La foret rouge
Published on

Microsoft Azure AZ-104 문제 풀이

Authors
  • avatar
    Name
    신주용

ExamTopics Q1-10

Question 1

Your company has serval departments. Each department has a number of virtual machines (VMs). The company has an Azure subscription that contains a resource group named RG1. All VMs are located in RG1.
You want to associate each VM with its respective department. What should you do?

  • A. Create Azure Management Groups for each department.
  • B. Create a resource group for each department.
  • C. Assign tags to the virtual machines.
  • D. Modify the settings of the virtual machines.
풀이 보기

선택: C. Assign tags to the virtual machines.
태그는 조직과 관련된 설정에 따라 리소스를 식별하는 데 도움이 되는 키-값 쌍. AZ-900 덤프에도 태그를 사용해 부서별 리소스를 구분하는 것과 관련한 문제가 많이 나왔음.
태그는 리소스, 리소스 그룹, 구독에 적용 가능하고 관리 그룹에는 적용 불가.
https://learn.microsoft.com/ko-kr/azure/azure-resource-manager/management/tag-resources

Question 2

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings. Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
multi-factor authentication 페이지가 아니라 Azure AD portal에서 Conditional Access Policy를 만들어야 된다고 함.

Question 3

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
문제에서 MFA나 AD-joined device를 요구하는 policy를 설정한다고 했으므로 session control이 아니라 grant control.
session control은 특정 클라우드 애플리케이션 내에서 제한된 환경을 사용하도록 설정 가능. 클라우드 앱으로 접속한 디바이스 정보를 전달하고 이를 사용해 사용자에게 제한된 환경이나 전체 환경을 제공.
grant control리소스에 대한 액세스를 허용하거나 차단할 수 있음. 여기에는 다단계 인증 필요, 인증 강도 필요, 준수 상태로 표시된 디바이스 필요, Entry 하이브리드 조인 디바이스 필요 등의 옵션이 포함됨.

Question 4

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: A. Yes
Q3과 동일.

Question 5

You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription. You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA). Which of the following should you use to create the virtual machine?

  • A. The New-AzureRmVm cmdlet.
  • B. The New-AzVM cmdlet.
  • C. The Create-AzVM cmdlet.
  • D. The az vm create command.
풀이 보기

선택: D. The az vm create command.
ExamTopics 사이트는 C라고 하는데 토론에서는 D가 99%.
A, B, C는 PowerShell 명령어이고 D는 bash 명령어. 이 중 A는 옛날 버전 명령어, C는 현재 버전 명령어이고 B는 없는 명령어이다. 그러므로 일단은 C 또는 D 중 하나.
PowerShell 명령어를 쓰면 기본적으로 윈도우 머신을 생성하는 것으로 보임. 우분투 머신을 생성할 수 없는건 아니지만 복잡하다고 설명되어 있음.
그래서 시험에 이 문제가 나온다면 D를 고를듯함.

Question 6

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model.
Solution: You reconfigure the existing usage model via the Azure portal.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
MFA 제공자가 생성된 후에는 사용 모델 변경 불가

Question 7

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model.
Solution: You reconfigure the existing usage model via the Azure CLI.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
Q6과 동일.

Question 8

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model.
Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
2018년 9월 1일 이후로 새 MFA 제공자 생성 불가

Question 9

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
AD의 유저 정보를 즉시 복제해야 되는데 Initial은 Full sync이고 시간이 많이 걸리니 immediately에 적합하지 않음.

Question 10

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
Solution: You use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
Q9와 유사 문제. AD Synchronization을 -PolicyType Delta로 사용.

ExamTopics Q11-20

Question 11

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
Solution: You restart the NetLogon service on a domain controller.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
서비스 재시작이 아니라 CLI로 Delta Sync 명령을 실행하면 됨.
Start-ADSyncSyncCycle -PolicyType Delta

Question 12

Your company has a Microsoft Azure subscription. The company has datacenters in Los Angeles and New York. You are configuring the two datacenters as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements.

  • Data must be stored on multiple nodes.
  • Data must be stored on nodes in seperate geographic locations.
  • Data can be read from the secondary location as well as from the primary location.

Which of the following Azure stored redundancy options should you recommend?

  • A. Geo-redundant storage
  • B. Read-only geo-redundant storage
  • C. Zone-redundant storage
  • D. Locally redundant storage
풀이 보기

선택: B. Read-only geo-redundant storage
ExamTopics에서 논의되는 답은 B라는데, 논란이 조금 있어보임.

  • GRS는 primary에 장애가 발생했을 때 secondary로 액세스하는 방식.
  • Read-only GRS라는건 없고 Read-access GRS가 있음.
  • 이런 문제는 수정돼서 나올듯함.

Question 13

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your comapany has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resouce Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross.
Solution: You access the Virtual Machine blade.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No
ARM template은 VM 블레이드가 아닌 Resource Group 블레이드의 배포 히스토리에서 확인 가능.

Question 14

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your comapany has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resouce Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross.
Solution: You access the Resource Group blade.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: A. Yes
Q13과 동일한 문제.

Question 15

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your comapany has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resouce Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross.
Solution: You access the Container blade.
Does the solution meet the goal?

  • A. Yes
  • B. No
풀이 보기

선택: B. No Q13과 동일한 문제.

Question 16

Your company has three virtual machines (VMs) that are included in an availability set. You try to resize one of the VMs, which returns an allocation failure message. It is imperative that the VM is resized. Which of the following actions should you take?

  • A. You should only stop one of the VMs.
  • B. You should stop two of the VMs.
  • C. You should stop all three VMs.
  • D. You should remove the necessary VM from the availability set.
풀이 보기

선택: C. You should stop all three VMs.
가용성 집합 내 VM 크기 조절 시 할당 실패 오류는 일반적인 문제. 주요 원인은 가용성 집합이 단일 클러스터에 할당되어 있고 해당 클러스터가 요청된 VM 크기를 수용하지 못하기 때문.
갑자기 클러스터가 나온 이유? 가용성 집합의 내부 동작 원리가 가용성 집합에 포함된 VM을 물리적인 하드웨어 클러스터에 배치하고 VM을 리사이즈할 때는 동일 클러스터에서 리소스를 조정하려 하기 때문. 그 클러스터에 리소스가 부족하면 할당 실패 오류가 발생.
그래서 가장 효과적인 해결 방법은 가용성 집합 내 모든 VM을 중지(할당 취소, deallocate)하고 다시 시작하는 것. 모든 VM을 중지하면 Azure가 충분한 용량을 가진 새 클러스터를 선택해 새로운 할당을 시도.
Microsoft Learn: Troubleshoot deployment issues with restarting or resizing an existing windows VM in Azure
Microsoft Learn: Change the size of a virtual machine

Question 17

You have an Azure virtual machine (VM) that has a single data disk. You have been tasked with attaching this data disk to another Azure VM. You need to make sure that your strategy allows for the virtual machines to be offline for the least amount of time possible. Which of the following is the action you should take FIRST?

  • A. Stop the VM that includes the data disk.
  • B. Stop the VM that the data disk must be attached to.
  • C. Detach the data disk.
  • D. Delete the VM that includes the data disk.
풀이 보기

선택: C. Detach the data disk.
ExamTopics에서는 C 80%, A 19%. 충분히 고민될만하다. 처음에는 보기 C에서 'Detach'의 의미가 'unmount'가 아니라 아예 VM에서 떼는걸 말하는 것 같기 때문에 그렇다면 VM 종료가 먼저 아닌가?라고 생각.
PowerShell로 Hot Remove가 가능하다고 함. 문제에서 말한 **'least amount of time possible'**이 이걸 의도한 것 같기도 하고. 그래서 시험에 이 문제가 나온다면 C를 선택할 듯.

Question 18

Your comapany has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) during Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintainance. Which of the following is the value that you should configure for the platformFaultDomainCount property?

  • A. 10
  • B. 30
  • C. Min Value
  • D. Max Value
풀이 보기

선택: D. Max Value
'fabric'이 직물이라는 뜻도 있지만 '(사회, 조직 등의) 구조 또는 (건물의) 기본 구조'라는 뜻이 있음. 여기에서는 시스템의 기본 구조인 인프라를 의미하는 듯.
그래서 해석하자면 'ARM 템플릿을 구성하여 인프라 실패나 유지보수 시 최대한 많은 VM이 계속 접근 가능하도록 하려면 platformFaultDomainCount 속성값을 어떻게 설정해야 하는가?'
선택 가능한 속성값은 1, 2, 3이 있고 기본값은 3. 그래서 D를 선택.
Microsoft Learn: Choosing the right number of fault domains for Virtual Machine Scale Set

Question 19

Your comapany has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) during Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintainance. Which of the following is the value that you should configure for the platformUpdateDomainCount property?

  • A. 10
  • B. 20
  • C. 30
  • D. 40
풀이 보기

선택: B. 20
Q18과 유사한데 이번에는 Fault Domain이 아니라 Update Domain에 대해 물음.
각 Availability Set은 최대 3개의 fault domain과 20개의 update domain으로 구성될 수 있음.