Microsoft: Exam Questions AZ-104

Microsoft
Exam Questions AZ-104

Microsoft Azure Administrator
www.androdagger.com Telegram: @androdagger

NEW QUESTION 1
- (Exam Topic 1)
You need to meet the technical requirement for VM4. What should you create and configure?
A. an Azure Notification Hub

B. an Azure Event Hub
C. an Azure Logic App
D. an Azure services Bus
Answer: B
Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an
Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait
for those events from the event grid before running automated workflows to perform tasks - without you writing any code. References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
NEW QUESTION 2
- (Exam Topic 1)
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-
premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this
gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.

NEW QUESTION 3
- (Exam Topic 1)
You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal. Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure. Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role. References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
NEW QUESTION 4
- (Exam Topic 2)
You need to resolve the licensing issue before you attempt to assign the license again. What should you do?
A. From the Groups blade, invite the user accounts to a new group.
B. From the Profile blade, modify the usage location.
C. From the Directory role blade, modify the directory role.
Answer: A
Explanation:
License cannot be assigned to a user without a usage location specified. Scenario: Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that
the Azure subscription has the available licenses.
NEW QUESTION 5
- (Exam Topic 2)
Which blade should you instruct the finance department auditors to use?
A. invoices
B. partner information
C. cost analysis
D. External services
Answer: A
NEW QUESTION 6
- (Exam Topic 2)
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure. For each of
the following statements, select Yes if the statement is true. Otherwise, select No.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 7
- (Exam Topic 2)
You need to resolve the Active Directory issue. What should you do?
A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
B. Run idfix.exe, and then use the Edit action.
C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
D. From Azure AD Connect, modify the outbound synchronization rule.
Answer: B
Explanation:
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure
Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory. Scenario: Active Directory
Issue
Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD. References:
https://www.microsoft.com/en-us/download/details.aspx?id=36832
NEW QUESTION 8
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On
Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs. You would
need the Logic App Contributor role. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 9
- (Exam Topic 4)
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections. Subnet1
and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules. NSG2 uses
the default and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM. Box 2: Yes
NSG2 will allow this. Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 10
- (Exam Topic 4)
You have Azure subscription that includes following Azure file shares: You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1. For each of the following statements, select Yes if the statement is
true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. Box 2: Yes
Yes, one or more server endpoints can be added to the sync group. Box 3: Yes Yes, one
or more server endpoints can be added to the sync group. References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
NEW QUESTION 10
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each
correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

NEW QUESTION 15
- (Exam Topic 4)
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 17
- (Exam Topic 4)
You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: always
Endpoint status is enabled. Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to
enable Azure Backup service to access the network restricted storage account.

Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage- accounts-
secured-with-azure-storage
NEW QUESTION 20
- (Exam Topic 4)
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an
Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure
Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at regular
intervals, and if results of the log search match particular criteria, then an alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on- premises. It
collects data into a Log Analytics workspace.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
NEW QUESTION 21
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.
Adatum.com has the following configurations: Users may join devices to Azure AD is set to User1.
Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer. User1 joins Computer1 to adatum.com. You need to identify which users are added to the local
Administrators group on Computer1.

A. User1 only
B. User1, User2, and User3 only
C. User1 and User2 only
D. User1, User2, User3, and User4
E. User2 only
Answer: C
Explanation:
Users may join devices to Azure AD - This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All. Additional local
administrators on Azure AD joined devices - You can select the users that are granted local administrator rights on a device. Users added here are added to the Device
Administrators role in Azure AD. Global administrators, here User2, in Azure AD and device owners are granted local administrator rights by default.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
NEW QUESTION 23
- (Exam Topic 4)
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
* Create files on drive 0.
* Modify the screen saver timeout.
* Change the desktop background. You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
A. the modified screen saver timeout

B. the new desktop background
C. the new files on drive
D. The new files on drive C
Answer: D
NEW QUESTION 28
- (Exam Topic 4)
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the resources shown in the following table.
RG2 contains the resources shown in the following table.
You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1. Which
resources should you identify? To answer, select the appropriate options in the answer area.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
NEW QUESTION 31
- (Exam Topic 4)
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.
You need to recommend a networking solution to meet the following requirements:

Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines. Protect the
web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each
A. Mastered

B. Not Mastered
Answer: A
Explanation:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and
vulnerabilities. Web applications are increasingly targeted
by malicious attacks that exploit commonly known vulnerabilities. References:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
NEW QUESTION 35
- (Exam Topic 4)
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job. What can
you use as the destination of the imported data?
A. Azure Data Lake Store

B. a virtual machine
C. the Azure File Sync Storage Sync Service
D. Azure Blob storage
Answer: D
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. The maximum
size of an Azure Files Resource of a file share is 5 TB. Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION 37
- (Exam Topic 4)
Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1. Solution:
You create NIC2 in RG2 and Central US. Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION 38
- (Exam Topic 4)
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address
space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1.
Ensure that you can attach the disks to VM1.
Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution. NOTE:
Each correct selection is worth one point.

A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
B. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of acount1, add VNet1.
D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Answer: BE
Explanation:
B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action. Azure portal
Navigate to the storage account you want to secure.
Click on the settings menu called Firewalls and virtual networks.
To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'. Click Save to
apply your changes. E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual
network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
NEW QUESTION 39
- (Exam Topic 4)
You have an Azure virtual machine named VM1. Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1. You need
to specify which resource type to monitor.
What should you specify?
A. metric alert
B. Azure Log Analytics workspace
C. virtual machine
D. virtual machine extension
Answer: D
Explanation:
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation. Installing the Log Analytics
VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
NEW QUESTION 43
- (Exam Topic 4)
You manage two Azure subscriptions named Subscription1 and Subscription2. Subscription1 has the following virtual networks:
The virtual networks contain the following subnets:
Subscription2 contains the following virtual network:

Name: VNETA
Address space: 10.10.128.0/17
Location: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Yes
With VNet-to-VNet you can connect Virtual Networks in Azure across Different regions. Box 2: Yes Azure
supports the following types of peering:
Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions. Box 3: No
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-across-different-regio https://docs.microsoft.com/en-us/azure/virtual-
network/virtual-network-manage-peering#requirements-and-cons
NEW QUESTION 44
- (Exam Topic 4)
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution. NOTE: Each
A. an XML manifest file

B. a driveset CSV file
C. a dataset CSV file
D. a PowerShell PS1 file
E. a JSON configuration file
Answer: BC
Explanation:
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv
file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
NEW QUESTION 49
- (Exam Topic 4)
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in
external.contoso.com.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.
A. Yes
B. No
Answer: A
Explanation:
Only a global administrator can add users to this tenant. References: https://docs.microsoft.com/en-
us/azure/devops/organizations/accounts/add-users-to-azure-ad

NEW QUESTION 50
- (Exam Topic 4)
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution:
On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
NEW QUESTION 54
- (Exam Topic 4)
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines. You need to
create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area. NOTE:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine. Box 2: be
connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines. References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers
NEW QUESTION 58
- (Exam Topic 4)
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in
external.contoso.com.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
A. Yes
B. No
Answer: A
Explanation:
Only a global administrator can add users to this tenant. References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION 62
- (Exam Topic 4)
Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-
Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule: Priority:
100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389 Protocol:
UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need
to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the
UDP protocol.
A. Yes
B. No
Answer: B
NEW QUESTION 63
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users. You need to
provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA. What should you do?
A. From the multi-factor authentication page, configure the users’ settings.

B. From Azure AD, create a conditional access policy.
C. From the multi-factor authentication page, configure the service settings.
D. From the MFA blade in Azure AD, configure the MFA Server settings.
Answer: C
Explanation:
Enable remember Multi-Factor Authentication
Sign in to the Azure portal.
On the left, select Azure Active Directory > Users.
Select Multi-Factor Authentication.
Under Multi-Factor Authentication, select service settings.
On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they trust option.

Select Save.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
NEW QUESTION 65
- (Exam Topic 4)
100
Source: Any
Destination: *
UDP
Action: Allow
Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol. Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM. Note on
NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References: https://docs.microsoft.com/en-
us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 69
- (Exam Topic 4)
You have an Azure subscription named Subcription1 that contains a resource group named RG1. In RG1. you create an internal load balancer named LB1 and a public load
balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege. Which role
should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Caen correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

NEW QUESTION 73
- (Exam Topic 4)
100
Source: Any
Destination: *
UDP
Action: Allow
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range
3389 and uses the TCP protocol.
A. Yes
B. No
Answer: A
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM. Note on
NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References: https://docs.microsoft.com/en-
us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 78
- (Exam Topic 4)
Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour. Solution:
You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source.
A. Yes
B. No
Answer: B
Explanation:
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure
Monitor and specify the Log Analytics workspace as the source.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
NEW QUESTION 82
- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe. Box 2: Analytics3
Vault1 and Analytics3 are both in West Europe. References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-configure-reports
NEW QUESTION 86
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages. You need to create the container for the planned image. Which
command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
azcopy make 'https://<storage-account-name>.file.core.windows.net/<file-share-name><SAS-token>'
NEW QUESTION 90
- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
All virtual machines run Windows Server 2016.

On VM1, you back up a folder named Folder1 as shown in the following exhibit.
You plan to restore the backup to a different virtual machine. You need to restore the backup to VM2. What
should you do first?
A. From VM2, install the Microsoft Azure Recovery Services Agent

B. From VM1, install the Windows Server Backup feature
C. From VM2, install the Windows Server Backup feature
D. From VM1, install the Microsoft Azure Recovery Services Agent

Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server
NEW QUESTION 93
- (Exam Topic 4)
You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration. Import the configuration into the Automation account. Step 2:
Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server. Step 3:
Onboard the virtual machines to Azure Automation State Configuration. Onboard the Azure VM for management with Azure Automation State Configuration Step 4: Assign the
node configuration
Step 5: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these
reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check: The report
status — whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" References:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
NEW QUESTION 98
- (Exam Topic 4)
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to
modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy

B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Answer: C
Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain
text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/
NEW QUESTION 103

- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources in the following table.

You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit
button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 106

- (Exam Topic 4)
You have Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following resource groups:
RG1 includes a web app named App1 in the West Europe location. Subscription2 contains the following resource groups:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-limitations/app-service-mov
NEW QUESTION 108

- (Exam Topic 4)
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The
users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to
ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution. NOTE:
A. a public load balancer

B. Traffic Manager
C. an Azure Content Delivery Network (CDN)
D. an internal load balancer
E. an Azure Application Gateway
Answer: DE
NEW QUESTION 109

- (Exam Topic 4)
Your on-premises network contains an Active Directory domain named adatum.com that is synced to Azure Active Directory (Azure AD). Password writeback is disabled.
In adatum.com, you create the users shown in the following table.
Which users must sign in from a computer joined to adatum.com?
A. User2 only
B. User1 and User3 only
C. User1, User2, and User3
D. User2 and User3 only
E. User1 only
Answer: E
Explanation:
Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
NEW QUESTION 112

- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create virtual machines in Subscription1 as shown in the following table.
You plan to use Vault1 for the backup of as many virtual machines as possible. Which virtual machines can be backed up to Vault1?
A. VM1, VM3, VMA, and VMC only

B. VM1 and VM3 only
C. VM1, VM2, VM3, VMA, VMB, and VMC
D. VM1 only
E. VM3 and VMC only
Answer: A
Explanation:
To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines. If you have virtual machines in several regions, create a Recovery
Services vault in each region.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault

Microsoft: Exam Questions AZ-104

Uploaded by

Copyright:

Available Formats

Microsoft: Exam Questions AZ-104

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft: Exam Questions AZ-104

Uploaded by

Copyright:

Available Formats

Microsoft

Exam Questions AZ-104

www.androdagger.com Telegram: @androdagger

A. an Azure Notification Hub

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

You add 14 virtual machines to WEBPROD-AS-USE2.

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

A. the modified screen saver timeout

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

www.androdagger.com Telegram: @androdagger

You need to recommend a networking solution to meet the following requirements:

www.androdagger.com Telegram: @androdagger

A. Azure Data Lake Store

www.androdagger.com Telegram: @androdagger

The virtual networks contain the following subnets:

Subscription2 contains the following virtual network:

www.androdagger.com Telegram: @androdagger

A. an XML manifest file

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

A. From the multi-factor authentication page, configure the users’ settings.

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

www.androdagger.com Telegram: @androdagger

All virtual machines run Windows Server 2016.

A. From VM2, install the Microsoft Azure Recovery Services Agent

www.androdagger.com Telegram: @androdagger

A. Azure Active Directory (AD) Identity Protection and an Azure policy

NEW QUESTION 103

www.androdagger.com Telegram: @androdagger

NEW QUESTION 106

www.androdagger.com Telegram: @androdagger

NEW QUESTION 108

A. a public load balancer

NEW QUESTION 109

Which users must sign in from a computer joined to adatum.com?

NEW QUESTION 112

www.androdagger.com Telegram: @androdagger

A. VM1, VM3, VMA, and VMC only

www.androdagger.com Telegram: @androdagger

You might also like