Posted in AZ-104 dumps, Microsoft

[Updated Arrival] Boost your success with the 100% guaranteed AZ-104 PDF QAs free download

 Published Date: 11/13/2023

Set the pace for an exceptional certification journey, anchored by the invaluable insights offered by the AZ-104 dumps. Finely-tuned to reflect the syllabus\’s vastness, the AZ-104 dumps present a comprehensive suite of practice questions, heralding mastery. Be it the unadulterated clarity of PDFs or the dynamic storytelling of the VCE format that draws you in, the AZ-104 dumps are a testament to excellence. A methodical study guide, harmoniously aligned with the AZ-104 dumps, decodes the labyrinth of subjects, ensuring a seamless learning experience. Reiterating our confidence in these materials, we unwaveringly highlight our 100% Pass Guarantee.

Navigate the AZ-104 exam terrain with our freely offered prep tools packed with real inquiries

Question 1:

HOTSPOT

You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit:

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: 10 years

The yearly backup point occurs to 1 March and its retention period is 10 years.

Box 2: 10 weeks

Question 2:

HOTSPOT

You plan to deploy Azure Databricks to support a machine learning application.

Data engineers will mount an Azure Data Lake Storage account to the Databricks file system. Permissions to folders are granted directly to the data engineers.

You need to recommend a design for the planned Databrick deployment. The solution must meet the following requirements:

Ensure that the data engineers can only access folders to which they have permissions.

Minimize development effort.

Minimize costs.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Question 3:

You have an Azure subscription that contains the resources in the following table.

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.

You need to apply ASG1 to VM1.

What should you do?

A. Modify the properties of NSG1.

B. Modify the properties of ASG1.

C. Associate NIC1 to ASG1.

Correct Answer: C

Application Security Group can be associated with NICs.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security- groups

Question 4:

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a Power Shell script that runs the New-AZureADUser cmdlet for each user.

Does this meet the goal?

A. Yes

B. NO

Correct Answer: B

Question 5:

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

A. Azure Active Directory (Azure AD) Application Proxy

B. Azure Application Insights

C. Azure Custom Script Extension

D. the New-AzConfigurationAssignement cmdlet

Correct Answer: C

The Custom Script Extension downloads and executes scripts on Azure VMs. This extension is useful for post deployment configuration, software installation, or any other configuration / management task. Scripts can be downloaded from

Azure storage or GitHub, or provided to the Azure portal at extension run time.

The Custom Script extension integrates with Azure Resource Manager templates, and can also be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API. You can use the Custom Script Extension with

both Windows and Linux VMs.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-automate-vm-deployment?toc=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-machines%2Fextensions%2Ftoc.jsonandbc=https%3A%2F%

2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json

Question 6:

You are configuring Azure Active Directory (AD) Privileged Identity Management.

You need to provide a user named Admm1 with read access to a resource group named RG1 for only one month.

The user role must be assigned immediately.

What should you do?

A. Assign an active role.

B. Assign an eligible role.

C. Assign a permanently active role.

D. Create a custom role and a conditional access policy.

Correct Answer: B

Azure AD Privileged Identity Management introduces the concept of an eligible admin. Eligible admins should be users that need privileged access now and then, but not all-day, every day. The role is inactive until the user needs access, then

they complete an activation process and become an active admin for a predetermined amount of time.

References:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Question 7:

You need to meet the user requirement for Admin1. What should you do?

A. From the Subscriptions blade, select the subscription, and then modify the Properties.

B. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C. From the Azure Active Directory blade, modify the Properties.

D. From the Azure Active Directory blade, modify the Groups.

Correct Answer: A

Scenario:

1.

Designate a new user named Admin1 as the service admin for the Azure subscription.

2.

Admin1 must receive email alerts regarding service outages. Follow these steps to change the Service Administrator in the Azure portal.

1.

Make sure your scenario is supported by checking the limitations for changing the Service Administrator.

2.

Sign in to the Azure portal as the Account Administrator.

3.

Open Cost Management + Billing and select a subscription.

4.

In the left navigation, click Properties.

5.

Click Service Admin.

Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/classic-administrators

Question 8:

HOTSPOT

You have a virtual network named VNET1 that contains the subnets shown in the following table:

You have two Azure virtual machines that have the network configurations shown in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: Yes

The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433

from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.

Box 2: Yes

No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.

Box 3: Yes

No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 9:

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a PowerShell script that runs the New-MgInvitation cmdlet for each external user.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

Wrong module.

New-MgInvitation Module: Microsoft.Graph.Identity.SignIns Use this API to create a new invitation. Invitation adds an external user to the organization. When creating a new invitation, you have several options available:

Instead use the New-AzureADMSInvitation cmdlet which is used to invite a new external user to your directory.

Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation

Question 10:

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a PowerShell script that runs the New-AzureADUser cmdlet for each user.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

Explanation:

The New-AzureADUser cmdlet creates a user in Azure Active Directory (Azure AD).

Instead use the New-AzureADMSInvitation cmdlet which is used to invite a new external user to your directory.

Reference:

https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation

Question 11:

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the name server at the domain registrar.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question 12:

HOTSPOT

You have an Azure Load Balancer named LB1.

You assign a user named User1 the roles shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles

Question 13:

You have an Azure virtual machine named VM1.

You use Azure Backup to create a backup of VM1 named Backup1. After creating Backup1, you perform the following changes to VM1:

1.

Modify the size of VM1.

2.

Copy a file named Budget.xls to a folder named Data.

3.

Reset the password for the built-in administrator account.

4.

Add a data disk to VM1.

An administrator uses the Replace existing option to restore VM1 from Backup1. You need to ensure that all the changes to VM1 are restored.

Which change should you perform again?

A. Modify the size of VM1.

B. Add a data disk.

C. Reset the password for the built-in administrator account.

D. Copy Budget.xls to Data.

Correct Answer: D

The scenario mentioned in the question, we are using the replace option. So in this case we would lose the existing data written to the disk after the backup was taken. The file was copied to the disk after the backup was taken. Hence, we

would need to copy the file once again.

References:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-disks

Question 14:

HOTSPOT

Peering for VNET2 is configured as shown in the following exhibit.

Peering for VNET3 is configured as shown in the following exhibit.

How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1. VNET2 and VNET3

Box 2: VNET1

Gateway transit is disabled.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Question 15:

HOTSPOT

Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com. Adatum.com contains the user accounts in the following table.

Adatum.onmicrosoft.com contains the user accounts in the following table.

You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: User5

In Express settings, the installation wizard asks for the following:

AD DS Enterprise Administrator credentials

Azure AD Global Administrator credentials

The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain

Admin should make sure the permissions in Active Directory can be set in all domains.

Box 2: UserA

Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The

account also enables sync as a feature in Azure AD.

References:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect- accounts-permissions