Mall Academy AZ-104 Azure Administrator Practice Exam #3 Flashcards
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.You need to view the error events from a table named Event.Which query should you run in Workspace1?
A. select * from Event where EventType == “error”
B. search in (Event)”error”
C. Get -Event Event |where {$_.EventType==”error”}
D. Get-Event Event | where {$_EventType”eq “error”}
E. search in (Event)*| where EventType “eq”error”
E. Event | where EventType is “error”
B. search in (Event)”error”
Explanation:
To search a term in a specific table, add in (table-name) just after the search operator. Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
Access to storage accounts can be controlled using several techniques. Among them are: storage account name and key, shared access signature (SAS), SAS with access policy, and using the storage firewalland virtual network service endpoints. Access to blob storage can also be controlled using the public access level of the blob container.
A. FALSE
B. TRUE
B. TRUE
Explanation:
Access to storage accounts can be controlled using several techniques. Among them are: storage account name and key, shared access signature (SAS), SAS with access policy, and using the storage firewalland virtual network service endpoints. Access to blob storage can also be controlled using the public access level of the blob container.
Your company registers a domain name of contoso.com.You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.You need to resolve the name resolution issue.Solution: You create a PTR record for www in the contoso.com zone.Does this meet the goal?
A. Yes
B. No
B. No
Explanation:
Modify the Name Server (NS) record. References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. When selecting an user, you need to select assigned roles, then add assignments and find the role
B. From the Groups blade, invite the user account to a new group
C. From the Licenses blade, assign a new license
A. When selecting an user, you need to select assigned roles, then add assignments and find the role
Explanation:
There are 2 kinds of storage account: general purpose and blob storage. The availability of features varies between these 2 storage account kinds.
A. FALSE
B. TRUE
A. FALSE
Explanation:
There are 3 kinds of storage account: general purpose v1, general purpose v2 and blob storage. The availability of features varies between storage account kinds.
A local network connection is an Azure resource used to represent the on-premises VPN device and network in Azure.
A. TRUE
B. FALSE
A. TRUE
Explanation:
A local network connection is an Azure resource used to represent the on-premises VPN device and network in Azure.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.
Adatum contains a group namedDevelopers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
A. No
B. Yes
A. No
Explanation:
You would need the Logic App Contributor role.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.You need to view the date and time when the resources were created in RG1.Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.Does this meet the goal?
A. No
B. Yes
A. No
Explanation:
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1.
VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN.
The solution must minimize cost.
Which three actions should you perform?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a connection
B. Create a local site VPN gateway
C. Create a gateway subnet
D. Create a VPN gateway that uses the Basic SKU
E. Create a VPN gateway that uses the VpnGw1 SKU
A. Create a connection
B. Create a local site VPN gateway
E. Create a VPN gateway that uses the VpnGw1 SKU
Explanation:
For a site2site VPN, you need a local GW, a gateway subnet, a VPN GW, and a connection between local an VPN GW.
However, when an ExpressRoute is used, the VNET must already have a gateway subnet, so is not needed.
Basic SKU is not a valid option since VPN Gateway for ExpressRoute needs BGP routing
References:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsub https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#planningtable https://docs.microsoft.com/en-us/azure/expressroute/site-to-site-vpn-over-microsoft-peering#termination
IP address ranges can also be specified using service tags which are platform shortcuts for the IP ranges for key Azure services.
A. TRUE
B. FALSE
A. TRUE
Explanation:
IP address ranges can also be specified using service tags which are platform shortcuts for the IP ranges for key Azure services.
You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.Your company has three cost centers named Manufacturing, Sales, and Finance.You need to associate each virtual machine to a specific cost center.What should you do?
A. Assign tags to the virtual machines
B. Configure locks for the virtual machine
C. Modify the inventory settings of the virtual machine
D. Add an extension to the virtual machines
A. Assign tags to the virtual machines
Explanation:
References: https://docs.microsoft.com/en-us/azure/billing/billing-getting-started https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
Site-to-Site VPNs support ________________________ to enable high availability.
A. active-active gateways and connections
B. traditional hubs
C. BGP Routing
A. active-active gateways and connections
C. BGP Routing
Explanation:
Site-to-Site VPNs support BGP routing and active-active gateways and connections to enable high availability.
Effective security rules can be reviewed for each network interface.
A. TRUE
B. FALSE
A. TRUE
Explanation:
Effective security rules can be reviewed for each network interface.
A common method of troubleshooting virtual machines with RDP/SSH connectivity or unexplained application issues is to redeploy the virtual machine. Redeploy moves the virtual machine to a different Azure node.
A. FALSE
B. TRUE
B. TRUE
Explanation:
A common method of troubleshooting virtual machines with RDP/SSH connectivity or unexplained application issues is to redeploy the virtual machine. Redeploy moves the virtual machine to a different Azure node.
Your company registers a domain name of contoso.com.You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.You need to resolve the name resolution issue.Solution: You modify the SOA record in the contoso.com zone.Does this meet the goal?
A. No
B. Yes
A. No
Explanation:
Modify the NS record, not the SOA record.Note: The SOA record stores information about the name of the server that supplied the data for the zone, the administrator of the zone, the current version of the data file, the number of seconds a secondary name server should wait before checking for updates, the number of seconds a secondary name server should wait before retrying a failed zone transfer, the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire, and a default number of seconds for the time-to-live file on resource records. References: https://searchnetworking.techtarget.com/definition/start-of-authority-record
Tools to help identifying the required Network Security Groups rules include service map and Network Security Groups flow logs.
A. FALSE
B. TRUE
B. TRUE
Explanation:
Tools to help identifying the required Network Security Groups rules include service map and Network Security Groups flow logs.
Azure Load Balancer can be deployed only with a public (Internet) frontend IP address and not private (Intranet).
A. FALSE
B. TRUE
A. FALSE
Explanation:
Azure Load Balancer can be deployed with either a public (Internet) or private (Intranet) frontend IP address.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.
Adatum contains a group namedDevelopers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
A. No
B. Yes
A. No
Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
The Logic App Contributor role lets you manage logic app, but not access to them.
It provides access to view, edit, and update a logic app.
References: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2.
What should you do first?
A. Provision virtual network gateways
B. Move VM1 to Subscription2
C. Modify the IP address space of VNet2
D. Move VNet1 to Subscription2
A. Provision virtual network gateways
Explanation:
The virtual networks can be in the same or different regions, and from the same or different subscriptions.
When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.Configuring a VNet-to-VNet connection is a good way to easily connect VNets.
Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-to-Site IPsec connection to an on-premises location.
Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.
The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.
References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
Connection Monitor enables long-term connection monitoring, using similar diagnostics as used by Connection Troubleshoot.
A. TRUE
B. FALSE
A. TRUE
Explanation:
Connection Monitor enables long-term connection monitoring, using similar diagnostics as used by Connection Troubleshoot.
A wide variety of physical (and software) devices are supported as the on-premises Site-to-Site VPN endpoint. The device must have an Internet-facing static IPv4 address.
A. TRUE
B. FALSE
A. TRUE
Explanation:
A wide variety of physical (and software) devices are supported as the on-premises Site-to-Site VPN endpoint. The device must have an Internet-facing static IPv4 address.
You are troubleshooting a performance issue for an Azure Application Gateway.You need to compare the total requests to the failed requests during the past six hours.What should you use?
A. Connection monitor in Azure Network Watcher
B. Diagnostic Logs in Application Gateway
C. Network Security Group flow logs in Azure network watcher
D. Metrics in Application Gateway
D. Metrics in Application Gateway
Explanation:
References:https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#metrics
You can connect to Azure VMs using a public IP address or a private IP address with RDP, SSH, or even PowerShell. To connect to a VM using a private IP you must also enable connectivity such as site-tosite, point-to-site, or ExpressRoute.
A. TRUE
B. FALSE
A. TRUE
Explanation:
You can connect to Azure VMs using a public IP address or a private IP address with RDP, SSH, or even PowerShell. To connect to a VM using a private IP you must also enable connectivity such as site-tosite, point-to-site, or ExpressRoute.