• ホーム
  • ブログ
  • Microsoft AZ-104試験問題集にはPDF問題とテストエンジンを試せ! [Q50-Q73]

Microsoft AZ-104試験問題集にはPDF問題とテストエンジンを試せ! [Q50-Q73]

Share

Microsoft AZ-104試験問題集にはPDF問題とテストエンジンを試せ!

最新AZ-104試験問題集には合格保証付きます


Microsoft Azure Administrator認定試験は、ITプロフェッショナルがAzure管理のスキルを認定するための優れた機会です。この認定は、彼らのキャリアを進め、Azureサービスの専門知識を認められることができます。需要が高まる中、熟練したAzure管理者の需要が増えるにつれ、AZ-104認定はクラウドテクノロジーを扱いたいすべてのITプロフェッショナルにとって貴重な資産です。

 

質問 # 50
Which blade should you instruct the finance department auditors to use?

  • A. cost analysis
  • B. invoices
  • C. External services
  • D. partner information

正解:B

解説:
Topic 3, Contoso Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
* File servers
* Domain controllers
* Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
* A SQL database
* A web front end
* A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
* Move all the virtual machines for App1 to Azure.
* Minimize the number of open ports between the App1 tiers.
* Ensure that all the virtual machines for App1 are protected by backups.
* Copy the blueprint files to Azure over the Internet.
* Ensure that the blueprint files are stored in the archive storage tier.
* Ensure that partner access to the blueprint files is secured and temporary.
* Prevent user passwords or hashes of passwords from being stored in Azure.
* Use unmanaged standard storage for the hard disks of the virtual machines.
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service administrator of the Azure subscription.
Ensure that a new user named User3 can create network objects for the Azure subscription.


質問 # 51
You have an Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?

  • A. Share1
  • B. container1
  • C. DB1
  • D. Table1

正解:A

解説:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service


質問 # 52
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?

  • A. Yes
  • B. No

正解:A


質問 # 53
You are developing an Azure web app named WebApp1. WebApp1 uses an Azure App Service plan named Plan1 that uses the B1 pricing tier.
You need to configure WebApp1 to add additional instances of the app when CPU usage exceeds 70 percent for 10 minutes.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

Explanation

Box 1: From the Scale up (App Service Plan) settings blade, change the pricing tier The B1 pricing tier only allows for 1 core. We must choose another pricing tier.
Box 2: From the Scale out (App Service Plan) settings blade, enable autoscale
1.
Log in to the Azure portal at http://portal.azure.com
1. Navigate to the App Service you would like to autoscale.
2. Select Scale out (App Service plan) from the menu
3. Click on Enable autoscale. This activates the editor for scaling rules.

Box 3: From the Scale mode to Scale based on metric, add a rule, and set the instance limits.
Click on Add a rule. This shows a form where you can create a rule and specify details of the scaling.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/


質問 # 54
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-addresses


質問 # 55
You have the App Service plans shown in the following table.

You plan to create the Azure web apps shown in the following table.

You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Box 1: ASP1 ASP3
Asp1, ASP3: ASP.NET Core apps can be hosted both on Windows or Linux.
Not ASP2: The region in which your app runs is the region of the App Service plan it's in.
Box 2: ASP1
ASP.NET apps can be hosted on Windows only.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?pivots=platform-linux
https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage#


質問 # 56
You have an Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?

  • A. Share1
  • B. container1
  • C. DB1
  • D. Table1

正解:A

解説:
Explanation
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service


質問 # 57
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?

  • A. humongousinsurance.onmicrosoft.com
  • B. humongousinsurance.com
  • C. humongousinsurance.local
  • D. ad.humongousinsurance.com

正解:B

解説:
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as '[email protected].' instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
Topic 2, Litware, inc.
Existing Environment
The network contains an Active Directory forest named Litware.com. All domain controllers are configured as DNS servers and host the Litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private links.
Litware has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).
Planned Changes
Litware plans to implement the following changes:
* Deploy Azure ExpressRoute to the Montreal office.
* Migrate the virtual machines hosted on Server1 and Server2 to Azure.
* Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
* Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical Requirements
Litware must meet the following technical requirements:
* Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
* Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
* Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
* Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
* Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com.
* Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
* Create a workflow to send an email message when the settings of VM4 are modified.
* Create a custom Azure role named Role1 that is based on the Reader role.
* Minimize costs whenever possible.


質問 # 58
You have an Azure subscription that contains the resources shown in the following table.

VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview


質問 # 59
You have an Azure subscription named Subscription1 that contains the resources in the following table.

VM1 and VM2 run the websites in the following table.

AppGW1 has the backend pools in the following table.

DNS resolves site1.contoso.com, site2.contoso.com, and site3.contoso.com to the IP address of AppGW1.
AppGW1 has the listeners in the following table.

AppGW1 has the rules in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com


質問 # 60
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have two external partner organizations named fabrilcam.com and litwareinc.com. FabtAam.com is configured as a connected organization.
You create an access package as shown in the Access package exhibit. (Click the Access package lab.) You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the lifecycle tab) For each of the following statements, select Yes if the statement is true Otherwise, select No Note: Each correct selection is worth one point.

正解:

解説:


質問 # 61
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
* Can be assigned only to the resource groups in Subscription1
* Prevents the management of the access permissions for the resource groups
* Allows the viewing, creating, modifying, and deleting of resource within the resource groups
What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:

Box 1: "/subscription/c276fc76-9cd4-44c9-99a7-4fd71546436e"
In the assignableScopes you need to mention the subscription ID where you want to implement the RBAC
Box 2: "Microsoft.Authorization/*"
Microsoft.Authorization/* is used to Manage authorization
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftauthorization
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftresources


質問 # 62
You have the Azure management groups shown in the following table.
You add Azure subscriptions to the management groups as shown in the following table.
You create the Azure policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.

正解:

解説:

Explanation
Box 1: No
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: Yes
Virtual Machines can be created on a Management Group provided the user has the required RBAC permissions.
Box 3: Yes
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#moving-management-groups-a


質問 # 63
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?

  • A. The App Service plan to WebApp1 moves to North Europe. Policy1 applies to WebApp1.
  • B. The App Service plan to WebApp1 remains to West Europe. Policy1 applies to WebApp1.
  • C. The App Service plan to WebApp1 moves to North Europe. Policy2 applies to WebApp1.
  • D. The App Service plan to WebApp1 remains to West Europe. Policy2 applies to WebApp1.

正解:D

解説:
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region.
References: https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage


質問 # 64
You have an Azure subscription that contains a resource group named Test RG.
You use TestRG to validate an Azure deployment.
TestRG contains the following resources:

You need to delete TestRG.
What should you do first?

  • A. Modify the backup configurations of VM1 and modify the resource lock type of VNET1.
  • B. Turn off VM1 and remove the resource lock from VNET1.
  • C. Remove the resource lock from VNET1 and delete all data in Vault1.
  • D. Turn off VM1 and delete all data in Vault1.

正解:B

解説:
Explanation
When you want to delete the resource, you first need to remove the lock.
References:
https://docs.microsoft.com/sv-se/azure/azure-resource-manager/management/lock-resources


質問 # 65
You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3.
Peering for VNET1 is configured as shown in the following exhibit.

Peering for VNET2 is configured as shown in the following exhibit.

Peering for VNET3 is configured as shown in the following exhibit.

How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview


質問 # 66
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Box 1: B1
B1 (Basic) would minimize cost compared P1v2 (premium) and S1 (standard).
Box 2: Cross Origin Resource Sharing (CORS)
Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.
Note: CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy. This prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors


質問 # 67
You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking


質問 # 68
You have an Azure subscription that contains the resources shown in the following table.

You need to perform the tasks shown in the following table.

Which tasks can you perform by using Azure Storage Explorer ?

  • A. Task1 and Task3 only
  • B. Task2, Task3, and Task4 only
  • C. Take1,Take2, Take3, and Take4
  • D. Task1Task2 and Task3 only
  • E. Task1. Task2 and Task3 only

正解:A


質問 # 69
You have the Azure management groups shown in the following table.

You add Azure subscriptions to the management groups as shown in the following table.

You create the Azure policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Box 1: No
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: Yes
Virtual Machines can be created on a Management Group provided the user has the required RBAC permissions.
Box 3: Yes
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#moving-management-groups-and-subscriptions


質問 # 70
You have an Azure subscription.
You deploy a virtual machine scale set that is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-portal


質問 # 71
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview


質問 # 72
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

  • A. Yes
  • B. No

正解:A

解説:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at regular intervals, and if results of the log search match particular criteria, then an alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-premises. It collects data into a Log Analytics workspace.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview


質問 # 73
......

信頼できるMicrosoft Azure Administrator Associate AZ-104問題集PDFには2023年06月19日更新された問題です:https://www.goshiken.com/Microsoft/AZ-104-mondaishu.html

必ず合格できるMicrosoft AZ-104試験正確な542問題と解答あります:https://drive.google.com/open?id=1WME9VUKSAbNQnFDZ5beoBbyJfIi5MZda

関するブログ

もっと
AZ-104無料問題集