AZ-104 V2

AZ-104 Microsoft Azure Administrator exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online AZ-104 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.

Home » Microsoft » AZ-104 V2

Topic 3, Contoso Ltd

Leave a comment

Topic 3, Contoso Ltd

Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

✑ File servers

✑ Domain controllers

✑ Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.

You have a public-facing application named App1.

App1 is comprised of the following three tiers:

✑ A SQL database

✑ A web front end

✑ A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

– Move all the tiers of App1 to Azure.

– Move the existing product blueprint files to Azure Blob storage.

– Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

✑ Move all the virtual machines for App1 to Azure.

✑ Minimize the number of open ports between the App1 tiers.

✑ Ensure that all the virtual machines for App1 are protected by backups.

✑ Copy the blueprint files to Azure over the Internet.

✑ Ensure that the blueprint files are stored in the archive storage tier.

✑ Ensure that partner access to the blueprint files is secured and temporary.

✑ Prevent user passwords or hashes of passwords from being stored in Azure.

✑ Use unmanaged standard storage for the hard disks of the virtual machines.

✑ Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

Minimize administrative effort whenever possible.

User Requirements

Contoso identifies the following requirements for users:

✑ Ensure that only users who are part of a group named Pilot can join devices to Azure AD.

✑ Designate a new user named Admin1 as the service administrator of the Azure subscription.

✑ Admin1 must receive email alerts regarding service outages.

✑ Ensure that a new user named User3 can create network objects for the Azure subscription.

HOTSPOT

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Statement 1: Yes

Contoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.

Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.

Statement 2: No

Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data.

Common uses of Table storage include:

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure

Leave a comment

HOTSPOT

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices-VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.

All Azure resources connected to a VNet have outbound connectivity to the Internet by default. Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.

What should you include in the recommended?

Leave a comment

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?
A . Azure AP B2C
B . Azure AD Identity Protection
C . an Azure logic app and the Microsoft Identity Management (MIM) client
D . dynamic groups and conditional access policies

Answer: D

Explanation:

Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user’s OU attribute will change when the admin puts the user in a new OU, and

the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate dynamic group on next AADC delta sync.

https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-

membership

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

What are two possible ways to achieve this goal?

Leave a comment

You have an azure subscription named Subscription that contains the resource groups shown in the following table.

In RG1, you create a virtual machine named VM1 in the East Asia location.

You plan to create a virtual network named VNET1.

You need to create VNET, and then connect VM1 to VNET1.

What are two possible ways to achieve this goal? Each correct answer presents a complete a solution. NOTE: Each correct selection is worth one point.
A . Create VNET1 in RG2, and then set East Asia as the location.
B . Create VNET1 in a new resource group in the West US location, and then set West US as the location.
C . Create VNET1 in RG1, and then set East Asia as the location
D . Create VNET1 in RG1, and then set East US as the location.
E . Create VNET1 in RG2, and then set East US as the location.

Answer: A,C

Explanation:

A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.

The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, also referred to as a region.

Note, Resource groups can span multiple Regions, but VNets only can hold resources (VMs, Network Adapters) that exists in the same region.

So in this scenario, you need to create VNET1 in any RG and set location as East Asia.

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure

Leave a comment

HOTSPOT

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Statement 1: Yes

All client computers in the Paris office will be joined to an Azure AD domain.

A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.

Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks. Automatic registration of virtual machines from a virtual network that’s linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.

Statement 2: Yes

A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network. As this is a registration network so this will work.

Statement 3: No

Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local

What should you create to store the password?

Leave a comment

You download an Azure Resource Manager template based on an existing virtual machine.

The template will be used to deploy 100 virtual machines.

You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

What should you create to store the password?
A . Azure Active Directory (AD) Identity Protection and an Azure policy
B . a Recovery Services vault and a backup policy
C . an Azure Key Vault and an access policy
D . an Azure Storage account and an access policy

Answer: C

Explanation:

You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.

References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

Which three actions should you perform in sequence?

Leave a comment

DRAG DROP

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.

The virtual networks n on-premises server named Server1 the configured as shown in the following table.

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Step 1: Remove peering between Vnet1 and VNet2.

You can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.

Step 2: Add the 10.44.0.0/16 address space to VNet1.

Step 3: Recreate peering between VNet1 and VNet2

References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

What should you do?

Leave a comment

HOTSPOT

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Box 1: Create a Recovery Services vault

Create a Recovery Services vault on the Azure Portal.

Box 2: Install the Azure Site Recovery Provider

Azure Site Recovery can be used to manage migration of on-premises machines to Azure.

Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.

Server2 has the Hyper-V host role.

References: https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

What should you use?

Leave a comment

You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.

What should you use?
A . Diagnose and solve problems in Traffic Manager profiles
B . Diagnostic settings in Azure Monitor
C . the security recommendations in Azure Advisor
D . Diagram in VNet1
E . IP flow verify in Azure Network Watcher

Answer: E