Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

AZ-104 Questions and Answers

Question # 6

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 7

You need to meet the user requirement for Admin1.

What should you do?

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Full Access
Question # 8

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 9

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You plan to configure Azure Backup reports for Vault1.

You are configuring the Diagnostics settings for the AzureBackupReports log.

Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 10

You need to move the blueprint files to Azure.

What should you do?

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Full Access
Question # 11

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Full Access
Question # 12

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Full Access
Question # 13

You have an Azure virtual machine named VM1.

The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol VM1 is used as a web server only.

You need to ensure that users can connect to the website from the Internet.

What should you do?

A.

Change the priority of Rule3 to 450.

B.

Change the priority of Rule6 to 100

C.

DeleteRule1.

D.

Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.

E.

For Rule5, change the Action to Allow and change the priority to 401

Full Access
Question # 14

You have an Azure virtual machine named VM1.

You use Azure Backup to create a backup of VM1 named Backup1.

After creating Backup1, you perform the following changes to VM1:

  • Modify the size of VM1.
  • Copy a file named Budget.xls to a folder named Data.
  • Reset the password for the built-in administrator account.
  • Add a data disk to VM1.

An administrator uses the Replace existing option to restore VM1 from Backup1.

You need to ensure that all the changes to VM1 are restored.

Which change should you perform again?

A.

Modify the size of VM1.

B.

Add a data disk.

C.

Reset the password for the built-in administrator account.

D.

Copy Budget.xls to Data.

Full Access
Question # 15

You plan to deploy five virtual machines to a virtual network subnet.

Each virtual machine will have a public IP address and a private IP address.

Each virtual machine requires the same inbound and outbound security rules.

What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 16

Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.

You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.

You need to identify which objects are synced to Azure AD.

Which objects should you identify?

A.

User1 and Group1 only

B.

User1, Group1, and Group2 only

C.

User1, Group1, Group2, and Computer1

D.

Computer1 only

Full Access
Question # 17

You have peering configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 18

You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.

The users have the attribute shown in the following table.

You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.

Solution: You add a mobile phone number for User2 and User4.

Does this meet the Goal?

A.

Yes

B.

No

Full Access
Question # 19

You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:

  • Number of methods required to reset: 2
  • Methods available to users: Mobile phone, Security questions
  • Number of questions required to register: 3
  • Number of questions required to reset: 3

You select the following security questions:

  • What is your favorite food?
  • In what city was your first job?
  • What was the name of your first pet?

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 20

You have an Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1.

You need to identify the data that can be exported by using Export1.

Which data should you identify?

A.

DB1

B.

Table1

C.

container1

D.

Share1

Full Access
Question # 21

You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.

You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.

You need to identify the minimum number of alert rules and action groups required for the planned monitoring.

How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 22

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company registers a domain name of contoso.com.

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You add an NS record to the contoso.com Azure DNS zone.

A.

Yes

B.

No

Full Access
Question # 23

You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares. What should you do?

A.

On storagel and storage4, change the Account kind type to StorageV2 (general purpose v2).

B.

Recreate storage2 and set Hierarchical namespace to Enabled.

C.

On storage2, enable identity-based access for the file shares.

D.

Create a shared access signature (SAS) for storagel, storage2, and storage4.

Full Access
Question # 24

You have an Azure subscription that contains the following resources:

  • 100 Azure virtual machines
  • 20 Azure SQL databases
  • 50 Azure file shares

You need to create a daily backup of all the resources by using Azure Backup.

What is the minimum number of backup policies that you must create?

A.

1

B.

2

C.

3

D.

150

E.

170

Full Access
Question # 25

You have an Azure subscription named Subscription1 that contains the resources in the following table.

You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.

LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)

Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 26

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3. VNet2

contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.

You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

On the peering connections, allow forwarded traffic.

B.

On the peering connections, allow gateway transit.

C.

Create route tables and assign the table to subnets.

D.

Create a route filter.

E.

On the peering connections, use remote gateways.

Full Access
Question # 27

You have an Azure Load Balancer named LB1.

You assign a user named User1 the roles shown in the following exhibit.

Full Access
Question # 28

You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.

You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 29

You have an Azure subscription that contains a storage account named storage.

You have the devices shown in the following table.

From which devices can you use AzCopy to copy data to storage1?

A.

Device1 and Device2 only

B.

Device1, Device2 and Device3

C.

Device’ only

D.

Device and Device3 only

Full Access
Question # 30

You have an Azure subscription named Subscription1.

In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.

You plan to require the use of HTTPS to access WebApp1.

You need to upload certificates to WebApp1.

In which formats should you upload the certificate? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 31

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure?

A.

Session persistence to None

B.

Floating IP (direct server return) to Disabled

C.

a health probe

D.

Session persistence to Client IP protocol

Full Access
Question # 32

You have an Azure subscription that contains the identifies shown in the following table.

User1, Principle, and Group1 are assigned the Monitoring Reader role.

An action an alert rule named Alert1 that uses AG1.

You need to identify who will receive an email notification when Alert1 is triggered.

Who should you identity?

A.

User1, User2, Principle, and Principle2

B.

User1 and Principle only

C.

User1 only

D.

User1 and User2 only

Full Access
Question # 33

You plan to create a new Azure Active Directory (Azure AD) role.

You need to ensure that the new role can view all the resources in the Azure subscription and issue support requests to Microsoft. The solution must use the principle of least privilege.

How should you complete the JSON definition? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 34

You have an Azure subscription that contains a storage account named storageacct1234 and two users named User1 and User2.

You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A.

Modify the firewall of storageacct1234.

B.

View blob data in storageacct1234.

C.

View file shares in storageacct1234.

D.

Upload blob data to storageacct1234.

E.

Assign roles to User2 for storageacct1234.

Full Access
Question # 35

You have an Azure App Service plan that hosts an Azure App Service named App1.

You configure one production slot and four staging slots for App1.

You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.

What should you add to Appl1?

A.

slots to the Testing in production blade

B.

a performance test

C.

a WebJob

D.

templates to the Automation script blade

Full Access
Question # 36

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a Power Shell script that runs the New-AZureADUser cmdlet for each user.

Does this meet the goal?

A.

Yes

B.

NO

Full Access
Question # 37

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.

Which resource can you move to RG2?

A.

W10_OsDisk

B.

VNet1

C.

VNet3

D.

W10

Full Access
Question # 38

You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.

Subscripton1 contains the virtual machines in the following table.

In Subscription1, you create a load balancer that has the following configurations:

  • Name: LB1
  • SKU: Basic
  • Type: Internal
  • Subnet: Subnet12
  • Virtual network: VNET1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: each correct selection is worth one point.

Full Access
Question # 39

You have an Azure subscription.

You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.

What should you modify on VM1?

A.

Integration Services

B.

the network adapters

C.

the memory

D.

the hard drive

E.

the processor

Full Access
Question # 40

You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:

  • Name: VM1
  • Location: West US
  • Connected to: VNET1
  • Private IP address: 10.1.0.4
  • Public IP address: 52.186.85.63
  • DNS suffix in Windows Server: Adatum.com

You create the Azure DNS zones shown in the following table.

You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.

Which zones should you identify? To answer, select the appropriate options in the answer area.

Full Access
Question # 41

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 42

Your network contains an on-premises Active Directory forest named contoso.com that contains two domains named contoso.com and east.contoso.com.

The forest contains the users shown in the following table.

You plan to sync east.contoso.com to an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.

You need to select an account for Azure AD Connect to use to connect to the forest.

Which account should you select?

A.

User1

B.

User2

C.

User3

D.

User4

Full Access
Question # 43

You have an Azure subscription.

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.

You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.

How should you configure the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 44

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the RG1 blade, you click Deployments.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 45

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 46

Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains a datacenter.

You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered.

You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters.

What should you create?

A.

three virtual WANs and one virtual hub

B.

three virtual hubs and one virtual WAN

C.

three On-premises data gateways and one Azure Application Gateway

D.

three Azure Application Gateways and one On-premises data gateway

Full Access
Question # 47

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.

VM1 hosts a frontend application that connects to VM2 to retrieve data.

Users report that the frontend application is slower than usual.

You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.

Which Azure Network Watcher feature should you use?

A.

NSG flow logs

B.

Connection troubleshoot

C.

IP flow verify

D.

Connection monitor

Full Access
Question # 48

You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:

  • Operating system: Windows Server 2016
  • Size: Standard_D1_v2

You run the get-azvmss cmdlet as shown in the following exhibit:

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 49

You have an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to configure cluster autoscaler for AKS1.

Which two tools should you use? Each correct answer presents a complete solution,

NOTE: Each correct selection is worth one point

A.

the set-AzAKs cmdlet

B.

the Azure portal

C.

The az aks command

D.

the kubect1 command

E.

the set Azvm cmdlet

Full Access
Question # 50

You recently created a new Azure subscription that contains a user named Admin1.

Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using Azure PowerShell and receives the following error message: “User failed validation to purchase resources. Error message: “Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time.”

You need to ensure that Admin1 can deploy the Marketplace resource successfully.

What should you do?

A.

From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet

B.

From the Azure portal, register the Microsoft.Marketplace resource provider

C.

From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet

D.

From the Azure portal, assign the Billing administrator role to Admin1

Full Access
Question # 51

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Full Access
Question # 52

Which blade should you instruct the finance department auditors to use?

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Full Access
Question # 53

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Full Access
Question # 54

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 55

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Full Access
Question # 56

You need to meet the technical requirement for VM4.

What should you create and configure?

A.

an Azure Notification Hub

B.

an Azure Event Hub

C.

an Azure Logic App

D.

an Azure services Bus

Full Access
Question # 57

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 58

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 59

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

A.

Create a user-defined route from VNET1 to VNET3.

B.

Assign VM4 an IP address of 10.0.1.5/24.

C.

Establish peering between VNET1 and VNET3.

D.

Create an NSG and associate the NSG to VMI and VM4.

Full Access
Question # 60

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access