Microsoft Microsoft Certifications AZ-104 Questions & Answers
Question 651:
DRAG DROP
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.
You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the
address ranges, then re-create the peering.
Step 2: Add the 10.44.0.0/16 address space to VNet1.
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once or not at all. You may need to drag the
split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
Box 1: contosostorage The name of account
Box 2: file.core.windows.net Box 3: data The name of the file share is data.
You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2: Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
A server endpoint represents a path on registered server.
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes
or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
As per the official MS doc:
The recommended steps to onboard on Azure File Sync for the first with zero downtime while preserving full file fidelity and access control list (ACL) are as follows:
1.
Deploy a Storage Sync Service. --> This needs to be done on Azure .
2.
Create a sync group. --> This needs to be done on Azure
3.
Install Azure File Sync agent on the server with the full data set. --> This needs to be done on server1.
4.
Register that server and create a server endpoint on the share. --> This needs to be done on server1.
5.
Let sync do the full upload to the Azure file share (cloud endpoint).
6.
After the initial upload is complete, install Azure File Sync agent on each of the remaining servers.
7.
Create new file shares on each of the remaining servers.
8.
Create server endpoints on new file shares with cloud tiering policy, if desired. (This step requires additional storage to be available for the initial setup.)
9.
Let Azure File Sync agent do a rapid restore of the full namespace without the actual data transfer. After the full namespace sync, sync engine will fill the local disk space based on the cloud tiering policy for the server endpoint.
10.
Ensure sync completes and test your topology as desired.
11.
Redirect users and applications to this new share.
12.
You can optionally delete any duplicate shares on the servers.
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Create a sync group
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
A server endpoint represents a path on a registered server. A server can have server endpoints in multiple sync groups. You can create as many sync groups as you need to appropriately describe your desired sync topology.
Third action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with
other servers and Azure file shares associated with the same Storage Sync Service.)
You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence?
To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
Correct Answer:
Step 1: Upload a configuration to Azure Automation State Configuration. Import the configuration into the Automation account. Step 2: Compile a configuration into a node configuration. A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server. Step 3: Onboard the virtual machines to Azure Automation State Configuration. Onboard the Azure VM for management with Azure Automation State Configuration Step 4: Assign the node configuration Step 5: Check the compliance status of the node Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the
page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status - whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant"
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer
Generate and download script to browse and recover files:
Step 4: Copy the files using File Explorer!
After the disks are attached, use Windows File Explorer to browse the new volumes and files. The restore files functionality provides access to all files in a recovery point. Manage the files via File Explorer as you would for normal files.
Step 1-3 below:
To restore files or folders from the recovery point, go to the virtual machine and perform the following steps:
1.
Sign in to the Azure portal and in the left pane, select Virtual machines. From the list of virtual machines, select the virtual machine to open that virtual machine's dashboard.
2.
In the virtual machine's menu, select Backup to open the Backup dashboard.
3.
In the Backup dashboard menu, select File Recovery.
The File Recovery menu opens.
4.
From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.
5.
Select Download Executable (for Windows Azure VMs) or Download Script (for Linux Azure VMs, a python script is generated) to download the software used to copy files from the recovery point.
Running the script and identifying volumes:
For Linux machines, a python script is generated. Download the script and copy it to the relevant/compatible Linux server.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgInvitation cmdlet for each external user.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The New-MgInvitation cmdlet is part of the Microsoft Graph PowerShell module. It's used to create an invitation to an external user. When the invited user redeems their invitation, a guest user is created in the directory.
If you use a PowerShell script that loops through each external user in the CSV file and runs the New-MgInvitation cmdlet for each of them, it will send out invitation emails to each of those external users. Once an external user accepts the
invitation, they'll be added to the Azure AD tenant as a guest user.
So, using the New-MgInvitation cmdlet in a PowerShell script for each external user does meet the goal of creating a guest user account in contoso.com for each of the 500 external users.
Question 658:
You plan to create an Azure Storage account named storage1 that will contain a file share named share1.
You need to ensure that share1 can support SMB Multichannel. The solution must minimize costs.
How should you configure storage?
A. Premium performance with locally-redundant storage (LRS)
B. Standard performance with zone-redundant storage (ZRS)
C. Premium performance with geo-redundant storage (GRS)
D. Standard performance with locally-redundant storage (LRS)
Correct Answer: A
SMB Multichannel enables SMB clients to establish multiple parallel connections to an Azure file share. This allows SMB clients to take full advantage of all available network bandwidth and makes them resilient to network failures, reducing total cost of ownership and enabling 2-3x for reads and 3-4x for writes through a single client. SMB Multichannel is available for premium file shares (file shares deployed in the FileStorage storage account kind) and is disabled by default.
You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RBAC) roles to storage1.
Which storage1 services support conditions when assigning roles?
A. containers only
B. file shares only
C. tables only
D. queues only
E. containers and queues only
F. files shares and tables only
Correct Answer: E
As of my last update in September 2021, Azure Active Directory (Azure AD) conditions in role-based access control (RBAC) assignments are generally used for fine-grained access control. These conditions can be based on attributes like user membership, IP address range, device state, and others.
However, when it comes to Azure Storage services, not all of them fully support Azure AD-based authentication. Blob containers and queues do support Azure AD authentication, while file shares rely primarily on the SMB protocol (which doesn't use Azure AD for authentication) and tables have their own authentication mechanisms.
Therefore, when considering the Azure storage services that support conditions in RBAC assignments based on Azure AD capabilities:
Question 660:
You have an Azure Storage account that contains 5,000 blobs accessed by multiple users. You need to ensure that the users can view only specific blobs based on blob index tags. What should you include in the solution?
A. a role assignment condition
B. a stored access policy
C. just-in-time (JIT) VM access
D. a shared access signature (SAS)
Correct Answer: A
An Azure role assignment condition is an optional check that you can add to your role assignment to provide more fine-grained access control. For example, you can add a condition that requires an object to have a specific tag to read the object. https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-104 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.