Soar high into the expansive skies of certification, propelled by the uplifting currents of the AZ-104 dumps. Meticulously designed to mirror the vast skies of the syllabus, the AZ-104 dumps spread their wings wide with an array of practice questions, ensuring you soar with grace. Whether the clear vistas of PDFs attract your gaze or the dynamic flight patterns of the VCE format enthrall, the AZ-104 dumps offer a horizon of possibilities. Guiding you through this aerial ballet, the integrated study guide from the AZ-104 dumps acts as your co-pilot, ensuring a smooth journey. With trust as boundless as the sky, our 100% Pass Guarantee stands as our solemn vow.
[New Edition] Get ahead in your exam prep with the free AZ-104 PDF and Exam Questions, promising 100% success
Question 1:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Network Watcher Connection Monitor enables you to configure and track connection reachability, latency, and network topology changes. It helps reduce the amount of time to detect connectivity problems. The returned results can provide
insights into whether a connectivity problem is due to a platform or a user configuration problem. This is not used in cases where we need to inspect for all the network traffic from one vm to another vm. On the other hand Network Watcher
packet capture allows you to create capture sessions to track traffic to and from a virtual machine. So in this scenario we need to use Network Watcher packet capture
References:
https://azure.microsoft.com/en-in/updates/general-availability-azure-network-watcher-connection-monitor-in-all-public-regions/#:~:text=Network%20Watcher%20Connection%20Monitor%20helps,or%20a%20user%20con figuration%
20problem
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture- manage-portal
Question 2:
You have an Azure subscription named Subcription1 that contains the storage accounts shown in the following table.
You plan 10 use the Azure Import/Export service to export data from Subscription1.
A. storage1
B. storage2
C. storage3
D. storage4
Correct Answer: D
Azure Import/Export service supports the following of storage accounts:
1.
Standard General Purpose v2 storage accounts (recommended for most scenarios)
2.
Blob Storage accounts
3.
General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments), Azure Import/Export service supports the following storage types
4.
Import supports Azure Blob storage and Azure File storage ?Export supports Azure Blob storage
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-requirements
Question 3:
You have an existing Azure subscription that contains 10 virtual machines.
You need to monitor the latency between your on-premises network and the virtual machines.
What should you use?
A. Service Map
B. Connection troubleshoot
C. Network Performance Monitor
D. Effective routes
Correct Answer: C
Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service
and application endpoints and monitor the performance of Azure ExpressRoute.
You can monitor network connectivity across cloud deployments and on-premises locations, multiple data centers, and branch offices and mission-critical multitier applications or microservices. With Performance Monitor, you can detect
network issues before users complain.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor
Question 4:
HOTSPOT
You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 5:
HOTSPOT
You have an Azure Service Bus.
You create a queue named Queue1. Queue1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: retained until manually deleted
Since by default PeekLock shall be enabled in Queue, so it will move to DeadLetter after 2hours and stays there until manually deleted. Messages in the dead letter queue should be deleted manually.
Box 2: deleted immediately
Once a message is pulled, it will be deleted immediately. It does not make sense to keep the message further 5 minutes “locked” in the queue. Locking the message makes sense, for the case, when processing the message from a receiver,
to lock the message, to avoid processing/receiving the message simultaneously by another receiver.
The receiving client initiates settlement of a received message with a positive acknowledgment when it calls Complete at the API level. This indicates to the broker that the message has been successfully processed and the message is
removed from the queue or subscription.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/message-expiration https://docs.microsoft.com/en-us/azure/service-bus-messaging/message-transfers-locks-settlement
Question 6:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You should redeploy the VM.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
Question 7:
You have an Azure subscription that contains the resources in the following table.
Store1 contains a file share named data. Data contains 5,000 files.
You need to synchronize the files in the file share named data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Download an automation script.
B. Create a container instance.
C. Create a sync group.
D. Register Server1.
E. Install the Azure File Sync agent on Server1.
Correct Answer: CDE
Step 1 (E): Install the Azure File Sync agent on Server1 The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (D): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (C): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.A
server endpoint represents a path on registered server.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
Question 8:
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
Adatum.com contains the users shown in the following table.
You assign an Azure Active Directory Premium P2 license to Group1 as shown in the following exhibit.
Group2 is NOT directly assigned a license.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point
Hot Area:
Correct Answer:
Question 9:
You have an Azure App Service app named App1 that contains two running instances. You have an autoscale rule configured as shown in the following exhibit.
For the Instance limits scale condition setting, you set Maximum to 5.
During a 30-minute period, App1 uses 80 percent of the available memory.
What is the maximum number of instances for App1 during the 30-minute period?
A. 2
B. 3
C. 4
D. 5
Correct Answer: D
Question 10:
You have an Azure subscription that contains the resources shown in the following table.
The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1.
What should you do first?
A. Remove Microsoft.Network/virtualNetworks from the policy.
B. Create an Azure Resource Manager template.
C. Remove Microsoft.Compute/virtualMachines from the policy.
D. Add a subnet to VNET1.
Correct Answer: C
The Not allowed resource types Azure policy prohibits the deployment of specified resource types.
You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types
Question 11:
You have an Azure AD tenant named contoso.com.
You have an Azure subscription that contains an Azure App Service web app named App1 and an Azure key vault named KV1. KV1 contains a wildcard certificate for contoso.com.
You have a user named [email protected] that is assigned the Owner role for App1 and KV1.
You need to configure App1 to use the wildcard certificate of KV1.
What should you do first?
A. Create an access policy for KV1 and assign the Microsoft Azure App Service principal to the policy.
B. Assign a managed user identity to App1.
C. Configure KV1 to use the role-based access control (RBAC) authorization system.
D. Create an access policy for KV1 and assign the policy to User1.
Correct Answer: A
In order to read secrets from a key vault, you need to have a vault created and give your app permission to access it.
Create a key vault by following the Key Vault quickstart.
Create a managed identity for your application.
Key vault references use the app\’s system-assigned identity by default, but you can specify a user-assigned identity.
Authorize read access to secrets your key vault for the managed identity you created earlier. How you do it depends on the permissions model of your key vault:
Azure role-based access control: Assign the Key Vault Secrets User role to the managed identity. For instructions, see Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control. Vault access policy:
Assign the Get secrets permission to the managed identity. For instructions, see Assign a Key Vault access policy.
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli
Question 12:
You have an Azure web app named webapp1.
You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to VNET1.
You need to ensure that webapp1 can access the data hosted on VM1.
What should you do?
A. Connect webapp1 to VNET1.
B. Peer VNET1 to another virtual network.
C. Deploy an Azure Application Gateway.
D. Deploy an internal load balancer
Correct Answer: C
By connecting webapp1 to VNET1, the web app will be able to access the data hosted on VM1 through the virtual network. The other options do not directly address the requirement to allow webapp1 access to the data hosted on VM1. An internal load balancer and a peered virtual network may provide other benefits, but they would not by themselves ensure that webapp1 can access the data hosted on VM1. An Azure Application Gateway is a reverse proxy that is often used for load balancing, SSL termination, and URL-based routing, but it would not directly allow webapp1 to access the data hosted on VM1.
Question 13:
You have a Basic App Service plan named ASP1 that hosts an Azure App Service named App1. You need to configure a custom domain and enable backups for App1. What should you do first?
A. Configure a WebJob for App1.
B. Scale up ASP1.
C. Scale out ASP1.
D. Configure the application settings for App1.
Correct Answer: B
Scale up ASP1 : Correct
Basic App service plan does not support backup/restore.
The Backup and Restore feature requires the App Service plan to be in the Standard, Premium or Isolated tier. Since in question it is mentioned as a Basic service plan app so at first you need to do it to Scale up the service plan so that backup can be enabled on App1. Scale up: Get more CPU, memory, disk space, and extra features like dedicated virtual machines (VMs), custom domains and certificates, staging slots, autoscaling, and more. You scale up by changing the pricing tier of the App Service plan that your app belongs to. Configure a WebJob for App1 : Incorrect WebJobs is a feature of Azure App Service that enables you to run a program or script in the same instance as a web app, API app, or mobile app. There is no additional cost to use WebJobs
Scale out ASP1 : Incorrect Scale out: Increase the number of VM instances that run your app. You can scale out to as many as 30 instances, depending on your pricing tier. Configure the application settings for App1 : Incorrect This is the 2nd step you need to perform once azure service plan upgraded to standard. Most folks don\’t realize how easy it is to configure a backup copy of your Azure App Service to ensure you have restorable archive copies of your app and database. In order to take advantage of this, you\’ll need to log into your Azure account and go to your App Service that you created and look under Settings then you will see Backup
Reference: https://azure.microsoft.com/en-in/pricing/details/app-service/windows/ https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up https://docs.microsoft.com/en-us/azure/app-service/webjobs-create https://microsoft.github.io/AzureTipsAndTricks/blog/tip28.html
Question 14:
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
A. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
B. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
Correct Answer: C
As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
1.
A SQL database
2.
A web front end
3.
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Question 15:
You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains two users named User1 and User2. The subscription contains the resources shown in the following table.
The subscription contains the alert rules shown in the following table.
The users perform the following actions:
User1 creates a new virtual disk and attaches the disk to VM1.
User2 creates a new resource tag and assigns the tag to RG1 and VM1.
Which alert rules are triggered by each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one pint.
Hot Area:
Correct Answer:
