AZ-104試験無料問題集「Microsoft Azure Administrator 認定」

Drag and Drop Question
You have an Azure subscription that contains a resource group named RG1.
You plan to create an Azure Resource Manager (ARM) template to deploy a new virtual machine named VM1. VM1 must support the capture of performance data.
You need to specify resource dependencies for the ARM template.
In which order should you deploy the resources? To answer, move all resources from the list of resources to the answer area and arrange them in the correct order.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.
Does this meet the goal?

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?

You plan to create the Azure web apps shown in the following table.

What is the minimum number of App Service plans you should create for the web apps?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You set Admin user to Enable for Registry1.
Does this meet the goal?

Hotspot Question
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.

Adatum.com contains the users shown in the following table.

You assign an Azure Active Directory Premium P2 license to Group1 as shown in the following exhibit.

Group2 is NOT directly assigned a license.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?

You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions.
You need to ensure that you can view all the resources in all the subscriptions.
What should you do?

You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2.
In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016.
Server1 uses managed disks.
You need to move Server1 to Subscription2. The solution must minimize administration effort.
What should you do first?

Drag and Drop Question
You create an Azure Migrate project named TestMig in a resource group named test-migration.
You need to discover which on-premises virtual machines to assess for migration.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.

Which cmdtet should you run to deploy the template?

Hotspot Question
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier.
Which storage accounts should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Hotspot Question
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Access Control tab.)

You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Tenant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances.
At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?

Case Study 6 - ADatum Corporation
Overview
ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York.
Existing Environment
Azure Environment
ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3.
The subscription contains the storage accounts shown in the following table.

The subscription contains the virtual machines shown in the following table.

The subscription has an Azure container registry that contains the images shown in the following table.

The subscription contains the resources shown in the following table.

Azure Key Vault
The subscription contains an Azure key vault named Vault1.
Vault1 contains the certificates shown in the following table.

Vault1 contains the keys shown in the following table.

Microsoft Entra Environment
ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.

The tenant contains the groups shown in the following table.

The adatum.com tenant has a custom security attribute named Attribute1.
Planned Changes
ADatum plans to implement the following changes:
- Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.
- In storage1, create a new container named cont2 that has the following access policies:
o Three stored access policies named Stored1, Stored2, and Stored3
o A legal hold for immutable blob storage
- Whenever possible, use directories to organize storage account content.
- Grant User1 the permissions required to link Zone1 to VNet1.
- Assign Attribute1 to supported adatum.com resources.
- In storage2, create an encryption scope named Scope1.
- Deploy new containers by using Image1 or Image2.
Technical Requirements
ADatum must meet the following technical requirements:
- Use TLS for WebApp1.
- Follow the principle of least privilege.
- Grant permissions at the required scope only.
- Ensure that Scope1 is used to encrypt storage services.
- Use Azure Backup to back up cont1 and share1 as frequently as possible.
- Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.
Hotspot Question
You implement the planned changes for cont2.
What is the maximum number of additional access policies you can create for cont2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Your company has a Microsoft Azure subscription.
The company has datacenters in Los Angeles and New York.
You are configuring the two datacenters as geo-clustered sites for site resiliency.
You need to recommend an Azure storage redundancy option.
You have the following data storage requirements:
- Data must be stored on multiple nodes.
- Data must be stored on nodes in separate geographic locations.
- Data can be read from the secondary location as well as from the
primary location.
Which of the following Azure stored redundancy options should you recommend?

You have an Azure App Service app named App1 that contains two running instances.
You have an autoscale rule configured as shown in the following exhibit.

For the Instance limits scale condition setting, you set Maximum to 5.
During a 30-minute period, App1 uses 80 percent of the available memory.
What is the maximum number of instances for App1 during the 30-minute period?

Your company has an Azure subscription.
You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates.
You have been informed that the VMs will be included in a single availability set.
You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance.
Which of the following is the value that you should configure for the platformFaultDomainCount property?

Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
- File servers
- Domain controllers
- Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
- A SQL database
- A web front end
- A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
- Move all the tiers of App1 to Azure.
- Move the existing product blueprint files to Azure Blob storage.
- Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.
- Ensure that all the virtual machines for App1 are protected by
backups.
- Copy the blueprint files to Azure over the Internet.
- Ensure that the blueprint files are stored in the archive storage
tier.
- Ensure that partner access to the blueprint files is secured and
temporary.
- Prevent user passwords or hashes of passwords from being stored in
Azure.
- Use unmanaged standard storage for the hard disks of the
virtualmachines.
- Ensure that when users join devices to Azure Active Directory (Azure
AD), the users use a mobile phone to verify their identity.
- Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
- Ensure that only users who are part of a group named Pilot can join
devices to Azure AD.
- Designate a new user named Admin1 as the service administrator of the Azure subscription.
- Ensure that a new user named User3 can create network objects for the Azure subscription.
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?