Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ104 > Mall Academy AZ-104 Azure Administrator Practice Exam #4 > Flashcards

Mall Academy AZ-104 Azure Administrator Practice Exam #4 Flashcards

1
Q

Conditional access is a feature of Azure AD which allows administrators to control access to cloud applications through additional checks such as user location, the device the user is accessing the cloud app from, and more.

A. True
B. False

A

A. True

Explanation:
Conditional access is a feature of Azure AD which allows administrators to control access to cloud applications through additional checks such as user location, the device the user is accessing the cloud app from, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A resource group template is a JSON file that allows you to declaratively describe a set of resources. These resources can then be added to a new or existing resource group. For example, a template can contain the configuration necessary to create two API App instances, a Mobile App instance, and a Document DB instance.

A. True
B. False

A

A. True

Explanation:
A resource group template is a JSON file that allows you to declaratively describe a set of resources. These resources can then be added to a new or existing resource group. For example, a template can contain the configuration necessary to create two API App instances, a Mobile App instance, and a Document DB instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Alternatively, virtual networks can be connected using a VNet-to-VNet VPN connection.

A. False
B. True

A

B. True

Explanation:
Alternatively, virtual networks can be connected using a VNet-to-VNet VPN connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have the Azure virtual machines shown in the following table.

You have a Recovery Services vault that protects VM1 and VM2.

You need to protect VM3 and VM4 by using Recovery Services.

What should you do first?

A. Create a new backup policy
B. Create a storage account
C. Create a new Recovery Services vault
D. Configure the extensions for VM3 and VM4

A

C. Create a new Recovery Services vault

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data.

The data is typically copies of data, or configuration information for virtual machines(VMs), workloads, servers, or workstations.

You can use Recovery Services vaults to hold backup data for various Azure Services.

References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Downstream Windows clients can be managed through Azure AD using Azure AD hybrid join.

A. False
B. True

A

B. True

Explanation:
Downstream Windows clients can be managed through Azure AD using Azure AD hybrid join.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1.

You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

A. The Azure File Sync Storage Sync Service
B. Azure Data Lake Store
C. Azure Blob Storage
D. A virtual machine

A

C. Azure Blob Storage

Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.

The maximum size of an Azure Files Resource of a file share is 5 TB.

Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Storage accounts must specify a replication mode. The options are locally redundant,

zone-redundant, geo-redundant, read-access geo-redundant storage, geo zoneredundant,

and read-access geo zone-redundant.

A. FALSE
B. True

A

B. True

Explanation:
Storage accounts must specify a replication mode. The options are locally redundant,

zone-redundant, geo-redundant, read-access geo-redundant storage, geo zoneredundant,

and read-access geo zone-redundant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A template allows you to configure multiple resources simultaneously and use variables/parameters/functions to create dependencies between resources.

A. False
B. True

A

A. True

Explanation:
A template allows you to configure multiple resources simultaneously and use variables/parameters/functions to create dependencies between resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Azure Log Analytics can consolidate machine data from on-premises and cloud-based workloads and this data is indexed and categorized for quick searching. Data can be collected only from Windows machines.

A. False
B. True

A

A. False

Explanation:
Azure Log Analytics can consolidate machine data from on-premises and cloud-based workloads and this data is indexed and categorized for quick searching. Data can be collected from both Windows and Linux machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Both global VNet peering and VNet-to-VNet VPN connections route traffic between Azure regions , not _____________________.

A. over private networks
B. over the public internet
C. over the Microsoft backbone network

A

B. over the public internet

Explanation:
Both global VNet peering and VNet-to-VNet VPN connections route traffic between Azure regions over the Microsoft backbone network, not the public Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Azure AD supports hybrid identity scenarios with _________________.

A. Azure AD Identity Protection
B. Azure Express Route
C. Azure AD Connect

A

C. Azure AD Connect

Explanation:
Azure AD supports hybrid identity scenarios with Azure AD Connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Self-service password reset can be combined with the password writeback features of Azure AD Connect to allow users to reset their passwords from the cloud while adhering to on-premises password standards.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Self-service password reset can be combined with the password writeback features of Azure AD Connect to allow users to reset their passwords from the cloud while adhering to on-premises password standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DNS zones in Azure DNS must be delegated from the parent domain. This is achieved

by setting up appropriate NS records in the parent domain, pointing to the name

servers assigned by Azure DNS.

A. False
B. True

A

B. True

Explanation:
DNS zones in Azure DNS must be delegated from the parent domain. This is achieved

by setting up appropriate NS records in the parent domain, pointing to the name

servers assigned by Azure DNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ExpressRoute provides Microsoft Peering (connectivity to Azure PaaS endpoints, and other Microsoft services) or Private Peering (connectivity to Azure virtual networks). The former uses Internet address and the latter uses Intranet addresses. Azure Public Peering, for Azure PaaS services only, is deprecated for new ExpressRoute circuits.

A. False
B. True

A

B. True

Explanation:
ExpressRoute provides Microsoft Peering (connectivity to Azure PaaS endpoints, and other Microsoft services) or Private Peering (connectivity to Azure virtual networks). The former uses Internet address and the latter uses Intranet addresses. Azure Public Peering, for Azure PaaS services only, is deprecated for new ExpressRoute circuits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To achieve a VPN connection or enable MFA we should set up appropriate NS records in the parent domain, pointing to the name servers assigned by Azure DNS.

A. True
B. False

A

B. False

Explanation:
If it’s to achieve a VPN connection or enable MFA, then this is False. But if it’s to enable a custom domain to be used by Azure DNS, its True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A template can simplify orchestration because you only need to deploy the template to deploy all of your resources.

A. False
B. True

A

B. True

Explanation:
A template can simplify orchestration because you only need to deploy the template to deploy all of your resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

ExpressRoute circuits provide different levels of bandwidth, from 50Mbps to 10Gbps. They don’t provide redundant connections.

A. False
B. True

A

A. False

Explanation:
ExpressRoute circuits provide different levels of bandwidth, from 50Mbps to 10Gbps. They also provide redundant connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Blob storage supports …… types of blobs, and …… access tiers.

A. 1
B. 3
C. 4
D. 2

A

B. 3

Explanation:
Blob storage supports three types of blobs (block, page and append blobs), and three access tiers (hot, cool, and archive).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Each network security group includes a list of default rules, which can be overridden using user-defined rules. Rules are applied in priority order (processing stops at the first rule matching the traffic in question).

A. True
B. False

A

A. True

Explanation:
Each Network Security Groups includes a list of default rules, which can be overridden using user-defined rules. Rules are applied in priority order (processing stops at the first rule matching the traffic in question).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A VPN gateway can be shared by peered VNets. The peering connections must enable the settings to Use Remote Gateway (on the peering towards the gateway) and Allow Gateway Transit (on the peering from the gateway).

A. True
B. False

A

A. True

Explanation:
A VPN gateway can be shared by peered VNets. The peering connections must enable the settings to Use Remote Gateway (on the peering towards the gateway) and Allow Gateway Transit (on the peering from the gateway).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Many advanced features of Azure AD require Azure AD Premium P1 or Azure AD Premium P2 licenses. When considering Azure AD features, administrators need to be aware of the licensing boundaries.

A. True
B. False

A

A. True

Explanation:
Many advanced features of Azure AD require Azure AD Premium P1 or Azure AD Premium P2 licenses. When considering Azure AD features, administrators need to be aware of the licensing boundaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Using VNet peering to provide access to a central VNet containing shared services, such as Active Directory domain controllers, is known as _________________.

A. Service Queue
B. Service Chaining
C. Service Hub
D. Service List

A

B. Service Chaining

Explanation:
Using VNet peering to provide access to a central VNet containing shared services, such as Active Directory domain controllers, is known as service chaining.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Windows 10 can be added to Azure AD as a device to be managed, enabling BYOD or corporate cloud only deployments with Azure AD Join.

A. True
B. False

A

A. True

Explanation:
Windows 10 can be added to Azure AD as a device to be managed, enabling BYOD or corporate cloud only deployments with Azure AD Join.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The Premium tier

A. Magnetic Disks and Supports all services
B. Solid state disks and is only used for unmanaged VM disks

A

B. Solid state disks and is only used for unmanaged VM disks

Explanation:
The Standard performance tier uses magnetic disks and supports all services. The Premium tier uses solid-state disks and is only used for unmanaged VM disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Users and groups can be created through the Azure Portal, Azure PowerShell, the Azure CLI, and the Graph API.

A. False
B. True

A

B. True

Explanation:
Users and groups can be created through the Azure Portal, Azure PowerShell, the Azure CLI, and the Graph API.

26
Q

DNS records at the zone apex use the record name @. You cannot create records with the CNAME record type at the zone apex.

A. False
B. True

A

B. True

Explanation:
DNS records at the zone apex use the record name @. You cannot create records with the CNAME record type at the zone apex.

27
Q

DNS records in Azure DNS are managed using record sets, which are the collection of records with the same name and the same type.

A. True
B. False

A

A. True

Explanation:
DNS records in Azure DNS are managed using record sets, which are the collection of records with the same name and the same type.

28
Q

Users and groups can be managed in bulk with tools like _________.

A. Athe Graph API
B. Azure CLI
C. Azure Portal
D. Azure PowerShell

A

D. Azure PowerShell

Explanation:
Users and groups can be managed in bulk with tools like PowerShell.

29
Q

Azure AD supports federated logins and single-sign on. When federated identity is not required, Azure AD also single sign-on with both password hash synchronization and pass-through authentication.

A. False
B. True

A

B. True

Explanation:
Azure AD supports federated logins and single-sign on. When federated identity is not required, Azure AD also single sign-on with both password hash synchronization and pass-through authentication.

30
Q

Azure AD Join enables administrators to manage device identity independently of users. For example, dynamic security groups can be created based on device attributes and then conditional access policies could be applied to those groups.

A. False
B. True

A

B. True

Explanation:
Azure AD Join enables administrators to manage device identity independently of users. For example, dynamic security groups can be created based on device attributes and then conditional access policies could be applied to those groups.

31
Q

The size of the VPN gateway should be chosen based on the throughput required.

A. False
B. True

A

B. True

Explanation:
The size of the VPN gateway should be chosen based on the throughput required.

32
Q

Source and destination IP address ranges in Network Security Groups rules can be specified explicitly using CIDR ranges.

A. True
B. False

A

A. True

Explanation:
Source and destination IP address ranges in Network Security Groups rules can be specified explicitly using CIDR ranges.

33
Q

ExpressRoute circuits are connected to an Azure virtual network using an ExpressRoute gateway (a virtual network gateway of type ExpressRoute).

A. False
B. True

A

B. True

Explanation:
ExpressRoute circuits are connected to an Azure virtual network using an ExpressRoute gateway (a virtual network gateway of type ExpressRoute).

34
Q

Network security groups can be applied at the ___________________.

A. none of the other options\
B. in individual VM network interfaces
C. subnet level

A

B. in individual VM network interfaces
C. subnet level

Explanation:
Network Security Groupss can be applied at the subnet level, or on individual VM network interfaces.

35
Q

The GatewaySubnet is a special subnet that is only used for virtual network gateways.

A. False
B. True

A

B. True

Explanation
The GatewaySubnet is a special subnet that is only used for virtual network gateways.

36
Q

A common approach is to use a hub and spoke network architecture, in which separate spoke VNets are used by each application, peered to a hub VNet containing a network virtual appliance (NVA). The peering connections must enable Allow Forwarded Traffic.

A. False
B. True

A

B. True

Explanation;
A common approach is to use a hub and spoke network architecture, in which separate spoke VNets are used by each application, peered to a hub VNet containing a network virtual appliance (NVA). The peering connections must enable Allow Forwarded Traffic.

37
Q

Alternatively, a customer can implement their own DNS servers, which can be configured either at the VNet or the network interface level.

A. True
B. False

A

A. True

Explanation:
Alternatively, a customer can implement their own DNS servers, which can be configured either at the VNet or the network interface level.

38
Q

Network security groups are used to create firewall rules to control network flows.

A. True
B. False

A

A. True

Explanation:
Network security groups are used to create firewall rules to control network flows.

39
Q

You can configure alerts based on metric alerts (captured from Azure Metrics) to Activity Log alerts that can notify only with an Azure Automation Runbook (and not by email).

A. False
B. True

A

A. False

Explanation:
You can configure alerts based on metric alerts (captured from Azure Metrics) to Activity Log alerts that can notify by email, web hook, SMS, Logic Apps, or even an Azure Automation Runbook.

40
Q

Azure Monitor is a single-pane of glass for accessing Azure metrics, tenant and resource diagnostic logs, Log Analytics, service health, and alerts.

A. True
B. False

A

A. True

Explanation:
Azure Monitor is a single-pane of glass for accessing Azure metrics, tenant and resource diagnostic logs, Log Analytics, service health, and alerts.

41
Q

A resource is simply a single service instance in Azure. Most services in Azure can be represented as a resource. For example, a Web App instance is a resource. An App Service Plan is also a resource. Even a SQL Database instance is a resource.

A. False
B. True

A

B. True

Explanation:
A resource is simply a single service instance in Azure. Most services in Azure can be represented as a resource. For example, a Web App instance is a resource. An App Service Plan is also a resource. Even a SQL Database instance is a resource.

42
Q

A virtual network gateway can be used to create VPN connections between virtual networks and is then called a ____________________.

A. VPN Gateway
B. VPN Router
C. VPN Hub
D. VPN Broadcast

A

A. VPN Gateway

Explanation:
A virtual network gateway can be used to create VPN connections between virtual networks (and is then called a VPN gateway).

43
Q

Azure DNS Alias records allow DNS records to reference other Azure resources, such as a _____________.

A. private IP address
B. public IP address

A

B. public IP address

Explanation:
Azure DNS Alias records allow DNS records to reference other Azure resources, such as a public IP address.

44
Q

Azure AD Identity Protection enables administrators to configuration Azure AD tenant-wide policies for ____________________.

A. user risk
B. MFA
C. sign in risk

A

A. user risk
B. MFA
C. sign in risk

Explanation:
Azure AD Identity Protection enables administrators to configuration Azure AD tenant-wide policies for multi-factor authentication, sign-in risk, and user risk.

45
Q

Azure DNS supports only public DNS zones, which can be used to enable VM-to-VM DNS lookups.

A. True
B. False

A

B. False

Explanation:
Azure DNS also supports private DNS zones, which can also be used to enable VM-to-VM DNS lookups.

46
Q

You have an Azure subscription that contains the resources in the following table.

Store1 contains a file share named Data. Data contains 5,000 files.

You need to synchronize the files in the file share named Data to an on-premises server named Server1.

Which three actions should you perform?

Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Install the Azure File Sync agent on Server1
B. Register Server1
C. Create a container instance
D. Download an automation script
E. Create a sync group

A

A. Install the Azure File Sync agent on Server1
B. Register Server1
E. Create a sync group

Explanation:
Step 1: Install the Azure File Sync agent on Server1

The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share

Step 2: Register Server1

Register Windows Server with Storage Sync Service

Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.

Step 3: Create a sync group and a cloud endpoint.

A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

47
Q

By default, ExpressRoute provides connectivity to all Microsoft datacenters in a given geopolitical region. The ExpressRoute Premium Add-On extends coverage to all datacenters, globally. It also increases the number of private peering routes and the number of virtual networks, which can be connected to a circuit.

A. FALSE
B. True

A

B. True

Explanation:
By default, ExpressRoute provides connectivity to all Microsoft datacenters in a given geopolitical region. The ExpressRoute Premium Add-On extends coverage to all datacenters, globally. It also increases the number of private peering routes and the number of virtual networks, which can be connected to a circuit.

48
Q

Azure-provided DNS, also known as Azure Private DNS, provides VM-to-VM DNS lookups within a virtual network.

A. False
B. True

A

B. True

Explanation:
Azure-provided DNS, also known as Azure Private DNS, provides VM-to-VM DNS lookups within a virtual network.

49
Q

Azure Log Analytics has many management solutions that help administrators gain value out of complex machine data. These solutions contain pre-built visualizations and queries that help surface insights quickly.

A. False
B. True

A

B. True

Explanation:
Azure Log Analytics has many management solutions that help administrators gain value out of complex machine data. These solutions contain pre-built visualizations and queries that help surface insights quickly.

50
Q

A resource group are multiple resources in one group, not necessary a logical grouping.

A. False
B. True

A

A. False

Explanation:
A resource group is a logical grouping of resources. For example, a Resource Group where you deploy a VM compute instance may be composed of a Network Interface Card (NIC), a Virtual Machine, a Virtual Network, and a Public IP Address.

51
Q

Multiple Azure AD tenants can be created and managed through Azure. This includes creating new directories and deleting existing directories.

A. True
B. False

A

A. True

Explanation:
Multiple Azure AD tenants can be created and managed through Azure. This includes creating new directories and deleting existing directories.

52
Q

You can create resources only from the Azure Resource Manager templates.

A. False
B. True

A

A. False

Explanation:
You can create resources from the portal, PowerShell, the CLI tools, and Azure Resource Manager templates. You should understand when to use which tool and how to configure the resource during provisioning and after provisioning.

53
Q

An ExpressRoute connection provides connectivity between an on premises network an Azure virtual network, using a dedicated connection from a connectivity provider.

A. False
B. True

A

B. True

Explanation:
An ExpressRoute connection provides connectivity between an on premises network an Azure virtual network, using a dedicated connection from a connectivity provider.

54
Q

DNS zone files are a standard format used to transfer DNS records between DNS systems. DNS zone files can only be imported into or exported from Azure DNS by using the Azure CLI.

A. True
B. False

A

A. True

Explanation:
DNS zone files are a standard format used to transfer DNS records between DNS systems. DNS zone files can only be imported into or exported from Azure DNS by using the Azure CLI.

55
Q

Azure storage accounts provide ___________________ .

A. blobs
B. tables
C. files
D. queues

A

A. blobs
B. tables
C. files
D. queues

Explanation:
Azure storage accounts provide 4 separate services: blobs, tables, queues and files. Understand the usage scenarios of each service.

56
Q

Queries in Log Analytics can be saved for quick access and visualized and shared using Azure Dashboards. To analyze data outside of Log Analytics you can export the data to Excel and Power BI.

A. False
B. True

A

B. True

Explanation:
Queries in Log Analytics can be saved for quick access and visualized and shared using Azure Dashboards. To analyze data outside of Log Analytics you can export the data to Excel and Power BI.

57
Q

Custom domains cannot be added to Azure AD, such as contoso.com.

A. True
B. False

A

B. False

Explanation:
Custom domains can be added to Azure AD, such as contoso.com, but there is always a default onmicrosoft.com

58
Q

Enterprise State Roaming allows Windows 10 clients to synchronize settings and application data securely across multiple corporate devices.

A. False
B. True

A

B. True

Explanation:
Enterprise State Roaming allows Windows 10 clients to synchronize settings and application data securely across multiple corporate devices.

59
Q

Azure DNS provides an authoritative DNS service for hosting Internet-facing domains.

A. False
B. True

A

B. True

Explanation:
Azure DNS provides an authoritative DNS service for hosting Internet-facing domains.

60
Q

You can connect to ExpressRoute either via your co-location facility provider, via a point-to-point ethernet connection, or by extending your IPVPN WAN.

A. True
B. False

A

A. True

Explanation:
You can connect to ExpressRoute either via your co-location facility provider, via a point-to-point ethernet connection, or by extending your IPVPN WAN.

AZ104 (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions