Embark on your journey to certification excellence, guided by the unparalleled insights of the AZ-104 dumps. Meticulously crafted to align with the dynamic intricacies of the exam syllabus, the AZ-104 dumps offer an extensive array of practice questions, instilling confidence and solidifying your understanding. Whether you prefer the structured clarity of PDFs or the interactive engagement of the VCE format, the AZ-104 dumps provide a versatile learning experience tailored to your preferences. A comprehensive study guide, complementing the AZ-104 dumps, demystifies complex concepts and facilitates mastery of the subject matter. With unwavering faith in the transformative potential of these tools, we proudly stand behind our 100% Pass Guarantee.
Propel your AZ-104 exam performance with the unmatched quality of our AZ-104 VCE and PDF resources
Question 1:
You have an Azure subscription named Subscription\’ that contains an Azure Log Analytics workspace named Workspace\’, You need to view the error events from a table named Event.
Which query should you run in Workspace1?
A. Event | where EventType is “error”
B. search in (Event) “error”
C. select * from Event where EventType is “error”
D. search in (Event) * | where EventType -eq “error”
Correct Answer: B
Question 2:
You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.
Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
1.
Allow web requests from the internet to VM3, VM4, VM5, and VM6.
2.
Allow all connections between VM1 and VM2.
3.
Allow Remote Desktop connections to VM1.
4.
Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
A. 1
B. 3
C. 4
D. 12
Correct Answer: A
Question 3:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead export the client certificate from Computer1 and install the certificate on Computer2.
Note:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate
is not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 4:
You have an Azure Storage account named storage1.
You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?
A. blob, file, table, and queue
B. blob and file only
C. file and table only
D. file only
E. blob, table, and queue only
Correct Answer: B
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Incorrect Answers:
A, C, E: AzCopy does not support table and queue storage services.
D: AzCopy supports file storage services, as well as blob storage services.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
Question 5:
You have a Microsoft 365 subscription and a hybrid deployment of Azure Active Directory (Azure AD).
User identities and password hashes are synced.
You have a user account named User1.
From Active Directory, you select the User must change password at next logon account option for User1. What will occur if User1 attempts to sigh in to myapps.microsoft.com?
A. User1 will be prompted for a password change.
B. User1 will sign in by using the old password.
C. User1 will be prevented from signing in.
Correct Answer: C
Troubleshoot password synchronization Some users can\’t sign in to Office 365, Azure, or Microsoft Intune In this scenario, passwords of most users appear to be syncing. However, there are some users whose passwords appear not to sync. The following are scenarios in which a user cannot sign in to a Microsoft cloud service such as Office 365, Azure, or Intune. They include information about how to troubleshoot each scenario. Scenario 1: The “User must change password at next logon” check box is selected for the user\’s account To resolve this issue, follow these steps:
1.
Do one of the following:
In the user account properties in Active Directory Users and Computers, clear the User must change password at next logon check box.
Have the user change their on-premises user account password.
2.
Wait a few minutes for the change to sync between the on-premises Active Directory Domain Services (ADDS) and Azure AD.
References:
https://support.microsoft.com/en-us/help/2855271/how-to-troubleshoot-password-synchronization-when- using-an-azure-ad-sy
Question 6:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription with a storage account.
You want to use the Azure Import/Export service to import files to the storage account.
Solution: You create a XML manifest file.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file Modify the driveset.csv file in the root folder where the tool resides.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
Question 7:
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on- premises network.
What should you configure?
A. an Azure AD Identity Protection user risk policy.
B. the multi-factor authentication service settings.
C. the default for all the roles in Azure AD Privileged Identity Management
D. an Azure AD Identity Protection sign-in risk policy
Correct Answer: B
the multi-factor authentication service settings – Correct choice There are two criterias mentioned in the question.
1.
MFA required
2.
Access from only a specific geographic region/IP range. To satisfy both the requirements you need MFA with location conditional access. Please note to achieve this configuration you need to have AD Premium account for Conditional Access policy. Navigate to Active Directory –> Security –> Conditional Access –> Named Location. Here you can create a policy with location (on-premise IP range) and enable MFA. This will satisfy the requirements.
an Azure AD Identity Protection user risk policy – Incorrect choice In the Identity Protection, there are three (3) protection policies- User Risk, Sign-In Risk and MFA Registration. None of those in which you can enable a location (on-prem IP
Range) requirement in any blade.
the default for all the roles in Azure AD Privileged Identity Management – Incorrect choice This option will not help you to restrict the users to access only form on prem. an Azure AD Identity Protection sign-in risk policy – Incorrect choice In the
Identity Protection, there are three (3) protection policies- User Risk, Sign-In Risk and MFA Registration. None of those in which you can enable a location (on-prem IP Range) requirement in any blade.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
Question 8:
HOTSPOT
You have an Azure subscription named Subscription1 that contains a resource group named RG1.
In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.
You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Network Contributor on RG1
To add to the backend pool, write permission is required on the Resource Group because it writes deployment information. To add a backend pool, you need network contributor role on the LB and on the VMs that will be part of the backend
pool.
For this reason the network contributor role must be assigned to the RG where the LB and the VM resides. So the correct answer is Network Contributor on RG1 .
Box 2: Network Contributor on RG1
For Health Probe also, without having access to RG1, no health probe can be added. If only Network Contributor role is assigned to LB then the user would not be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the the principle of least privilege. Hence Owner and contributor role is incorrect choices for the question.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 9:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has 100 users located in an office in Paris.
The on-premises network contains the servers shown in the following table.
You create a new subscription. You need to move all the servers to Azure.
Solution: You run azcopy.exe.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Question 10:
You have an Azure subscription that contains the storage accounts shown in the following table.
You plan to manage the data stored in the accounts by using lifecycle management rules. To which storage accounts can you apply lifecycle management rules?
A. storage1 only
B. storage1 and storage2 only
C. storage3 and storage4 only
D. storage1, storage2, and storage3 only
E. storage1, storage2, storage3, and storage4
Correct Answer: D
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-lifecycle-management-concepts?tabs=azure-portal
Question 11:
HOTSPOT
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 12:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain.
You have a server named DirSync1 that is configured as a DirSync server.
You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: B
Question 13:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
1.
Name: LB1
2.
Type: Internal
3.
SKU: Standard
4.
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You can only attach virtual machines that are in the same location and on the same virtual network as the LB. Virtual machines must have a standard SKU public IP or no public IP.
The LB needs to be a standard SKU to accept individual VMs outside an availability set or vmss. VMs do not need to have public IPs but if they do have them they have to be standard SKU. Vms can only be from a single network. When they
don\’t have a public IP they are assigned an ephemeral IP.
Also, when adding them to a backend pool, it doesn\’t matter in which status are the VMs.
Note: Load balancer and the public IP address SKU must match when you use them with public IP addresses.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management
Question 14:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.
You have implemented Azure Backup to protect on-premises virtual machines (VMs).
A user accidentally deletes a file from an on-premises VM named VM1.
You need to recover the deleted file to an on-premises computer as quickly as possible.
Solution: You use the AzCopy command-line utility.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
In the virtual machine\’s menu, click Backup to open the Backup dashboard.
In the Backup dashboard menu, click File Recovery.
From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected. To download the software used to copy files from the recovery point, click
Download Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is generated).
Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or
between storage accounts.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy
Question 15:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: A