1 / 37

Uncover the Strength of AZ-104 Exam Dumps for Microsoft Certification Success

AZ-104 Exam Dumps - Dependable Preparation for Microsoft Azure Administrator Exam<br><br>Are you preparing for the AZ-104 exam and looking for effective study materials to ensure success? Look no further! The comprehensive AZ-104 Exam Dumps from MicrosoftDumps provide everything you need to excel in the Microsoft Azure Administrator exam.

Margret4
Download Presentation

Uncover the Strength of AZ-104 Exam Dumps for Microsoft Certification Success

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft AZ-104 MicrosoftAzureAdministrator QUESTION & ANSWERS Visit Now: https://www.microsoftdumps.us

  2. Topics Number of Questions 8 11 8 9 339 10 385 Topic 1 : Litware, inc. Topic 2 : Humongous Insurance Topic 3 : Contoso Ltd Topic 4 : Contoso Ltd (Consulting Company) Topic 5 : mix Ques Topic 6 : Datum Corporation New Case Study Total Topic 1 Case Study: Topic 1 Title : Litware, inc. Overview Litware, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named Litware.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named Litware.com. All domain controllers are configured as DNS servers and host the Litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private links. Litware has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table. Litware uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory. The Azure subscription contains the resources in the following table. The network security team implements several network security groups (NSGs). Planned Changes Litware plans to implement the following changes: Deploy Azure ExpressRoute to the Montreal office Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2. Technical requirements Litware must meet the following technical requirements: Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*. Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.

  3. Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com. Connect the New Your office to VNet1 over the Internet by using an encrypted connection. Create a workflow to send an email message when the settings of VM4 are modified. Create a custom Azure role named Role1 that is based on the Reader role. Minimize costs whenever possible. QUESTION: 1 Topic 1 Litware, inc. You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommended Option A : Azure AP B2C Option B : Azure AD Identity Protection Option C : an Azure logic app and the Microsoft Identity Management (MIM) client Option D : dynamic groups and conditional access policies Correct Answer: D Explanation/Reference: Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user's OU attribute will change when the admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate dynamic group on next AADC delta sync. https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamicmembership https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en- us/azure/active-directory/authentication/howto-mfa-userstates Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions Topic 2 Case Study: Topic 2 Title : Humongous Insurance Overview Existing Environment Huongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok. Each has 5000 users. Active Directory Environment Humongous Insurance has a single- domain Active Directory forest named humongousinsurance.com. The functional level of the forest is Windows Server 2012. You recently provisioned an Azure Active Directory (Azure AD) tenant. Network Infrastructure Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet. Each office has several link load balancers that provide access to the servers. Active Directory Issue Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD. Licensing Issue You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses. Requirements Planned Changes Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be

  4. hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure. Planned Azure AD Infrastructure The on-premises Active Directory domain will be synchronized to Azure AD. All client computers in the Paris office will be joined to an Azure AD domain. Planned Azure Networking Infrastructure You plan to create the following networking resources in a resource group named All_Resources: Default Azure system routes that will be the only routes used to route traffic A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2 A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4 You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings. You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network. Planned Azure Computer Infrastructure Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux. Department Requirements Humongous Insurance identifies the following requirements for the company's departments: Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups. During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week. Authentication Requirements Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure. QUESTION: 2 Topic 2 Humongous Insurance You need to prepare the environment to meet the authentication requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point. Option A : Azure Active Directory (AD) Identity Protection and an Azure policy Option B : a Recovery Services vault and a backup policy Option C : an Azure Key Vault and an access policy Option D : an Azure Storage account and an access policy Correct Answer: C Explanation/Reference: D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect. B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com Incorrect Answers: A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined. C: Azure AD connect does not port 8080. It uses port 443. E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS). Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure. Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD. Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnectsso-quick-start

  5. Topic 4 Case Study: Topic 4 Title : Contoso Ltd (Consulting Company) Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question. Overview General Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment Existing Environment Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table. Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table. User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

  6. No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table. Requirements Planned Changes Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table. Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table. Associate NSG2 to VNET1/Subnet2. Technical Requirements Contoso must meet the following technical

  7. requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. QUESTION: 3 Topic 4 Contoso Ltd (Consulting Company) HOTSPOT You implement the planned changes for NSG1 and NSG2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Option A : From VM1, you can establish a Remote Desktop session to VM2. Option B : From VM2, you can ping VM3. Option C : From VM2, you can establish a Remote Desktop session to VM3. Correct Answer: A,B Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions Topic 5 Case Study: Topic 5 Title : mix Ques QUESTION: 4 Topic 5 Mix Ques You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1. You need to prevent VM1 from accessing VM2 on port 3389. What should you do? Option A : Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1 Option B : Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1. Option C : Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1.

  8. Option D : Configure Azure Bastion in VNet1. Correct Answer: A Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 5 Topic 5 Mix Ques You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic. Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. Option A : a Data Collection Rule (OCR) in Azure Monitor Option B : a Log Analytics workspace Option C : an Azure Monitor workbook Option D : a storage account Option E : a Microsoft Sentinel workspace Correct Answer: B,D Explanation/Reference: To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud. Reference: Traffic analytics - Azure Network Watcher | Microsoft Learn Traffic analytics FAQ - Azure Network Watcher | Microsoft Learn QUESTION: 6 Topic 5 Mix Ques HOTSPOT You have an Azure subscription that contains the storage accounts shown in the following exhibit.

  9. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Answer :

  10. Explanation/Reference: Box 1: contoso104 only Premium file shares are hosted in a special purpose storage account kind, called a FileStorage account. Box 2: contoso101, contoso102, and contos103 only Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage- how-to-create-premiumfileshare? tabs=azure-portal https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob- storage-tiers Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 7 Topic 5 Mix Ques HOTSPOT You have an Azure subscription that contains the vaults shown in the following table. You create a storage account that contains the resources shown in the following table. To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer are a. NOTE: Each correct answer is worth one point. Answer :

  11. QUESTION: 8 Topic 5 Mix Ques HOTSPOT You have an Azure subscription that contains the virtual networks shown in the following table. Each virtual network has 50 connected virtual machines. You need to implement Azure Bastion. The solution must meet the following requirements: Support host scaling. Support uploading and downloading files. Support the virtual machines on both VNet1 and VNet2. Minimize the number of addresses on the Azure Bastion subnet. How should you configure Azure Bastion? To answer, select the options in the answer area. Answer :

  12. QUESTION: 9 Topic 5 Mix Ques You have an Azure subscription that contains the resources in the following table. To which subnets can you apply NSG1? Option A : the subnets on VNet1 only Option B : the subnets on VNet2 only Option C : the subnets on VNet3 only Option D : the subnets on VNet2 and VNet3 only Option E : the subnets on VNet1 VNet2, and VNet3 Correct Answer: C QUESTION: 10 Topic 5 Mix Ques HOTSPOT You have an Azure subscription linked to a hybrid Microsoft Entra tenant. The tenant contains the users shown in the following table. You create the Azure Files shares shown in the following table.

  13. You configure identity-based access for contoso2024 as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Option A : User1 can access the content in share1. Option B : User2 can access the content in share2. Option C : User2 can access the content in share3. Correct Answer: B Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 11 Topic 5 Mix Ques You have an Azur« subscription that contains a virtual machine named VM1 and an Azure key vault named

  14. KV1. You need to configure encryption for VM1. The solution must meet the following requirements: Store and use the encryption key in KV1. Maintain encryption if VM1 is downloaded from Azure. Encrypt both the operating system disk and the data disks. Which encryption method should you use? Option A : encryption at host Option B : customer-managed keys Option C : Azure Disk Encryption Option D : Confidential disk encryption Correct Answer: C Explanation/Reference: Azure Disk Encryption is a service that helps you encrypt your Windows and Linux IaaS virtual machine disks1. It uses BitLocker for Windows and DM-Crypt for Linux to provide volume encryption for the OS and data disks2. Azure Disk Encryption requires that you use a key encryption key in Azure Key Vault to encrypt the volume encryption key, which is then stored on the disk. You can use either a service-managed key or a customer-managed key in Azure Key Vault3. Azure Disk Encryption also supports encrypting virtual machine disks that are downloaded from Azure4. QUESTION: 12 Topic 5 Mix Ques You have the Azure virtual machines shown in the following table. VNET1 is linked to a private DNS zone and named contoso.com that contains the records shown in the following table. You need to ping VM2 from VM1. Which DNS names can you use to ping VM2. Option A : comp2 contoso.com only Option B : com1.contoso.com and comp2.contoso.com only Option C : comp2.contoso.com and comp4.contoso.com only Option D : comp1.contoso.com, comp2.contoso.com and comp4.contoso.con only Option E : comp1.contoso.com comp2contoso.com.comp3.contoso.com and comp4.contoso.com Correct Answer: E

  15. QUESTION: 13 Topic 5 Mix Ques You have an Azure virtual network named VNetl that contains the following settings: • IPv4 address space: 172.16.10.0/24 • Subnet name: Subnetl • Subnet address range: 172.16.10.0/25 What is the maximum number of virtual machines that can connect to Subnetl? Option A : 24 Option B : 25 Option C : 123 Option D : 128 Option E : 251 Correct Answer: C QUESTION: 14 Topic 5 Mix Ques HOTSPOT Your company purchases a new Azure subscription. You create a file named Deploy json as shown in the following exhibit

  16. You connect to the subscription and run the following cmdlet: New-AzDeployment -Location westus - TemplateFile œdeploy.json " For each of the following statements, select Yes if the statement is true. Otherwise, select No Option A : You can deploy a virtual machine to RG1. Option B : You can deploy a virtual machine to RGZ Option C : You can manually create a resource group named RG3. Correct Answer: C Explanation/Reference: Based on the file named Deploy.json and the cmdlet you ran, here are the answers to your statements: You can deploy a virtual machine to RGI. = No You can deploy a virtual machine to RG2. = No You can manually create a resource group named RG3. = Yes Let me explain why: The Deploy.json file defines a template for creating a resource group and a virtual machine in Azure. The template has two parameters: resourceGroupName and vmName. The template also has two resources: one for the resource group and one for the virtual machine. The resource group resource has a property called name, which is set to the value of the resourceGroupName parameter. The virtual machine resource has a property called location, which is set to the value of the location parameter of the deployment cmdlet. The cmdlet you ran specifies the location as westus and the template file as Deploy.json. However, it does not specify any values for the resourceGroupName and vmName parameters. Therefore, the cmdlet will prompt you to enter those values interactively before creating the deployment. If you enter RGI as the value for the resourceGroupName parameter and VM1 as the value for the vmName parameter, then the cmdlet will create a resource group named RGI and a virtual machine named VM1 in the westus location. Therefore, you can deploy a virtual machine to RGI. However, if you enter RG2 as the value for the resourceGroupName parameter, then the cmdlet will fail with an error. This is because RG2 already exists in your subscription and you cannot create a resource group with the same name as an existing one. Therefore, you cannot deploy a virtual machine to RG2 using this template and cmdlet. You can manually create a resource group named RG3 by using another cmdlet: New- AzResourceGroup. This cmdlet takes two parameters: Name and Location. For example, you can run the following cmdlet to create a resource group named RG3 in westus: New- AzResourceGroup -Name RG3 -Location westus QUESTION: 15 Topic 5 Mix Ques HOTSPOT You have an Azure subscription that contains the storage accounts shown in the following table. You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier. What should you identify for each requirement? To answer,

  17. select the appropriate options in the answer are a. NOTE: Each correct answer is worth one point. Answer : Explanation/Reference: 1) storage1, storage2, storage3 "Lifecycle management policies are supported for block blobs and append blobs in general- purpose v2, premium block blob, and Blob Storage accounts." https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle- management-overview 2) storage2 "The archive tier isn't supported for ZRS, GZRS, or RA-GZRS accounts." https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview#archive-access-tier Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 16 Topic 5 Mix Ques HOTSPOT You have an Azure subscription that contains the Azure virtual machines shown in the following table. You configure the network interfaces of the virtual machines to use the settings shown in the following table From the settings of VNET1, you configure the DNS servers shown in the following exhibit.

  18. . The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10. For each of the following statements, select Yes if the statement is true. Otherwise, select No. Option A : VMI connects to 193.77.134.10 for DNS queries. Option B : VM2 connects to 193.77.134.10 for DNS queries. Option C : VM3 connects to 192.168.10.15 for DNS queries. Correct Answer: A,C Explanation/Reference: Box 1: Yes You can specify DNS server IP addresses in the VNet settings. The setting is applied as the default DNS server(s) for all VMs in the VNet. Box 2: No You can set DNS servers per VM or cloud service to override the default network settings. Box 3: Yes You can set DNS servers per VM or cloud service to override the default network settings. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#name-resolution-dns QUESTION: 17 Topic 5 Mix Ques HOTSPOT You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You install and configure a web server and a DNS server on VM1. VM1 has the effective network security rules shown in the following exhibit.

  19. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. Answer : Explanation/Reference: A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed. https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview QUESTION: 18 Topic 5 Mix Ques

  20. You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster autoscaler for AKS1. Which two tools should you use? Each correct answer presents a complete solution, NOTE: Each correct selection is worth one point Option A : the set-AzAKs cmdlet Option B : the Azure portal Option C : The az aks command Option D : the kubect1 command Option E : the set Azure cmdlet Correct Answer: B,C Explanation/Reference: AKS clusters can scale in one of two ways: - The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes. - The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand. Reference: https://docs.microsoft.com/enus/ azure/aks/cluster- autoscaler QUESTION: 19 Topic 5 Mix Ques HOTSPOT You have an Azure subscription You plan to deploy a new storage account You need to configure encryption for the account The solution must meet the following requirements Use a customer-managed key stored in an key vault Use the maximum supported bit length. Which type of key and which bit length should you use?

  21. Answer : Explanation/Reference: RSA 4096 Key: RSA length: 4096 https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keysoverview# key-vault-requirements QUESTION: 20 Topic 5 Mix Ques You have an Azure Storage account named storage1. You need to enable a user named User1 to list and regenerate storage account keys for storage1. Solution: You assign the Storage Account Key Operator Service Role to User1. Does this meet the goal? Option A : Yes Option B : No Correct Answer: A Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 21 Topic 5 Mix Ques You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? Option A : A Microsoft intune device configuration profile Option B : Microsoft entra Application proxy Option C : Azure Custom Script Extension Option D : Department Center in Azure App service Correct Answer: C

  22. Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview https://docs.microsoft.com/en- us/azure/virtual-machine-scale-sets/tutorial-install-apps-template https://docs.microsoft.com/en- us/samples/mspnp/samples/azure-well-architected-frameworksamplestate-configuration https://docs.microsoft.com/en- us/azure/architecture/framework/devops/automation-configuration QUESTION: 22 Topic 5 Mix Ques You have an Azure subscription that contains the storage accounts shown in the following table. You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support. What should you identify? Option A : Storage1 Option B : Storage2 Option C : Storage3 Option D : Storage4 Correct Answer: B Explanation/Reference: https://learn.microsoft.com/en-us/azure/storage/common/redundancy-migration?tabs=portal QUESTION: 23 Topic 5 Mix Ques

  23. HOTSPOT You have an Azure subscription that contains a storage account named storage 1. The storage1 account contains a container named container1. You need to create a lifecycle management rule for storage1 that will automatically move the blobs in contained to the lowest-cost tier after 90 days. How should you complete the rule? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point. Answer :

  24. QUESTION: 24 Topic 5 Mix Ques HOTSPOT You need to generate a shared access signature (SAS). The solution must meet the following requirements: Ensure that the SAS can only be used to enumerate and download blobs stored in container1. Use the principle of least privilege, Which three settings should you enable? To answer, select the appropriate settings in the answer are a. NOTE: Each correct selection is worth one point. Answer :

  25. Explanation/Reference: To generate a shared access signature (SAS) that meets the requirements, you should enable the following three settings: Service: Blob Allowed resource types: Container Allowed permissions: Read and List These settings will ensure that the SAS can only be used to enumerate and download blobs stored in container1, and not to perform any other operations on the storage account or the blobs. This follows the principle of least privilege, which means granting the minimum permissions necessary for a task. You can use the Azure portal or Azure Storage Explorer to create a SAS token with these settings. For more information, see Create shared access signature (SAS) tokens for storage containers and blobs - Azure AI services | Microsoft Learn. QUESTION: 25 Topic 5 Mix Ques You have an Azure subscription that contains eight virtual machines and the resources shown in the following table. You need to configure access for VNEI1. The solution must meet the following requirements: The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone. The virtual machines connected to VNETl must be able to access storage1. Storage2, and Microsoft Entra ID by using the Microsoft backbone. What is the minimum number of service endpoints you should add to VNET1? Option A : 1 Option B : 2 Option C : 3 Option D : 5 Correct Answer: C

  26. QUESTION: 26 Topic 5 Mix Ques You have an Azure subscription that contains a storage account named storage 1. You need to allow access to storage1 from selected networks and your home office. The solution must minimize administrative effort. What should you do first for storage1? Option A : Add a private endpoint. Option B : Modify the Public network access settings. Option C : Select Internet routing Option D : Modify the Access Control (1AM) settings. Correct Answer: B Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 27 Topic 5 Mix Ques Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network in and Network Out. Does this meet the goal? Option A : Yes Option B : No Correct Answer: B QUESTION: 28 Topic 5 Mix Ques You have the Azure virtual machines shown in the following table A DNS service is installed on VM1. You configure the DNS servers settings for each virtual network as shown in the following exhibit

  27. You need to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM 1. What should you do? Option A : Add service endpoints on VNET2 and VNET3. Option B : Add service endpoints on VNET1. Option C : Configure a conditional forwarder on VM1 Option D : Configure peering between VNET1, VNET2, and VNET3. Correct Answer: D QUESTION: 29 Topic 5 Mix Ques HOTSPOT You have an Azure Active Directory tenant named Contoso.com that includes following users: Contoso.com includes following Windows 10 devices: You create following security groups in Contoso.com: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Option A : User1 can add Device2 to Group1 Option B : User2 can add Device1 to Group1 Option C : User2 can add Device2 to Group2

  28. Correct Answer: A,C Explanation/Reference: Box 1: Yes User1 is a Cloud Device Administrator. Device2 is Azure AD joined. Group1 has the assigned to join type. User1 is the owner of Group1. Note: Assigned groups - Manually add users or devices into a static group. Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD Box 2: No User2 is a User Administrator. Device1 is Azure AD registered. Group1 has the assigned join type, and the owner is User1. Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential. Box 3: Yes User2 is a User Administrator. Device2 is Azure AD joined. Group2 has the Dynamic Device join type, and the owner is User2. Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/overview Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 30 Topic 5 Mix Ques DRAG DROP You have an Azure subscription that contains the resources shown in the following table. You need to load balance HTTPS connections to vm1 and vm2 by using Ib1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order Correct Answers Answers Remove nsg1. Create an availability set. > < Remove the public IP addresses from vm1 and vm2. Create a health probe and backend pool on lb1. Create a load balancing rule on Ib1.

  29. Answers Correct Answers Remove the public IP addresses from vm1 and vm2. Remove nsg1. > < Create an availability set. Create a health probe and backend pool on lb1. Create a load balancing rule on Ib1. Correct Answer: Explanation/Reference: https://learn.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-publicportal QUESTION: 31 Topic 5 Mix Ques You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You configure a custom policy definition, and then you assign the Azure policy to the subscription. Does this meet the goal? Option A : Yes Option B : No Correct Answer: A QUESTION: 32 Topic 5 Mix Ques HOTSPOT You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

  30. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Answer : Explanation/Reference: https://learn.microsoft.com/en-us/azure/virtual-network/manage-virtual-network#add-or-removeanaddress-range

  31. QUESTION: 33 Topic 5 Mix Ques HOTSPOT You have an Azure subscription that contains the storage account shown in the following exhibit Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Answer :

  32. QUESTION: 34 Topic 5 Mix Ques HOTSPOT You have Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following resource groups: RG1 includes a web app named App1 in the West Europe location. Subscription2 contains the following resource groups: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point Option A : App1 can be moved to RG2 Option B : App1 can be moved to RG3 Option C : App1 can be moved to RG4 Correct Answer: B,C Explanation/Reference: App1 present in RG1 and in RG1 there is no lock available. So you can move App1 to other resource groups, RG2, RG3, RG4. Note: App Service resources can only be moved from the resource group in which they were originally created. If an App Service resource is no longer in its original resource group, move it back to its original resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/movelimitations/ app-service-move-limitations Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 35 Topic 5 Mix Ques HOTSPOT You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2. You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup. What should you create first and what should you use to exclude Fokier2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

  33. Answer : Explanation/Reference: https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal#create-a-custombackup In Storage account, select an existing storage account (in the same subscription) or select Create new. Do the same with Container. https://learn.microsoft.com/en-us/azure/app-service/managebackup? tabs=portal#configure-partial-backups Partial backups are supported for custom backups (not for automatic backups). Sometimes you don't want to back up everything on your app. To exclude folders and files from being stored in your future backups, create a _backup.filter file in the %HOME%\site\wwwroot folder of your app. Specify the list of files and folders you want to exclude in this file. QUESTION: 36 Topic 5 Mix Ques You need to create an Azure Storage account named storage1. The solution must meet the following requirements: Support Azure Data Lake Storage. Minimize costs for infrequently accessed data. Automatically replicate data to a secondary Azure region. Which three options should you configure for storage1? Each correct answer presents part of the solution. NOTE: Each correct answer is worth one point. Option A : the Cool access tier Option B : the Hot access tier Option C : hierarchical namespace Option D : zone-redundant storage (ZRS)

  34. Option E : geo-redundant storage (GRS) Correct Answer: A,C,E Explanation/Reference: To create an Azure Storage account that supports Azure Data Lake Storage, you need to enable the hierarchical namespace option. This option allows you to organize and manipulate files and folders efficiently in a data lake. It also enables compatibility with the Hadoop Distributed File System (HDFS) API, which is widely used for big data analytics. For more information, see Azure Data Lake Storage Gen2 Introduction. To minimize costs for infrequently accessed data, you can choose the Cool access tier for your storage account. This tier offers lower storage costs than the Hot access tier, but higher access and transaction costs. The Cool access tier is suitable for data that is infrequently accessed or modified, such as short-term backup, disaster recovery, or archival data. Data in the Cool access tier should be stored for at least 30 days. For more information, see Access tiers for blob data. To automatically replicate data to a secondary Azure region, you can choose the geo-redundant storage (GRS) option for your storage account. This option replicates your data synchronously three times within the primary region, and then asynchronously to the secondary region. GRS provides the highest level of durability and availability for your data, and protects against regional outages or disasters. For more information, see Data redundancy Topic 6 Case Study: Topic 6 Title : Datum Corporation New Case Study Overview A. Datum Corporation is a consulting firm that has a main office in Montreal and branch offices in Seattle and New York. Azure Environment A. Datum has an Azure subscription that contains three resource groups named RG1. RG2, and RG3. The subscription contains the storage accounts shown in the following table. The subscription .contains the virtual machines shown in the following table.

  35. The subscription has an Azure container registry that contains the images shown in the following table. The subscription contains the resources shown in the following table. The subscription contains an Azure key vault named Vaultl. Vault! contains the certificates shown in the following table.

  36. Vaultl contains the keys shown in the following table. Microsoft Entra Environment A. Datum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table. The lenant contains the groups shown in the following table. The adatum.com tenant has a custom security attribute named Attribute1. Planned Changes A. Datum plans to implement the following changes: • Configure a data collection rule {DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4. • In storage1, create a new container named cont2 that has the following access policies: o Three stored access policies named Stored 1, Stored2, and Stored3 o A legal hold for immutable blob storage • Whenever possible, use directories to organize storage account content. •Grant User1 the permissions required to link Zone1 to VNet1. • Assign Attribute1 to supported adatum.com resources. • In storage2, create an encryption scope named Scope"1. • Deploy new containers by using Image1 or Image2. Technical Requirements A. Datum must meet the following technical requirements: • UseTLSforWebApp1. • Follow the principle of least privilege. • Grant permissions at the required scope only. • Ensure that Scope1 is used to encrypt storage services. • Use Azure Backup to back up cont1 and share1 as frequently as possible. • Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines. QUESTION: 37 Topic 6 Datum Corporation New Case Study You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1. What can you configure during the deployment of VM2? Option A : virtual machine size Option B : operating system Option C : administrator username Option D : resource group Correct Answer: D

  37. Explanation/Reference: Resource Group is the correct answer: Admin user, password, vm size and os are the part of ARM templates. But resource group is not hence needs to be mentioned while deployment! Refer below sample ARM template for reference in which all above attributes passed in parameter. https://github.com/Azure/azure-quickstart-templates/blob/master-vm-simplewindows/ azuredeploy.json Download All Questions: https://www.microsoftdumps.us/AZ-104-exam-questions QUESTION: 38 Topic 6 Datum Corporation New Case Study HOTSPOT You need to implement the planned changes for the new containers. Which Azure services can you use for each image? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer :

More Related