AZ-104T00-A: Microsoft Azure Administrator Quiz Questions and Answers

Your organization has a security policy that prohibits exposing SSH ports to the outside world. You need to connect to an Azure Linux virtual machine to install the software. What should you do?

Answer :
  • Configure the Bastion service

Explanation :

The Azure Bastion service is a new fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP and SSH connectivity to your virtual machines directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address. Bastion provides secure RDP and SSH connectivity to all VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP and SSH ports to the outside world while still providing secure access using RDP and SSH. With Azure Bastion, you connect to the virtual machine directly from the Azure portal. You don't need an additional client, agent, or piece of software.

You sign up for Azure Active Directory (Azure AD) Premium. You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.

What should you configure in Azure AD?

Answer :
  • <p>&gt;Go to Azure AD blade &gt; Devices &gt; Device settings &gt; Add desired user admins</p>

Explanation :

When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device: The Azure AD global administrator role The Azure AD device administrator role The user performing the Azure AD join In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page: 1. Sign in to your Azure portal as a global administrator or device administrator. 2. On the left navbar, click Azure Active Directory. 3. In the Manage section, click Devices. 4. On the Devices page, click Device settings. 5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

You are planning your Azure network implementation to support your company's migration to Azure. Your first task is to prepare for the deployment of the first set of VMs. For these machines, consumers on the internet must be able to communicate directly with the web application on the VMs. Also, the IP configuration must be zone redundant. You should minimize costs, whenever possible, while still meeting the requirements. What should you do?

Answer :
  • Create a standard public IP address. During the creation of the first VM, associate the public IP address with the VM's NIC.

Explanation :

To meet the requirement of communicating directly with consumers on the internet, you must use a public IP address. To meet the requirement of having a zone redundant configuration, you must use a standard public IP address. Of the answer choices, only the answer that creates the standard public IP address first, then associates it during VM creation, functions and meets the requirements. You cannot configure a VM with only a public IP address. Instead, all VMs have a private IP address and can optionally have one or more public IP addresses.

You have an Azure subscription that contains 20 virtual machines. You need to be notified via SMS and email whenever any virtual machine is powered on or powered off. You need to ensure the minimum number of rules and action groups are defined. Which of the following would you define?

Answer :
  • One action group and one rule

Explanation :

You need to define 2 rules, one for the activity of powering on the machine and the other for powering off. You can just define one action group which can be used to send an SMS and email. When creating an alert rule, you will see that there is a restriction that only "1 activity log signal per alert rule " is allowed for one rule. Hence you need to create two alerts rules. Each rule can have the same action group.

In Azure Active Directory (Azure AD) the tenant is named contoso.onmicrosoft.com which contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features. What should you do?

Answer :
  • From the Licenses blade of Azure AD, assign a license

Explanation :

The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service, such as the Microsoft System Center Service Manager. With ITSMC, you can create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts). Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview

Your company has an Azure subscription which has a line-of-business application that runs on several Azure virtual machines. These machines run Windows Server 2016. From home, the users connect via Point-to-Site VPN connections. And from the customer sites, the users connect via Site-to-Site VPN connections. You have to ensure that the connections are spread across all of the virtual machines. Which of the following can be implemented for this requirement? Choose any 2 answers from the options given below.

Answer :
  • An Internal Load Balancer
  • An Azure Application Gateway

Explanation :

Here we can use an Internal Load Balancer to distribute the connections. You can also opt to use an Azure Application Gateway. Option A is incorrect since here the users connect privately using either Point-to-Site VPN connections or Site-to-Site VPN connections Option B is incorrect since this is a DNS load balancing service Option C is incorrect since this is used for global delivery of data

Your users want to sign in to devices, apps, and services from anywhere. They want to sign in using an organizational work or school account instead of a personal account. You must ensure corporate assets are protected and that devices meet standards for security and compliance. Specifically, you need to be able to enable or disable a device. What should you do?

Answer :
  • Join the device to Azure AD

Explanation :

Joining a device is an extension to registering a device. This means, it provides you with all the benefits of registering a device, like being able to enable or disable the device. In addition, it also changes the local state of a device. Changing the local state enables your users to sign-in to a device using an organizational work or school account instead of a personal account.

Your company financial comptroller wants to be notified whenever the company is halfway to spending the money allocated for cloud services. What should you do?

Answer :
  • Create a budget and a spending threshold.

Explanation :

Create a budget and a spending threshold. Billing Alerts help you monitor and manage billing activity for your Azure accounts. You can set up a total of five billing alerts per subscription, with a different threshold and up to two email recipients for each alert. Monthly budgets are evaluated against spending every four hours. Budgets reset automatically at the end of a period.