AZ-104 無料問題集「Microsoft Azure Administrator」
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule;
* Priority: 100
* Name: Rule1
* Port: 3389
* Protocol: TCP
* Source: Any
* Destination: Any
* Action: Allow
NSG1 is associated to Subnet! NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule;
* Priority: 100
* Name: Rule1
* Port: 3389
* Protocol: TCP
* Source: Any
* Destination: Any
* Action: Allow
NSG1 is associated to Subnet! NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
No: VM1 has default rules which denies any port open for inbound rules
Yes: VM2 has custom rule allowing RDP port
Yes: VM1 and VM2 are in the same Vnet. by default, communication are allowed
You manage two Azure subscriptions named Subscription 1 and Subscription2.
Subscription! has following virtual networks:
The virtual networks contain the following subnets:
Subscnption2 contains the following virtual network:
- Name: VNETA
* Address space: 10.10.128.0/17
* Region: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Subscription! has following virtual networks:
The virtual networks contain the following subnets:
Subscnption2 contains the following virtual network:
- Name: VNETA
* Address space: 10.10.128.0/17
* Region: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains 10 virtual machines, a key vault named Vault 1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region.
The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.
You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort.
What should you configure as the destination of the outbound security rule for NSG1?
The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.
You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort.
What should you configure as the destination of the outbound security rule for NSG1?
正解:B
解答を投票する
You have an Azure Resource Manager that is used to deploy an Azure virtual machine.
Template1 contains the following text:
The variables section in Template1 contains the following text:
"location": "westeurope"
The resources section in Template1 contains the following text:
You need to deploy the virtual machine to the West US location by using Template1.
What should you do?
Template1 contains the following text:
The variables section in Template1 contains the following text:
"location": "westeurope"
The resources section in Template1 contains the following text:
You need to deploy the virtual machine to the West US location by using Template1.
What should you do?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] - Generic authorization exception." You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] - Generic authorization exception." You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains a virtual network named VNET in the East Us 2 region. A network interface named VM1-NI is connected to VNET1.
You successfully deploy the following Azure Resource Manager template.
You successfully deploy the following Azure Resource Manager template.
正解:
Explanation:
"A resource can only be created in a virtual network that exists in the same region and subscription as the resource." https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design- arm#regions
You have an Azure Storage account named storage1 that stores images.
You need to create a new storage account and replicate the images in storage1 to the new account by using object replication.
How should you configure the new account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to create a new storage account and replicate the images in storage1 to the new account by using object replication.
How should you configure the new account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the resources in the following table.
In Azure, you create a private DNS zone named adatum.com, add virtual network link to VNet2, and enable auto registration.
The adatum.com zone is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point
In Azure, you create a private DNS zone named adatum.com, add virtual network link to VNet2, and enable auto registration.
The adatum.com zone is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point
正解:
Explanation:
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.
On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK) You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK) You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:C、D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the Azure policy to the subscription.
Does this meet the goal?
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the Azure policy to the subscription.
Does this meet the goal?
正解:A
解答を投票する
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a service endpoint policy named policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription.
Fow each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The subscription contains the subnets shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a service endpoint policy named policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription.
Fow each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
* Policy1 can be applied to Subnet3. = YES
* Only storage1 and storage2 can be accessed from VNet2. = NO
* Only storage2 can be accessed from VNet3. = Yes
* According to the Microsoft documentation, a service endpoint policy can be applied to any subnet in a virtual network that has a service endpoint enabled for the same service as the policy. In your scenario, Subnet3 has a service endpoint enabled for Microsoft.Storage, which is the same service as policy1.
Therefore, policy1 can be applied to Subnet3.
* According to the Microsoft documentation, when you configure network rules for a storage account, you can limit access to your storage account to requests that come from specified IP addresses, IP ranges, subnets in an Azure virtual network, or resource instances of some Azure services. In your scenario, storage1 and storage2 have network rules that allow access from Subnet1 and Subnet2 respectively. However, this does not mean that only these subnets can access the storage accounts.
Other subnets or resources that have the same IP range or resource ID as Subnet1 or Subnet2 can also access the storage accounts. For example, Subnet4 in VNet2 has the same IP range as Subnet1 in VNet1, so it can also access storage1. Similarly, Subnet5 in VNet3 has the same IP range as Subnet2 in VNet1, so it can also access storage2. Therefore, only storage1 and storage2 cannot be accessed from VNet2.
* According to the Microsoft documentation, when you create a private endpoint for a storage account, you assign a private IP address from your virtual network to the storage account. This enables secure traffic between your virtual network and the storage account over a private link. In your scenario, you have created a private endpoint for storage2 in Subnet6 of VNet3. This means that only Subnet6 can access storage2 over the private link. However, this does not mean that only Subnet6 can access storage2 at all. Other subnets or resources that have the same IP range or resource ID as Subnet6 can also access storage2 over the public endpoint of the storage account. For example, Subnet7 in VNet4 has the same IP range as Subnet6 in VNet3, so it can also access storage2 over the public endpoint.
Therefore, only storage2 cannot be accessed from VNet3.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different subscription.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different subscription.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)