AZ-104 ①-1
QUESTION 21 You have an Azure web app named webapp1. Users report that they often experience HTTP 500 errors when they connect to webapp1. You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details. What should you do first? A. From webapp1, enable Web server logging B. From Azure Monitor, create a workbook C. From Azure Monitor, create a Service Health alert D. From webapp1, turn on Application Logging
A
QUESTION 23 You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features. What should you do? A. From the Licenses blade of Azure AD, assign a license B. From the Groups blade of each user, invite the users to a group C. From the Azure AD domain, add an enterprise application D. From the Directory role blade of each user, modify the directory role
A
QUESTION 29 You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User1 and perform the following actions: - Create files on drive C. - Create files on drive D. - Modify the screen saver timeout. - Change the desktop background. You plan to redeploy VM1. Which changes will be lost after you redeploy VM1? A. the modified screen saver timeout B. the new desktop background C. the new files on drive D D. the new files on drive C
A
QUESTION 5 Note: This question is part of a series of questions. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Does this meet the goal? A. Yes B. No
A
QUESTION 8 You have the Azure virtual machines shown in the following table: NAME---Azure Region VM1---West Europe VM2---West Europe VM3---North Europe VM4---North Europe You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first? A. Create a new Recovery Services vault B. Create a storage account C. Configure the extensions for VM3 and VM4 D. Create a new backup policy
A
QUESTION 9 Note: This question is part of a series of questions You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: NAME---Role---Scope User1---Global Administrator---Azure Active Directory User2--Global Administrator---Azure Active Directory User3---User Administrator---Azure Active Directory User4---Owner---Azure Subscription User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User2 to create the user accounts. Does that meet the goal? A. Yes B. No
A
AzCopy
A command-line tool that is used to upload and download blobs/files from or to the Azure Blob Storage
Ubuntu
A community-developed Linux-based operating system with a GUI (Graphical user interface) similar to that of Windows.
Azure Kubernetes Service (AKS)
A complete orchestration service for containers with distributed architectures with multiple containers. コンテナ管理サービス(OS, Storage amount management)
Blob Storage
A feature of Microsoft Azure. It allows users to store large amounts of unstructured data on Microsoft's data storage platform.
Docker Image
A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications
VM Availability Set
A logical grouping capability for isolating VM resources from each other
Recovery Services Vault
A place where VM backups are stored in according to a Backup Policy
Directory role blade
A place where you can assign different Azure roles to users. See link (https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles)
Recursion (Recursive)
A programming technique in which you describe actions to be repeated using a method that calls itself (A programming technique using function or algorithm that calls itself one or more times until a specified condition is met at which time the rest of each repetition is processed from the last one called to the first).
QUESTION 13 You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted after 180 days. Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. an Office 365 group that uses the Assigned membership type B. a Security group that uses the Assigned membership type C. an Office 365 group that uses the Dynamic User membership type D. a Security group that uses the Dynamic User membership type E. a Security group that uses the Dynamic Device membership type
AC
IT Service Management Connector (ITSM)
Allows you to connect Azure to a supported IT Service Management (ITSM) product or service. ... Provides a bi-directional connection between Azure and ITSM tools to help you resolve issues faster
OAuth 2.0
An open standard for authorization used for websites and applications. アクセストークンの要求方法とそれに対する応答方法(=承認方法)を標準化したもの。
NGINX
An open-source Web and reverse proxy server software Webサーバのソフト(のひとつ)
Azure Active Directory/Office 365 Membership types
Assigned, Dynamic user, Dynamic device. (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal#membership-types)
QUESTION 1 You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use? A. Azure HDInsight B. Linux Diagnostic Extension (LAD) 3.0 C. the AzurePerformanceDiagnostics extension D. Azure Analysis Services
B
QUESTION 10 Note: This question is part of a series of questions You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: NAME---Role---Scope User1---Global Administrator---Azure Active Directory User2--Global Administrator---Azure Active Directory User3---User Administrator---Azure Active Directory User4---Owner---Azure Subscription User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User4 to create the user accounts. Does that meet the goal? A. Yes B. No
B
QUESTION 11 Note: This question is part of a series of questions You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: NAME---Role---Scope User1---Global Administrator---Azure Active Directory User2--Global Administrator---Azure Active Directory User3---User Administrator---Azure Active Directory User4---Owner---Azure Subscription User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User3 to create the user accounts. Does that meet the goal? A. Yes B. No
B
QUESTION 12 You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users. What should you do first? A. From contoso.com, modify the Organization relationships settings. B. From contoso.com, create an OAuth 2.0 authorization endpoint. C. Recreate AKS1. D. From AKS1, create a namespace.
B
QUESTION 2 You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable. What should you deploy? A. all three virtual machines in a single Availability Zone B. all virtual machines in a single Availability Set C. each virtual machine in a separate Availability Zone D. each virtual machine in a separate Availability Set
B
QUESTION 22 You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts. You create a new user account named AdminUser1. You need to assign the User administrator administrative role to AdminUser1. What should you do from the user account properties? A. From the Licenses blade, assign a new license B. From the Directory role blade, modify the directory role C. From the Groups blade, invite the user account to a new group
B
QUESTION 27 You have an Azure Storage account named storage1. You plan to use AzCopy to copy data to storage1. You need to identify the storage services in storage1 to which you can copy the data. What should you identify? A. blob, file, table, and queue B. blob and file only C. file and table only D. file only E. blob, table, and queue only
B
QUESTION 3 You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1. What can you configure during the deployment of VM2? A. operating system B. administrator username C. virtual machine size D. resource group
B
QUESTION 4 You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs afinancial reporting app named App1 that does not support multiple active instances. At the end of each month, CPU usage for VM1 peaks when App1 runs. You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month. What task should you include in the runbook? A. Add the Azure Performance Diagnostics agent to VM1. B. Modify the VM size property of VM1. C. Add VM1 to a scale set. D. Increase the vCPU quota for the subscription. E. Add a Desired State Configuration (DSC) extension to VM1.
B
QUESTION 7 You have an Azure subscription that has a Recovery Services vault named Vault1. The subscription contains the virtual machines shown in the following table: NAME---Operating System---Auto-Shutdown VM1---Windows Server 2012 R2---Off VM2---Windows Server 2016---19:00 VM3---Ubuntu Server 18.04LTS---Off VM4---Windows 10---19:00 You plan to schedule backups to occur every night at 23:00. Which virtual machines can you back up by using Azure Backup? A. VM1 and VM3 only B. VM1, VM2, VM3, and VM4 C. VM1 and VM2 only D. VM1 only
B
Azure Load Balancer
Balances inbound and outbound connections to applications or service endpoints
Blob
Binary Large Object, which includes objects such as images and multimedia files.
QUESTION 15 You have an Azure subscription named AZPT1 that contains the resources shown in the following table: NAME---TYPE storage1---Azure Storage Account VNET1---Virtual network VM1---Azure virtual machine VM1Managed---Managed disk for VM1 RVAULT1---Recovery Services vault for the site recovery of VM1 You create a new Azure subscription named AZPT2. You need to identify which resources can be moved to AZPT2. Which resources should you identify? A. VM1, storage1, VNET1, and VM1Managed only B. VM1 and VM1Managed only C. VM1, storage1, VNET1, VM1Managed, and RVAULT1 D. RVAULT1 only
C
QUESTION 16 You recently created a new Azure subscription that contains a user named Admin1. Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using Azure PowerShell and receives the following error message: "User failed validation to purchase resources. Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http:// go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time." You need to ensure that Admin1 can deploy the Marketplace resource successfully. What should you do? A. From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet B. From the Azure portal, register the Microsoft.Marketplace resource provider C. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet D. From the Azure portal, assign the Billing administrator role to Admin1
C
QUESTION 19 Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: - A web app named webapp1 - A virtual network named VNET1 You need to ensure that webapp1 can connect to Share1. What should you deploy? A. an Azure Application Gateway B. an Azure Active Directory (Azure AD) Application Proxy C. an Azure Virtual Network Gateway
C
QUESTION 20 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? A. Azure Active Directory (Azure AD) Application Proxy B. Azure Application Insights C. Azure Custom Script Extension D. the New-AzConfigurationAssignement cmdlet
C
QUESTION 24 You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager. Subscription1 contains a virtual machine named VM1. You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first? A. Create an automation runbook B. Deploy a function app C. Deploy the IT Service Management Connector (ITSM) D. Create a notification
C
QUESTION 25 You have an on-premises server that contains a folder named D:\Folder1. You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contosodata. Which command should you run? A. https://contosodata.blob.core.windows.net/public B. azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public -- snapshot C. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public -- recursive D. az storage blob copy start-batch D:\Folder1 https://contosodata.blob.core.windows.net/public
C
QUESTION 30 You have an Azure subscription. You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.) You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines. What should you modify on VM1? A. the memory B. the network adapters C. the hard drive D. the processor E. Integration Services
C
QUESTION 6 You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use? A. IP flow verify B. Connection troubleshoot C. Connection monitor D. NSG flow logs
C
QUESTION 17 You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Add a service endpoint to VNet1 B. Reset GW1 C. Create a route-based virtual network gateway D. Add a connection to GW1 E. Delete GW1 F. Add a public IP address space to VNet1
CE
Azure Kubernetes Service (AKS) cluster
Cluster of containers in AKS
CLI
Command-line interface. An interface that enables the user to interact with the operating system by entering commands and optional arguments.
QUESTION 18 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Floating IP (direct server return) to Enabled B. Idle Time-out (minutes) to 20 C. Protocol to UDP D. Session persistence to Client IP and Protocol
D
QUESTION 26 You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table: NAME---Account Kind---Azure service that contains data storage1---Storage---File storage2---StorageV2 (general purpose v2)---File,Table storage3---StorageV2 (general purpose v2)---Queue storage4---BlobStorage---Blob You plan to use the Azure Import/Export service to export data from Subscription1. You need to identify which storage account can be used to export the data. What should you identify? A. storage1 B. storage2 C. storage3 D. storage4
D
QUESTION 28 You have an Azure subscription that contains an Azure Storage account. You plan to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent storage. You need to configure a storage service for Container1. What should you use? A. Azure Files B. Azure Blob storage C. Azure Queue storage D. Azure Table storage
D
VM metrics
Displays performance of VM. Ex) CPU Utilization %, Memory Utilization %, Response time, etc.
FIFO
First In, First Out 「先に入れたもの(古いもの)から出すよ!」なやり方のこと
Hard Disk Drive, Solid State Drive vs. Memory
HDD/SSD: Permanent computer storage. Memory/RAM: Working/temporary storage
LIFO
Last in first out 「後に入れたもの(新しいもの)から出すよ!」なやり方のこと
VM log
Logging actions within and performance of VM.
Azure Subscription
Logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc.
Azure Virtual Network Gateway
Need to make when connecting on-premises resources to cloud resources.
VM Availability Zone (AZ)
One or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities
Azure Ad License Blade
Place where you can add or remove licenses to/from users (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups)
Reverse Proxy Server
Placed in front of web servers, reverse proxy servers protect, hide, offload, and distribute access to web servers
Policy-based vs. Route-based VPN
Policy-based VPNs encrypt a subsection of traffic flowing through an interface as per configured policy in the access list. The policy dictates either some or all of the interesting traffic should traverse via VPN. In distinction to a Policy-based VPN, a Route-based VPN works on routed tunnel interfaces as the endpoints of the virtual network. All traffic passing through a tunnel interface is placed into the VPN. Rather than relying on an explicit policy to dictate which traffic enters the VPN, static and/or dynamic IP routes are formed to direct the desired traffic through the VPN tunnel interface. (https://ipwithease.com/difference-between-a-policy-based-vpn-and-a-route-based-vpn/)
Azure Custom Script Extension
Post deployment configuration, software installation or configuration/management tasks
Session Persistence
Routes an individual user's requests to the same server
Azure Active Directory/Office 365 group types
Security, Microsoft 365. (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal#group-types)
UDP vs TCP
UDP is a speed optimized protocol - for live streaming, video, etc. TCP is a protocol with more careful checking for important information. A key difference between TCP and UDP is speed, as TCP is comparatively slower than UDP. Overall, UDP is a much faster, simpler, and efficient protocol, however, retransmission of lost data packets is only possible with TCP.
Azure Blob storage vs. Azure Queue storage vs. Azure Table storage
Unstructured data such as images, video, or audio vs. messaging between application components vs. Unstructured, No SQL data store
SMB share
ある一定のネットワーク内で、複数のWindowsコンピューターがファイル共有やプリンタ共有を行うための通信プロトコル。
Queue vs Stack
キュー:先入先出な何か スタック:後入先出な何か
Authorization endpoint
ネットワークにつながっているパソコンとかサーバとかスマホとかのこと。ネットワークに接続されている端末のこと。
deploy
完成したプログラムを動かせる状態にする
Microsoft System Center Service Manager
組織がインシデントや問題を管理できるようにするMicrosoftのソフトウェア製品です。