[2022年10月31日] 最新リアルAZ-104試験問題集解答
あなたを簡単に合格させるAZ-104試験問と正確なMicrosoft Azure AdministratorPDF問題
Microsoft AZ-104 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
| トピック 11 |
|
質問 10
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
* Number of methods required to reset: 2
* Methods available to users: Mobile phone, Security questions
* Number of questions required to register: 3
* Number of questions required to reset: 3
You select the following security questions:
* What is your favorite food?
* In what city was your first job?
* What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their on-premises environment.
Thus, we recommend not syncing on-prem AD admin accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password.
Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
質問 11
You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3.
Peering for VNET1 is configured as shown in the following exhibit.
Peering for VNET2 is configured as shown in the following exhibit.
Peering for VNET3 is configured as shown in the following exhibit.
How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
質問 12
You have Azure subscription that includes following Azure file shares:
You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: NO
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.
References:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-server-endpoint-create?tabs=azure-portal
質問 13
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
Number of methods required to reset: 2
Methods available to users: Mobile phone, Security questions
Number of questions required to register: 3
Number of questions required to reset: 3
You select the following security questions:
What is your favorite food?
In what city was your first job?
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
質問 14
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.
Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
質問 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
- A. No
- B. Yes
正解: A
解説:
Explanation
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
You would need the Logic App Contributor role.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
質問 16
You have an Azure subscription.
You deploy a virtual machine scale set that is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-portal
質問 17
You have an Azure subscription named Subscription1 that contains the following resource group:
Name: RG1
Region: West US
Tag: "tag1": "value1"
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
Exclusions: None
Policy definition: Append tag and its default value
Assignment name: Policy1
Parameters:
- Tag name: Tag2
- Tag value: Value2
After Policy1 is assigned, you create a storage account that has the following configurations:
Name: storage1
Location: West US
Resource group: RG1
Tags: "tag3": "value3"
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
質問 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has 100 users located in an office in Paris.
The on-premises network contains the servers shown in the following table.
You create a new subscription. You need to move all the servers to Azure.
Solution: You use the Data Migration Assistant tool.
Does this meet the goal?
- A. No
- B. Yes
正解: A
解説:
Explanation
The Data Migration Assistant tool is used to assess on-premises SQL Server instance(s) migrating to Azure SQL database(s).
rence:
https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
質問 19
You have an Azure subscription named Subscription1 that contains the following resource group:
Name: RG1
Region: West US
Tag: "tag1": "value1"
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
Exclusions: None
Policy definition: Append tag and its default value
Assignment name: Policy1
Parameters:
- Tag name: Tag2
- Tag value: Value2
After Policy1 is assigned, you create a storage account that has the following configurations:
Name: storage1
Location: West US
Resource group: RG1
Tags: "tag3": "value3"
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
質問 20
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
- A. No
- B. Yes
正解: A
解説:
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
質問 21
DRAG DROP
You have an Azure subscription that is used by four departments in your company. The subscription contains
10 resource groups. Each department uses resources in several resource groups.
You need to send a report to the finance department. The report must detail the costs for each department.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
正解:
解説:
Section: [none]
Explanation:
Box 1: Assign a tag to each resource.
You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource group can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources in that resource group.
Box 2: From the Cost analysis blade, filter the view by tag
After you get your services running, regularly check how much they're costing you. You can see the current spend and burn rate in Azure portal.
1. Visit the Subscriptions blade in Azure portal and select a subscription.
You should see the cost breakdown and burn rate in the popup blade.
2. Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service for the data to populate.
3. You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and Download if you want to export the view to a Comma-Separated Values (.csv) file.
Box 3: Download the usage report
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started
質問 22
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
- A. Proximity 1, Proximity2, and Proximity3
- B. Proximity2 only
- C. Proximity1 only
- D. Proximity 1 and Proximity3 only
正解: A
解説:
Explanation
Resource Group location of VMSS1 is the RG2 location, which is West US.
Only Proximity2, which also in RG2, is location in West US
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups/
質問 23
You have an Azure subscription that contains the resources shown in the following table.
LB1 is configured as shown in the following table.
You plan to create new inbound NAT rules that meet the following requirements:
Provide Remote Desktop access to VM2 from the internet by using port 3389.
- A. A frontend IP address
- B. A backend pool
- C. A health probe
- D. A load balancing rule
正解: A
質問 24
Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
- File servers
- Domain controllers
- Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
- A SQL database
- A web front end
- A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
- Move all the tiers of App1 to Azure.
- Move the existing product blueprint files to Azure Blob storage.
- Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.
- Ensure that all the virtual machines for App1 are protected by
backups.
- Copy the blueprint files to Azure over the Internet.
- Ensure that the blueprint files are stored in the archive storage
tier.
- Ensure that partner access to the blueprint files is secured and
temporary.
- Prevent user passwords or hashes of passwords from being stored in
Azure.
- Use unmanaged standard storage for the hard disks of the
virtualmachines.
- Ensure that when users join devices to Azure Active Directory (Azure
AD), the users use a mobile phone to verify their identity.
- Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
- Ensure that only users who are part of a group named Pilot can join
devices to Azure AD.
- Designate a new user named Admin1 as the service administrator of the Azure subscription.
- Ensure that a new user named User3 can create network objects for the Azure subscription.
You need to meet the user requirement for Admin1.
What should you do?
- A. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
- B. From the Azure Active Directory blade, modify the Properties.
- C. From the Azure Active Directory blade, modify the Groups.
- D. From the Subscriptions blade, select the subscription, and then modify the Properties.
正解: D
解説:
Change the Service administrator for an Azure subscription Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.
References: https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription- administrator
質問 25
You have the Azure management groups shown in the following table.
You add Azure subscriptions to the management groups as shown in the following table.
You create the Azure policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#moving-management-groups-and-subscriptions
質問 26
You have an Azure subscription named Subscription1 that contains the resources in the following table.
You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
質問 27
You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
正解:
解説:
Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration.
Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Assign the node configuration
Step 4: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status - whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
質問 28
Your network contains an Active Directory domain. The domain contains a user named User1. The domain is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Box 1: a computer joined in the Active Directory domain
The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password.
Box 2: Stored in both Azure AD and in the Active Director domain
The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password.
To synchronize your password, Azure AD Connect sync extracts your password hash from the on-premises Active Directory instance.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
質問 29
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)
You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 30
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
In storage1, you create a blob container named blob1 and a file share named share1.
Which resources can be backed up to Vault1 and Vault2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
https://docs.microsoft.com/en-us/azure/backup/backup-afs
質問 31
You need to create an Azure Storage account that meets the following requirements:
* Minimizes costs
* Supports hot, cool, and archive blob tiers
* Provides fault tolerance if a disaster affects the Azure region where the account resides How should you complete the command? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point
正解:
解説:
Explanation
Box 1: StorageV2
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts do not support tiering.
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
質問 32
You have the Azure virtual networks shown in the following table.
To which virtual networks can you establish a peering connection from VNet1?
- A. VNet2 only
- B. VNet2 and VNet3 only
- C. VNet3 and VNet4 only
- D. VNet2, VNet3, and VNet4
正解: C
解説:
References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
You can connect virtual networks to each other with virtual network peering. These virtual networks can be in the same region or different regions (also known as Global VNet peering). Once virtual networks are peered, resources in both virtual networks are able to communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network.
Global VNet Peering is now generally available in all Azure public regions, excluding the China, Germany, and Azure Government regions.
The address space is the most critical configuration for a VNet in Azure. This is the IP range for the entire network that will be divided into subnets. The address space can almost be any IP range that you wish (public or private). You can add multiple address spaces to a VNet. To ensure this VNet can be connected to other networks, the address space should never overlap with any other networks in your environment. If a VNet has an address space that overlaps with another Azure VNet or on-premises network, the networks cannot be connected, as the routing of traffic will not work properly.
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
https://azure.microsoft.com/en-in/updates/general-availability-global-vnet-peering/#:~:text=Global%20VNet%20Peering%20is%20now,transit%20over%20the%20public%20internet.
https://www.microsoftpressstore.com/articles/article.aspx?p=2873369
質問 33
You have the App Service plans shown in the following table.
You plan to create the Azure web apps shown in the following table.
You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Box 1: ASP1 ASP3
Asp1, ASP3: ASP.NET Core apps can be hosted both on Windows or Linux.
Not ASP2: The region in which your app runs is the region of the App Service plan it's in.
Box 2: ASP1
ASP.NET apps can be hosted on Windows only.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?pivots=platform-linux
https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage#
質問 34
......
AZ-104認証試験問題集の解答を提供しています:https://drive.google.com/open?id=1WME9VUKSAbNQnFDZ5beoBbyJfIi5MZda
更新されたAZ-104試験練習テスト問題:https://www.goshiken.com/Microsoft/AZ-104-mondaishu.html