AZ-104試験無料問題集「Microsoft Azure Administrator 認定」
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, those questions will not appear in the review screen.
You have a Microsoft Entra tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk create user operation.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, those questions will not appear in the review screen.
You have a Microsoft Entra tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk create user operation.
Does this meet the goal?
正解:A
解答を投票する
You have an Azure subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.
Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You assign User1 the roles shown in the following exhibit.
Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:A,E
解答を投票する
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: 5
A public and a private IP address can be assigned to a single network interface.
Box 2: 1
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-addresses
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.
You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.
Which A records will be added to the adatum.com zone for each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.
Which A records will be added to the adatum.com zone for each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a service endpoint policy named policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription.
Fow each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The subscription contains the subnets shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a service endpoint policy named policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription.
Fow each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Policy1 can be applied to Subnet3. = YES
Only storage1 and storage2 can be accessed from VNet2. = NO
Only storage2 can be accessed from VNet3. = Yes
According to the Microsoft documentation, a service endpoint policy can be applied to any subnet in a virtual network that has a service endpoint enabled for the same service as the policy. In your scenario, Subnet3 has a service endpoint enabled for Microsoft.Storage, which is the same service as policy1. Therefore, policy1 can be applied to Subnet3.
According to the Microsoft documentation, when you configure network rules for a storage account, you can limit access to your storage account to requests that come from specified IP addresses, IP ranges, subnets in an Azure virtual network, or resource instances of some Azure services. In your scenario, storage1 and storage2 have network rules that allow access from Subnet1 and Subnet2 respectively. However, this does not mean that only these subnets can access the storage accounts. Other subnets or resources that have the same IP range or resource ID as Subnet1 or Subnet2 can also access the storage accounts. For example, Subnet4 in VNet2 has the same IP range as Subnet1 in VNet1, so it can also access storage1. Similarly, Subnet5 in VNet3 has the same IP range as Subnet2 in VNet1, so it can also access storage2. Therefore, only storage1 and storage2 cannot be accessed from VNet2.
According to the Microsoft documentation, when you create a private endpoint for a storage account, you assign a private IP address from your virtual network to the storage account. This enables secure traffic between your virtual network and the storage account over a private link. In your scenario, you have created a private endpoint for storage2 in Subnet6 of VNet3. This means that only Subnet6 can access storage2 over the private link. However, this does not mean that only Subnet6 can access storage2 at all. Other subnets or resources that have the same IP range or resource ID as Subnet6 can also access storage2 over the public endpoint of the storage account. For example, Subnet7 in VNet4 has the same IP range as Subnet6 in VNet3, so it can also access storage2 over the public endpoint. Therefore, only storage2 cannot be accessed from VNet3.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
*Name: LB1
*Type: Internal
*SKU: Standard
*Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
*Name: LB1
*Type: Internal
*SKU: Standard
*Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?
正解:B
解答を投票する
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
Explanation:
Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks.
Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto- registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role- instances
You have an Azure subscription. The subscription contains a virtual machine that runs Windows 10.
You need to join the virtual machine to an Active Directory domain.
How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
You need to join the virtual machine to an Active Directory domain.
How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains a storage account named storage1. The storage 1 account contains a container named container! You need to configure access to container 1. The solution must meet the following requirements:
* Only allow read access
* Allow both HTTP and HTTPS protocols.
* Apply access permissions to all the content in the container
What should you use?
* Only allow read access
* Allow both HTTP and HTTPS protocols.
* Apply access permissions to all the content in the container
What should you use?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Anne container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You assign the AcrPull role to ACR-Tasks-Network for Registry1.
Does this meet the goal?
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You assign the AcrPull role to ACR-Tasks-Network for Registry1.
Does this meet the goal?
正解:B
解答を投票する
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1 : 4
As there are 4 distinct set of resource types (Ingress, Egress, Delete storage account, Restore blob ranges), so you need 4 alert rules. In one alert rule you can't specify different type of resources to monitor. So you need 4 alert rules.
Box 2 : 3
There are 3 distinct set of "Users to notify" as (User 1 and User 3), (User1 only), and (User1, User2, and User3). You can't set the action group based on existing group (Group1 and Group2) as there is no specific group for User1 only. So you need to create 3 action group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
You have an Azure subscription that contains an Azure Backup vault named Backup1, a Recovery Services vault named Recovery1, and the resources shown in the following table.
You plan to back up the resources.
Which resource can be backed up to Backup1, and which resource can be backed up to Recovery1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to back up the resources.
Which resource can be backed up to Backup1, and which resource can be backed up to Recovery1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
