Expert Veri Ed, Online, Free.: Microsoft AZ-104 Exam Actual Questions

 Welcome to ExamTopics  adipt_60 | Logout     
HOME UNLIMITED ACCESS POPULAR EXAMS VIEW ALL EXAMS DOWNLOAD FREE CONTACT FORUM 
MAIL US
- Expert Veri ed, Online, Free.  [email protected]
* Autumn Sale *
We hope you're enjoying a well-deserved weekend and holiday.
We're offering a special promotion of limited time 20% off on annual contributor access.
Use coupon code SALE2023 to apply during checkout .
* Offer will expire at midnight November 20th 2023
To get full access and more features, please consider getting Contributor Access.
Microsoft AZ-104 Exam Actual Questions (P. 10)
The questions for AZ-104 were last updated on Nov. 13, 2023.
Viewing page 10 out of 56 pages.

Viewing questions 91-100 out of 567 questions
 Custom View Settings


Question #51 Topic 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
A. Yes Most Voted
B. No Most Voted
Hide Solution  Discussion 162
Correct Answer: A 🗳
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Community vote distribution

A (50%) B (49%)
HOTSPOT -
You have an Azure Load Balancer named LB1.
You assign a user named User1 the roles shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor https://docs.microsoft.com/en-us/azure/role-based-
access-control/rbac-and-directory-admin-roles
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
A. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
B. Assign User1 the Owner role for VNet1. Most Voted
C. Assign User1 the Contributor role for VNet1.
D. Assign User1 the Network Contributor role for VNet1.
Correct Answer: B 🗳
Has full access to all resources including the right to delegate access to others.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
✑ Assign User1 the User Access Administrator role for VNet1.
✑ Assign User1 the Owner role for VNet1.
Other incorrect answer options you may see on the exam include the following:
✑ Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
✑ Remove User1 from the Security Reader and Reader roles for Subscription1.
✑ Assign User1 the Network Contributor role for RG1.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles https://docs.microsoft.com/en-us/azure/role-based-access-
control/overview

B (96%)
HOTSPOT -
You con gure the custom role shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Hot Area:
Correct Answer:
Box 1: roletype -
You need to con gure Azure RBAC policy to determine who can log in to the VM. Two Azure roles are used to authorize VM login:
Virtual Machine Administrator Login: Users with this role assigned can log in to an Azure virtual machine with administrator privileges.
Virtual Machine User Login: Users with this role assigned can log in to an Azure virtual machine with regular user privileges.
Note, example roletype:
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDe nitions"
Box 2: assignableScopes -
Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users,
groups, service principals, or managed identities at a particular scope.
When you assign roles, you must specify a scope. Scope is the set of resources the access applies to. In Azure, you can specify a scope at four levels from broad to
narrow: management group, subscription, resource group, and resource.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows https://docs.microsoft.com/en-us/azure/role-based-access-
control/built-in-roles https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a le share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do rst?
A. Enable Active Directory Domain Service (AD DS) authentication for storage1. Most Voted
B. Grant share-level permissions by using File Explorer.
C. Mount share1 by using File Explorer.
D. Create a private endpoint.
Before you enable Azure AD over SMB for Azure le shares, make sure you have completed the following prerequisites:
1. Select or create an Azure AD tenant.
2. To support authentication with Azure AD credentials, you must enable Azure AD Domain Services for your Azure AD tenant.
Etc.
Note: The Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage le shares over SMB.
Reference:
https://docs.microsoft.com/en-us/azure/storage/ les/storage- les-identity-auth-active-directory-domain-service-enable

A (100%)
You have 15 Azure subscriptions.

You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You plan to purchase additional Azure subscription.
You need to ensure that Group1 can manage role assignments for the existing subscriptions and the planned subscriptions. The solution must meet the following
requirements:
✑ Use the principle of least privilege.
✑ Minimize administrative effort.
What should you do?
A. Assign Group1 the Owner role for the root management group.
B. Assign Group1 the User Access Administrator role for the root management group. Most Voted
C. Create a new management group and assign Group1 the User Access Administrator role for the group.
D. Create a new management group and assign Group1 the Owner role for the group.
The User Access Administrator role enables the user to grant other users access to Azure resources. This switch can be helpful to regain access to a subscription.
Management groups give you enterprise-grade management at scale no matter what type of subscriptions you might have.
Each directory is given a single top-level management group called the "Root" management group. This root management group is built into the hierarchy to have all
management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory
level.
Incorrect:
Not C: A few directories that started using management groups early in the preview before June 25 2018 could see an issue where not all the subscriptions were within
the hierarchy. The process to have all subscriptions in the hierarchy was put in place after a role or policy assignment was done on the root management group in the
directory.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles https://docs.microsoft.com/en-us/azure/governance/management-
groups/overview

B (79%) C (20%)
HOTSPOT -
You have an Azure subscription that contains the hierarchy shown in the following exhibit.
You create an Azure Policy de nition named Policy1.

To which Azure resources can you assign Policy1 and which Azure resources can you specify as exclusions from Policy1? To answer, select the appropriate options in the
answer area.
Hot Area:
Correct Answer:
Box 1: Tenant Root Group, ManagementGroup1, Subscription1, RG1, and VM1

Once your business rules have been formed, the policy de nition or initiative is assigned to any scope of resources that Azure supports, such as management groups,
subscriptions, resource groups, or individual resources.
Note: Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. The following image shows an example of these layers.
Box 2: ManagementGroup1, Subscription1, RG1, and VM1

You can exclude a subscope from the assignment.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.
Does that meet the goal?
A. Yes Most Voted
B. No Most Voted
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

B (93%) 7%

A. Yes
B. No Most Voted
Reference:

B (94%) 6%

A. Yes
B. No Most Voted
Reference:

B (86%) 14%
 Previous Questions Next Questions 
 
Social Media Email Address
Facebook , Twitter [email protected]
YouTube , Reddit www.examtopics.com
Pinterest
RECENT ARTICLES SITEMAP
New Version GCP  Home  All Exams

We are the biggest and most updated IT Professional Cloud
13  News  About
certi cation exam material website. Architect Certi cate &
June Helpful Information  Contact  Forum
Using our own resources, we strive to IT Certi cations  DMCA  Logout
strengthen the IT professionals  Terms & Privacy
community for free. The 5 Most In-
Policy
Demand Project
20
Management
September Certi cations of 2019
IT Certi cations
    
© 2023 ExamTopics
ExamTopics doesn't offer Real Microsoft Exam Questions. ExamTopics doesn't offer Real Amazon Exam Questions. ExamTopics Materials do not contain actual questions and answers
from Cisco's Certi cation Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of ExamTopics. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.

Expert Veri Ed, Online, Free.: Microsoft AZ-104 Exam Actual Questions

Uploaded by

Copyright:

Available Formats

Expert Veri Ed, Online, Free.: Microsoft AZ-104 Exam Actual Questions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Expert Veri Ed, Online, Free.: Microsoft AZ-104 Exam Actual Questions

Uploaded by

Copyright:

Available Formats

 Welcome to ExamTopics  adipt_60 | Logout     

Microsoft AZ-104 Exam Actual Questions (P. 10)

Viewing page 10 out of 56 pages.

 Custom View Settings

A. Yes Most Voted

Hide Solution  Discussion 162

Community vote distribution

Question #52 Topic 2

Hide Solution  Discussion 16

Question #53 Topic 2

B. Assign User1 the Owner role for VNet1. Most Voted

C. Assign User1 the Contributor role for VNet1.

D. Assign User1 the Network Contributor role for VNet1.

Hide Solution  Discussion 24

Community vote distribution

Question #54 Topic 2

Hide Solution  Discussion 44

Question #55 Topic 2

B. Grant share-level permissions by using File Explorer.

C. Mount share1 by using File Explorer.

D. Create a private endpoint.

Hide Solution  Discussion 11

Community vote distribution

Question #56 Topic 2

You have 15 Azure subscriptions.

Hide Solution  Discussion 37

Community vote distribution

Question #57 Topic 2

You create an Azure Policy de nition named Policy1.

Hide Solution  Discussion 55

Box 1: Tenant Root Group, ManagementGroup1, Subscription1, RG1, and VM1

Box 2: ManagementGroup1, Subscription1, RG1, and VM1

Question #58 Topic 2

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

A. Yes Most Voted

Hide Solution  Discussion 95

Community vote distribution

Question #59 Topic 2

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

Hide Solution  Discussion 35

Community vote distribution

Question #60 Topic 2

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

Hide Solution  Discussion 102

Community vote distribution

 Previous Questions Next Questions 

RECENT ARTICLES SITEMAP

New Version GCP  Home  All Exams

You might also like