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
    • Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
    • Create a new management group and delegate User1 as the owner of the new management group.
    Explanation:
    The following chart shows the list of roles and the supported actions on management groups.
    AZ-104 Part 02 Q13 028
    AZ-104 Part 02 Q13 028

    Note:
    Each directory is given a single top-level management group called the “Root” management group. This root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level. The Azure AD Global Administrator needs to elevate themselves to the User Access Administrator role of this root group initially. After elevating access, the administrator can assign any Azure role to other directory users or groups to manage the hierarchy. As administrator, you can assign your own account as owner of the root management group.

  14. HOTSPOT

    You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.

    AZ-104 Part 02 Q14 029
    AZ-104 Part 02 Q14 029

    You create two user accounts that are configured as shown in the following table.

    AZ-104 Part 02 Q14 030
    AZ-104 Part 02 Q14 030

    To which groups do User1 and User2 belong? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    AZ-104 Part 02 Q14 031 Question
    AZ-104 Part 02 Q14 031 Question
    AZ-104 Part 02 Q14 031 Answer
    AZ-104 Part 02 Q14 031 Answer

    Explanation:

    Box 1: Group 1 only
    First rule applies

    Box 2: Group1 and Group2 only
    Both membership rules apply.

  15. HOTSPOT

    You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.

    AZ-104 Part 02 Q15 032
    AZ-104 Part 02 Q15 032

    You need to modify the JobTitle and UsageLocation attributes for the users.

    For which users can you modify the attributes from Azure AD? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    AZ-104 Part 02 Q15 033 Question
    AZ-104 Part 02 Q15 033 Question
    AZ-104 Part 02 Q15 033 Answer
    AZ-104 Part 02 Q15 033 Answer

    Explanation:

    Box 1: User1 and User3 only

    You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.

    Box 2: User1, User2, and User3

  16. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

    Solution: You assign the Network Contributor role at the subscription level to Admin1.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Your account must meet one of the following to enable traffic analytics:

    Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

  17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

    Solution: You assign the Owner role at the subscription level to Admin1.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Your account must meet one of the following to enable traffic analytics:

    Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

  18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

    Solution: You assign the Reader role at the subscription level to Admin1.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Your account must meet one of the following to enable traffic analytics:

    Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

  19. You have an Azure subscription that contains a user named User1.

    You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.

    Which role-based access control (RBAC) role should you assign to User1?

    • Owner
    • Virtual Machine Contributor
    • Contributor
    • Virtual Machine Administrator Login
    Explanation:
    Virtual Machine Contributor: Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.

    Incorrect Answers:
    A: Owner: Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
    C: Contributor: Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.
    D: Virtual Machine Administrator Login: View Virtual Machines in the portal and login as administrator.

  20. HOTSPOT

    You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.

    The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Access Control tab.)

    AZ-104 Part 02 Q20 034
    AZ-104 Part 02 Q20 034

    You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Tenant tab.)

    AZ-104 Part 02 Q20 035
    AZ-104 Part 02 Q20 035

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    AZ-104 Part 02 Q20 036 Question
    AZ-104 Part 02 Q20 036 Question
    AZ-104 Part 02 Q20 036 Answer
    AZ-104 Part 02 Q20 036 Answer
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments