Home Microsoft Exam AZ-104: Microsoft Azure Administrator AZ-104 – Question 265

AZ-104 – Question 265

0
3135

Introductory Info
Case study –
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study –
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an
All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview –
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment –
Currently, Contoso uses multiple types of servers for business operations, including the following:

  • File servers
  • Domain controllers
  • Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:

  • A SQL database
  • A web front end
  • A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements –
Planned Changes –
Contoso plans to implement the following changes to the infrastructure:

  • Move all the tiers of App1 to Azure.
  • Move the existing product blueprint files to Azure Blob storage.
  • Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements –
Contoso must meet the following technical requirements:

  • Move all the virtual machines for App1 to Azure.
  • Minimize the number of open ports between the App1 tiers.
  • Ensure that all the virtual machines for App1 are protected by backups.
  • Copy the blueprint files to Azure over the Internet.
  • Ensure that the blueprint files are stored in the archive storage tier.
  • Ensure that partner access to the blueprint files is secured and temporary.
  • Prevent user passwords or hashes of passwords from being stored in Azure.
  • Use unmanaged standard storage for the hard disks of the virtual machines.
  • Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
  • Minimize administrative effort whenever possible.


User Requirements –
Contoso identifies the following requirements for users:

  • Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
  • Designate a new user named Admin1 as the service admin for the Azure subscription.
  • Admin1 must receive email alerts regarding service outages.
  • Ensure that a new user named User3 can create network objects for the Azure subscription.
Question 1.

HOTSPOT –
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
Hot Area:

Correct Answer: 

Box 1: Selected –
Only selected users should be able to join devices

Box 2: Yes –
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

Question 2. 

You need to meet the user requirement for Admin1. What should you do?

  • A. From the Azure Active Directory blade, modify the Groups
  • B. From the Azure Active Directory blade, modify the Properties
  • C. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings
  • D. From the Subscriptions blade, select the subscription, and then modify the Properties

Correct Answer: D 
Scenario:
✑ Designate a new user named Admin1 as the service admin for the Azure subscription.
✑ Admin1 must receive email alerts regarding service outages.
Follow these steps to change the Service Administrator in the Azure portal.
1. Make sure your scenario is supported by checking the limitations for changing the Service Administrator.
2. Sign in to the Azure portal as the Account Administrator.
3. Open Cost Management + Billing and select a subscription.
4. In the left navigation, click Properties.
5. Click Service Admin.
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/classic-administrators

Question 3.You need to implement a backup solution for App1 after the application is moved. What should you create first?

  • A. a recovery plan
  • B. an Azure Backup Server
  • C. a backup policy
  • D. a Recovery Services vault

Correct Answer: D 
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.

Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.

Reference: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal 

Question 4.

You need to move the blueprint files to Azure.
What should you do?

  • A. Generate an access key. Map a drive, and then copy the files by using File Explorer.
  • B. Use Azure Storage Explorer to copy the files.
  • C. Use the Azure Import/Export service.
  • D. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

Correct Answer: B 
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage.
Technical Requirements include: Copy the blueprint files to Azure over the Internet.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-using-azure-storage-explorer

Question 5.HOTSPOT –
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 

Box 1: Yes –
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.

Box 2: No –
Box 3: No

Question 6. HOTSPOT –
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 

This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.

Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
✑ A SQL database
✑ A web front end
✑ A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
✑ Move all the virtual machines for App1 to Azure.
✑ Minimize the number of open ports between the App1 tiers.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server

Question 7.You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?

  • A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  • B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  • C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  • D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Correct Answer: A 
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
✑ A SQL database
✑ A web front end
✑ A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Related Question

NO COMMENTS

© 2019 Cloud Tech