Elevate your learning experience and stride confidently towards your certification, all thanks to the wisdom enshrined in the AZ-104 dumps. Conceived to encapsulate the breadth and depth of the syllabus, the AZ-104 dumps unfurl a rich tapestry of practice questions, setting the gold standard for excellence. Whether it\’s the concise elucidations in PDFs that appeal or the interactive scenarios in the VCE format that captivate, the AZ-104 dumps remain unmatched. A comprehensive study guide, harmoniously complementing the AZ-104 dumps, untangles even the most complex topics, ensuring you\’re always on track. Standing tall in our commitment, we fervently emphasize our 100% Pass Guarantee.
[Newly Available] Strengthen your exam preparation with the free AZ-104 PDF and Exam Questions, ensuring victory
Question 1:
You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.
You need to configure access for VNET1. The solution must meet the following requirements:
The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone.
The virtual machines connected to VNET1 must be able to access storage1, storage and Azure AD by using the Microsoft backbone.
What is the minimum number of service endpoints you should add to VNET1?
A. 1
B. 2
C. 3
D. 5
Correct Answer: D
Question 2:
You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10. Which port should be open between the home computers and the data file share?
A. 80
B. 443
C. 445
D. 3389
Correct Answer: C
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
Question 3:
HOTSPOT
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balance requests to the virtual machines. Each load balancer will load balance three virtual machines. You need to create the virtual machines for the planned solution.
Hot Area:
Correct Answer:
Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
Reference:
Question 4:
You have an Azure subscription that contains a virtual network named VNet1.
VNet1 uses two ExpressRoute circuits that connect to two separate on-premises datacenters.
You need to create a dashboard to display detailed metrics and a visual representation of the network topology.
What should you use?
A. Azure Monitor Network Insights
B. a Data Collection Rule (DCR)
C. Azure Virtual Network Watcher
D. Log Analytics
Correct Answer: A
Through Network Insights, you can view topological maps and health dashboards containing important ExpressRoute information without needing to complete any extra setup.
Reference: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights
Question 5:
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Correct Answer: D
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as \’[email protected].\’ instead of \’alice@domain name.onmicrosoft.com\’. Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom- domain
Question 6:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You would need to redeploy the VM.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
Question 7:
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?
A. Owner
B. Virtual Machine Contributor
C. Contributor
D. Virtual Machine Administrator Login
Correct Answer: B
Virtual Machine Contributor: Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they\’re connected to. Incorrect Answers:
A: Owner: Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
C: Contributor: Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.
D: Virtual Machine Administrator Login: View Virtual Machines in the portal and login as administrator.
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 8:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
1.
A virtual network that has a subnet named Subnet1
2.
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
3.
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
1.
Priority: 100
2.
Source: Any
3.
Source port range: *
4.
Destination: *
5.
Destination port range: 3389
6.
Protocol: UDP
7.
Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
The default port for RDP is TCP port 3389 not UDP.
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic, Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to
the network interface. By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation. Here in the solution UDP traffic is allowed at virtual
network level which is not tcp/rdp protocol. So this will not work to achieve the goal.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp- connection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Question 9:
HOTSPOT
You have the Azure virtual machines shown in the following table.
VNET1, VNET2, and VNET3 are peered.
VM4 has a DNS server that is authoritative for a zone named Contoso.com and contains the records shown in the following table.
VNET1 and VNET2 are linked to an Azure private DNS zone named Contoso.com that contains the records shown in the following table.
The virtual networks are configured to use the DNS servers shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 10:
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2.
What is the effect of the move?
A. The App Serviceplan for WebApp1remains in WestEurope. Policy2applies to WebApp1.
B. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.
C. The App Serviceplan for WebApp1remains in WestEurope. Policy1applies to WebApp1.
D. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
Correct Answer: A
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it\’s in. However, you cannot change an App Service plan\’s region.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage
Question 11:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company\’s Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.
VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to- site VPN connection exists between your company\’s on-premises network and VirtualNetworkA.
You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access
VirtualNetworkB from the company\’s on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.
You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.
Solution: You choose the Allow gateway transit setting on VirtualNetworkA.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 12:
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommendation?
A. Azure AP B2C
B. Azure AD Identity Protection
C. an Azure logic app and the Microsoft Identity Management (MIM) client
D. dynamic groups and conditional access policies
Correct Answer: D
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user\’s OU attribute will change when the admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate dynamic group on next AADC delta sync.
References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamicmembership https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 13:
HOTSPOT
You plan to deploy the following Azure Resource Manager (ARM) template.
Hot Area:
Correct Answer:
Question 14:
You have an Azure Storage account named storage1 that contains a blob container named container1.
You need to prevent new content added to container1 from being modified for one year.
What should you configure?
A. the access tier
B. an access policy
C. the Access control (IAM) settings
D. the access level
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview?tabs=azure-portal
Question 15:
You plan to move a distributed on-premises app named App1 to an Azure subscription.
After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create?
A. one virtual machine scale set that has 10 virtual machines instances
B. one Availability Set that has three fault domains and one update domain
C. one Availability Set that has 10 update domains and one fault domain
D. one virtual machine scale set that has 12 virtual machines instances
Correct Answer: C
An update domain is a logical group of underlying hardware that can undergo maintenance or be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Reference: http://www.thatlazyadmin.com/azure-fault-update-domains/
