Exams > Microsoft > AZ-104: Microsoft Azure Administrator
AZ-104: Microsoft Azure Administrator
Page 3 out of 43 pages Questions 21-30 out of 424 questions
Question#21

You have two Azure subscriptions named Sub1 and Sub2.
An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1.
You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2. The solution must minimize administrative effort.
What should you do?

  • A. Select the custom role and add Sub1 and Sub2 to the assignable scopes. Remove RG1 from the assignable scopes.
  • B. Create a new custom role for Sub1. Create a new custom role for Sub2. Remove the role from RG1.
  • C. Create a new custom role for Sub1 and add Sub2 to the assignable scopes. Remove the role from RG1.
  • D. Select the custom role and add Sub1 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub2.
Discover Answer Hide Answer

Answer: A
Can be used as:
"AssignableScopes": [
"/subscriptions/{Sub1}",
"/subscriptions/{Sub2}",
Note: Custom role example:
The following shows what a custom role looks like as displayed using Azure PowerShell in JSON format. This custom role can be used for monitoring and restarting virtual machines.
{
"Name": "Virtual Machine Operator",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "Can monitor and restart virtual machines.",
"Actions": [
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Support/*"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/providers/Microsoft.Management/managementGroups/{groupId1}"
]
}
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

Question#22

You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Assign roles to User2 for storageacct1234.
  • B. Upload blob data to storageacct1234.
  • C. Modify the firewall of storageacct1234.
  • D. View blob data in storageacct1234.
  • E. View file shares in storageacct1234.
Discover Answer Hide Answer

Answer: AE

Question#23

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.

You need to view the error events from a table named Event.

Which query should you run in Workspace1?

  • A. select * from Event where EventType == "error"
  • B. Event | search "error"
  • C. Event | where EventType is "error"
  • D. Get-Event Event | where {$_.EventType == "error"}
Discover Answer Hide Answer

Answer: B

Question#24

You have an Azure App Services web app named App1.

You plan to deploy App1 by using Web Deploy.

You need to ensure that the developers of App1 can use their Azure AD credentials to deploy content to App1. The solution must use the principle of least privilege.

What should you do?

  • A. Assign the Owner role to the developers
  • B. Configure app-level credentials for FTPS
  • C. Assign the Website Contributor role to the developers
  • D. Configure user-level credentials for FTPS
Discover Answer Hide Answer

Answer: B

Question#25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: From Azure AD in the Azure portal, you use the Bulk invite users operation.

Does this meet the goal?

  • A. Yes
  • B. No
Discover Answer Hide Answer

Answer: B

Question#26

HOTSPOT
-

You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains the custom role-based access control (RBAC) roles shown in the following table.



From the Azure portal, you need to create two custom roles named Role3 and Role4. Role3 will be an Azure subscription role. Role4 will be an Azure AD role.

Which roles can you clone to create the new roles? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#27

DRAG DROP
-

You have an Azure subscription named Sub1 that contains two users named User1 and User2.

You need to assign role-based access control (RBAC) roles to User1 and User2. The users must be able to perform the following tasks in Sub1:

• User1 must view the data in any storage account.
• User2 must assign users the Contributor role for storage accounts.

The solution must use the principle of least privilege.

Which RBAC role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#28

You have an Azure subscription that contains 10 virtual machines, a key vault named Vault1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region.

The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.

You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort

What should you configure as the destination of the outbound security rule for NSG1?

  • A. an application security group
  • B. a service tag
  • C. an IP address range
Discover Answer Hide Answer

Answer: B

Question#29

You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.



Adatum.com contains the users shown in the following table.



You assign the Azure Active Directory Premium Plan 2 license to Group1 and User4.

Which users are assigned the Azure Active Directory Premium Plan 2 license?

  • A. User4 only
  • B. User1 and User4 only
  • C. User1, User2, and User4 only
  • D. User1, User2, User3, and User4
Discover Answer Hide Answer

Answer: B

Question#30

HOTSPOT
-

You have an Azure AD tenant named contoso.com.

You have two external partner organizations named fabrikam.com and litwareinc.com. Fabrikam.com is configured as a connected organization.

You create an access package as shown in the Access package exhibit. (Click the Access package tab.)



You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the Lifecycle tab.)



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

chevron rightPrevious Nextchevron right