AZ-104 Revolutionary Guide To Exam Microsoft Dumps
AZ-104 Free Study Guide! with New Update 815 Exam Questions
NEW QUESTION # 472
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 473
You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Scenario:
1. Web administrators will deploy Azure web apps for the marketing department.
2. Each web app will be added to a separate resource group.
3. The initial configuration of the web apps will be identical.
4. The web administrators have permission to deploy web apps to resource groups.
Steps:
1 --> Create a resource group, and then deploy a web app to the resource group.
2 --> From the Automation script blade of the resource group , click Add to Library.
3 --> From the Templates service, select the template, and then share the template to the web administrators .
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-create-templates-use-the-po
NEW QUESTION # 474
VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.
RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources
https://docs.microsoft.com/en-us/azure/virtual-network/move-across-regions-publicip-powershell
NEW QUESTION # 475
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage! travels across the Microsoft backbone network.
What should you configure?
- A. Azure AD Application Proxy
- B. Azure Firewall
- C. Azure Peering Service
- D. private endpoints
Answer: B
Explanation:
Per the MS documentation, private endpoint seems to be the proper choice: "You can use private endpoints for your Azure Storage accounts to allow clients on a virtual network (VNet) to securely access data over a Private Link. The private endpoint uses a separate IP address from the VNet address space for each storage account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet." Link: https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
NEW QUESTION # 476
You have an Azure subscription that contains the virtual machines shown in the following table:
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION # 477
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation
Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks.
Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta
NEW QUESTION # 478
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
NEW QUESTION # 479
You have an Azure subscription that contains the storage accounts shown in in the following table.
You plan to use AzCopy to copy a blob from container 1 directly to share1.
You need to identity which authentication method to use when you use AzCopy.
What should you identify for each account? To answer, drag the appropriate authentication methods to the correct accounts Each method may be used once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 480
You have an on premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
NEW QUESTION # 481
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
- A. TXT
- B. PTR
- C. DNSKEY
- D. NSEC
Answer: A
Explanation:
Explanation
TXT : Correct Choice
You need to go to your hosting domain registrar and add in a TXT record.
NSEC3 : Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.
RRSIG : Incorrect Choice
This contains a cryptographic signature.
DNSKEY : Incorrect Choice
This will verify that the records are originating from an authorized sender.
nce:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-d
https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY%20%2D%20Contains%20a%20p
NEW QUESTION # 482
You have an Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 483
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
- A. a Recovery Services vault and a backup policy
- B. Azure Active Directory (AD) Identity Protection and an Azure policy
- C. an Azure Key Vault and an access policy
- D. an Azure Storage account and an access policy
Answer: A,D
Explanation:
D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com Incorrect Answers:
A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start
Topic 3, Contoso Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
* File servers
* Domain controllers
* Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
* A SQL database
* A web front end
* A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
* Move all the virtual machines for App1 to Azure.
* Minimize the number of open ports between the App1 tiers.
* Ensure that all the virtual machines for App1 are protected by backups.
* Copy the blueprint files to Azure over the Internet.
* Ensure that the blueprint files are stored in the archive storage tier.
* Ensure that partner access to the blueprint files is secured and temporary.
* Prevent user passwords or hashes of passwords from being stored in Azure.
* Use unmanaged standard storage for the hard disks of the virtual machines.
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
* Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
* Designate a new user named Admin1 as the service administrator of the Azure subscription.
* Admin1 must receive email alerts regarding service outages.
* Ensure that a new user named User3 can create network objects for the Azure subscription.
NEW QUESTION # 484
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?
- A. Install and configure Azure AD Connect.
- B. Create and configure the Identify Hub.
- C. Create an Azure AD conditional access policy.
- D. Configure a playbook in Azure AD conditional access policy.
Answer: C
Explanation:
Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
NEW QUESTION # 485
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
Sub1 contains the following alert rule:
* Name: Alert!
* Scope: All resource groups in Sub1
o Include all future resources
* Condition: All administrative operations
* Actions: Action1
Sub1 contains the following alert processing rule:
* Name: Rule1
* Scope: Sub1
* Rule type: Suppress notifications
* Apply the rule: On a specific time
o Stan: August 10. 2022
o End: August 13. 2022
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 486
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2. What is the effect of the move?
- A. The App Service plan to WebApp1 remains to West Europe. Policy2 applies to WebApp1.
- B. The App Service plan to WebApp1 moves to North Europe. Policy2 applies to WebApp1.
- C. The App Service plan to WebApp1 moves to North Europe. Policy1 applies to WebApp1.
- D. The App Service plan to WebApp1 remains to West Europe. Policy1 applies to WebApp1.
Answer: A
Explanation:
Explanation
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region.
References: https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage
NEW QUESTION # 487
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?
- A. From the Recovery Service vault, delete the backup data.
- B. From the Recovery Service vault, stop the backup of each backup item.
- C. Modify the disaster recovery properties of each virtual machine.
- D. Modify the locks of each virtual machine.
Answer: B
Explanation:
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items.
In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.
References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items.
In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.
NEW QUESTION # 488
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 489
......
Get up-to-date Real Exam Questions for AZ-104: https://www.prep4pass.com/AZ-104_exam-braindumps.html
Pass AZ-104 Exam Latest Practice Questions: https://drive.google.com/open?id=1VPst9PWuX1Fukkts_1qH-rzV8uB_z2Ly
