You can translate the content of this page by selecting a language in the select box.
Microsoft Azure Administrator Certification Questions and Answers Dumps – AZ 104
Microsoft Azure Administrator AZ 104 is one of the most popular Microsoft Azure Administrator certification exams. To pass this exam, you need to have a good understanding of Microsoft Azure and its various components. The best way to prepare for this exam is to use this Microsoft AZ 104 dumps. These dumps will help you to understand the Microsoft Azure platform and its various features. In addition, you will also get an idea about the types of questions that are asked in this exam. With the help of these dumps, you can easily pass the Microsoft AZ 104 exam.
Microsoft Certified: Azure Administrator Associate Average Salary — $125,993
Candidates for the Azure Administrator Associate certification should have subject matter expertise implementing, managing, and monitoring an organization’s Microsoft Azure environment.
Responsibilities for this role include implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, when needed.
AZ-104 Microsoft Azure Administrator Exam Breakdown:
Manage Azure identities and governance (15-20%),
Manage Azure AD objects,
Manage role-based access control (RBAC),
Manage subscriptions and governance,
Implement and manage storage (10-15%),
Manage storage accounts,
Manage data in Azure Storage,
Configure Azure files and Azure blob storage,
Deploy and manage Azure compute resources (25-30%),
Configure VMs for high availability and scalability,
Automate deployment and configuration of VMs,
Create and configure VMs,
Create and configure containers,
Create and configure Web Apps,
Configure and manage virtual networking (30-35%),
Implement and manage virtual networking,
Configure name resolution,
Secure access to virtual networks,
Configure load balancing,
Monitor and troubleshoot virtual networking,
Integrate an on-premises network with an Azure virtual network,
Monitor and back up Azure resources (10-15%),
Monitor resources by using Azure Monitor,
Implement backup and recovery,
Below are the top 50 Microsoft Azure Administrator Certification Questions and Answers Dumps.
Question 1: In our subscription, we have four different resource groups. They are RG1, RG2, RG3, RG4. RG2 has a Read-only lock at the resource group scope. RG3 has a Delete lock at the resource group scope. RG1 and RG4 do not have locks. We need to determine how we could move resources between resource groups during the lifecycle of these resources. Assuming all resources provisioned support moving between resource groups regardless of region. Which of the following statements are plausible?
A. We can move resources from RG1 to RG4.
B. We can move resources between any of these resource groups.
C. We can move resources from RG2 to RG4.
D. We can move resources from RG4 to RG3.
If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book below.
E. We can move resources from RG2 to RG3.
Azure Administrator Exam Prep App #Azure #AZ104 #AzureAdmnistrator #AzureDevOps #AzureAdmin #AzureTraining #AzureSysAdmin #AzureCloud #LearnAzure
Question 2: Your company has recently added a few new users to your Azure Active Directory. You have already added them to an active directory group, and now you have asked them to add their devices to the domain. When they add their devices, you have to ensure they are prompted to use a mobile phone to verify their identity. How do you configure this?
A. Require multi-factor authentication to join devices
B. Configure a point-to-site VPN
C. Enable Conditional Access
D. You must sign up for Azure AD Premium
Question 3: Under your Azure Subscription, you are trying to identify VMs that are underutilized in order to shutdown all VMs with CPU utilization under 5%. Which blade should you use?
A. Customer Insights
B. Advisor recommendations
We know you like your hobbies and especially coding, We do too, but you should find time to build the skills that’ll drive your career into Six Figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive. Start your cloud journey with these excellent books below:
Question4: You have just purchased the domain name arseemagroup.com from a third party registrar. Using your Azure Active Directory domain, you’d like to create new users with the suffix @arseemagroup.com. Which three things must you do?
A. Access the custom domain names blade from Azure AD
B. Create a MX or TXT record from arseemagroup.com DNS
C. Verify that you own the domain name
D. Access the App registrations blade from Azure AD
Question 5: You have two subscriptions named Subscription1 and Subscription2. You are logged into Azure using Azure PowerShell from Computer1. How can you identify which subscription you are currently viewing and then switch from one subscription to the other for the current session at Computer1.
A. Set-AzContext -SubscriptionName
Question 6: You have two subscriptions named Subscription1 and Subscription2. You are currently managing resources in Subscription1 from Computer1 that has the Azure CLI installed. You need to switch to Subscription2. Which command should you run?
A. az set account –subscription “Subscription2”
B. az account set –subscription “Subscription2”
C. az subscription set “Subscription2”
D. Select-AzureSubscription -SubscriptionName “Subscription2”
Question 7: You work at the IT help desk for Consilium Corporation. You have been getting an influx of calls into the help desk about resetting users’ passwords. They keep reporting that they can’t seem to figure out how to reset their password in order to gain access to their Customer Relationship Management (CRM) software. What do you do?
A. Ensure that the users who are having problems are within the correct AD group
B. Make sure you have Azure Active Directory Free
C. Make sure they have their verification device (mobile app or access to email)
D. Verify that self-service password reset is enabled in Azure Active Directory
Question 8: In this scenario, we are working for Cloud Chase Support. We our the active administrator, and we have been tasked with determining how to ensure we do not incur costs in either our Prod-Subscription and our Dev-Subscription for virtual machine resources. We have a CloudChase management group where both subscription nested. We decide to use Azure Policy to enforce compliance on Virtual Machines. Our Policy definition states that virtual machines are not an allowed resource type at the scope of our CloudChase management group. There are some existing virtual machines in our Prod-Subscription at the time this policy is created. After the enforcement of our new policy which of the below statements is true?
A. We cannot create virtual machines in any subscription under the scope of our management group and our existing virtual machines will be deallocated.
B. Virtual machines can be created in our Prod-Subscription if they are compliant.
C. Virtual machines can be created in our Dev-Subscription.
D. We cannot create virtual machines in any subscription under the scope of our management group.
Question 9: You recently signed up for Azure Active Directory Premium and need users to be able to reset their passwords if they are unable to login. What should you configure in Azure Active Directory?
A. Set “block sign-in” to off when creating the user
B. User password reset
C. User password change
D. Add user to sign-in group in Azure AD
Question 10: You have an Azure Pay-as-you-go Subscription named Subscription1. You have some concerns about cost for Subscription1, and you would like to spend less than $100.00 US per month on all resources in this subscription. If you spend more than $90.00 US, you would like to get an alert in the form of a text message. What should you do?
A. Shutdown VMs when you are not using them
B. Create an alert in Azure Monitor
C. Create a budget alert condition tied to an action group
D. Create a budget in the subscriptions blade
Question 11: We want to be provide an Azure AD B2B guest user the ability to manage all resources inside of our DevRG resource group. We want to give them these abilities over managing all resources inside of this resource group and nothing more. What role would we assign to the user to accomplish this goal? Assume we are assigning the role to the DevRG scope.
A. User Access Administrator
D. Global Admin
Question 12: You have just created a General-purpose V2 storage account in Azure. From a VM located in your on-prem environment, you’ve logged into your Azure subscription using the
Connect-AzConnect command from the PowerShell command line. Next, you need to retrieve the key, in order to access your storage account. Which PowerShell cmdlet will you use to retrieve the access key?
Question 13: You have been directed to copy all data from one storage account to another using the AzCopy tool. You need to report which storage services you can copy. Which of those services would it be?
A. Only Azure File Shares
B. Azure Queues and Blobs
C. Azure Blob and File Shares
D. Azure Table and File Shares
Question 14: You have a general purpose v1 storage account named
consiliumstore that has a private container named
container2. You need to allow read access to the data inside
container2, but only within a 14 day window. How do you accomplish this using the Azure Portal?
A. Upgrade the storage account to general purpose v2
B. Create a shared access signatures
C. Create a service SAS
D. Create a stored access policy
Question 15: You have an existing Microsoft Enterprise Agreement (EA) Subscription. You need to ship 34TB of data from an on-premise Windows 2016 server to your Azure storage account. You need to ensure that the data transfer has zero impact on the network, preserves your existing drives and is the fastest and most secure method. What should be your first step to starting the import job?
A. Open a ticket with Microsoft Support
B. Order an Azure Databox via the Azure Portal
C. Start an Import Job via the Azure Portal
D. Prepare your hard drives using the WAImportExport tool
Question 16: You have data in an AWS S3 Bucket named
myS3Bucket and you need to copy all of its contents to a container named
container1 in an Azure storage account named
companydata. Which command would be most efficient use of getting the data from the S3 bucket to the Azure storage container?
A. azcopy copy ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’ –recursive=true
B. aws s3 cp s3://mybucket/test.txt https://companydata.blob.core.windows.net/container1
C. azcopy blob copy ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’
D. azcopy copy sync ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’
Question 17: You have the following Azure Storage Accounts in your Subscription: stor1 (BlockBlobStorage) stor2 (FileStorage) stor3 (StorageV2) Which of these storage accounts can be converted to Read-Access Geo-Redundant Storage (RA-GRS) based on their storage account kind? Please select the most appropriate answer.
A. stor1 and stor2
D. stor1, stor2, and stor3
Question 18: You create an Azure storage account named
companystore with a publicly accessible container named
container1. You upload a file to
pic1.png. What will be the URL in order to access this blob?
Question 19: You have an Azure subscription named Subscription1. In Subscription1, you have an Azure virtual machine named VM1. Attached to VM1 are two network interface cards. You require a third network interface card with a network bandwidth above 1000 Mbps for your storage area network. What should you do?
A. Create an additional VM in the same subnet and connect to VM1 over the LAN
B. Create a new subnet with a sufficient number of available IP addresses
C. Create a new storage account to store data for VM1
D. Change the VM SKU to Standard_A4 or larger
Question 20: You are trying to create a new Azure Kubernetes Service (AKS) cluster from your local workstation. The AKS cluster must contain three nodes and ensure access to the worker nodes in order to troubleshoot the kubelet. You have authenticated to Azure from your local workstation with the Azure CLI. What command will you use to create an AKS cluster named AKS1 with the necessary components inside of the resource group named RG1?
A. az aks create -g RG1 -n AKS1 –generate-ssh-keys –node-count 3
B. az kubernetes create –name AKS1 –group RG1 –nodes 3 –generate-keys
C. az aks create –name AKS1 –resource-group RG1 –nodes 3 –ssh-key-value ~/.ssh/id_rsa.pub
D. az kubernetes create –name AKS1 –resource-group RG1 –nodes 3 –generate-keys
Question 21: VM1 is located in the West US region, and the OS disk is Premium SSD. The size of VM1 is currently Standard_D2s_v3, but you need to change the size to Standard_D2. You are able to select the size from the size blade, but you receive an error message. Why can’t you change the VM size?
A. You need to provide the username and password for the OS to upgrade
B. Standard_D2 does not support premium SSD disks
C. The size Standard_D2 is not available in the West US region
D. You did not shut down (deallocated) VM1 before you change the size
Question 22: You have an Azure Kubernetes Service (AKS) cluster named AKS1 within the resource group named RG1. You are trying run the command
kubectl get all from the Azure Cloud Shell (https://shell.azure.com) to view your cluster resources. You received the error
Error from server (BadRequest): the server rejected our request for an unknown reason. You’ve verified that the resources exist and the command is correct. What do you need to do in order to view your cluster resources from the Azure Cloud Shell?
A. Retrieve the access credentials using the command
az aks get-credentials --name AKS1 --resource-group RG1
B. Log into the cluster GUI from the Azure Portal
C. Install the kubectl tool
D. Access the Kubernetes Dashboard using the command
az aks browse --name AKS1 --resource-group RG1
Question 23: You have a subscription named Subscription1. You create a new Azure VM in your subscription named VM5 running Windows 2012 R2. You try to connect and login to VM5, but you get an error that says “We couldn’t connect to the remote PC. Make sure the PC is turned on and connected to the network, and that remote access is enabled.” You have verified that VM5 is running and has been assigned a public IP address. What change do you need to make in order to successfully connect and login to VM5?
A. Add a rule to the Network Security Group that will allow port 3389
B. Select Reset password from the VM blade
C. Use Network Watcher for detailed connection tracing
D. You need to access the VM from a computer that’s in the same subnet
Question 24: Subscription1 contains an Azure VM named VM1 with the following configuration:VM Size: Standard_D2s_v3
Public IP Address: 18.104.22.168
Resource Group: RG1
Availability Zone: None
Location: Japan East
Disk Type: Standard HDD
What are two things you can do to reduce data loss and achieve a 99.9% SLA?
A. Create a recovery services vault and enable replication for VM1
B. Move VM1 to a paired region
C. Place the VM in an availability zone
D. Change the disk type to Premium SSD
Question 25: You have created an application that is to be run on Linux containers named ContainerApp1. You’ve created an Azure container instance with an FQDN, but you notice that when the container restarts, all application data is lost. What is the best solution to preserve the data associated with your application?
A. Create a public blob storage container and share the URI with the application
B. Create a storage account and share the SAS with the application
C. Mount an Azure file share as a volume in Azure Container Instances
D. Run the container on a VM, and use the managed disk attached to the VM
Question 26: You’ve created a Dockerfile that contains the necessary steps to build an image that you plan to use for your application running as a Web App in App Services named APP1. You have created an Azure Container Registry, which is where you plan to store your images to be used for APP1. What should your next step be?
A. Run the
az acr build command
B. Create the App Service Plan
C. Run the
docker push command
D. Run the
docker login command
Question 27: You have an application that runs on instances in a Virtual Machine Scale Set. The number of instances in the VMSS is at three starting Monday. The minimum number of instances is one, and the maximum is 5 instances. There are two scaling rules for this VMSS:
|Rule1||CPU > 75%||+1 instance|
|Rule2||CPU < 25%||-1 instance|
Based on the rules above and the chart below, on Wednesday how many instances will there be in our VMSS?
|CPU%|Time(UTC)|Day |:—|:—:|:—:|—:| |75|12:01|Tuesday| |20|13:36|Tuesday| |85|12:10|Wednesday| |20|19:07|Thursday|
A. 2 instances
B. 3 instances
C. 4 instances
D. 5 instances
Question 28: Subscription1 contains an Azure VM named VM1. You have added a data disk to VM1, as well as a new network interface card. You need to create two more Azure VMs just like this one named VM2 and VM3. What is the most efficient way to create VM2 and VM3 that will minimize cost?
A. Backup the VM and recover to a different region
B. Redeploy VM1 with the new disk and NIC and deploy the template to VM2 and VM3
C. Select Export template from VM1 blade, then deploy VM2 and VM3 with that template
D. Create an image from VM1 and use the image to deploy VM2 and VM3
Question 29: You have an Azure subscription named Subscription1. You have created a web app named App1 in Subscription1 that is sourced from a git repository named Git1. You need to ensure that every commit to the master branch in Git1 triggers a deployment to a test version of the application before releasing it to production. What are two changes that you must make to App1 to fulfill this requirement?
A. Create a build server with the master branch of Git1 as the trigger
B. Configure custom domains for test and production versions of App1
C. Add a new deployment slot to App1 to release the test version of App1
D. Create a new web app and configure failover settings from test to production
Question 30: You plan to create an Azure Web App in the East US region. You need to ensure that this web app scales out with demand, to prevent downtime. You also need to ensure that the data that resides inside of the application will remain secure and never become exposed to anyone outside of the organization. Which App Service plan SKU will you chose that will meet these requirements and also save on cost?
Question 31: VM1 is located in the East US region. You have added a premium SSD data disk to VM1, but the IOPS are not satisfying the needs of your application, how can you change the speed of the disk?
A. Select the disk configuration and increase the size
B. Shut down (Deallocate) the VM
C. Export the disk and convert to VHD
D. Create a new disk and migrate the data
Question 32: The NoName Company has just deployed a number of Azure VMs into a specific subnet in an Azure virtual network. They have also implemented a network security plan which includes the use of Azure Firewall. From those newly deployed VMs, the company wants to deny access to the website https://www.microsoft.com. How can you achieve this using their current Azure resources?
A. A network rule
B. Create a route via Route Table to the firewall (as a virtual appliance hop)
C. Configure an application rule on the Azure Firewall that blocks FQDNS www.microsoft.com
D. An Application Gateway
E. A Subnet named
F. A VPN Gateway
Question 33: You need to create an Azure virtual machine named VM1 that requires a static private IP address configured inside the IP address space for the VNet in which the VM resides. How do you configure a static IP address for this Azure VM?
A. After the VM has been created, create a new network interface and configure a static IP address for that network interface
B. After the VM has been created, go to the network interface attached to the VM and change the IP configuration to static assignment
C. When creating a VM in the portal, select
New next to private ip address and choose static after assigning the correct IP address
D. When creating the VM in the portal, change the setting from dynamic to static on the networking tab under private IP address
Question 34: You have an Azure subscription named Subscription1. In Subscription1, you have a web server that has the IP address 10.1.0.83 and a database server that has the IP address 10.1.0.142. Instead of remembering the IP addresses of the servers, you’d like to connect to these servers using a DNS name. With no DNS server currently, and without having to create a new DNS server, how can you access your database server from your web server by the DNS name db.yourcompany.com?
A. Public DNS Zone
B. Promote Server to Domain Controller
C. Access the Domain Controller
D. Private DNS Zone
Question 35: You have an Azure subscription named Subscription1. In Subscription1 you have two VNets, one named VNet-Hub and one named VNet-Spoke. Within VNet-Hub, there is an Azure Firewall with a public IP address, configured as a Standard SKU. In VNet-Spoke, there is a Windows Server 2016 with no public IP address and no Network Security Group (NSG). Using which three items can you utilize the public IP address of the Azure firewall to connect to the Windows Server, without exposing the server to the public internet directly?
A. NAT Rule for the Firewall
B. Route Table
C. Virtual Network Gateway
D. Virtual Network Peering
E. ExpressRoute Gateway
Question 36: You have an on-premises environment as well as your Azure environment with a subscription named Subscription1. Subscription1 has a virtual network named VNET1 and you need to connect to the on-premises network securely using an ExpressRoute link and Site-to-site VPN. What Azure resources do you need in order to establish the connection while minimizing cost?
A. Azure VPN Gateway
B. Network virtual appliance
C. No resources needed, ExpressRoute is encrypted by default
D. A route table
Question 37: You have a Network Security Group (NSG) that is associated with a network interface that is attached to an Azure virtual machine named VM1 running Windows Server 2019. VM1 is in subnet named subnet1, in a virtual network named VNet1. A different NSG is attached to subnet1, but you notice that there is an inbound rule to allow port 3389. When you try to connect to VM1, you cannot connect. You reviewed the NSG and the source IP address and the protocol are correct. How can you connect to VM1 using best practices for NSGs in Azure?
A. The protocol on the NSG rule is set to UDP
B. The NSG attached to the network interface needs to be removed
C. The source IP address on the NSG rule is incorrect
D. You need to add an inbound rule for the NSG attached to the network interface
Question 38: You have an Azure subscription named Subscription1. In Subscription1 you have an Azure VM named VM1 with Windows Server 2019 as the operating system. VM1 does not have a public IP address assigned to it. VM1 is located in a virtual network named VNet1, in subnet1. Attached to subnet1 is a Network Security Group (NSG) that has port 3389 open inbound. On your local machine, you do not have an RDP client installed, but you need to login into the VM. Without assigning a public IP address to the VM, what three things in combination can we use to log into VM1?
A. HTML5 supported Web Browser
B. Azure VPN Gateway
C. A subnet named
D. A Gateway Subnet
E. Azure Bastion Host
F. Inbound security rule to open port 443
Question 40: You have a subscription named Subscription1. Subscription1 has one Azure virtual machine named VM1 which is an Ubuntu server. You can’t seem to login to the server via SSH. What tool should you use to verify if the problem is the network security group?
A. IP flow verify tool in Azure Network Watcher
B. Azure Monitor VM metrics
C. Azure Traffic Manager traffic view
D. Azure Virtual Network logs
Question 41: You have two Azure virtual machines named VM1 and VM2. VM1 is using the Red Hat Enterprise Linux 8.1 (LVM) operating system and is located in VNet1, within subnet1. VM2 is using the Windows Server 2019 operating system, and is located in VNet1, within subnet2. VNet1 has custom DNS configured, pointing to a DNS server with the IP address 22.214.171.124. VM2 has 10.0.1.15 configured as the DNS server on its network interface. Which DNS server will VM2 use for DNS queries?
B. 10.0.1.15 for primary, 126.96.36.199 as secondary
Question 42: You have created a new Azure virtual machine in a subnet named Subnet1 with an attached network interface card named NIC1. The NIC1, attached to Subnet1, has the following effective routes:
|Source||State||Address Prefix||Next Hop|
What will happen when the virtual machine tried to communicate with a VM on a different network?
A. Traffic will be sent successfully
B. Traffic will be forced out to the internet
C. Traffic will be forced internally
D. Traffic will be dropped and no connection will be established
Question 43: You have a standard load balancer that directs traffic from port 80 externally to three different virtual machines. You need to direct all incoming TCP traffic on port 5000 to port 22 internally for connecting to Linux VMs. What do you need in order to connect to the VM via SSH?
A. A public IP address for all three VMs
B. A Route Table with at least one rule
C. A Network Security Group (NSG)
D. A Network Address Translation (NAT) Rule
Question 44: You have a web application that serves video and images to those visiting the site. You start to notice that your web server is overloaded, and often crashes because the requests have consumed all of its resources. To combat this, you’ve added an additional web server and you plan to load balance these servers by serving images from the first server only and serving video from the second server only. Which Azure resource can you implement that will properly load balance (at OSI layer 7) with URL-based routing and secure with SSL at the lowest cost?
A. Azure Load Balancer
B. Azure Front Door
C. Azure Application Gateway
D. Web Application Firewall
Question 45: You manage a virtual network named VNet1 that is hosted in the West US region. Two virtual machines named VM1 and VM2, both running Windows Server, are on VNet1. You need to monitor traffic between VM1 and VM2 for a period of five hours. As a solution, you propose to create a connection monitor in Azure Network Watcher. Does this solution meet the goal?
Question 46: You have an Azure subscription named Subscription1. You would like to connect your on-premises environment to Subscription1. You have to meet three requirements from the business. The first requirement is that the connection from the on-premises office and Azure must be a private connection. No network traffic is allowed to go over the public internet. The second requirement is that all traffic from the on-premises office and Azure must happen at layer 3 (network layer). The third requirement is that this connection from on-premises to Azure must be redundant to minimize the opportunity for failure. What type of connection fulfills these three requirements?
A. ExpressRoute with premium add-on
C. Site-to-Site VPN
D. Virtual WAN
Question 47: You have an Azure subscription as well as an on-premises environment that is connected via ExpressRoute circuit. You have two additional branch offices that you need to connect to the network, as well as ten remote employees that change locations frequently but still need access to Azure resources. What is the solution that will provide the quickest setup at the lowest cost?
A. Site-to-Site VPN
B. Point-to-Site VPN
C. Virtual WAN
D. Hub-and-Spoke Network Topology
Question 48: You have a small number of servers running a microservice, and you want to make sure that all the servers have connectivity to each other. You also need to calculate network performance metrics like packet loss and link latency. Which two Azure resources do you need to meet this requirement?
A. Log Analytics Workspace
B. Network Performance Monitor
C. Azure Monitor
D. Azure Traffic Manager
Question 49: You have two virtual networks named VNet1 and VNet2. VNet1 is located in the West US region, whereas VNet2 is located in the East US region. You need to configure a virtual machine that’s located in VNet1 to also communicate with VMs in VNet2. From the choices available how can we enable communication between resources in VNet1 and VNet2
A. Migrate the VNet1 VM to VNet2 and leave the other VM components on VNet1
B. Migrate the network interface card (NIC), the network security group (NSG) and the VM disks to VNet2
C. Just the VM disks will need to be migrated to VNet2
D. Configure a VNet-to-VNet VPN gateway connection to allow communication between VNets in different regions
Question 50: You have two subscriptions, one named Subscription1 and the other named Subscription2. Both subscriptions are located within the same tenant. You have one Azure virtual machine located within Subscription1 and another Azure virtual machine within Subscription2 and you’d like to view CPU utilization metrics on both virtual machines. How can you achieve this while maintaining the minimum number of Azure resources and minimizing cost?
A. Create a Log Analytics Workspace for both VMs
B.Turn on VM Insights in Azure Monitor
C. Install the Log Analytics (OMS) Agent on the VMs
D. Enable guest-level monitoring on each VM
Question 51: You have created a new Azure virtual machine named VM1. You plan to use VM1 as a web server, which will require the VM to be accessible using HTTP/S (HTTP and HTTPS) protocol. A Network Security Group (NSG) is attached to the NIC of VM1 with the following rules:
Priority|Name|Port|Protocol|SRC|DEST|Action| |:—|:—:|:—:|:—:|:—:|:—:|—:| |300|Rule2|80|TCP|Any|Any|Deny| |400|Rule1|443|TCP|Any|Any|Deny| |500|Rule4|60-500|TCP|Any|Any|Allow| |600|Rule5|22|TCP|188.8.131.52/32|Any|Deny| |1000|Rule3|22|TCP|Any|Any|Allow|
What changes do you have to make to the NSG in order to meet the requirements for VM1?
A. Change the priority of Rule3 to 200
B. Change the action of Rule1 to Allow
C. Change the priority of Rule4 to 200
D. Change the port of Rule5 to 443
Question 52: You have an Azure virtual machine running Windows Server 2016. You need to collect OS level metrics on this virtual machine, including Windows event logs and performance counters. Which of the following items do you need in order to collect this metrics data?
A. Enable guest-level monitoring
B. Windows Diagnostics Extension
C. Log Analytics Agent
D. InfluxData Telegraf Agent
E. Storage Account for Diagnostic Data
Question 53: You have an Azure subscription with a virtual machine named VM1. You are using Recovery Services Vault (RSV) to backup VM1 with soft delete enabled. The backup policy is set to backup daily at 11 PM UTC, retain an instant recovery snapshot for 2 days, and retain the daily backup point for 14 days. After the initial backup of VM1, you are instructed to delete the vault and all of the backup data. What should you do?
A. Turn off soft delete in the vault security settings
B. Wait 14 days
C. Stop the backup of VM1 and delete backup data
D. Delete the backup policy
E. Delete Backup Jobs Workload
F. Wait 15 days
Question 54: You have a number of virtual machines and web applications running in your Azure environment. These Azure resources are critical for business operations, so you’ve locked the resources in order to prevent deletion. In addition, how can you alert on these actions in the portal, and notify your team via email and SMS when a user is trying to delete or create a new resource from within your Azure subscription?
A. Pin the activity log to your dashboard
B. Create a new alert rule
C. Query Administrative Events and Copy Link to Query
D. Create a new action group
Question 55: You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?
A. Client-side monitoring
B. Live Metrics Stream in Application Insights
C. Application Insights Search
D. Log analytics workspace
Question 56: You have an Azure subscription named Subscription1. In Subscription1 you have two Azure VMs named VM1 and VM2, both running Windows Server 2016. VM1 is backed up using Recovery Services Vault, with a backup policy of producing a daily backup and keeping that daily backup for seven days. Also, a snapshot is kept for 2 days. VM1 is compromised by a virus that infects the entire system, including the files. You need to restore the files from yesterday’s backup of VM1. Where can you restore the files to in the quickest manner?
A. A new Azure VM
B. Restore the VM1 snapshot
Question 57: You have a subscription named Subscription1. You would like to be alerted upon certain administrative events within Subscription1 to detect unauthorized access. Which of the following is the quickest method to setup these types of alerts?
A. Monitor > Alerts > New Alert Rule
B. Log Analytics Workspace > myWorkdspace > Advanced Settings
C. Policy > Assignments > Assign Policy
D. Subscriptions > mySubscription > Activity Log > New Alert
Microsoft Azure Administrator Certification Q&A:
What does az vmss deallocate do?
az vmss deallocate command will deallocate and remove the VMs within a VMSS. Azure Doc
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure resource tags to separate the bills department wise. Would this fulfill the requirement?
– Yes, you can use resource tags to organize your Azure resources and also apply billing techniques department wise. The Microsoft documentation mentions the following.
– Reference: Azure resource tags
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure rolebased access control to separate the bills department wise. Would this fulfill the requirement?
– No, This is used to control access to resources and can’t be used for billing purposes.
– Reference: Azure Role Based Access Control
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure policies to separate the bills department wise. Would this fulfill the requirement?
– No, Azure policies are used from a governance perspective and can’t be used to create bills department wise.
– Reference: Azure Gov policies
A company is planning to use the Azure Import/Export service to move data out of its Azure Storage account. Which of the following service could be used when defining the Azure Export job?
– Only the BLOB service is supported by the Export job feature. This is also given in the Microsoft documentation.
– Reference: Azure Blob Storage
Suppose you have an application running on a windows virtual machine in azure. what is the best-practice guidance on where the app should store data files?
– Dedicated data disks are generally considered the best place to store application data files. They can be larger than OS disks and you can optimize them for the cost and performance characteristics appropriate for your data.
Azure Breaking News – Azure Certifications Testimonials
- Anyone running Windows workloads on AKS?by /u/BigHandLittleSlap (Microsoft Azure) on September 25, 2022 at 1:48 am
There don't seem to be any real-world feedback or comments in any forum or blog post. Is anyone actually using Windows containers on Azure Kubernetes? If so... how did that go? submitted by /u/BigHandLittleSlap [link] [comments]
- Tools & Resources for using WSL 2 with Azureby /u/Khaotic_Kernel (Microsoft Azure) on September 24, 2022 at 10:00 pm
Table of Contents Getting Started with WSL Developer Resources Books Creating Backup & Restore Images in WSL 2 Linux Software Package Formats & Package Managers Systemd WSL Tools & Projects Setting up WSL 2 Linux Distributions Azure Development Kubernetes Installing Kubernetes on WSL with Docker Desktop Installing Kubernetes on WSL with Microk8s PowerShell Development submitted by /u/Khaotic_Kernel [link] [comments]
- MFA & 3rd Party App Adminby /u/restartallthethings (Microsoft Azure) on September 24, 2022 at 9:25 pm
Hey everyone, I'm the admin for an Azure tenant that uses a 3rd party CRM. I have recently been hardening security for Azure/Microsoft, as I rolled out the Conditional Access policies I found that the 3rd party vendor has an account with 2 admin roles in Azure. Obviously, I'm running this up the chain for clarity and how I should proceed before removing unnecessary admin access. Have y'all heard of CRMs requiring admin roles in Azure? submitted by /u/restartallthethings [link] [comments]
- How to Create a Windows GPU VM in Azureby /u/navulerao (Microsoft Azure) on September 24, 2022 at 7:22 pm
submitted by /u/navulerao [link] [comments]
- Enable MFA steps and best practicesby /u/ButterflyWide7220 (Microsoft Azure) on September 24, 2022 at 5:59 pm
Hello everyone, Glad to be here. We are in the mix of enabling MFA for privileged accounts and all our users. I am looking for gotchas and experiences. Here is our plan: 1.) Deploy the MS Authenticator app to our managed mobile devices (iOS and Android) via Intune 2.) Enable Numbers Matching for the Authenticator to improve security - we also want to use the NPS extension in order to have MFA for our VPN solution. Hopefully the numbers matching will not cause issues there. Not sure if we should disable SMS as a MFA option from the start since it is considered insecure. 3.) Inform our users that MFA will be enabled - maybe use the Azure MFA campaign?! 4.) Security defaults are off and User-based MFA will not be used. 5.) Enable MFA via Conditional Access using Conditional Access templates Grey area: -Not sure if we need to plan or adjust sign-in frequency policies or session lifetime. Maybe for non-managed devices or devices from a non-trusted location. Any key points that I forgot? Thanks guys and gals. Cheers, Mike submitted by /u/ButterflyWide7220 [link] [comments]
- Ignite 2022. Any free cert this time?by /u/ahmedranaa (Microsoft Azure Certifications) on September 24, 2022 at 4:37 pm
Microsoft Ignite is in 12-14 Oct 2022 Microsoft Ignite - Home Does any one know the list of free cert in it? if any submitted by /u/ahmedranaa [link] [comments]
- Turning off Site to Site VPN tunnelsby /u/aisboutit (Microsoft Azure) on September 24, 2022 at 4:11 pm
Is it possible to pause or turn off a Site-to-Site VPN tunnel in Azure? Assume you have two Azure VNET’s that use the same IP Address Ranges (e.g. a Prod and a DR VNET) and both are connected to an on-prem AD via separate Site-to-Site VPN tunnels. This would cause a problem if both tunnels were running at the same time because of overlapping IP Addresses, right? In this scenario, how could i toggle between tunnels, keeping one active and the other inactive depending on what Azure VNET I want talking to on-prem? submitted by /u/aisboutit [link] [comments]
- VPN NAT for VNET same address space?by /u/dudeindebt1990 (Microsoft Azure) on September 24, 2022 at 4:08 pm
I have 3 vnets in same address space 10.0.0.0/16 (dev, staging, prod) and need to have them able to talk to a SQL Server on-prem over a VPN tunnel. Should I put VPN Gateway in each VNET and use VPN NAT feature for this? submitted by /u/dudeindebt1990 [link] [comments]
- DP-203 Attemptby /u/teja1394 (Microsoft Azure Certifications) on September 24, 2022 at 3:50 pm
Exam scheduled: 24Sep, 2022 18:00PM IST No. of questions: 43 Time: 100 min Score: 648 - failed Out of 43 questions, there was one scenario given and based on that 5 questions were asked(These questions do not have option to review at last) In remaining 38, there are 5 questions based on scenario and few services were given and asked they're appropriate. Should choose b/w yes or no (These also don't have option to review) My questions are mostly from Synapse and related services, got questions from DataFactory, triggers, stream analytics, syntax questions from mySQL, spark. I felt exam was moderate level and more questions are based on scenarios. Resources I used: Udemy Course from Eshant Garg(Covered most topics in this course, but I feel not sufficient enough to clear exam) Whizlabs practice tests --> decent enough and covered the topics Reason I feel for not clearing: Did not go much through MS Learning paths. Previously I cleared AZ-900,DP-900 in first attempt where I completed learning paths. Will look at my detailed report of exam and will give another shot after preparation! submitted by /u/teja1394 [link] [comments]
- Azure Container Apps Helpby /u/katotoy (Microsoft Azure) on September 24, 2022 at 2:57 pm
Trying out the Container Apps Service of Azure and I followed a tutorial how to setup a basic front-end and back-end app in an environment, as follows: a. backend - python-fastapi (I've implemented CORS related config to enable it) b. frontend - old school html, using fetch to get and post POSTS (Ingress - External) Here is the problem, the whole thing works , if the backend is in ingress-external but once I changed it to ingress-internal (within environment only) accordingly I will change the api url in the frontend (with the internal), I'm getting CORS error. Any idea? submitted by /u/katotoy [link] [comments]
- veeAM Technologies. Register from link to win goodies and swagsby /u/Cloud_geeky (Microsoft Azure) on September 24, 2022 at 2:50 pm
submitted by /u/Cloud_geeky [link] [comments]
- Passed - Microsoft Certified: Azure Data Fundamentalsby /u/JaceFLL (Microsoft Azure) on September 24, 2022 at 2:39 pm
One down! submitted by /u/JaceFLL [link] [comments]
- Coursera or Microsoft training for DP-203 Data Engineeringby /u/DataNerdling (Microsoft Azure) on September 24, 2022 at 2:31 pm
I'm a long time SQL Developer with nearly 20 years experience. Classic SQL Server SSIS SSAS background. I'd like to refresh my skills and want to do the DP-203 cert. I've played with my own personal project in Azure SQL and ADF but would like a broader understanding of Azure and data. Two routes I've found, the Microsoft and Coursera. Any you recommend? Pricing isn't so much an issue. https://www.coursera.org/professional-certificates/microsoft-azure-dp-203-data-engineering or https://learn.microsoft.com/en-us/users/sandramarin/collections/8yxi3g0oenxqg?WT.mc_id=Azure_BoM-wwl thank you! submitted by /u/DataNerdling [link] [comments]
- Azure Managed Images and Shared VM Image Versionsby /u/whatsupwez (Microsoft Azure) on September 24, 2022 at 12:55 pm
I've got a question on the costs of Managed Images and Shared VM Image versions, and I've struggled to find the info online. If I create a shared VM Image Version, inside a Shared Compute Gallery from an existing Managed Image, I have the option to create this with "Shallow Replication". Microsoft says that Shallow Replicated images are much quicker to provision, as the images do not get copied (and so retain the existing limitations of Managed Images IE only 600 VM deployments). I'm making the assumption here that a Shallow replicated VM Image Version is just a pointer to the existing Managed Image. However, you can delete the existing Managed Image (and the new VM Image Version continues to work). So it could be that behind the scenes there is a lock on the image and metadata is just updated. My question is about costs though, if I create a Shared VM Image Version with Shallow Replication and I retain the Managed Image, am I just charged for the storage of this single image (that now has two pointers to it? Or would I be charged twice (like I would expect to if Fully replicated and so copied)? I'm just working out whether retaining the existing managed image would have a cost consideration in this scenario (there isn't good support for custom gallery images in Terraform at the moment). More info here: Share VM images in a compute gallery - Azure Virtual Machines | Microsoft Learn Terraform issue due to API limitations for custom gallery images: Support for Azure Compute Gallery when deploying Virtual Machines · Issue #15255 · hashicorp/terraform-provider-azurerm (github.com) Any thoughts? submitted by /u/whatsupwez [link] [comments]
- Which certification is better for career progression?by /u/iamindeedrobot (Microsoft Azure) on September 24, 2022 at 7:36 am
Hi, To start with, I am an experienced programmer, but am not experienced in Microsoft Azure except recently using it for hosting a web app. Fortunately, I have been offered to study and take a Microsoft Azure AI Fundamentals exam soon sponsored by my local IT service provider in my country. However, I am not sure if it is worth studying for the sake of having a certification alone just prove that I have the knowledge and ability to learn new technologies. As a result, I am contemplanting on changing of a course, which is Microsoft Azure Fundamentals. I think that taking it would be a lot more useful compared to studying a specific domain on Microsoft Azure for entry level. If you could choose for an entry level certification, would you choose the Fundamentals one or a specific domain area? Thank you. Your response is much appreciated. submitted by /u/iamindeedrobot [link] [comments]
- Question about AVD pricing and usability for single userby /u/No_Lie_6107 (Microsoft Azure) on September 24, 2022 at 4:03 am
Hi, Is it possible to use an azure virtual desktop and install quickbooks on it? Please forgive me for asking these stupid questions, I don't know anything. I was just looking at the pricing, and it's really only something I use like 1 hour a month, if that. It appears to me, that it COULD be significantly cheaper to do this than use a windows 365 cloud pc, if it is possible. Any input? Is what I'm saying possible? Are there any fees I'm not seeing? TLDR: Trying to get rid of a 12 year old PC I do my books on, because I like to keep it separate from my personal gaming computer, but I'm not trying to spend 31 dollars a month on windows 365 cloud pc to do so. I don't really need any help setting it up, I can waste hours stumbling through that process. I'm just curious if it's a good use case. Thanks! submitted by /u/No_Lie_6107 [link] [comments]
- Network Watcher - Connection Monitor - how to deal with NAT'd IP addresses?by /u/Augustiner_Fan (Microsoft Azure) on September 23, 2022 at 11:01 pm
Hello, I have a customer who wants me to set up a network watcher connection monitor. He has the agent installed on an on-premise machine which has a physical IP address of 10.10.x.x. However he is performing NAT along the way to the S2S tunnel, and from Azure we can only reach this machine via IP Address 192.168.x.x When I set up the test groups and select the agent on the on-premise machine, I do not get a drop-down for the 192.168.x.x IP, just for 10.10.x.x. How can I set this up? Thanks for the help! submitted by /u/Augustiner_Fan [link] [comments]
- Using SQL Server on Azure VMs with On Premise Client desktop applicationsby /u/ddutcherk2 (Microsoft Azure) on September 23, 2022 at 6:24 pm
Hey Everyone, I'm just curious if anyone has experience with connecting to SQL server on Azure VMs from Client Desktop Apps on prem. My company is looking to move to Azure but we're concerned about latency and packet loss. submitted by /u/ddutcherk2 [link] [comments]
- Dumb question, is there a way to have azure or visual studio email/notify all devs when somebody merges code from main to dev branch?by /u/greasypeasy (Microsoft Azure) on September 23, 2022 at 5:18 pm
I know you can see it, but I wondered if there is a way to email somebody this? submitted by /u/greasypeasy [link] [comments]
- Azure Sign-in Logs - how to EXCLUDE country from search criteriaby /u/JoustNinja (Microsoft Azure) on September 23, 2022 at 4:00 pm
I need to see Azure sign-ins from outside the US. I can add a filter on "Location" easy enough, but I can only INCLUDE criteria. I don't see a way to EXCLUDE a country. Am I missing something? Is there really no way to add a "NOT" filter? https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/SignIns I realize that Conditional Access would allow tighter control of this if we upgrade to a tier that includes this. submitted by /u/JoustNinja [link] [comments]
A Twitter List by enoumen
My favorite tool for creating blog content about tiny topics is the Jasper AI blog writer.
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 (Email us for more))
We know you like Sports and Geeky things, We do too, but you should build the skills that’ll drive your career into six figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive.
Download the Djamga App for ios or android or Microsoft for drop in soccer, basketball, volleyball, badminton, football, hockey, cricket games details and location in your city.
List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action