Embark on an odyssey where every challenge is an invitation to learn, made effortless with the AZ-104 dumps. Journeying through this realm, the AZ-104 dumps illuminate your path with golden nuggets of practice questions. PDFs are the age-old manuscripts, repositories of wisdom, while the VCE format is the bard, singing tales of interactive learning. Together, the study guide and AZ-104 dumps sketch the roadmap for your expedition. Such is our belief in this voyage that we present our 100% Pass Guarantee, a promise of safe passage in your quest for knowledge.
[Newest Compilation] Lock in 100% exam success with the free download of AZ-104 PDF and Exam Questions
Question 1:
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.
What should you create first?
A. a data collection rule (DCR)
B. a Log Analytics workspace
C. an Azure Monitor Private Link Scope (AMPLS)
D. a private endpoint
Correct Answer: C
ttps://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security#advantages
Question 2:
You have the Azure virtual machines shown in the following table.
A DNS service is installed on VM1.
You configure the DNS servers settings for each virtual network as shown in the following exhibit.
You need to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?
A. Configure a conditional forwarder on VM1
B. Add service endpoints on VNET1
C. Add service endpoints on VNET2 and VNET3
D. Configure peering between VNET1, VNET2, and VNET3
Correct Answer: D
Virtual network peering enables you to seamlessly connect networks in Azure Virtual Network. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines uses the Microsoft backbone infrastructure.
Incorrect Answers:
B, C: Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only
your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Question 3:
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
A. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.
B. For Rule5, change the Action to Allow and change the priority to 401.
C. Delete Rule1.
D. Modify the protocol of Rule4.
Correct Answer: B
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500. Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port 443. Note: Rules are processed in priority order, with lower numbers
processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops.
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 4:
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
A. Modify the properties of NSG1.
B. Modify the properties of ASG1.
C. Associate NIC1 to ASG1.
Correct Answer: C
Associate Virtual Machines
An application security group is a logical collection of virtual machines (NICs). You join virtual machines to the application security group, and then use the application security group as a source or destination in NSG rules.
The Networking blade of virtual machine properties has a new button called Configure The Application Security Groups for each NIC in the virtual machine. If you click this button, a pop-up blade will appear and you can select which (none,
one, many) application security groups that this NIC should join, and then click Save to commit the change.
Understanding Application Security Groups in the Azure Portal
Question 5:
HOTSPOT
You need to create container1 and share1.
Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
Question 6:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the source.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
1.
Creating an Azure storage account and configuring shared access signatures (SASs) is not necessary for monitoring events on a virtual machine. Azure Monitor can directly collect events from the VM\’s System event log using the Microsoft Monitoring Agent.
2.
The Microsoft Monitoring Agent can indeed collect logs and send them to Azure Monitor, but specifying a storage account as the source would not be the typical approach for monitoring System event logs. You would usually send the logs directly to a Log Analytics workspace.
3.
To monitor the System event log for specific events, you would set up a Log Analytics workspace, configure the Microsoft Monitoring Agent to send logs to that workspace, and then set up an alert based on a query that examines those logs.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Question 7:
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
Adatum.com contains the users shown in the following table.
You assign the Azure Active Directory Premium Plan 2 license to Group1 and User4. Which users are assigned the Azure Active Directory Premium Plan 2 license?
A. User4 only
B. User1 and User4 only
C. User1, User2, and User4 only
D. User1, User2, User3, and User4
Correct Answer: B
Question 8:
Your company\’s Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.
One of the VMs is backed up every day using Azure Backup Instant Restore.
When the VM becomes infected with data encrypting ransomware, you decide to recover the VM\’s files.
Which of the following is TRUE in this scenario?
A. You can only recover the files to the infected VM.
B. You can recover the files to any VM within the company\’s subscription.
C. You can only recover the files to a new VM.
D. You will not be able to recover the files.
Correct Answer: B
Question 9:
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?
A. shared access signatures (SAS)
B. Conditional Access policies
C. certificates
D. access keys
Correct Answer: A
Shared Access Signatures (SAS) allows for limited-time fine grained access control to resources. So you can generate URL, specify duration (for month of April) and disseminate URL to 10 team members. On May 1, the SAS token is
automatically invalidated, denying team members continued access.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Question 10:
HOTSPOT
You have a sync group that has the endpoints shown in the following table.
Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
File1: Endpoint3 only Cloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares into a cache, rather than a complete copy of the dataset, to help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files. File2: Endpoint1, Endpoint2, and Endpoint3 References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering
Question 11:
You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?
A. slots to the Testing in production blade
B. a performance test
C. a WebJob
D. templates to the Automation script blade
Correct Answer: A
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or
more of your deployment slots.
Example:
References: https://stackify.com/azure-deployment-slots/
Question 12:
You have an Azure Storage account named storage1.
For storage1, you create an encryption scope named Scope1.
Which storage types can you encrypt by using Scope?
A. file shares only
B. containers only
C. file shares and containers only
D. containers and tables only
E. file shares, containers, and tables only
F. file shares, containers, tables, and queues
Correct Answer: B
Encryption scopes enable you to manage encryption with a key that is scoped to a container or an individual blob. There is no blob in the answer choices. https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview#how-encryption-scopes-work
Question 13:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).
You need to configure an Azure internal load balancer as a listener for the availability group.
Solution: You enable Floating IP.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql- alwayson-int-listener
Question 14:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the resources shown in the following table.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution: You move VM1 to RG2, and then you add a new network interface to VM1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead you should delete VM1. You recreate VM1, and then you add the network interface for VM1. Note: When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. You can change
the subnet a VM is connected to after it\’s created, but you cannot change the VNet.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview
Question 15:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Reader role at the subscription level to Admin1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B