Forge ahead in your academic sojourn, anchored by the robust foundation provided by the AZ-104 dumps. Meticulously crafted to echo the vast expanse of the curriculum, the AZ-104 dumps radiate a plethora of practice questions, nurturing an in-depth understanding. Whether the clear directives of PDFs allure or the rich tapestry of the VCE format mesmerizes, the AZ-104 dumps promise a stellar experience. An elaborate study guide, emblematic of the AZ-104 dumps, delineates core themes, ensuring unwavering clarity. With profound conviction in the prowess of our offerings, we unwaveringly champion our 100% Pass Guarantee.

Dive into the AZ-104 exam confidently with our state-of-the-art AZ-104 VCE and PDF materials

Question 1:

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the Overview blade, you move the virtual machine to a different resource group.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

You would need to redeploy the VM.

Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Question 2:

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

You need to create new user accounts in external.contoso.onmicrosoft.com.

Solution: You instruct User2 to create the user accounts.

Does that meet the goal?

A. Yes

B. No

Correct Answer: A

Only a global administrator can add users to this tenant.

References:

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

Question 3:

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

You should use a policy definition.

Reference:

https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

Question 4:

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines VM1 and VM2. VM1 and VM2 run Windows Server 2016.

VM1 is backed up daily by Azure Backup without using the Azure Backup agent.

VM1 is affected by ransomware that encrypts data.

You need to restore the latest backup of VM1.

To which location can you restore the backup? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1 : VM1 and VM2 only When recovering files, you can\’t restore files to a previous or future operating system version.You can restore files from a VM to the same server operating system, or to the compatible client operating system. Therefore “VM1 and VM2 only” is the best answer since both run on Windows Server 2016. “A new Azure virtual machine only” ,this will also work but why to create unnecessary new VM in Azure if existing VM will do the task. So this option is incorrect.

Box 2 : VM1 or A new Azure virtual machine only When restoring a VM, you can\’t use the replace existing VM option for encrypted VMs. This option is only supported for unencrypted managed disks. And also You can restore files from a VM to the same server operating system, or to the compatible client operating system only. Hence “VM1 or A new Azure virtual machine only” is correct answer.

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm#system- requirements

Question 5:

You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users. What should you do?

A. Create a sign-in risk policy in Azure AD Identity Protection

B. Enable Azure AD Privileged Identity Management.

C. Create and configure the Identity Hub.

D. Configure a security policy in Azure Security Center.

Correct Answer: A

Identity Protection analyzes signals from each sign-in, both real-time and offline, and calculates a risk score based on the probability that the sign-in wasn\’t performed by the user. Administrators can make a decision based on this risk score signal to enforce organizational requirements. Administrators can choose to block access, allow access, or allow access but require multi-factor authentication. If risk is detected, users can perform multi-factor authentication to self-remediate and close the risky sign-in event to prevent unnecessary noise for administrators. With Azure Active Directory Identity Protection, you can:

1.

require users to register for multi-factor authentication

2.

handle risky sign-ins and compromised users

References: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

Question 6:

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.

You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit. (Click the Password Reset tab.)

You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.: For each of the following statements, select Yes if the statement is true. Otherwise, select

No.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Question 7:

You have an Azure subscription.

You enable multi-factor authentication for all users.

Some users report that the email applications on their mobile device cannot connect to their Microsoft

Exchange Online mailbox.

The users can access Exchange Online by using a web browser and from Microsoft Outlook 2016 on their computer.

You need to ensure that the users can use the email applications on their mobile device.

What should you instruct the users to do?

A. Create an app password

B. Reset the Azure Active Directory (Azure AD) password

C. Enable self-service password reset

D. Reinstall the Microsoft Authenticator app

Correct Answer: A

If you\’re enabled for multi-factor authentication, make sure that you have set up app passwords. Note: During your initial two-factor verification registration process, you\’re provided with a single app password. If you require more than one,

you\’ll have to create them yourself.

Go to the Additional security verification page.

References:

https://docs.microsoft.com/en-us/office365/troubleshoot/sign-in/sign-in-to-office-365-azure-intune https://docs.microsoft.com/sv-se/azure/active-directory/user-help/multi-factor-authentication-end- user-app-passwords

Question 8:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Dev, you assign the Logic App Contributor role to the Developers group.

Does this meet the goal?

A. Yes

B. No

Correct Answer: A

The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.

References:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

Question 9:

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

Subscription1 contains the virtual machines in the following table:

The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table.

For each of the following statements, select Yest if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Statement 1: Yes

Vnet1 and Vnet3 are peers.

Statement 2: No

Statement 3: No

Peering connections are non-transitive.

References:

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid- networking/hub-spoke

Question 10:

DRAG DROP

You have an Azure subscription that contains the following resources:

1.

a virtual network named VNet1

2.

a replication policy named ReplPolicy1

3.

a Recovery Services vault named Vault1

4.

an Azure Storage account named Storage1

You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server You need to migrate VM1 to VNet1 by using Azure Site Recovery.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

Correct Answer:

Step 1: Deploy an EC2 virtual machine as a configuration server Prepare source include:

Use an EC2 instance that\’s running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.

Configure the proxy on the EC2 instance VM you\’re using as the configuration server so that it can access the service URLs.

Step 2: Install Azure Site Recovery Unified Setup.

Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you\’re using as the configuration server.

Step 3: Enable replication for VM1.

Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.

References:

https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure

Question 11:

You have an Azure subscription.

You plan to deploy an Azure Kubernetes Service (AKS) cluster to support an app named App1. On- premises clients connect to App1 by using the IP address of the pod.

For the AKS cluster, you need to choose a network type that will support App1.

What should you choose?

A. kubenet

B. Azure Container Networking Interface (CNI)

C. Hybrid Connection endpoints

D. Azure Private Link

Correct Answer: B

With Azure CNI, every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be unique across your network space. Incorrect Answers:

A: The kubenet networking option is the default configuration for AKS cluster creation. With kubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address space to the Azure virtual network subnet of the nodes. Network address translation (NAT) is then configured so that the pods can reach resources on the Azure virtual network.

C, D: AKS only supports Kubenet networking and Azure Container Networking Interface (CNI) networking

Reference: https://docs.microsoft.com/en-us/azure/aks/concepts-network

Question 12:

You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.

Adatum.com contains the users shown in the following table.

You assign the Azure Active Directory Premium Plan 2 license to Group1 and User4. Which users are assigned the Azure Active Directory Premium Plan 2 license?

A. User4 only

B. User1 and User4 only

C. User1, User2, and User4 only

D. User1, User2, User3, and User4

Correct Answer: B

Question 13:

Your company has three virtual machines (VMs) that are included in an availability set.

You try to resize one of the VMs, which returns an allocation failure message.

It is imperative that the VM is resized.

Which of the following actions should you take?

A. You should only stop one of the VMs.

B. You should stop two of the VMs.

C. You should stop all three VMs.

D. You should remove the necessary VM from the availability set.

Correct Answer: C

If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set. The reason all VMs in the availability set must be stopped before performing the resize operation to a size that requires different hardware is that all running VMs in the availability set must be using the same physical hardware cluster. Therefore, if a change of physical hardware cluster is required to change the VM size then all VMs must be first stopped and then restarted one-by-one to a different physical hardware clusters.

Reference: https://azure.microsoft.com/es-es/blog/resize-virtual-machines/

Question 14:

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a PowerShell script that runs the New-MgInvitation cmdlet for each external user.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

Wrong module.

New-MgInvitation Module: Microsoft.Graph.Identity.SignIns Use this API to create a new invitation. Invitation adds an external user to the organization. When creating a new invitation, you have several options available:

Instead use the New-AzureADMSInvitation cmdlet which is used to invite a new external user to your directory.

Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation

Question 15:

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.

You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.

You add a network interface named Interface1 to VM1 as shown in the exhibit (Click the Exhibit button.)

From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails. You need to establish a Remote Desktop connection to VM1. What should you do first?

A. Start VM1.

B. Attach a network interface.

C. Delete the DenyAllOutBound outbound port rule.

D. Delete the DenyAllInBound inbound port rule.

Correct Answer: A

Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower

priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview