Set the pace for an exceptional certification journey, anchored by the invaluable insights offered by the AZ-104 dumps. Finely-tuned to reflect the syllabus\’s vastness, the AZ-104 dumps present a comprehensive suite of practice questions, heralding mastery. Be it the unadulterated clarity of PDFs or the dynamic storytelling of the VCE format that draws you in, the AZ-104 dumps are a testament to excellence. A methodical study guide, harmoniously aligned with the AZ-104 dumps, decodes the labyrinth of subjects, ensuring a seamless learning experience. Reiterating our confidence in these materials, we unwaveringly highlight our 100% Pass Guarantee.
[Newest Launch] Sharpen your exam prowess with the complimentary AZ-104 PDF and Exam Questions, with a success promise
Question 1:
You have an Azure subscription that contains the resources shown in the following table.
VM1 and VM2 run a website that is configured as shown in the following table.
LB1 is configured to balance requests to VM1 and VM2.
You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that the health probe functions correctly. What should you do?
A. On LB1, change the Unhealthy threshold to 65536.
B. On LB1, change the port to 8080.
C. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.
D. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder.
Correct Answer: D
Load balancing provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). You can use the Azure portal to create a Standard load balancer and balance internal traffic among VMs. To load
balance successfully between VM1 and VM2 you have to place the html file in the path mentioned in the Probe1 configuration.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-internal- portal
Question 2:
You have an Azure Active Directory (Azure AD) tenant that syncs to on-premises Active Directory and contains the users shown in the following table.
You create a group named Group1 and add User1 to the group. You need to configure the ownership of Group 1. Which users can you add as owners of Group1?
A. East US, West Europe, and North Europe
B. East US and West Europe only
C. East US only
D. East US and North Europe only
Correct Answer: C
Before creating a network interface, you must have an existing virtual network in the same location and subscription you create a network interface in. If you try to create a NIC on a location that does not have any Vnets you will get the following error: “The currently selected subscription and location lack any existing virtual networks. Create a virtual network first.”
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
Question 3:
You have an on-premises datacenter and an Azure subscription.
You plan to connect the datacenter to Azure by using ExpressRoute.
You need to deploy an ExpressRoute gateway. The solution must meet the following requirements:
1.
Support up to 10 Gbps of traffic.
2.
Support availability zones.
3.
Support FastPath.
4.
Minimize costs.
Which SKU should you deploy?
A. ERGw1AZ
B. ERGw2
C. ErGw3
D. ErGw3AZ
Correct Answer: D
https://learn.microsoft.com/en-us/answers/questions/885158/whats-the-difference-between-ergw3az-vs-ultraperfo
Question 4:
HOTSPOT
You have an Azure Storage account named storage1.
You have an Azure Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:
1.
Minimize the number of secrets used.
2.
Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
App1: Access keys
App2: Shared access signature (SAS)
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can
control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Question 5:
HOTSPOT
You have an Azure subscription that contains the users shown in the following table.
The groups are configured as shown in the following table.
You have a resource group named RG1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
Group nesting is not supported. A group can\’t be added as a member of a role-assignable group.
Box 2: No
Group nesting is not supported. A group can\’t be added as a member of a role-assignable group.
Box 3: Yes
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept
Question 6:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
Does that meet the goal?
A. Yes
B. No
Correct Answer: B
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
Question 7:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are the global administrator for an Azure Active Directory (Azure AD) tenant that has several subscriptions.
You need to create a report that lists all the resources for the tenant.
Solution: You run the New-AzureADUserAppRoleAssignment Windows PowerShell cmdlet.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD). Use it for the application report.
Reference:
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduserapproleassignment? view=azureadps-2.0
Question 8:
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.
What should you do?
A. Set the Lock Duration setting to 10 seconds.
B. Enable duplicate detection.
C. Set the Max Size setting of the queue to 5 GB.
D. Enable partitioning.
E. Enable sessions.
Correct Answer: E
Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-first- out (FIFO) delivery of messages.
References:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-bus- queues-compared-contrasted
Question 9:
HOTSPOT
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup policy named Policy1 as shown in the exhibit. (Click the Exhibit tab.)
You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and January 15? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 6
5 latest daily recovery points, which includes the weekly backup from the previous Sunday, plus the monthly recovery point.
Box 2: 8
5 latest daily recovery points, plus two weekly backups, plus the monthly recovery point.
Reference:
https://social.technet.microsoft.com/Forums/en-US/854ab6ae-79aa-4bad-ac65-471c4d422e94/daily-monthly-yearly-recovery-points-and-storage-used?forum=windowsazureonlinebackup
Question 10:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The Contributor role can manage all resources (and add resources) in a Resource Group.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Question 11:
You have an Azure Kubernetes cluster in place.
You have to deploy an application using an Azure Container registry image.
Which of the following command can be used for this requirement?
A. az kubernetes deploy
B. kubectl apply
C. New-AzKubernetes set
D. docker run
Correct Answer: B
kubectl apply : Correct Choice
The kubectl command can be used to deploy applications to a Kubernetes cluster.
az kubernetes deploy : Incorrect Choice
This command is used to manage Azure Kubernetes Services. This is not used to deploy applications to a Kubernetes cluster.
New-AzKubernetes set : Incorrect Choice
This command is used to create a new managed Kubernetes cluster. This is not used to deploy applications to a Kubernetes cluster.
docker run : Incorrect Choice
This is run command in a new container. This is not used to deploy applications to a Kubernetes cluster.
Reference:
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest https://docs.microsoft.com/en-us/powershell/module/az.aks/New-AzAks?view=azps3.8.0andviewFallbackFrom=azps-4.3.0 https://docs.docker.com/engine/reference/commandline/run/
Question 12:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
1.
A virtual network that has a subnet named Subnet1
2.
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
3.
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
1.
Priority: 100
2.
Source: Any
3.
Source port range: *
4.
Destination: *
5.
Destination port range: 3389
6.
Protocol: UDP
7.
Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
The default port for RDP is TCP port 3389 not UDP.
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic, Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to
the network interface. By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation. Here in the solution UDP traffic is allowed at virtual
network level which is not tcp/rdp protocol. So this will not work to achieve the goal.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp- connection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Question 13:
You create the following resources in an subscription:
1.
An Azure Container Registry instance named Registry1
2.
An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App 1 on your administrative workstation.
You need to deploy App1 to cluster 1. What should you do first?
A. Create a host pool on Cluster1
B. Run the docker push command.
C. Run the kubect1 apply command.
D. Run the az aks create command.
Correct Answer: B
An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other
operations on your container registry. After you login to the registry you can run push command to upload the image.
Below is an sample of that command
docker push myregistry.azurecr.io/samples/nginx
Run the az acr build command : Correct Choice
az acr build command queues a quick build, providing streaming logs for an Azure Container Registry
az acr build –registry
[–agent-pool]
[–auth-mode {Default, None}]
[–build-arg]
[–file]
[–image]
[–no-format]
[–no-logs]
[–no-push]
[–no-wait]
[–platform]
[–resource-group]
[–secret-build-arg]
[–subscription]
[–target]
[–timeout]
[]
Create a host pool on Cluster1 : Incorrect Choice
Host pools are a collection of one or more identical virtual machines (VMs) within Windows Virtual Desktop environments. It won\’t deploy the app to the cluster.
Run the docker push command : Incorrect Choice
Use docker push to share your images to the Docker Hub registry or to a self-hosted one. It won\’t deploy the app to the cluster.
Run the docker build command : Incorrect Choice
This command will build an image from a Dockerfile. But in the question it has been said that image file is already built and need to deploy. This command will not deploy the image.
Reference:
https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-build
https://docs.docker.com/engine/reference/commandline/push/
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace
https://docs.docker.com/engine/reference/commandline/build/
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
Question 14:
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.
Adatum.com has the following configurations:
1.
Users may join devices to Azure AD is set to User1.
2.
Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer1. User1 joins Computer1 to adatum.com.
You need to identify the local Administrator group membership on Computer1.
Which users are members of the local Administrators group?
A. User1 only
B. User1, User2, and User3 only
C. User1 and User2 only
D. User1, User2, User3, and User4
E. User2 only
Correct Answer: C
Users may join devices to Azure AD – This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All. Additional local administrators on Azure AD joined devices – You can select the users that are granted local administrator rights on a device. Users added here are added to the Device Administrators role in Azure AD. Global administrators, here User2, in Azure AD and device owners are granted local administrator rights by default.
References: https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
Question 15:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure Cloud Shell, you run az aks.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Deployments are typically created and managed with kubectl create or kubectl apply. Create a deployment by defining a manifest file in the YAML format. https://learn.microsoft.com/en-us/azure/aks/concepts-clusters-workloads#deployments-and-yaml-manifests