• Home
  • Blogs
  • Pass Microsoft Microsoft Azure Administrator Exam in First Attempt Guaranteed Updated Dump from Pass4Leader! [Q53-Q78]

Pass Microsoft Microsoft Azure Administrator Exam in First Attempt Guaranteed Updated Dump from Pass4Leader! [Q53-Q78]

Share

Pass Microsoft Microsoft Azure Administrator Exam in First Attempt Guaranteed Updated Dump from Pass4Leader!

Pass AZ-104 Exam with 455 Questions - Verified By Pass4Leader

NEW QUESTION 53
You have an Azure subscription named Subcription1 that contains the storage accounts shown in the following table.

You plan 10 use the Azure Import/Export service to export data from Subscription1.

  • A. storage1
  • B. storage4
  • C. storage2
  • D. storage3

Answer: B

 

NEW QUESTION 54
You need to deploy two Azure web apps named WebApp1 and WebApp2. The web apps have the following requirements:
* WebApp1 must be able to use staging slots
* WebApp2 must be able to access the resources located on an Azure virtual network What is the least costly plan that you can use to deploy each web app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://azure.microsoft.com/en-au/pricing/details/app-service/windows/
https://azure.microsoft.com/en-gb/pricing/details/app-service/plans/

 

NEW QUESTION 55
You are creating an Azure load balancer.
You need to add an IPv6 load balancing rule to the load balancer.
How should you complete the Azure PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Powershell command to create a load balancer rule (AzureRm module new version is AZ as given in below command):
$lbrule1v6 = New-AzLoadBalancerRuleConfig
-Name "HTTPv6"
-FrontendIpConfiguration $FEIPConfigv6
-BackendAddressPool $backendpoolipv6
-Probe $healthProbe
-Protocol Tcp
-FrontendPort 80
-BackendPort 8080
Powershell command to create the load balancer using the previously created objects :
New-AzLoadBalancer
-ResourceGroupName NRP-RG
-Name 'myNrpIPv6LB'
-Location 'West US'
-FrontendIpConfiguration $FEIPConfigv6
-InboundNatRule $inboundNATRule1v6
-BackendAddressPool $backendpoolipv6
-Probe $healthProbe
-LoadBalancingRule $lbrule1v6
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps

 

NEW QUESTION 56
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2016 and is part of an availability set.
VM1 has virtual machine-level backup enabled.
VM1 is deleted.
You need to restore VM1 from the backup. VM1 must be part of the availability set.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

 

NEW QUESTION 57
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.) You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet.
What should you do?

  • A. Delete Rule1.
  • B. Modify the protocol of Rule4.
  • C. For Rule5, change the Action to Allow and change the priority to 401.
  • D. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of
    501.

Answer: C

Explanation:
Explanation
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port 443.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

 

NEW QUESTION 58
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network that has a subnet named Subnet1
* Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
* A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
* Priority: 100
* Source: Any
* Source port range: *
* Destination: *
* Destination port range: 3389
* Protocol: UDP
* Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
The default port for RDP is TCP port 3389 not UDP.
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic, Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation.
Here in the solution UDP traffic is allowed at virtual network level which is not tcp/rdp protocol. So this will not work to achieve the goal.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules

 

NEW QUESTION 59
You are developing an Azure web app named WebApp1. WebApp1 uses an Azure App Service plan named Plan1 that uses the B1 pricing tier.
You need to configure WebApp1 to add additional instances of the app when CPU usage exceeds 70 percent for 10 minutes.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Box 1: From the Scale up (App Service Plan) settings blade, change the pricing tier The B1 pricing tier only allows for 1 core. We must choose another pricing tier.
Box 2: From the Scale out (App Service Plan) settings blade, enable autoscale
1.
Log in to the Azure portal at http://portal.azure.com
1. Navigate to the App Service you would like to autoscale.
2. Select Scale out (App Service plan) from the menu
3. Click on Enable autoscale. This activates the editor for scaling rules.

Box 3: From the Scale mode to Scale based on metric, add a rule, and set the instance limits.
Click on Add a rule. This shows a form where you can create a rule and specify details of the scaling.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/

 

NEW QUESTION 60
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Reference:
https://docs.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-move-a-vm-to-a-different-vnet-on-azure
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vmbetween-vnets

 

NEW QUESTION 61
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

  • A. an Azure Key Vault and an access policy
  • B. an Azure Storage account and an access policy
  • C. Azure Active Directory (AD) Identity Protection and an Azure policy
  • D. a Recovery Services vault and a backup policy

Answer: A

Explanation:
Explanation
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

 

NEW QUESTION 62
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: A Recovery Services vault
A Recovery Services vault is an entity that stores all the backups and recovery points you create over time.
Box 2: A backup policy
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault
https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq

 

NEW QUESTION 63
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US.
Does this meet the goal?

  • A. Yes
  • B. NO

Answer: A

Explanation:
Explanation
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

 

NEW QUESTION 64
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
* Replicates synchronously
* Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

NEW QUESTION 65
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.

Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: User1 and User3 only.
The Owner Role lets you manage everything, including access to resources.
The Network Contributor role lets you manage networks, but not access to them.
Box 2: User1 and User2 only
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

 

NEW QUESTION 66
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Answer:

Explanation:

Explanation

As cooling period and scale in and scale out durations are not displayed in the graphical view, so we need to consider the default values as below for these settings.
Cool down (minutes) : The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect. Default is 5 minutes.
Duration : The amount of time monitored before the metric and threshold values are compared. Default is 10 minutes.
Box 1: 4 virtual machines
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher for more than or equals to 10 mins due to default duration for scale in and out is 10 minutes. Since CPU utilization at 85% only lasts for 6 mins , it does not trigger the rules.
Hence no of virtual machines will be same as the initial value which is 4.
Box 2: 4 virtual machines
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower for more than or equal to 10 mins. due to default duration for scale in and out is 10 minutes . Since CPU utilization at
30% only lasts for 6 mins , it does not trigger the rules. Hence after first 6 mins instance count will be same as initial count as 4. After that CPU utilization reached to 50% for 6 mins , which again would not trigger the scale in rule. Therefore no of virtual machines will be same as the initial value which is 4.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns

 

NEW QUESTION 67
You have a network security group (NSG) named NSG1 that has the rules defined in the exhibit. (Click the Exhibit tab.)

NSG1 is associated to a subnet named Subnet1. Subnet1 contains the virtual machines shown in the following table.

You need to add a rule to NSG1 to ensure that VM1 can ping VM2. The solution must use the principle of least privilege.
How should you configure the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Table Description automatically generated
Reference:
https://www.thomasmaurer.ch/2019/09/how-to-enable-ping-icmp-echo-on-an-azure-vm/

 

NEW QUESTION 68
You have a pay-as-you-go Azure subscription that contains the virtual machines shown in the following table.

You create the budget shown in the following exhibit.

The AG1 action group contains a user named [email protected] only.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-gb/azure/cost-management-billing/costs/tutorial-acm-create-budgets
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending

 

NEW QUESTION 69
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.)

You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.) You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: No
Two methods are required.
Box 2: No
Self-service password reset is only enabled for Group2, and User1 is not a member of Group2.
Box 3: Yes
As a User Administrator User3 can add security questions to the reset process.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr
https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

 

NEW QUESTION 70
Hotspot Question
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:

Explanation:
Box 1: Assignments, Users and Groups
When you configure the sign-in risk policy, you need to set:
The users and groups the policy applies to: Select Individuals and Groups

Box 2:
When you configure the sign-in risk policy, you need to set the type of access you want to be enforced.

Box 3:
When you configure the sign-in risk policy, you need to set:
The type of access you want to be enforced when your sign-in risk level has been met:

References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

 

NEW QUESTION 71
You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.

You deploy virtual machines to Subscription1 as shown in the following table.

Answer:

Explanation:

 

NEW QUESTION 72
You have an Azure subscription named Subcription1 that contains a resource group named RG1.
In RG1. you create an internal load balancer named LB1 and a public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Caen correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Network Contributor on RG1
To add to the backend pool, write permission is required on the Resource Group because it writes deployment information. To add a backend pool, you need network contributor role on the LB and on the VMs that will be part of the backend pool.
For this reason the network contributor role must be assigned to the RG where the LB and the VM resides. So the correct answer is Network Contributor on RG1 .
Box 2: Network Contributor on RG1
For Health Probe also, without having access to RG1, no health probe can be added. If only Network Contributor role is assigned to LB then the user would not be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the the principle of least privilege. Hence Owner and contributor role is incorrect choices for the question.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

 

NEW QUESTION 73
You have an Azure subscription that contains the virtual machines shown in the following table.

VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default and the following custom incoming rule:
* Priority: 100
* Name: Rule1
* Port: 3389
* Protocol: TCP
* Source: Any
* Destination: Any
* Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Box 2: Yes
NSG2 will allow this.
Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection

 

NEW QUESTION 74
You have an Azure subscription that contains the public load balancers shown in the following table.

You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers

 

NEW QUESTION 75
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

  • A. an Azure Key Vault and an access policy
  • B. an Azure Storage account and an access policy
  • C. Azure Active Directory (AD) Identity Protection and an Azure policy
  • D. a Recovery Services vault and a backup policy

Answer: A

Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.
Reference:
https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

 

NEW QUESTION 76
You have a deployment template named Template1 that is used to deploy 10 Azure web apps.
You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs.
What should you identify?

  • A. five Azure Application Gateways
  • B. one Azure Traffic Manager
  • C. one Azure Application Gateway
  • D. 10 App Service plans
  • E. one App Service plan

Answer: E

Explanation:
Section: [none]
Explanation:
You create Azure web apps in an App Service plan.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

 

NEW QUESTION 77
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Section: [none]
Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

 

NEW QUESTION 78
......

Penetration testers simulate AZ-104 exam: https://www.pass4leader.com/Microsoft/AZ-104-exam.html

Free Test Engine For Microsoft Azure Administrator Certification Exams: https://drive.google.com/open?id=1NH-R-J7QRWjOU3nIVUEr2_Jz7XGH9Zbf

 

Related Blogs

more
Go To AZ-104 Questions