AZ-104 : Microsoft Azure Administrator : Part 08

AZ-104 : Microsoft Azure Administrator : Part 08

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

   You need to view the date and time when the resources were created in RG1.

   Solution: From the RG1 blade, you click Deployments.

   Does this meet the goal?

   • Yes
   • No
   Explanation:

   From the RG1 blade, click Deployments. You see a history of deployment for the resource group.

2. You have an Azure subscription named Subscription1.

   You deploy a Linux virtual machine named VM1 to Subscription1.

   You need to monitor the metrics and the logs of VM1.

   What should you use?

   • Azure HDInsight
   • Linux Diagnostic Extension (LAD) 3.0
   • the AzurePerformanceDiagnostics extension
   • Azure Analysis Services
   Explanation:
   You can use extensions to configure diagnostics on your VMs to collect additional metric data.
   The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

3. HOTSPOT

   You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.

   You install and configure a web server and a DNS server on VM1.

   VM1 has the effective network security rules shown in the following exhibit:

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:
   Box 1:
   Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach to the Web server, since it uses port 80.
   Box 2:
   If Rule2 is removed internet users can reach the DNS server as well.
   Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

4. You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1.

   You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.

   What should you deploy?

   • all three virtual machines in a single Availability Zone
   • all virtual machines in a single Availability Set
   • each virtual machine in a separate Availability Zone
   • each virtual machine in a separate Availability Set

   Explanation:

   Use availability zones to protect from datacenter level failures.

5. You have an Azure virtual machine named VM1 that runs Windows Server 2019.

   You save VM1 as a template named Template1 to the Azure Resource Manager library.

   You plan to deploy a virtual machine named VM2 from Template1.

   What can you configure during the deployment of VM2?

   • operating system
   • administrator username
   • virtual machine size
   • resource group
   Explanation:
   When deploying a virtual machine from a template, you must specify:
   – the Resource Group name and location for the VM
   – the administrator username and password
   – an unique DNS name for the public IP

6. You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances.

   At the end of each month, CPU usage for VM1 peaks when App1 runs.

   You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.

   What task should you include in the runbook?

   • Add the Azure Performance Diagnostics agent to VM1.
   • Modify the VM size property of VM1.
   • Add VM1 to a scale set.
   • Increase the vCPU quota for the subscription.
   • Add a Desired State Configuration (DSC) extension to VM1.

7. You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.

   You need to ensure that NGINX is available on all the virtual machines after they are deployed.

   What should you use?

   • Deployment Center in Azure App Service
   • A Desired State Configuration (DSC) extension
   • the New-AzConfigurationAssignment cmdlet
   • a Microsoft Intune device configuration profile
   Explanation:
   Azure virtual machine extensions are small packages that run post-deployment configuration and automation on Azure virtual machines.

   In the following example, the Azure CLI is used to deploy a custom script extension to an existing virtual machine, which installs a Nginx webserver.

   az vm extension set \
   –resource-group myResourceGroup \
   –vm-name myVM –name customScript \
   –publisher Microsoft.Azure.Extensions \
   –settings ‘{“commandToExecute”: “apt-get install -y nginx”}

   Note:
   There are several versions of this question in the exam. The question has two correct answers:
   1. a Desired State Configuration (DSC) extension
   2. Azure Custom Script Extension

   The question can have other incorrect answer options, including the following:
   – the Publish-AzVMDscConfiguration cmdlet
   – Azure Application Insights

8. HOTSPOT

   You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: 10.244.0.0/16
   The Pod CIDR.

   Note: The –pod-cidr should be a large address space that isn’t in use elsewhere in your network environment. This range includes any on-premises network ranges if you connect, or plan to connect, your Azure virtual networks using Express Route or a Site-to-Site VPN connection.

   This address range must be large enough to accommodate the number of nodes that you expect to scale up to. You can’t change this address range once the cluster is deployed if you need more addresses for additional nodes.

   Box 2: 10.0.0.0/16
   The –service-cidr is used to assign internal services in the AKS cluster an IP address.

9. HOTSPOT

   You have the App Service plan shown in the following exhibit.

   

   The scale-in settings for the App Service plan are configured as shown in the following exhibit.

   

   The scale out rule is configured with the same duration and cool down tile as the scale in rule.

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: 5
   The maximum 5 will kept as the CPU Usage >= 30.

   Box 2: 3
   As soon as the average CPU usage drops below 30%, the count will decrease by 1. After the 5 minute cool-down it will decrease by another 1, reaching 3.

10. You have an Azure virtual machine named VM1 that runs Windows Server 2019. The VM was deployed using default drive settings.

    You sign in to VM1 as a user named User1 and perform the following actions:

    – Create files on drive C.
    – Create files on drive D.
    – Modify the screen saver timeout.
    – Change the desktop background.

    You plan to redeploy VM1.

    Which changes will be lost after you redeploy VM1?

    • the modified screen saver timeout
    • the new desktop background
    • the new files on drive D
    • the new files on drive C

11. You have an Azure subscription.

    You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)

    

    You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.

    What should you modify on VM1?

    • the memory
    • the network adapters
    • the hard drive
    • the processor
    • Integration Services
    Explanation:
    From the exhibit we see that the disk is in the VHDX format.

    Before you upload a Windows virtual machine (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.

12. HOTSPOT

    You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:

    – Operating system: Windows Server 2016
    – Size: Standard_D1_v2

    You run the get-azvmss cmdlet as shown in the following exhibit:

    

    Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine.

    Box 1: 0
    The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each existing VM.

    Box 2: 4
    Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all instances in the scale set.

13. You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table:

    

    Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template.

    You need to view the template used for the deployment.

    From which blade can you view the template that was used for the deployment?

    • VM1
    • RG1
    • storage2
    • container1
    Explanation:
    View template from deployment history
    1. Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
    

    

    2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.

    

    3. The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.

    

14. You have an Azure web app named App1. App1 has the deployment slots shown in the following table:

    

    In webapp1-test, you test several changes to App1.

    You back up App1.

    You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues.

    You need to revert to the previous version of App1 as quickly as possible.

    What should you do?

    • Redeploy App1
    • Swap the slots
    • Clone App1
    • Restore the backup of App1
    Explanation:
    When you swap deployment slots, Azure swaps the Virtual IP addresses of the source and destination slots, thereby swapping the URLs of the slots. We can easily revert the deployment by swapping back.

15. HOTSPOT

    You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines VM1 and VM2. VM1 and VM2 run Windows Server 2016.

    VM1 is backed up daily by Azure Backup without using the Azure Backup agent.

    VM1 is affected by ransomware that encrypts data.

    You need to restore the latest backup of VM1.

    To which location can you restore the backup? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Note: The new VM must be in the same region.

16. You plan to back up an Azure virtual machine named VM1.

    You discover that the Backup Pre-Check status displays a status of Warning.

    What is a possible cause of the Warning status?

    • VM1 is stopped.
    • VM1 does not have the latest version of the Azure VM Agent (WaAppAgent.exe) installed.
    • VM1 has an unmanaged disk.
    • A Recovery Services vault is unavailable.
    Explanation:
    The Warning state indicates one or more issues in VM’s configuration that might lead to backup failures and provides recommended steps to ensure successful backups. Not having the latest VM Agent installed, for example, can cause backups to fail intermittently and falls in this class of issues.

17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

    You receive a notification that VM1 will be affected by maintenance.

    You need to move VM1 to a different host immediately.

    Solution: From the Overview blade, you move the virtual machine to a different resource group.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    You would need to redeploy the VM.

18. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

    The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.

    All the resources used by Litware are hosted on-premises.

    Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier.

    Existing Environment

    The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone.

    Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.

    Litware.com contains a user named User1.

    All the offices connect by using private connections.

    Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.

    All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

    

    Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.

    The Azure subscription contains the resources in the following table.

    

    The network security team implements several network security groups (NSGs)

    Requirements

    Planned Changes

    Litware plans to implement the following changes:

    – Deploy Azure ExpressRoute to the Montreal office.
    – Migrate the virtual machines hosted on Server1 and Server2 to Azure.
    – Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
    – Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

    Technical Requirements

    Litware must meet the following technical requirements:

    – Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
    – Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
    – Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
    – Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
    – Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
    – Connect the New York office to VNet1 over the Internet by using an encrypted connection.
    – Create a workflow to send an email message when the settings of VM4 are modified.
    – Create a custom Azure role named Role1 that is based on the Reader role.
    – Minimize costs whenever possible.

    1. You discover that VM3 does NOT meet the technical requirements.

       You need to verify whether the issue relates to the NSGs.

       What should you use?

       • Diagram in VNet1
       • Diagnostic settings in Azure Monitor
       • Diagnose and solve problems in Traffic Manager profiles
       • The security recommendations in Azure Advisor
       • IP flow verify in Azure Network Watcher
       Explanation:
       Scenario: Contoso must meet technical requirements including:
       Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.

       IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

19. HOTSPOT

    You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table:

    

    Subnet1 contains a virtual appliance named VM1 that operates as a router.

    You create a routing table named RT1.

    You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.

    How should you configure RT1? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

20. You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.

    You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

    You need to ensure that visitors are serviced by the same web server for each request.

    What should you configure?

    •  Floating IP (direct server return) to Enabled
    • Floating IP (direct server return) to Disabled
    • a health probe
    • Session persistence to Client IP and Protocol
    Explanation:
    With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer For Sticky Sessions set Session persistence to Client IP.

    On the following image you can see sticky session configuration:

    

    Note:
    There are several versions of this question in the exam. The question can have other incorrect answer options, including the following:
    Idle Time-out (minutes) to 20
    Protocol to UDP