Set the pace for an exceptional certification journey, anchored by the invaluable insights offered by the AZ-104 dumps. Finely-tuned to reflect the syllabus\’s vastness, the AZ-104 dumps present a comprehensive suite of practice questions, heralding mastery. Be it the unadulterated clarity of PDFs or the dynamic storytelling of the VCE format that draws you in, the AZ-104 dumps are a testament to excellence. A methodical study guide, harmoniously aligned with the AZ-104 dumps, decodes the labyrinth of subjects, ensuring a seamless learning experience. Reiterating our confidence in these materials, we unwaveringly highlight our 100% Pass Guarantee.
[Recent Update] Perfect your exam preparation with the free AZ-104 PDF and Exam Questions, promising top scores
Question 1:
HOTSPOT
You have an Azure subscription that contains the resources in the following table.
You install the Web Server server role (IIS) on VM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown in the LB1 exhibit. (Click the LB1 tab.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Rule1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
A Basic Load Balancer supports virtual machines in a single availability set or virtual machine scale set.
Box 2: Yes
When using load-balancing rules with Azure Load Balancer, you need to specify health probes to allow Load Balancer to detect the backend endpoint status. The configuration of the health probe and probe responses determine which
backend pool instances will receive new flows. You can use health probes to detect the failure of an application on a backend endpoint. You can also generate a custom response to a health probe and use the health probe for flow control to
manage load or planned downtime. When a health probe fails, Load Balancer will stop sending new flows to the respective unhealthy instance. Outbound connectivity is not impacted, only inbound connectivity is impacted.
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview
Question 2:
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources in the following table.
You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
To load balance with basic load balancer backend pool virtual machines has to be in a single availability set or virtual machine scale set.
A health probe is used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance is healthy and can
receive traffic. A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. So if you delete the rule, load balancing won\’t happen.
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/skus
Question 3:
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
A. NSEC
B. PTR
C. DNSKEY
D. TXT
Correct Answer: D
TXT : Correct Choice
You need to go to your hosting domain registrar and add in a TXT record.
NSEC3 : Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.
RRSIG : Incorrect Choice
This contains a cryptographic signature.
DNSKEY : Incorrect Choice
This will verify that the records are originating from an authorized sender.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-domain-name
https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY%20%2D%20Contains%20a%20public%20signing,s)%20in%20the%20parent %20zone.
Question 4:
You have an Azure Resource Manager template named Template1 that is used to deploy an Azure virtual machine. Template1 contains the following text:
The variables section in Template1 contains the following text:
“location”: “westeurope”
The resources section in Template1 contains the following text:
You need to deploy the virtual machine to the West US location by using Template1. What should you do?
A. Modify the location in the resource section to westus
B. Select West US during the deployment
C. Modify the location in the variables section to westus
Correct Answer: A
You can change the location in resources. Parameters used to define the value of some variables to be able to use in different places in the template resources. Resources are used only for complicated expressions. In any case, RM will only
deploy from resources. In case the value is not mentioned directly, then it will check parameters if it is specified in the resources. Based on this question, the value of location is defined directly in resources. so you change the resources
location value.
Use location parameter. To allow flexibility when deploying your template, use a parameter to specify the location for resources. Set the default value of the parameter to resourceGroup().location.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location?tabs=azure-powershell
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax#resources
Question 5:
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
a virtual network named VNet1
2.
a replication policy named ReplPolicy1
3.
a Recovery Services vault named Vault1
4.
an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Deploy an EC2 virtual machine as a configuration server Prepare source include:
Use an EC2 instance that\’s running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.
Configure the proxy on the EC2 instance VM you\’re using as the configuration server so that it can access the service URLs.
Step 2: Install Azure Site Recovery Unified Setup.
Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you\’re using as the configuration server.
Step 3: Enable replication for VM1.
Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure
Question 6:
HOTSPOT
You have an Azure subscription that contains the virtual networks shown in the following table.
You have the virtual machines shown in the following table.
You have the virtual network interfaces shown in the following table.
Server1 is a DNS server that contains the resources shown in the following table.
You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 7:
You have an Azure subscription that contains the following storage account:
You need 10 create a request to Microsoft Support to perform a live migration of storage1 to Zone Redundant Storage (ZRS) replication. How should you modify storage1 before the Live migration?
A. Set the replication to Locally-redundant storage (IRS)
B. Disable Advanced threat protection
C. Remove the lock
D. Set the access tier to Hot
Correct Answer: A
If you want to live migration from RA-GRS to ZRS, at first you have to Switch the storage tier to LRS and then only you can request a live migration.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/redundancy- migration?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.jsonandtabs=portal
Question 8:
You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.
Which cmdtet should you run to deploy the template?
A. New-AzResourceGroupDeployment
B. New-AzDeployment
C. New-AzResource
D. New-AzTenantDeploynent
Correct Answer: B
New-AzResource
creates an Azure resource, such as a website, Azure SQL Database server, or Azure SQL Database, in a resource group.
Reference:
https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresource
Question 9:
You have an Azure subscription named Subscription1 and two Azure Active Directory (Azure AD) tenants named Tenant1 and Tenant2.
Subscription1 is associated to Tenant1. Multi-factor authentication (MFA) is enabled for all the users in Tenant1.
You need to enable MFA for the users in Tenant2. The solution must maintain MFA for Tenant1.
What should you do first?
A. Change the directory for Subscription1.
B. Configure the MFA Server setting in Tenant1.
C. Create and link a subscription to Tenant2.
D. Transfer the administration of Subscription1 to a global administrator of Tenant2.
Correct Answer: C
Question 10:
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?
A. Diagram in VNet1
B. the security recommendations in Azure Advisor
C. Diagnostic settings in Azure Monitor
D. Diagnose and solve problems in Traffic Manager Profiles
E. IP flow verify in Azure Network Watcher
Correct Answer: E
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule
that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Question 11:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the source.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
1.
Creating an Azure storage account and configuring shared access signatures (SASs) is not necessary for monitoring events on a virtual machine. Azure Monitor can directly collect events from the VM\’s System event log using the Microsoft Monitoring Agent.
2.
The Microsoft Monitoring Agent can indeed collect logs and send them to Azure Monitor, but specifying a storage account as the source would not be the typical approach for monitoring System event logs. You would usually send the logs directly to a Log Analytics workspace.
3.
To monitor the System event log for specific events, you would set up a Log Analytics workspace, configure the Microsoft Monitoring Agent to send logs to that workspace, and then set up an alert based on a query that examines those logs.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Question 12:
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
1.
Reader
2.
Security Admin
3.
Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
A. Assign User1 the Contributor role for VNet1.
B. Remove User from the Security Reader and Reader roles tot Subscription1.
C. Assign User1 the Network Contributor role for VNet1.
D. Assign User1 the User Access Administrator role for VNet1
Correct Answer: D
The User Access Administrator role allows you to manage user access to Azure resources.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#user-access-administrator
Question 13:
HOTSPOT
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Box 1:
Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Box 2:
Only Shared Access Signature (SAS) token is supported for File storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
Question 14:
You have an Azure subscription that contains the virtual networks shown in the following table.
All the virtual networks are peered. Each virtual network contains nine virtual machines.
You need to configure secure RDP connections to the virtual machines by using Azure Bastion.
What is the minimum number of Bastion hosts required?
A. 1
B. 3
C. 9
D. 10
Correct Answer: B
One in each region.
Note: VNet peering and Azure Bastion
Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don\’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it
can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host.
How do I incorporate Azure Bastion in my Disaster Recovery plan?
Azure Bastion is deployed within VNets or peered VNets, and is associated to an Azure region. You\’re responsible for deploying Azure Bastion to a Disaster Recovery (DR) site VNet. In the event of an Azure region failure, perform a failover
operation for your VMs to the DR region. Then, use the Azure Bastion host that\’s deployed in the DR region to connect to the VMs that are now deployed there.
Reference:
https://learn.microsoft.com/en-us/azure/bastion/vnet-peering
Question 15:
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?
A. Metrics
B. Customer insights
C. Monitor
D. Advisor
Correct Answer: D
References: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations https://docs.microsoft.com/bs-latn-ba/azure/cost-management/tutorial-acm-opt-recommendations
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.