AZ-104 無料問題集「Microsoft Azure Administrator」
Hotspot Question
You have the role assignment file shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have the role assignment file shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: User1 and User3 are
Box 2 : User1 and User4
User 1 - Owner of the subscription. (He can manage any resources in the subscription.) User 2 - Owner of RG2(He can manage any resources in the RG2.) User 3 - Owner of a single VM that is VM1.(he can manage VM1 only) User 4 - Contributor of RG1.(He can manage everything in RG1, even he can delete VMs in RG1.
But cannot change RABC)
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.
You plan to deploy several new virtual machines (VMs) in Azure. The VMs will have the same operating system and custom software requirements.
You configure a reference VM in the on-premise virtual environment. You then generalize the VM to create an image.
You need to upload the image to Azure to ensure that it is available for selection when you create the new Azure VMs.
Which PowerShell cmdlets should you use?
You plan to deploy several new virtual machines (VMs) in Azure. The VMs will have the same operating system and custom software requirements.
You configure a reference VM in the on-premise virtual environment. You then generalize the VM to create an image.
You need to upload the image to Azure to ensure that it is available for selection when you create the new Azure VMs.
Which PowerShell cmdlets should you use?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains the resources shown in the following table.
The Not allowed resource types Azure policy that has policy enforcement enabled is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2 which is connected to VNET1.
What should you do first?
The Not allowed resource types Azure policy that has policy enforcement enabled is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2 which is connected to VNET1.
What should you do first?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have two Azure subscriptions named Sub1 and Sub2.
An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1.
You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2.
The solution must minimize administrative effort.
What should you do?
An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1.
You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2.
The solution must minimize administrative effort.
What should you do?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Case Study 3 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses adomain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized.
The virtualization environment contains the servers in the following table.
Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
- Deploy Azure ExpressRoute to the Montreal office.
- Migrate the virtual machines hosted on Server1 and Server2 to Azure.
- Synchronize on-premises Active Directory to Azure Active Directory
(Azure AD).
- Migrate App1 and App2 to two Azure web apps named WebApp1 and
WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
- Ensure that WebApp1 can adjust the number of instances automatically
based on the load and can scale up to five instances.
- Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
- Ensure that routing information is exchanged automatically between
Azure and the routers in the Montreal office.
- Ensure Azure Multi-Factor Authentication (MFA) for the users in the
finance department only.
- Ensure that webapp2.azurewebsites.net can be accessed by using the
name app2.contoso.com
- Connect the New York office to VNet1 over the Internet by using an
encrypted connection.
- Create a workflow to send an email message when the settings of VM4
are modified.
- Create a custom Azure role named Role1 that is based on the Reader
role.
- Minimize costs whenever possible.
Hotspot Question
You need to prepare the environment to implement the planned changes for Server2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses adomain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized.
The virtualization environment contains the servers in the following table.
Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
- Deploy Azure ExpressRoute to the Montreal office.
- Migrate the virtual machines hosted on Server1 and Server2 to Azure.
- Synchronize on-premises Active Directory to Azure Active Directory
(Azure AD).
- Migrate App1 and App2 to two Azure web apps named WebApp1 and
WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
- Ensure that WebApp1 can adjust the number of instances automatically
based on the load and can scale up to five instances.
- Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
- Ensure that routing information is exchanged automatically between
Azure and the routers in the Montreal office.
- Ensure Azure Multi-Factor Authentication (MFA) for the users in the
finance department only.
- Ensure that webapp2.azurewebsites.net can be accessed by using the
name app2.contoso.com
- Connect the New York office to VNet1 over the Internet by using an
encrypted connection.
- Create a workflow to send an email message when the settings of VM4
are modified.
- Create a custom Azure role named Role1 that is based on the Reader
role.
- Minimize costs whenever possible.
Hotspot Question
You need to prepare the environment to implement the planned changes for Server2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal.
Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure.
Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
Hotspot Question
You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.
The subscription contains the virtual machines shown in the following table.
VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)
The Microsoft.Storage service endpoint has the service endpoint policy shown in the Microsoft.Storage exhibit. (Click the Microsoft.Storage tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.
The subscription contains the virtual machines shown in the following table.
VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)
The Microsoft.Storage service endpoint has the service endpoint policy shown in the Microsoft.Storage exhibit. (Click the Microsoft.Storage tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
You have a .NET Core application running in Azure App Services.
You are expecting a huge influx of traffic to your application in the coming days.
When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately.
What service can you use to assure that you know about these types of errors related to your .NET application immediately?
You are expecting a huge influx of traffic to your application in the coming days.
When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately.
What service can you use to assure that you know about these types of errors related to your .NET application immediately?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Case Study 4 - ADatum
Overview
ADatum Corporation is a financial company that has two main offices in New York and Los Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
ADatum uses Microsoft Exchange Online for email.
Existing Environment
On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft Online Services.
Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.
Azure Environment
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.
AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.
Requirements
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.
Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
A new web app named App1 that will access third-parties for credit card processing must be
deployed.
A newly developed API must be implemented as an Azure function named App2. App2 will use
a blob storage trigger. App2 must process new blobs immediately.
The Azure infrastructure and the on-premises infrastructure must be prepared for the migration
of the VMware virtual machines to Azure.
The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads
must be identified.
All migrated and newly deployed Azure virtual machines must be joined to the adatum.com
domain.
AG1 must load balance incoming traffic in the following manner:
- http://corporate.adatum.com/video/* will be load balanced across Pool11.
- http://corporate.adatum.com/images/* will be load balanced across Pool12.
AG2 must load balance incoming traffic in the following manner:
- http://www.adatum.com will be load balanced across Pool21.
- http://fabrikam.com will be load balanced across Pool22.
ER1 must route traffic between the New York office and platform as a service (PaaS) services
in the East US Azure region, as long as ER1 is available.
ER1 must route traffic between the Los Angeles office and the PaaS services in the West US
region, as long as ER2 is available.
ER1 and ER2 must be configured to fail over automatically.
Application Requirements
App2 must be available to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.
Pricing Requirements
ADatum identifies the following pricing requirements:
The cost of App1 and App2 must be minimized
The transactional charges of Azure Storage accounts must be minimized
What should you create to configure AG2?
Overview
ADatum Corporation is a financial company that has two main offices in New York and Los Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
ADatum uses Microsoft Exchange Online for email.
Existing Environment
On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft Online Services.
Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.
Azure Environment
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.
AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.
Requirements
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.
Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
A new web app named App1 that will access third-parties for credit card processing must be
deployed.
A newly developed API must be implemented as an Azure function named App2. App2 will use
a blob storage trigger. App2 must process new blobs immediately.
The Azure infrastructure and the on-premises infrastructure must be prepared for the migration
of the VMware virtual machines to Azure.
The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads
must be identified.
All migrated and newly deployed Azure virtual machines must be joined to the adatum.com
domain.
AG1 must load balance incoming traffic in the following manner:
- http://corporate.adatum.com/video/* will be load balanced across Pool11.
- http://corporate.adatum.com/images/* will be load balanced across Pool12.
AG2 must load balance incoming traffic in the following manner:
- http://www.adatum.com will be load balanced across Pool21.
- http://fabrikam.com will be load balanced across Pool22.
ER1 must route traffic between the New York office and platform as a service (PaaS) services
in the East US Azure region, as long as ER1 is available.
ER1 must route traffic between the Los Angeles office and the PaaS services in the West US
region, as long as ER2 is available.
ER1 and ER2 must be configured to fail over automatically.
Application Requirements
App2 must be available to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.
Pricing Requirements
ADatum identifies the following pricing requirements:
The cost of App1 and App2 must be minimized
The transactional charges of Azure Storage accounts must be minimized
What should you create to configure AG2?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You deploy Azure virtual machines to three Azure regions.
Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.
Each subnet contains a network security group (NSG) that has defined rules.
A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.
Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.
Each subnet contains a network security group (NSG) that has defined rules.
A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.
Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:C、E
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure CLI, you run azcopy.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure CLI, you run azcopy.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains the resources shown in the following table.
All virtual machines run Windows Server 2016.
On VM1, you back up a folder named Folder1 as shown in the following exhibit.
You plan to restore the backup to a different virtual machine.
You need to restore the backup to VM2.
What should you do first?
All virtual machines run Windows Server 2016.
On VM1, you back up a folder named Folder1 as shown in the following exhibit.
You plan to restore the backup to a different virtual machine.
You need to restore the backup to VM2.
What should you do first?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Case Study 5 - Contoso, Ltd
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.
Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool
storage tier.
Create a storage account named storage5 and configure storage replication for the Blob
service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the
following table.
Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the
following table.
Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to
VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only
permissions to the Azure file shares.
Hotspot Question
You need to configure Azure Backup to back up the file shares and virtual machines.
What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.
Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool
storage tier.
Create a storage account named storage5 and configure storage replication for the Blob
service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the
following table.
Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the
following table.
Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to
VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only
permissions to the Azure file shares.
Hotspot Question
You need to configure Azure Backup to back up the file shares and virtual machines.
What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: 3
If you have data sources in multiple regions, create a Recovery Services vault for each region.
The File Shares and VMs are located in three Regions: West US, East US, Central US.
Box 2: 6
A backup policy is scoped to a vault. For each vault we need one backup policy for File Shares and one backup policy for VM.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault
https://docs.microsoft.com/en-us/azure/backup/guidance-best-practices