Embark on a journey of discovery and realization, fueled by the vast ocean of insights nestled within the AZ-104 dumps. Meticulously curated to echo the intricate tapestry of the curriculum, the AZ-104 dumps house a universe of practice questions, propelling you to new heights. Whether you\’re captivated by the coherent narratives in PDFs or entranced by the immersive experiences of the VCE format, the AZ-104 dumps shine as a beacon of excellence. An enlightened study guide, working in perfect harmony with the AZ-104 dumps, peels away layers of complexity, guiding you to the core of understanding. Trusting in the transformative essence of these resources, we proudly proclaim our 100% Pass Guarantee.
[Recent Reveal] Boost your exam acumen using the no-cost AZ-104 PDF and Exam Questions, aiming for peak performance
Question 1:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
Question 2:
DRAG DROP
You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
Correct Answer:
1: Upload a configuration to Azure Automation State Configuration
2: Compile a configuration into a node configuration
3: Check the compliance status of the node.
Step 1: Create and upload a configuration to Azure Automation Step 2: Compile a configuration into a node configuration Step 3: Register a VM to be managed by State Configuration Step 4: Specify configuration mode settings Step 5: Assign a node configuration to a managed node Step 6: Check the compliance status of a managed node
Reference: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started https://docs.microsoft.com/en-us/azure/automation/tutorial-configure-servers-desired-state
Question 3:
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.
The users have the attributes shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You add an office phone number for User2.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication- methods
Question 4:
You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production. The NVA contain two network virtual appliance (NVAs) that will network traffic inspection
between the perimeter subnet and the production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
1.
The NVAs must run in an active-active configuration that uses automatic failover.
2.
The NVA must load balance traffic to two services on the Production subnet.
3.
The services have different IP addresses
Which three actions should you perform? Each correct answer presents parts of the solution. NOTE: Each correct selection is worth one point.
A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
B. Deploy a standard load balancer.
C. Add a frontend IP configuration, two backend pools, and a health prob.
D. Add a frontend IP configuration, a backend pool, and a health probe.
E. Add two load balancing rules that have HA Ports and Floating IP enabled.
F. Deploy a basic load balancer.
Correct Answer: BCE
A standard load balancer is required for the HA ports. -Two backend pools are needed as there are two services with different IP addresses. -Floating IP rule is used where backend ports are reused. Incorrect Answers:
F: HA Ports are not available for the basic load balancer.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview
The following diagram presents a hub-and-spoke virtual network deployment.
The spokes force- tunnel their traffic to the hub virtual network and through the NVA, before leaving the trusted space.
The NVAs are behind an internal Standard Load Balancer with an HA ports configuration.
All traffic can be processed and forwarded accordingly.
When configured as show in the following diagram, an HA Ports load-balancing rule additionally provides flow symmetry for ingress and egress traffic.
Reference : https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ha-ports-overview#a-single-floating-ip-direct-server-return-ha-ports-configuration-on-an-internal-standard-load-balancer
Question 5:
HOTSPOT
You need to create container1 and share1.
Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
Question 6:
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
1.
Ensure that you can upload the disk files to account1.
2.
Ensure that you can attach the disks to VM1.
3.
Prevent all other access to account1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
B. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of acount1, add VNet1.
D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Correct Answer: AB
By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action. Azure portal
1.
Navigate to the storage account you want to secure.
2.
Click on the settings menu called Firewalls and virtual networks.
3.
To deny access by default, choose to allow access from \’Selected networks\’. To allow traffic from all networks, choose to allow access from \’All networks\’.
4.
Click Save to apply your changes.
Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks. By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The
identities of the virtual network and the subnet are also transmitted with each request.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
Question 7:
HOTSPOT
You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.
Subscripton1 contains the virtual machines in the following table.
In Subscription1, you create a load balancer that has the following configurations:
1.
Name: LB1
2.
SKU: Basic
3.
Type: Internal
4.
Subnet: Subnet12
5.
Virtual network: VNET1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: each correct selection is worth one point.
Hot Area:
Correct Answer:
Statement 1 : Basic load balancer supports Virtual machine in a single Availability set or virtual machine scale set (VMSS) only . Hence this statement is correct.
Statement 2 : Basic load balancer supports Virtual machine in a single Availability set or virtual scale set only or one standalone VM. VM3 and VM4 are not part of any availability set or VMSS .Hence this statement is incorrect.
Statement 3 : Basic load balancer supports Virtual machine in a single Availability set or virtual scale set only or one standalone VM. VM5 and VM6 are not part of any availability set or VMSS .Hence this statement is incorrect.
References: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Question 8:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share.
A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.
You want to review the ARM template that was used by Jon Ross.
Solution: You access the Resource Group blade.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: A
To view a template from deployment history:
Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.
The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template
Question 9:
HOTSPOT
You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 10:
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1:
Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80.
Box 2:
If Rule2 is removed internet users can reach the DNS server as well. Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule,
processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 11:
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit. (Click the Password Reset tab.)
You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.: For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 12:
HOTSPOT
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
https://docs.microsoft.com/en-us/powershell/module/az.resources/getazroledefinition?view=azps-5.9.0 https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-rolepowershell https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/converttojson?view=powershell-7.1 https://docs.microsoft.com/en-us/powershell/module/azuread/getazureaddirectoryrole?view=azureadps-2.0
Question 13:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You need to specify Log Analytics as the source for this alert, and not the VM as source for the alert.
1.
You create an Azure Log Analytics workspace and configure the data settings.
2.
You install the Microsoft Monitoring Agent on VM1.
3.
You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Question 14:
You have an Azure subscription that contains the following storage account:
You need 10 create a request to Microsoft Support to perform a live migration of storage1 to Zone Redundant Storage (ZRS) replication. How should you modify storage1 before the Live migration?
A. Set the replication to Locally-redundant storage (IRS)
B. Disable Advanced threat protection
C. Remove the lock
D. Set the access tier to Hot
Correct Answer: A
If you want to live migration from RA-GRS to ZRS, at first you have to Switch the storage tier to LRS and then only you can request a live migration.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/redundancy-migration?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.jsonandtabs=portal
Question 15:
You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users. What should you do?
A. Create a sign-in risk policy in Azure AD Identity Protection
B. Enable Azure AD Privileged Identity Management.
C. Create and configure the Identity Hub.
D. Configure a security policy in Azure Security Center.
Correct Answer: A
Identity Protection analyzes signals from each sign-in, both real-time and offline, and calculates a risk score based on the probability that the sign-in wasn\’t performed by the user. Administrators can make a decision based on this risk score signal to enforce organizational requirements. Administrators can choose to block access, allow access, or allow access but require multi-factor authentication. If risk is detected, users can perform multi-factor authentication to self-remediate and close the risky sign-in event to prevent unnecessary noise for administrators. With Azure Active Directory Identity Protection, you can:
1.
require users to register for multi-factor authentication
2.
handle risky sign-ins and compromised users
References: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows