AZ-104: Microsoft Azure Administrator
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.
You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the attributes from Azure AD?
Box 1:User1 and User3 only
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.
Box 2: User1, User2, and User3
Usage location is an Azure property that can only be modified from Azure AD (for all users including Windows Server AD users synced via Azure AD Connect).
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.
Adatum.com has the following configurations:
- Users may join devices to Azure AD is set to User1.
- Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer1. User1 joins Computer1 to adatum.com.
You need to identify the local Administrator group membership on Computer1.
Which users are members of the local Administrators group?
User1 only
User2 only
User1 and User2 only
User1, User2, and User3 only
User1, User2, User3, and User4
Answer is User1 and User2 only
Users may join devices to Azure AD - This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All.
Additional local administrators on Azure AD joined devices - You can select the users that are granted local administrator rights on a device. Users added here are added to the Device Administrators role in Azure AD. Global administrators, here User2, in Azure AD and device owners are granted local administrator rights by default.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
You have an Azure subscription named Subscription1 that contains the following resource group:
- Name: RG1
- Region: West US
- Tag: tag1 - value1
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
- Exclusions: None
- Policy definition: Append a tag and its value to resources
- Assignment name: Policy1
- Parameters:
- Tag name: tag2
- Tag value: value2
After Policy1 is assigned, you create a storage account that has the following configuration:
Name: storage1
- Location: West US
- Resource group: RG1
- Tags: tag3 - value3
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area.
Tags applied to the resource group are not inherited by the resources in that resource group.
Definition of the "Append a tag and its value to resources" policy:
- Does not modify the tags of resources created before this policy was applied until those resources are changed.
- Does not apply to resource groups
Box 1: tag1: value1 only
Tags for RG will be tag1 value 1. This RG created before the Policy. Policy will not be applicable to previously created resources (RG), unless there’s a remediation task, which is not mentioned here.
Box 2: tag2: value2, and tag3: value3 only
Tag for the Storage Account will be tag2: value2 from the policy2 and tag3: value3 from itself. Tags of RG are not inherited.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table:
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
VM1
RG1
storage2
container1
Answer is RG1
View template from deployment history
1. Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.
3. The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template
You have an Azure subscription named AZPT1 that contains the resources shown in the following table:
You create a new Azure subscription named AZPT2.
You need to identify which resources can be moved to AZPT2.
Which resources should you identify?
VM1, storage1, VNET1, and VM1Managed only
VM1 and VM1Managed only
VM1, storage1, VNET1, VM1Managed, and RVAULT1
RVAULT1 only
Answer is VM1, storage1, VNET1, VM1Managed, and RVAULT1
You can move a VM and its associated resources to a different subscription by using the Azure portal.
You can now move an Azure Recovery Service (ASR) Vault to either a new resource group within the current subscription or to a new subscription.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?
The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.
The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.
The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.
The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
Answer is The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage
You have an Azure Active Directory (Azure AD) tenant that has the contoso.onmicrosoft.com domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence?
1. Add the custom domain name to your directory
2. Add a DNS entry for the domain name at the domain name registrar
3. Verify the custom domain name in Azure AD
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
You have an Azure subscription that contains the resources in the following table.
Store1 contains a file share named data. Data contains 5,000 files.
You need to synchronize the files in the file share named data to an on-premises server named Server1.
Which three actions should you perform?
Create a container instance
Register Server1
Install the Azure File Sync agent on Server1
Download an automation script
Create a sync group
Step 1 (C): Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (B): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (E): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
You have an Azure subscription that contains a web app named webapp1.
You need to add a custom domain named www.contoso.com to webapp1.
What should you do first?
Create a DNS record
Add a connection string
Upload a certificate
Stop webapp1
Answer is Create a DNS record
You can use either a CNAME record or an A record to map a custom DNS name to App Service.
You should use CNAME records for all custom DNS names except root domains (for example, contoso.com). For root domains, use A records.
Reference:
https://docs.microsoft.com/en-us/Azure/app-service/app-service-web-tutorial-custom-domain
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Box 1: can connect to the container from any device.
As public IP is mentioned, Port 80 TCP Public. The osType mentioned is for the container group definition, where it can be Windows or Linux. It is not related to the device access.
Box 2: the container will restart automatically
Mentioned clearly in restartPolicy, which is OnFailure.
When you create a container group in Azure Container Instances, you can specify one of three restart policy settings:
Always - Containers in the container group are always restarted. This is the default setting applied when no restart policy is specified at container creation.
Never - Containers in the container group are never restarted. The containers run at most once.
OnFailure - Containers in the container group are restarted only when the process executed in the container fails (when it terminates with a nonzero exit code). The containers are run at least once.
Reference:
https://docs.microsoft.com/en-in/azure/container-instances/container-instances-region-availability