최신 AZ-104 무료덤프 - Microsoft Azure Administrator
Case Study 5 - Contoso, Ltd
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.
Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool
storage tier.
Create a storage account named storage5 and configure storage replication for the Blob
service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the
following table.
Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the
following table.
Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to
VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only
permissions to the Azure file shares.
Hotspot Question
You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.
Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool
storage tier.
Create a storage account named storage5 and configure storage replication for the Blob
service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the
following table.
Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the
following table.
Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to
VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only
permissions to the Azure file shares.
Hotspot Question
You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Many Built-in roles grant permission to Azure Policy resources. The Resource Policy Contributor role includes most Azure Policy operations. Owner has full rights. Both Contributor and Reader have access to all read Azure Policy operations. Contributor may trigger resource remediation, but can't create definitions or assignments.
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Hotspot Question
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
Each virtual machine contains only a private IP address.
You create an Azure bastion for VNet1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
Each virtual machine contains only a private IP address.
You create an Azure bastion for VNet1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: No
Mstsc is a native client and is supported only by Standard Bastion.
Box 2: Yes
If the poor wording means connecting through Azure Portal by SSH, that's what Basic Bastion supports.
Box 3: No
No peering from the Bastion enabled Vnet1.
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on- premises network.
What should you configure?
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on- premises network.
What should you configure?
정답: B
You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table.
You plan to migrate contoso.com to Azure.
You create an Azure virtual network named VNET1 that has the following settings:
- Address space: 10.0.0.0/16
- Subnet:
- Name: Subnet1
- IPv4: 10.0.1.0/24
You need to move DC1 to VNET1. The solution must ensure that the member servers in contoso.com can resolve AD DS DNS names.
How should you configure DC1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table.
You plan to migrate contoso.com to Azure.
You create an Azure virtual network named VNET1 that has the following settings:
- Address space: 10.0.0.0/16
- Subnet:
- Name: Subnet1
- IPv4: 10.0.1.0/24
You need to move DC1 to VNET1. The solution must ensure that the member servers in contoso.com can resolve AD DS DNS names.
How should you configure DC1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: Obtain an IP address automatically
The first 4 IP addresses within a subnet space are getting reserved for Azure automatically. Thus,
10.0.1.3 can't be the right answer. 10.0.2.1 is in the VNET space but falls out of the subnet space. 192.168.2.1 is just out of the VNET.
Box 2: Configure VNET1 to use a custom DNS server
This VNET1 should use our pre-created DNS server as its DNS server so tahat the member servers in contoso.com can resolve AD DS DNS names.
Hotspot Question
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:
- Operating system: Windows Server 2016
- Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:
- Operating system: Windows Server 2016
- Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: 4
If you resize the Scale Set all the VMs get resized at once, thus 4 is the correct answer.
Box 2: 1
Automatic OS updates update 20% of the VMs at once, with a minimum of 1 VM instance at a time. Also 20% of 4 = 0.8.
Reference:
https://docs.microsoft.com/en-us/learn/modules/build-app-with-scale-sets/2-features-benefits- virtual-machine-scale-sets
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- automatic-upgrade
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- upgrade-scale-set
You have an Azure App Service web app named App1.
You need to collect performance traces for App1.
What should you use?
You need to collect performance traces for App1.
What should you use?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes.
You need to ensure that App1 can run continuously for the entire day.
Solution: You add a triggered WebJob to App1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes.
You need to ensure that App1 can run continuously for the entire day.
Solution: You add a triggered WebJob to App1.
Does this meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
You have an Azure subscription that contains the file shares shown in the following table.
You have the on-premises file shares shown in the following table.
You create an Azure file sync group named Sync1 and perform the following actions:
- Add share1 as the cloud endpoint for Sync1.
- Add data1 as a server endpoint for Sync1.
- Register Server1 and Server2 to Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the file shares shown in the following table.
You have the on-premises file shares shown in the following table.
You create an Azure file sync group named Sync1 and perform the following actions:
- Add share1 as the cloud endpoint for Sync1.
- Add data1 as a server endpoint for Sync1.
- Register Server1 and Server2 to Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: No
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Data2 is located on Server2 which is registered to Sync1.
Box 3: No
Data3 is located on Server3 which is not registered to Sync1.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment- guide?tabs=azure-portal%2Cproactive-portal#create-a-sync-group-and-a-cloud-endpoint
Hotspot Question
You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. The location of the RG doesn't influence the choice of the location of VM. best practice would be to create the VM1 in the RG1 because the scale set is in RG1. And Microsoft recommends that resources contained in a Resource Group share the same resource lifecycle.
Box 2: West US only
You can add the virtual machine to a scale set in the same region, zone, and resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- orchestration-modes
You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible.
What should you do?
What should you do?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
You have an Azure subscription.
You plan to create the Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You plan to create the Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:
Hotspot Question
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: An Log analytics workspace
Log analytics workspace: An instance of log analytics, where the data pertaining to an Azure account, is stored.
Log Analytics: An Azure service that collects monitoring data and stores the data in a central repository. This data can include events, performance data, or custom data provided through the Azure API. Once collected, the data is available for alerting, analysis, and export. Monitoring applications such as network performance monitor and traffic analytics are built using Log Analytics as a foundation.
Box 2: NSG1
Network security group (NSG): Contains a list of security rules that allow or deny network traffic to resources connected to an Azure Virtual Network. NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).
References:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics