AZ-104: Microsoft Azure Administrator
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?
From the Recovery Service vault, delete the backup data.
Modify the disaster recovery properties of each virtual machine.
Modify the locks of each virtual machine.
From the Recovery Service vault, stop the backup of each backup item.
Answer is From the Recovery Service vault, stop the backup of each backup item.
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
You have an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to configure cluster autoscaler for AKS1.
Which two tools should you use?
the kubectl command
the az aks command
the Set-AzVm cmdlet
the Azure portal
the Set-AzAks cmdlet
Answer is B & D
We need to configure autoscaler for the AKS cluster. We do not want to scale Kubernetes pods, so kubectl command is not needed.
A: kubectl command is used for configuring Kubernetes and not AKS cluster.
B: The az aks command is used for the AKS cluster configuration.
C: Set-AzVm cmdlet is used for VMs.
D: Azure portal, under node pools, press scale, then choose auto scale.
E: Set-AzAks, creates or updates an AKS cluster, the correct cmdlet is Set-AzAksCluster.
AKS clusters can scale in one of two ways:
- The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes.
- The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand.
Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
operating system
administrator username
virtual machine size
resource group
Answer is resource group
When you create a template, you may parameterize some values, like admin username, but you don't have to. The RG is impossible to put in a template, therefore you must specify this at deployment.
Creating an Azure virtual machine usually includes two steps:
- Create a resource group. An Azure resource group is a logical container into which Azure resources are deployed and managed. A resource group must be created before a virtual machine.
- Create a virtual machine.
When deploying a virtual machine from a template, you must specify:
- the Resource Group name and location for the VM
- the administrator username and password
- an unique DNS name for the public IP
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-create-templates-use-the-portal
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
the Publish-AzVMDscConfiguration cmdlet
Azure Application Insights
Azure Custom Script Extension
the New-AzConfigurationAssignement cmdlet
Answer is Azure Custom Script Extension
Note: There are several versions of this question in the exam. The question has two correct answers:
1. a Desired State Configuration (DSC) extension
2. Azure Custom Script Extension
The question can have other incorrect answer options, including the following:
- the Publish-AzVMDscConfiguration cmdlet
- Azure Application Insights
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
https://docs.microsoft.com/en-us/samples/mspnp/samples/azure-well-architected-framework-sample-state-configuration
https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration
You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1?
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. The location of the RG doesn't influence the choice of the location of VM. best practice would be to create the VM1 in the RG1 because the scale set is in RG1. And Microsoft recommends that resources contained in a Resource Group share the same resource lifecycle.
Box 2: West US only
You can add the virtual machine to a scale set in the same region, zone, and resource group.
Note: Virtual machine scale sets will support 2 distinct orchestration modes:
ScaleSetVM Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle - creation, update, deletion - is managed by the scale set.
VM (virtual machines) Virtual machines created outside of the scale set can be explicitly added to the scaleset.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the resources shown in the following table.
You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify?
Box 1: IP1, VNET2, and storage1
Box 2: IP2, VNET2, and storage2
Locks are designed for any update or removal. In this case we want to move only, we are not deleting, and we are not changing anything in the resource.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources
You have an Azure subscription that contains the resources shown in the following table:
You assign a policy to RG6 as shown in the following table:
To RG6, you apply the tag: RGroup: RG6.
You deploy a virtual network named VNET2 to RG6.
Which tags apply to VNET1 and VNET2?
Box 1: Department: D1 only
The Policy only affects resources that are created after the policy is enabled. There is a remediation option that can be used for resources created before the Policy applied. Nothing mentioned about remediation task in this in the question. VNET1 will have its original tag.
Box 2: Label: Value1 only
Tags are not inherited, so VNET2 will have the tag from the Policy.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
- Reader
- Security Admin
Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
Assign User1 the Owner role for VNet1.
Remove User1 from the Security Reader and Reader roles for Subscription1.
Assign User1 the Network Contributor role for RG1.
Answer is Assign User1 the Owner role for VNet1.
Owner role has full access to all resources including the right to delegate access to others.
Note: There are several versions of this question in the exam.
The question can have other incorrect answer options, including the following:
1. Name Server (NS)
2. Assign User1 the Contributor role for VNet1.
3. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
You have an Azure subscription that contains the resources in the following table.
To which subnets can you apply NSG1?
the subnets on VNet1 only
the subnets on VNet2 and VNet3 only
the subnets on VNet2 only
the subnets on VNet3 only
the subnets on VNet1, VNet2, and VNet3
Answer is the subnets on VNet3 only
You can assign NSG to the Subnet of the VNet in the same region where NSG is.
NSG1 is in East US and only VNet3 Subnets are in East US.
All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Box 1: add an address space
You can add and remove address ranges for a virtual network. An address range must be specified in CIDR notation and cannot overlap with other address ranges within the same virtual network. We need to add the 192.168.1.0/24 CIDR (192.168.1.0 - 192.168.1.255) to the address space.
Box 2: add a subnet
The default subnet range is 10.2.0.0 - 10.2.0.255 . So, if you want to add an IP address from 10.2.1.0/24 you need to add a new subnet. When you assign an IP address range to a vnet (in this case from 10.2.0.0 to 10.2.255.255) you are reserving that IP address range. So, 10.2.1.0 to 10.2.1.255 are not currently used. You must create another subnet to use them.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/designing-networking-for-microsoft-azure-iaas