最新の2024年01月試験AZ-104問題集で合格させる認証試験合格させます
最新でリアルなMicrosoft AZ-104試験問題集解答があります
質問 # 22
You have an Azure Active Directory tenant named Contoso.com that includes following users:
Contoso.com includes following Windows 10 devices:
You create following security groups in Contoso.com:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
質問 # 23
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier. What should you identify for each requirement? To answer, select the appropriate options in the answer are a. NOTE: Each correct answer is worth one point.
正解:
解説:
質問 # 24
You have an Azure subscription that contains a virtual network named VNET in the East Us 2 region. A network interface named VM1-NI is connected to VNET1.
You successfully deploy the following Azure Resource Manager template.
正解:
解説:
質問 # 25
You have an Azure web app named App1 that has two deployment slots named Production and Staging. Each slot has the unique settings shown in the following table.
You perform a slot swap.
What are the configurations of the Production slot after the swap? To answer, select the appropriate options in the answer area.
NOTE: Each correction is worth one point.
正解:
解説:
Explanation:
Which settings are swapped?
When you clone configuration from another deployment slot, the cloned configuration is editable. Some configuration elements follow the content across a swap (not slot specific), whereas other configuration elements stay in the same slot after a swap (slot specific). The following lists show the settings that change when you swap slots.
Box 1 : On
Settings that are swapped:
General settings, such as framework version, 32/64-bit, web sockets
App settings (can be configured to stick to a slot)
Connection strings (can be configured to stick to a slot)
Handler mappings
Public certificates
WebJobs content
Hybrid connections *
Virtual network integration *
Service endpoints *
Azure Content Delivery Network *
Features marked with an asterisk (*) are planned to be unswapped.
So web sockets settings will be swapped. So Production will have web sockets settings from "Off" to "On" after the swap slot.
Box 2: App1-prod.contoso.com
Settings that aren't swapped:
Publishing endpoints
Custom domain names
Non-public certificates and TLS/SSL settings
Scale settings
WebJobs schedulers
IP restrictions
Always On
Diagnostic settings
Cross-origin resource sharing (CORS)
So Custom domain names will not be swapped. So Production will have Custom domain names of its own after the swap slot.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#what-happens-during-a-swap
質問 # 26
You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.
You assign an Azure policy that has the following settings:
* Scope: Sub1
* Exclusions: Sub1/RG1/VNET1
* Policy definition: Append a tag and its value to resources
* Policy enforcement: Enabled
* Tag name: Tag4
* Tag value: value4
You assign tags to the resources as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Graphical user interface, text, application, email Description automatically generated
Box 1: No
The Azure Policy will add Tag4 to RG1.
Box 2: No
Tags applied to the resource group or subscription aren't inherited by the resources although you can enable inheritance with Azure Policy. Storage1 has Tag3: Value1 and the Azure Policy will add Tag4.
Box 3: No
Tags applied to the resource group or subscription aren't inherited by the resources so VNET1 does not have Tag2.
VNET1 has Tag3:value2. VNET1 is excluded from the Azure Policy so Tag4 will not be added to VNET1.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json
質問 # 27
You have an Azure subscription that contains the storage accounts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-premium-fileshare?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
質問 # 28
You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.
What should you do?
- A. Assign VM4 an IP address of 10.0.1.5/24.
- B. Create a user-defined route from VNET1 to VNET3.
- C. Establish peering between VNET1 and VNET3.
- D. Create an NSG and associate the NSG to VMI and VM4.
正解:C
解説:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
Topic 3, Contoso Ltd
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service administrator of the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.
質問 # 29
You have an Azure subscription.
You create the Azure Storage account shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://azure.microsoft.com/en-in/pricing/calculator/?service=storage
質問 # 30
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Statement 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.
Statement 2: No
Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data. Common uses of Table storage include:
1. Storing TBs of structured data capable of serving web scale applications
2. Storing datasets that don't require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
3. Quickly querying data using a clustered index
4. Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries Statement 3: No File Storage can be used if your business use case needs to deal mostly with standard File extensions like
*.docx, *.png and *.bak then you should probably go with this storage option.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-us
https://docs.microsoft.com/en-us/azure/storage/tables/table-storage-overview
https://www.serverless360.com/blog/azure-blob-storage-vs-file-storage
質問 # 31
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
- A. No
- B. Yes
正解:A
解説:
Explanation
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
質問 # 32
You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.
What should you include in the Availability Set?
- A. two fault domains
- B. one fault domain
- C. one update domain
- D. two update domains
正解:D
解説:
Explanation
The hardware in a location is divided in to multiple update domains and fault domains. An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time. VMs in the same fault domain share common storage as well as a common power source and network switch.
Microsoft updates, which Microsoft refers to as planned maintenance events, sometimes require that VMs be rebooted to complete the update. To reduce the impact on VMs, the Azure fabric is divided into update domains to ensure that not all VMs are rebooted at the same time.https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets
質問 # 33
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)
You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 34
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances
質問 # 35
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup Policy1 as shown in the exhibit. (Click theExhibittab.) You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: 6
4 daily + 1 weekly + monthly
Box 2: 8
4 daily + 2 weekly + monthly + yearly
質問 # 36
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Explanation
Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks.
Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta
質問 # 37
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors
質問 # 38
You have an Azure subscription that contains two om-premises locations named site1 and site2.
You need to connect site1 and site2 by using an Azure Virtual WAN.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
質問 # 39
HOTSPOT
You plan to use Azure Network Watcher to perform the following tasks:
* Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine
* Task2: Validate outbound connectivity from an Azure virtual machine to an external host Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Task 1: IP flow verify
The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.
Task 2: Connection troubleshoot
The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview
質問 # 40
From Azure Active Directory (AD) Privileged Identify Management, you configure the Role settings for the Owner role of an Azure subscription as shown in the following exhibit.
From Azure AD Privileged Identify Management, you assign the Owner role for the subscription to a user named User1, and you set the Assignment type to Active and Permanently eligible.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user?tabs=new
質問 # 41
You have an Azure subscription that contains the hierarchy shown in the following exhibit.
You create an Azure Policy definition named Policy1.
To which Azure resources can you assign Policy and which Azure resources can you specify as exclusions from Policy1? To answer, select the appropriate options in the answer NOTE Each correct selection is worth one point.
正解:
解説:
質問 # 42
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Box 1 : 4
As there are 4 distinct set of resource types (Ingress, Egress, Delete storage account, Restore blob ranges), so you need 4 alert rules. In one alert rule you can't specify different type of resources to monitor. So you need 4 alert rules.
Box 2 : 3
There are 3 distinct set of "Users to notify" as (User 1 and User 3), (User1 only), and (User1, User2, and User3). You can't set the action group based on existing group (Group1 and Group2) as there is no specific group for User1 only. So you need to create 3 action group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
質問 # 43
You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table.
Subnet1 contains a virtual appliance named VM1 that operates as a router.
You create a routing table named RT1.
You need to route all inbound traffic to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Box1 : 10.0.0.0/16
Address prefix in networking refer to the destination IP address range. In this scenario, destination is Vnet1 , hence Address prefix will be the address space of Vnet1.
Box 2 : Virtual appliance
Next hop gets the next hop type and IP address of a packet from a specific VM and NIC. Knowing the next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere Next Hop --> VM1 --> Virtual Appliance (You can specify IP address of VM 1 when configuring next hop as virtual appliance) Box 3 : GatewaySubnet In the scenario it is asked for all the inbound traffic to Vnet1. Inbound traffic is flowing through SubnetGW.
You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.So its traffic from Gateway subnet only.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-route-table
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-next-hop-overview
質問 # 44
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles;
* Reader
* Security Admin
* Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?
- A. Remove User from the Security Reader and Reader roles tot Subscription1.
- B. Assign User1 the User Access Administrator role for VNet1
- C. Assign User1 the Contributor role for VNet1.
- D. Assign User1 the Network Contributor role for VNet1.
正解:B
解説:
Explanation
https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#:~:text=The%2
質問 # 45
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions.
You need to ensure that you can view all the resources in all the subscriptions.
What should you do?
- A. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.
- B. From the Azure portal, modify the profile settings of your account.
- C. From the Azure portal, modify the properties of the Azure AD tenant.
- D. From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.
正解:C
解説:
https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global- admin#azure-portal
質問 # 46
You have an Azure subscription that contains the resources shown in the following table.
You need to deploy Application1 to Cluster1. Which command should you run?
- A. az ales create
- B. docker build
- C. kubect1 apply
- D. az acr build
正解:A
質問 # 47
......
試験は、Azureインフラストラクチャの管理、Azureストレージソリューション、Azure仮想ネットワーク、Azureコンピューティング、Azureセキュリティ、およびAzureアイデンティティ管理など、広範囲なトピックをカバーしています。候補者は、Azureサービスの確固たる理解とAzureリソースの設計、展開、および管理能力が必要です。これには、仮想マシンの構成、Azureサブスクリプションとリソースの管理、ストレージソリューションの実装と管理、およびAzure環境のセキュリティ確保が含まれます。
AZ-104問題集を使って一日でMicrosoft Azure Administrator Associate試験最速合格:https://www.goshiken.com/Microsoft/AZ-104-mondaishu.html
100% 高得点合格保証されるAZ-104無制限257解答:https://drive.google.com/open?id=1WME9VUKSAbNQnFDZ5beoBbyJfIi5MZda