AZ-104: Microsoft Azure Administrator
Which option preserves data residency, and offers comprehensive compliance and resiliency options? -Azure Active Directory (Azure AD) Account -Regions -Subscriptions
Regions -Regions preserve data residency, and offer comprehensive compliance and resiliency options for customers.
Suppose a developer needs full access to a resource group. If you are following least-privilege best practices, what scope should you specify? -Resource -Resource group -Subscription
Resource group -Following least-privilege best practices, you grant only the access the user needs to do their job. In this case, you should set the scope to the resource group.
Which of the following is true about resource groups? -Resources can be in only one resource group. -Role-based access control can't be applied to a resource group -Resource groups can be nested.
Resources can be in only one resource group. -True. Resources can be in only one resource group.
Which parameter value can you add to most CLI commands to get concise, formatted output? -list -table -group
table -The table parameter formats the output as a table. This can make things much more readable for commands that produce a large amount of output.
Which App Service Plan can you implement to support the infrastructure team's requirements? -Basic -Standard -Premium
Premium - The Premium App Service plan meets the requirements of scaling to 5 instances and 100 GB of disk storage.
A subnet has address range 10.3.0.0/16. Which IP address can be dynamically assigned? -10.3.0.2 -10.3.255.255 -10.3.255.254
10.3.255.254 - Any address in the range 10.3.0.4 through 10.3.255.254 is available for assignment.
How soon do Custom Script Extensions time out? -30 minutes -90 minutes -120 minutes
90 minutes -Custom Script Extensions time out after 90 minutes. Always consider the time-out period when planning the scope of your script.
Which of the following situations would be good example of when to use a resource lock? -A ExpressRoute circuit with connectivity back to the on-premises network. -A non-production virtual machine used to test occasional application builds. -A storage account used to temporarily store images processed in a development environment.
A ExpressRoute circuit with connectivity back to the on-premises network. -An ExpressRoute Circuit is a critical resources Resource locks prevent other users in the organization from accidentally deleting or modifying critical resources.
What is an Azure Resource Manager template? -A series of Azure CLI commands to deploy infrastructure to Azure. -A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment. -A script used by the Azure Resource Manager to manage the Azure storage account.
A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment. -An Azure Resource Manager template is a JSON file that defines the infrastructure and configuration for the deployment. Templates declare what will be deployed without having to write the sequence of programming commands to create it.
What is an Azure Resource Manager template? -A series of Azure CLI commands to deploy infrastructure to Azure. -A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your deployment. -A script held in Azure Resource Manager to manage your Azure storage account.
A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your deployment. -An Azure Resource Manager template is a JSON file that defines the infrastructure and configuration for your deployment. ARM templates allow you to declare what you intend to deploy without having to write the sequence of programming commands to create it.
What is a role definition in Azure? -A collection of permissions with a name that is assignable to a user, group, or application -The collection of users, groups, or applications that have permissions to a role -The binding of a role to a security principal at a specific scope, to grant access
A collection of permissions with a name that is assignable to a user, group, or application -A role definition in Azure is a collection of permissions with a name that you can assign to a user, group, or application.
What kind of account would you create to allow an external organization easy access? -A guest user account for each member of the external team. -An external account for each member of the external team. What is a role definition in Azure? -A collection of permissions with a name that is assignable to a user, group, or application -The collection of users, groups, or applications that have permissions to a role -The binding of a role to a security principal at a specific scope, to grant access
A guest user account for each member of the external team. -A guest user account restricts users to just the access they need.
What type of user account allows an external organization to access your resources? -A Contributor user account for each member of the team. -An administrator account for each member of the team. -A guest user account for each member of the external team.
A guest user account for each member of the external team. -A guest user account restricts users to just the access they need.
What is Azure Automation State Configuration? A declarative management platform to configure, deploy, and control systems. -A service used to write, manage, and compile PowerShell Desired State -Configuration (DSC) configurations, import DSC resources, and assign configurations to target nodes. -A service that manages the state configuration on each destination, or node.
A service used to write, manage, and compile PowerShell Desired State Configuration (DSC) configurations, import DSC resources, and assign configurations to target nodes. -Azure Automation State Configuration enables you to ensure that all virtual machines in a collection are in the same consistent state.
Triggering a webhook at 8:00 AM on Saturday is an example of what type of rule? -A metric-based rule. -A time-based rule. -An app-insight rule.
A time-based rule. -Time-based rules allow scaling based on time patterns.
Suppose you have a script that creates several VMs with different images. When the script issues the command to create the first VM you do not want to block the script while the VM is created, instead you want the script to immediately move on to the next command. What is the best way to do this? -Add the '--async' argument to your create command. -Use the ampersand (&) to run the process in the background. -Add the '--no-wait' argument to your create command.
Add the '--no-wait' argument to your create command. -Adding '--no-wait' will cause 'azure VM create' to return immediately without waiting for the VM to actually be created.
What's the default network rule when configuring network access to an Azure storage account? -Allow all connections from all networks. -Allow all connection from a private IP address range. -Deny all connections from all networks.
Allow all connections from all networks. -The default network rule is to allow all connections from all networks.
Which of the following rules is a default inbound security rule? -Allow inbound coming from any VM to any other VM within the virtual network. -Allow inbound coming from a VM in another virtual network. -Allow traffic from any external source to any of the VMs.
Allow inbound coming from any VM to any other VM within the virtual network. -By default, inbound security rules allow traffic from any VM to any other VM within the virtual network.
The company financial controller wants to identify which billing department each Azure resource belongs to. Which approach enables this requirement? -Track resource usage in a spreadsheet. -Place the resources in different regions. -Apply a tag to each resource that includes the associated billing department.
Apply a tag to each resource that includes the associated billing department. -Tags provide extra information, or metadata, about your resources. The team might create a tag named BillingDept, where the value is the name of the billing department. Azure Policy ensures that the proper tags are assigned when resources are provisioned.
What's included in a custom Azure role definition? -Assignment of a custom role -Actions and DataActions operations scoped to the tenant level -Operations allowed for Azure resources, and scope of permissions
Assign the admin to the Contributor role on VM3. - When you assign the Contributor role to the specific resource, the admin can change the settings on that resource; in this case, VM3.
Suppose an administrator in another department needs access to a virtual machine managed by your department. What's the best way to grant them access to just that resource? -At the resource scope, create a role for them with the appropriate access. -At the resource group scope, assign the role with the appropriate access. -At the resource scope, assign the role with the appropriate access.
At the resource scope, assign the role with the appropriate access. -For this scenario, at the virtual machine scope, assign one of the built-in roles that grants the appropriate access for the administrator.
Suppose you have an application running on a Windows virtual machine in Azure. What is the best-practice guidance on where the app should store data files? -OS disk (C:) -Temporary disk (D:) -Attached data disk
Attached data disk -Dedicated data disks are generally considered the best place to store application data files. They can be larger than OS disks and you can optimize them for the cost and performance characteristics appropriate for your data.
Which storage approach can help resolve the concerns of the finance team? -The Azure CLI -AzCopy -Azure Storage Explorer
AzCopy -AzCopy is ideal for transferring large files because the tool can run in the background.
Which choice correctly describes Azure Active Directory? -Azure AD can be queried through LDAP. -Azure AD is primarily an identity solution. -Azure AD uses organizational units (OUs) and group policy objects (GPOs).
Azure AD is primarily an identity solution. -Azure AD is primarily an identity solution. It's designed for internet-based applications by using HTTP and HTTPS communications.
How can you support the Marketing team requests about research web page usage? -Continuous deployment -Application logging -Azure Application Insights
Azure Application Insights - Application Insights meets all the requirements. The product can also determine which web pages perform best.
What happens if the same template is run a second time? -Azure Resource Manager will deploy new resources as copies of the previously deployed resources. -Azure Resource Manager won't make any changes to the deployed resources. -Azure Resource Manager will delete the previously deployed resources and redeploy them.
Azure Resource Manager won't make any changes to the deployed resources. - If the resource already exists and no change is detected in the properties, no action is taken. If the resource already exists and a property has changed, the resource is updated. If the resource doesn't exist, it's created.
Azure Resource Manager templates are idempotent. This means that if you run a template with no changes a second time: -Azure Resource Manager will deploy new resources as copies of the previously deployed resources. -Azure Resource Manager won't make any changes to the deployed resources. -Azure Resource Manager will delete the previously deployed resources and redeploy them.
Azure Resource Manager won't make any changes to the deployed resources. -If the resource already exists and no change is detected in the properties, no action is taken. If the resource already exists and a property has changed, the resource is updated. If the resource doesn't exist, it's created.
What storage tool satisfies the request of the manufacturing department? -Azure Data Box -Robocopy -Azure Storage Explorer
Azure Storage Explorer -Azure Storage Explorer is the best choice for the manufacturing department because they don't want to access the files through the Azure portal.
Which statement about Azure VNets is correct? -Outbound communication with the internet must be configured for each resource on the VNet. -Azure VNets enable communication between Azure resources. -Azure VNets can't be configured to communicate with on-premises resources.
Azure VNets enable communication between Azure resources. - Virtual Networks can connect Azure resources including VMs, the App Service Environment, Azure Kubernetes Service, and Azure Virtual Machine Scale Sets. You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts.
Suppose you are building a video-editing application that will offer online storage for user-generated video content. You will store the videos in Azure Blobs, so you need to create an Azure storage account to contain the blobs. Once the storage account is in place, it is unlikely you would remove and recreate it because this would delete all the user videos. Which tool is likely to offer the quickest and easiest way to create the storage account? -Azure portal -Azure CLI -Azure PowerShell
Azure portal -The portal is a good choice for one-off operations like creating a long-lived storage account. The portal gives you a GUI containing all the storage-account properties and provides tool tips to help you select the right options for your needs.
Your company is building a video-editing application that will offer online storage for user-generated video content. The videos will be stored in Azure Blobs. An Azure storage account will contain the blobs. It's unlikely the storage account would ever need to be removed and recreated. Which tool is likely to offer the quickest and easiest way to create the storage account? -Azure portal -Azure CLI -Azure PowerShell
Azure portal -The portal is a good choice for one-off operations like creating a long-lived storage account. The portal provides a GUI containing all the storage-account properties and provides tool tips to help select the right options for the organization's needs.
A new project has several resources that need to be administered together. Which of the following strategies would provide a good solution? -Azure templates -Azure resource groups -Azure subscriptions
Azure resource groups - Resource groups make administering resources easy.
Explain the main differences between Azure roles and Azure Active Directory (Azure AD) roles. -Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. -Azure roles can be assigned at the root level. -Azure AD roles are used to manage access to Azure resources.
Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. -Azure roles are used to manage access to VMs, storage, and other Azure resources. Azure AD roles are used to manage access to Azure AD resources like user accounts and passwords.
What term defines a dedicated and trusted instance of Azure Active Directory? -Azure tenant -Identity -Azure AD account
Azure tenant -A tenant is a dedicated and trusted instance of Azure AD. A tenant is automatically created when an organization signs up for a Microsoft cloud service subscription.
Which of the following options is a feature of Azure Container Instances? -Container Instances require several minutes to load. -Container Instances use Azure Blob Storage for retrieve and persist state. -Billing for Container Instances occurs when containers are in use.
Billing for Container Instances occurs when containers are in use. -Organizations are only billed when their Container Instances are in use.
The Azure CLI can be installed on which of the following? -Linux -Windows -Both Linux and Windows
Both Linux and Windows - The CLI is cross-platform and can be installed on Linux, macOS, and Windows. After installation, the CLI commands are the same on every platform.
What implementation ensures container software runs the same locally and in the cloud on Azure? -Docker -Container groups -Container Instances
Docker - Docker guarantees that containerized software always runs the same locally on Windows or Linux, and in the cloud on Azure.
Which of the following statements correctly describes cloud tiering? -Cloud tiering prioritizes the sync order of file shares. -Cloud tiering sets the frequency at which the sync job runs. -Cloud tiering archives infrequently access files to free up space on the local file share.
Cloud tiering archives infrequently access files to free up space on the local file share. -Cloud tiering allows frequently accessed files to be cached on the local server. Infrequently accessed files are tiered or archived to the Azure Files share according to the policy created.
The infrastructure team is configuring networking for the Azure Kubernetes service. Which service would be best for internal-only applications that support other workloads within the cluster? -LoadBalancer -ClusterIP -NodePort
ClusterIP -ClusterIP creates an internal IP address for use within the AKS cluster.
Which virtual machine is best for running a network appliance? -Memory-optimized virtual machine -Compute-optimized virtual machine -Storage-optimized virtual machine
Compute-optimized virtual machine - Compute-optimized virtual machines are designed to have a high CPU-to-memory ratio. These virtual machines are suitable for medium traffic web servers, network appliances, batch processes, and application servers.
For the security requirements, how can you connect to Azure Linux virtual machines and install software? -Configure a guest configuration on the virtual machine. -Create a custom script extension. -Configure Azure Bastion.
Configure Azure Bastion. -Azure Bastion is a fully platform-managed PaaS service provisioned inside a virtual network. Azure Bastion provides secure and seamless RDP and SSH connectivity to virtual machines. The access uses the Azure portal and SSL.
Another Administrator is managing Azure locally using PowerShell. They have launched PowerShell as an Administrator. Which of the following commands should be executed first? -Connect-AzAccount -Get-AzResourceGroup -Get-AzSubscription
Connect-AzAccount - So, the first thing to do is to connect to Azure and provide the user credentials.
When you clone a configuration from another deployment slot, which configuration setting follows the content across the swap? -Custom domain names -Connection strings -Scale settings
Connection strings -Connections strings follow the content across the swap.
Suppose an administrator wants to assign a role to allow a user to create and manage Azure resources but not be able to grant access to others. Which of the following built-in roles would support this? -Owner -Contributor -Reader -User Access Administrator
Contributor -A contributor can create and manage all types of Azure resources, but they can't grant access to other users.
The company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which approach supports this request? -Create an Azure reservation. -Create a budget and a spending threshold. -Create a management group.
Create a budget and a spending threshold. - Create a budget and a spending threshold. Billing Alerts help your monitor and manage billing activity for your Azure accounts. Budget thresholds can be evaluated and are reset automatically at the end of a period.
How can you ensure that only cost-effective virtual machine SKU sizes are deployed? -Periodically inspect the deployment to see which SKU sizes are used -Create an Azure RBAC role that defines the allowed virtual machine SKU sizes -Create a policy in Azure Policy that specifies the allowed SKU sizes
Create a policy in Azure Policy that specifies the allowed SKU sizes -There's a built-in Azure policy to specify the allowed virtual machine SKU sizes. After the policy is enabled, it's applied whenever a virtual machine is created or resized.
There are several Azure policies that need to be applied to a new branch office. What's the best approach? -Create a management group -Create a policy initiative -Create a policy definition
Create a policy initiative -A policy initiative is a set of policy definitions that could be applied to the new branch office.
To satisfy the finance team's request for billing by department, multiple resource groups have been created and the resource tags applied. What's the next step? -Create a management group -Create an Azure policy -Review the Azure Policy compliance page
Create an Azure policy -An Azure policy requires that a resource tag is applied before the resource is created.
Which solution is the easiest way to implement secure storage for the company's media files? -Create a shared access signature (SAS) for each user and delete the SAS to prevent access. -Create stored access policies for each container to enable revocation of access or change of duration. -Periodically regenerate the account key to control access to the files.
Create stored access policies for each container to enable revocation of access or change of duration. - The SAS changes access based on permissions or duration by replacing the stored access policy with a new one, or by deleting the stored access policy altogether to revoke access.
What is the final rule that is applied in every Network Security Group? -Allow All -Deny All -You configure the final rule to your needs
Deny All -This is a safe choice. It will block all traffic that you don't specifically allow.
A PowerShell DSC script ______________. -Contains the steps required to configure a virtual machine to get it into a specified state. -Is idempotent. -Describes the desired state.
Describes the desired state. -A PowerShell DSC script is declarative. It describes the desired state but doesn't include the steps necessary to achieve that state.
What option can the infrastructure team use for their IIS configuration instead of Custom Script Extensions? -Desired State Configuration -Virtual machine extension -Windows update
Desired State Configuration -Desired State Configuration is a good choice for installing virtual machine features.
How can you ensure more virtual machines are deployed for the Admin team when the CPU is 75% consumed? -Manually increase the instance count. -Change the CPU percentage to 50%. -Enable the autoscale option.
Enable the autoscale option. -To meet the Admin team scenario requirements, enable the autoscale option so more virtual machines are created when the CPU is 75% consumed.
True or false: The Azure portal, the Azure CLI, and Azure PowerShell offer significantly different services, so it is unlikely that all three will support the operation you need. -True -False
False -The three tools offer almost the same set of services. Generally, this is not a factor in deciding which tool is best for your tasks.
Which option is a valid automated deployment source? -GitHub -JavaScript code -SharePoint
GitHub -Azure currently supports Azure DevOps, GitHub, Bitbucket, OneDrive, Dropbox, and external Git repositories.
Which Azure AD role enables a user to manage all groups in your Teams tenants, and also assign other admin roles? -Global administrator -Security administrator -User administrator
Global administrator -The Global Administrator role manages all aspects of Azure AD and Microsoft services that use Azure AD identities. This role can manage groups across tenants and assign other administrator roles.
Suppose a team member can't view resources in a resource group. Where would the administrator go to check the team member's access? -Check the team member's permissions by going to their Azure profile > My permissions. -Go to the resource group and select Access control (IAM) > Check Access. -Go to one of the resources in the resource group and select Role assignments.
Go to the resource group and select Access control (IAM) > Check Access. -Find the list of role of assignments on the resource group.
Which of the following changes between access tiers happens immediately? -Hot tier to cool tier -Archive tier to cool tier -Archive tier to hot tier
Hot tier to cool tier - Changes between the hot and cool tiers, and to the archive tier, happen immediately
Your users want to sign-in to devices, apps, and services from anywhere. Users want to sign-in by using an organizational work or school account instead of a personal account. What should you do first? -Enable the device in Azure AD. -Join the device to Azure AD. -Register the device with Azure AD.
Join the device to Azure AD. - Joining the device provides the features you need.
What's the best storage account solution to support the requirements of the manufacturing division? -Locally redundant storage -Geo-redundant storage -Zone-redundant storage
Locally redundant storage - Locally redundant storage is the best choice. It's the lowest cost solution, the data is being continuously created, and data loss isn't an issue.
What is the inheritance order for scope in Azure? -Management group, Resource group, Subscription, Resource -Management group, Subscription, Resource group, Resource -Subscription, Management group, Resource group, Resource -Subscription, Resource group, Management group, Resource
Management group, Subscription, Resource group, Resource -The inheritance order for scope is Management group, Subscription, Resource group, Resource. For example, if you assigned a Contributor role to a group at the Subscription scope level, it will be inherited by all Resource groups and Resources.
Which option can you use to manage governance across multiple Azure subscriptions? -Azure initiatives -Resource groups -Management groups
Management groups -Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group.
How would you describe blob object replication? -Blob object replication doesn't require versioning to be enabled. -OBlob object replication doesn't support blob snapshots. -Blob object replication is supported in the archive tier.
OBlob object replication doesn't support blob snapshots. - Any snapshots on a blob in the source account aren't replicated to the destination account.
What do you need to install on your machine to let you execute Azure CLI commands locally? -The Azure Cloud Shell -The Azure CLI and Azure PowerShell -Only the Azure CLI
Only the Azure CLI -You only need to install the Azure CLI. You will use a shell to issue the CLI commands, but every platform has at least one built-in shell.
You have three virtual machines (VM1, VM2, VM3) in a resource group. A new admin is hired, and they need to be able to modify settings on VM3. They shouldn't be able to make changes to VM1 or VM2. How can you implement RBAC to minimize administrative overhead? -Assign the admin to the Contributor role on the resource group. -Assign the admin to the Contributor role on VM3. -Move VM3 to a new resource group, and then assign the admin to the Owner role on VM3.
Operations allowed for Azure resources, and scope of permissions -A custom role definition includes the allowed operations, such as read, write, and delete for Azure resources. The custom role definition also includes the scope of these permissions.
What effect do the default network security settings have on a new virtual machine? -Outbound requests are allowed. Inbound traffic is allowed only from within the virtual network. -No outbound and inbound requests are allowed. -There are no restrictions. All outbound and inbound requests are allowed.
Outbound requests are allowed. Inbound traffic is allowed only from within the virtual network. - Outbound requests are considered low risk, so they're allowed by default. Inbound traffic from within the virtual network is allowed.
Which of the following parameters is an element in the template schema? -Includes -Scripts -Outputs
Outputs -Outputs are part of the template schema. Outputs are used to return values from the deployed resources. 3. What happens if the same template i
The leadership team has decided to move all services to Azure Kubernetes service. Which of component contributes to the monthly Azure charge? -Master node -Per deployed pod -Per node VM
Per node VM -With Kubernetes organizations only pay for the virtual machine instances, storage, and networking resources consumed by the cluster.
Your public-facing static website stores all its public UI images in blob storage. The website needs to display the graphics without any kind of authorization. Which is the best option? -Public access -Shared key -Shared access signature
Public access -This option requires the least effort to implement. There are no credentials that need to be stored or managed. For this website, it's the best option.
Why should you use pull mode instead of push mode for DSC? -Pull mode is best for complex environments that need redundancy and scale. -Pull mode is easy to set up and doesn't need its own dedicated infrastructure. -Pull mode uses the local configuration manager (LCM) to make sure that the state on each node matches the state specified by the configuration.
Pull mode is best for complex environments that need redundancy and scale. -The local configuration manager (LCM) on each node automatically polls the pull server at regular intervals to get the latest configuration details. In push mode, an administrator manually sends the configurations toward the nodes.
When creating a Windows virtual machine in Azure, which port would you open using the INBOUND PORT RULES in order to allow remote-desktop access? -HTTPS -SSH (22) -RDP (3389)
RDP (3389) -The Remote Desktop Protocol (RDP) uses port 3389 by default so this port is the standard port you would open if you wanted to use an RDP client to administer your Windows virtual machines.
Which storage solution replicates data to a secondary region, maintains six copies of the data, and is the default replication option? -Locally redundant storage -Read-access geo-redundant storage -Zone-redundant storage
Read-access geo-redundant storage -Read-access geo-redundant storage is the default replication option. Geo-redundant storage (GRS) copies the data synchronously three times within a single physical location in the primary region by using LRS. The data is then copied asynchronously to a single physical location in the secondary region.
What scaling option provides more CPU, memory, or disk space without adding more virtual machines? -Scale up -Scale out -Scale back
Scale up - Scale up gives more CPU, memory, and disk space. You can scale up by changing the pricing tier of the App Service plan.
Which Virtual Machine Scale Sets feature can be configured to add more DevOps machines during peak production? -Schedule-based rules -Autoscale -Metric-based rules
Schedule-based rules - With schedule-based rules, administrators proactively schedule the scale set to deploy one or any number of instances.
Suppose an administrator needs to generate a report of the role assignments for the last week. Where in the Azure portal would they generate that report? -Search for Activity log and filter on the Create role assignment (roleAssignments) operation. -At the appropriate scope, go to Access control (IAM) > Download role assignments. -At the appropriate scope, go to Access control (IAM) > Role assignments.
Search for Activity log and filter on the Create role assignment (roleAssignments) operation. -In the Activity log, filter on the Operation name field to find role assignments.
What kind of group account can you create so you can apply the same permissions to all group members? -Security group -Azure AD bulk group -Microsoft 365 group
Security group -You can create a security group for a specific security policy and apply the same permissions to all members of the group.
Which of the following isn't a valid automated deployment source? -GitHub -Azure DevOps -SharePoint
SharePoint -Azure currently supports Azure DevOps, GitHub, Bitbucket, OneDrive, Dropbox, and external Git repositories
The infrastructure team has implemented firewall rules to deny traffic based on IP address ranges. Which feature meets the requirement? -Dynamically assigned IP addresses. -Statically assigned IP addresses. -IP addresses in the reserved range.
Statically assigned IP addresses. - In this situation, use statically assigned IP addresses to avoid having to change the Firewall rules.
How is the Azure File Sync agent installed and used? -The Azure File Sync agent is installed on a server to enable Azure File Sync replication between the local file share and an Azure Files share. -The Azure File Sync agent is installed on a server to set NTFS permissions on files and folders. -The Azure File Sync agent is installed on an Azure Files share to control on-premises file and folder replication traffic.
The Azure File Sync agent is installed on a server to enable Azure File Sync replication between the local file share and an Azure Files share. -The Azure File Sync agent is a downloadable package that enables a Windows Server file share to be synced with an Azure Files share.
What statement best describes Azure Blob Storage access tiers? -The cool access tier is for frequent access of objects in the storage account. -The hot access tier is for storing large amounts of data that's infrequently accessed. -The administrator can switch between hot and cool performance tiers at any time.
The administrator can switch between hot and cool performance tiers at any time. -The administrator can switch between hot and cool performance tiers at any time.
What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally? -The Azure cloud shell -The base PowerShell product and the Az module -The Azure CLI and Azure PowerShell
The base PowerShell product and the Az module -You need both the base PowerShell product and the Az module. The base product gives you the shell itself, a few core commands, and programming constructs like loops, variables, etc. The Az modules adds the cmdlets you need to work with Azure resources. The Azure CLI and Azure PowerShell
The infrastructure team has two NSG security rules for inbound traffic to the backend web servers. There's an allow rule with a priority of 200. And, there's a deny rule with a priority of 150. Which rule takes precedence? -The allow rule takes precedence. -The deny rule takes precedence. -The rule that was created first takes precedence.
The deny rule takes precedence. -The deny rule takes precedence because it's processed first. The rule with priority 150 is processed before the rule with priority 200.
The admin team needs to know the requirements for storage account names. To what extent does a storage account name need to be unique? -The name must be unique within the containing resource group. -The name must be unique within the organization's subscription. -The name must be globally unique.
The name must be globally unique. -The storage account name is used as part of the URI for API access, so it must be globally unique.
If you delete a user account by mistake, can it be restored? -When a user account is deleted, it's gone forever and can't be restored. -The user account can be restored, but only if it was created within the last 30 days. -The user account can be restored, but only if it was deleted within the last 30 days.
The user account can be restored, but only if it was deleted within the last 30 days. -A user account can be restored as long as it's been deleted within the last 30 days. Go to the deleted user list to see the list of all of the deleted users.
True or false: Azure App service can automatically scale your web application to meet traffic demand? -True -False
True -Azure App service has built-in auto scale support and will increase or decrease the resources allocated to run your app as needed, depending on the demand.
Suppose you're an administrator of several Azure virtual machines. You get a text message indicating some problems with your VMs. You are at a friend's house and only have your tablet with you. True or false: you'll still be able to access the Azure CLI using the tablet, even though you can't install the CLI on it. -True -False
True -The Azure Cloud Shell is available in the browser and runs with the full Azure CLI. If you prefer Powershell, the Azure Cloud Shell has that as well.
True or false: The Azure CLI can be installed on Linux, macOS, and Windows, and the CLI commands you use are the same in all platforms. -True -False
True -The CLI is cross-platform and can be installed on Linux, macOS, and Windows. After installation, the CLI commands that you run are the same everywhere. This means you can learn the commands once and use them with any local installation or in the Azure Cloud Shell.
Your organization has an internal system to share patient appointment information and notes. You can secure the access based on a user's membership in an Azure Active Directory (Azure AD) group. Which kind of authorization supports this scenario best, and why? -Use a shared access signature (SAS) token. You use the Azure AD credentials and a user delegation SAS token. -Use Azure Active Directory. By using Azure AD, you can create a service principal to authenticate the app. -Use a shared key. The Azure Storage account can create and revoke keys that will be used in your app.
Use Azure Active Directory. By using Azure AD, you can create a service principal to authenticate the app. -This option is the best because no code or configuration files need to store credentials. Access is controlled with Azure AD and can be extended or revoked without requiring any code changes.
What's the best way to sync files stored on the manufacturing warehouse machines with the cloud? -Create an Azure Files share and directly mount shares on the machines in the warehouse. -Use a machine in the warehouse to host a file share, install Azure File Sync, and share a drive with the rest of the warehouse. -Install Azure File Sync on every machine in the warehouse and also in the main office.
Use a machine in the warehouse to host a file share, install Azure File Sync, and share a drive with the rest of the warehouse. -This answer is the best option. The low bandwidth means Azure File Sync can handle the updating and syncing of files efficiently over the low-bandwidth network.
What's the best way to implement secure access to Azure Storage for the company's users? -Use shared access signatures for the production applications. -Use access keys for the production applications. -Use stored access policies for the production applications.
Use access keys for the production applications. -Access keys provide unrestricted access to the storage resources, which is the requirement for production applications in this scenario.
How can admins move the data in the existing storage account to the new storage account? -Use the AzCopy command-line tool -Use the Azure portal -Use the Robocopy command-line tool
Use the AzCopy command-line tool -The key task for the admins is to move data between storage accounts. The AzCopy tool can work with two different storage accounts. The other tools don't copy data between storage accounts. Azure Storage Explorer is another tool that can be used to copy data between storage accounts.
When you enable SSPR for your Azure AD organization... -Users can only change their password when they're signed in -Admins can reset their password by using one authentication method -Users can reset their passwords when they can't sign in
Users can reset their passwords when they can't sign in -If the user passes the authentication tests, then they can reset their password.
What types of scaling can you use to increase the CPU capacity for your existing Virtual Machine Scale Sets instances? -Horizontal scaling -Vertical scaling -Load balancing
Vertical scaling - Vertical scaling increases the capacity of existing instances within Azure Virtual Machine Scale Sets.
Which of the following options is a small application that provides post-deployment configuration and automation tasks for Azure Virtual Machines? -Automation State Configuration -Desired State Configuration -Virtual machine extensions
Virtual machine extensions -Virtual machine extensions are small applications that automate the tasks of creating, maintaining, and removing virtual machines.
Why should you select virtual machines over containers for your configuration? -Virtual machines run the user mode portion of an operating system and can be tailored to contain just the needed services for your app. -Virtual machines provide complete isolation from the host operating system and other virtual machines. -Virtual machines use Azure Disks for local storage for a single node.
Virtual machines provide complete isolation from the host operating system and other virtual machines. -Azure containers only provide lightweight isolation from the host.
Which of the following tags is a valid service tag for network security group rules? -VirtualNetwork -VPN Gateway -Database
VirtualNetwork -VirtualNetwork is a valid service tag. Service tags represent a group of IP addresses. Other service tags are Internet, SQL, Storage, AzureLoadBalancer, and AzureTrafficManager.
When is a user considered registered for SSPR? -When they've registered at least one of the permitted authentication methods -When they've registered at least the number of methods that you've required to reset a password -When they've set up the minimum number of security questions
When they've registered at least the number of methods that you've required to reset a password -A user is considered registered for SSPR when they've registered at least the number of methods that you've required to reset a password. You can set this number in the Azure portal.
Most Azure commands return JSON by default. Sometimes this data set can be very large which makes it difficult to read and tricky to use the result of one command as input to another command. What can you use with Azure CLI to filter the results to get only the data that you need? -You can use the '--query' argument. -You can use the '--filter' argument. -You can pipe the results to a JSON parsing utility and use filtering capability there.
You can use the '--query' argument. -All Azure commands support the '--query' argument which lets you select the useful data in any Azure command response.
Which one of these is not an element of an Azure Resource Manager template? -idempotent -schema -parameters
idempotent -The elements of an Azure Resource Manager template are schema, contentVersion, apiProfile, parameters, variables, functions, resources, and output.
Which Kubernetes agent that processes the orchestration requests and schedules running the requested containers? -container -node -kubelet
kubelet -The kubelet is the Kubernetes agent that processes the orchestration requests from the Azure-managed node.