AZ-104: Microsoft Azure Administrator
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
Proximity2 only
Proximity1, Proximity2, and Proximity3
Proximity1 only
Proximity1 and Proximity3 only
Answer is Proximity2 only
Placement Groups is a capability to achieve co-location of your Azure Infrastructure as a Service (IaaS) resources and low network latency among them, for improved application performance.
Azure proximity placement groups represent a new logical grouping capability for your Azure Virtual Machines, which in turn is used as a deployment constraint when selecting where to place your virtual machines. In fact, when you assign your virtual machines to a proximity placement group, the virtual machines are placed in the same data center, resulting in lower and deterministic latency for your applications.
The VMSS should share the same region, even it should be the same zone as proximity groups are located in the same data center. Accordingly, it should be proximity 2 only.
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups
You have the App Service plan shown in the following exhibit.
The scale-in settings for the App Service plan are configured as shown in the following exhibit.
The scale out rule is configured with the same duration and cool down tile as the scale in rule.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Box 1: 2
70% for 1h, and then 90% for 5 minutes. So, from the default of 1 it will scale out out 1 more. So, 2 in total.
Box 2: 4
90% for 1h and then 25% for 9minutes. So, from the default of 1 it will it scale in to the max 5 (60/5 = 12, which means 6 times scale out, because we have 5 minutes period of cool down). Then when it drops to 25% for 9 minutes and it will scale in once after 5 mins (since the average of the last 5 minutes is under 30% ), so it will decrease by 1, so 4 in total. Then it will have a cooldown of 5 minutes before scaling in again, but since only 4 minutes left from 9 minutes (9-5 = 4), it won't scale in again. So, 4 in total.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-autoscale-performance-schedule
https://docs.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-understanding-settings
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:
- Operating system: Windows Server 2016
- Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Box 1: 4
If you resize the Scale Set all the VMs get resized at once, thus 4 is the correct answer.
Box 2: 1
Automatic OS updates update 20% of the VMs at once, with a minimum of 1 VM instance at a time. Also 20% of 4 = 0.8.
Reference:
https://docs.microsoft.com/en-us/learn/modules/build-app-with-scale-sets/2-features-benefits-virtual-machine-scale-sets
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scale-set
You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.
Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
Create a new management group and delegate User1 as the owner of the new management group.
Answer is Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
Each directory is given a single top-level management group called the "Root" management group. This root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level. The Azure AD Global Administrator needs to elevate themselves to the User Access Administrator role of this root group initially.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
You have an Azure File sync group that has the endpoints shown in the following table.
Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
On which endpoints will File1 and File2 be available within 24 hours of adding the files?
File1: Endpoint1 only
It is a cloud endpoint, and it is scanned by the detection job every 24 hours.
File2: Endpoint1, Endpoint2 and Endpoint3
With the on-premises servers the file is scanned and synced automatically after it's being added.
Note: They changed the question in Exam from "within 24 hours" to "after 24 hours".
So, the new answer is:
File1: Endpoint1, Endpoint2 and Endpoint3
File2: Endpoint1, Endpoint2 and Endpoint3
Reference:
https://docs.microsoft.com/en-us/learn/modules/extend-share-capacity-with-azure-file-sync/2-what-azure-file-sync
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is backed up to RSV1.
You need to back up VM2 to RSV2.
What should you do first?
From the RSV1 blade, click Backup items and stop the VM2 backup
From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup
From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault
From the RSV1 blade, click Backup Jobs and export the VM2 job
Answer is From the RSV1 blade, click Backup items and stop the VM2 backup
VMs can only be backed up in a single Recovery Services Vault. You have to stop the VM2 backup from the RSV1 first. Otherwise you won't able find the VM2 in RSV2.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-move-recovery-services-vault#must-preserve-previous-backed-up-data
https://docs.microsoft.com/en-in/azure/backup/backup-azure-vms-first-look-arm
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
an Azure Key Vault and an access policy
an Azure Storage account and an access policy
a Recovery Services vault and a backup policy
Azure Active Directory (AD) Identity Protection and an Azure policy
Answer is an Azure Key Vault and an access policy
"adminPassword": {
"reference": {
"keyVault": {
"id": "GEN-KEYVAULT-RESOURCE-ID"
},
"secretName": "GEN-KEYVAULT-PASSWORD-SECRET-NAME"
}
}
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.
Reference:
https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
Associate NIC1 to ASG1
Modify the properties of ASG1
Modify the properties of NSG1
Answer is Associate NIC1 to ASG1
Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses. The platform handles the complexity of explicit IP addresses and multiple rule sets, allowing you to focus on your business logic.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups
https://tutorialsdojo.com/network-security-group-nsg-vs-application-security-group
You recently created a new Azure subscription that contains a user named Admin1.
Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template.
Admin1 deploys the template by using Azure PowerShell and receives the following error message: "User failed validation to purchase resources.
Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time."
You need to ensure that Admin1 can deploy the Marketplace resource successfully.
What should you do?
From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet
From the Azure portal, register the Microsoft.Marketplace resource provider
From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet
From the Azure portal, assign the Billing administrator role to Admin1
Answer is From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet
You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager.
Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.
What should you do first?
Create an automation runbook
Deploy a function app
Deploy the IT Service Management Connector (ITSM)
Create a notification
Answer is Deploy the IT Service Management Connector (ITSM)
The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service, such as the Microsoft System Center Service Manager.
With ITSMC, you can create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts).
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview