Microsoft AZ-104 Practice Test - Questions Answers, Page 14
List of questions
Question 131
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com.
You configure 60 users to connect to mailboxes in Microsoft Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes.
What should you do?
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Question 132
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.
You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to identify which objects are synced to Azure AD.
Which objects should you identify?
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization
Question 133
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
Explanation:
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
Question 134
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
Explanation:
With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-credentials command. When a user then interacts with the AKS cluster with kubectl, they're prompted to sign in with their Azure AD credentials. This approach provides a single source for user account management and password credentials. The user can only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation. From inside of the Kubernetes cluster, Webhook Token
Authentication is used to verify authentication tokens. Webhook token authentication is configured and managed as part of the AKS cluster.
Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://docs.microsoft.com/en-us/azure/aks/concepts-identity
Topic 6, Misc. Questions Set B
Question 135
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table:
User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
In the Users section, specify the users that the access review applies to. Access reviews can be for the members of a group or for users who were assigned to an application. You can further scope the access review to review only the guest users who are members (or assigned to the application), rather than reviewing all the users who are members or who have access to the application.
Present Use Case:
Group2 is a member of Group1 and User3 is the owner of Group1 So User3 can review both Group 1 and 2.
But for review the scope says only Guest.
Solution:
User1 is a member not a guest so 1st statement ==> NO
UserA is member not the guest so 2nd statement ==> No
UserB is a guest so 3rd statement ==> Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
Question 136
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
HOTSPOT
You have the Azure management groups shown in the following table.
You add Azure subscriptions to the management groups as shown in the following table.
You create the Azure policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: No
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: No
Box 3: Yes
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#movingmanagement-groups-and-subscriptions
Question 137
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?
Explanation:
To search a term in a specific table, add in (table-name) just after the search operator
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-queries
Question 138
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
Explanation:
When deploying a virtual machine from a template, you must specify: the Resource Group name and location for the VM the administrator username and password an unique DNS name for the public IP
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template
Question 139
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.
VM1 is backed up daily by Azure Backup without using the Azure Backup agent.
VM1 is affected by ransomware that encrypts data.
You need to restore the latest backup of VM1.
To which location can you restore the backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1 : VM1 and VM2 only
When recovering files, you can't restore files to a previous or future operating system version.You can restore files from a VM to the same server operating system, or to the compatible client operating system. Therefore -"VM1 and VM2 only" is the best answer since both run on Windows Server 2016.
"A new Azure virtual machine only" ,this will also work but why to create unnecessary new VM in
Azure if existing VM will do the task. So this option is incorrect.
Box 2 : VM1 or A new Azure virtual machine only
When restoring a VM, you can't use the replace existing VM option for encrypted VMs. This option is only supported for unencrypted managed disks. And also You can restore files from a VM to the same server operating system, or to the compatible client operating system only. Hence "VM1 or A new
Azure virtual machine only" is correct answer.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm#systemrequirements
Question 140
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an Azure subscription that has a Recovery Services vault named Vault1. The subscription contains the virtual machines shown in the following table.
You plan to schedule backups to occur every night at 23:00.
Which virtual machines can you back up by using Azure Backup?
Explanation:
Azure Backup supports backup of 64-bit Windows server operating system from Windows Server 2008.
Azure Backup supports backup of 64-bit Windows 10 operating system.
Azure Backup supports backup of 64-bit Ubuntu Server operating system from Ubuntu 12.04.
Azure Backup supports backup of VM that are shutdown or offline.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-support-matrix-iaas
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/endorsed-distros
Question