Prepare AZ-104 Question Answers Free Update With 100% Exam Passing Guarantee [2021]
Dumps Real Microsoft AZ-104 Exam Questions [Updated 2021]
Schedule exam
Languages: English, Chinese (Simplified), Korean, Japanese, French, German, Spanish
Retirement date: none
This exam measures your ability to accomplish the following technical tasks: manage Azure identities and governance; implement and manage storage; deploy and manage Azure compute resources; configure and manage virtual networking; and monitor and back up Azure resources.
NEW QUESTION 90
Your on-premises network contains an Active Directory domain named adatum.com that is synced to Azure Active Directory (Azure AD). Password writeback is disabled.
In adatum.com, you create the users shown in the following table.
Which users must sign in from a computer joined to adatum.com?
- A. User1 only
- B. User1, User2, and User3
- C. User2 and User3 only
- D. User2 only
- E. User1 and User3 only
Answer: A
Explanation:
Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
NEW QUESTION 91
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?
- A. Integration Services
- B. the processor
- C. the network adapters
- D. the memory
- E. the hard drive
Answer: E
Explanation:
Explanation
From the exhibit we see that the disk is in the VHDX format.
Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image?toc=%2fazure%
NEW QUESTION 92
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.)
You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.) You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: No
Two methods are required.
Box 2: No
Self-service password reset is only enabled for Group2, and User1 is not a member of Group2.
Box 3: Yes
As a User Administrator User3 can add security questions to the reset process.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr
https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq
NEW QUESTION 93
You have an Azure subscription.
You plan to use an Azure Resource Manager template to deploy a virtual network named VNET1 that will use Azure Bastion.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Reference:
https://medium.com/charot/deploy-azure-bastion-preview-using-an-arm-template-15e3010767d6
NEW QUESTION 94
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on-premises network.
What should you configure?
- A. an Azure AD Identity Protection sign-in risk policy
- B. the multi-factor authentication service settings.
- C. the default for all the roles in Azure AD Privileged Identity Management
- D. an Azure AD Identity Protection user risk policy.
Answer: B
Explanation:
Explanation
the multi-factor authentication service settings - Correct choice
There are two criterias mentioned in the question.
1. MFA required
2. Access from only a specific geographic region/IP range.
To satisfy both the requirements you need MFA with location conditional access. Please note to achieve this configuration you need to have AD Premium account for Conditional Access policy.
Navigate to Active Directory --> Security --> Conditional Access --> Named Location. Here you can create a policy with location (on-premise IP range) and enable MFA. This will satisfy the requirements.
an Azure AD Identity Protection user risk policy - Incorrect choice
In the Identity Protection, there are three (3) protection policies- User Risk, Sign-In Risk & MFA Registration.
None of those in which you can enable a location (on-prem IP Range) requirement in any blade.
the default for all the roles in Azure AD Privileged Identity Management - Incorrect choice This option will not help you to restrict the users to access only form on prem.
an Azure AD Identity Protection sign-in risk policy - Incorrect choice
In the Identity Protection, there are three (3) protection policies- User Risk, Sign-In Risk & MFA Registration.
None of those in which you can enable a location (on-prem IP Range) requirement in any blade.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
NEW QUESTION 95
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)
You assign the policy by using the following parameters:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Not allowed resource types (Deny): Prevents a list of resource types from being deployed. This means this policy specifically prevents a list of resource types from being deployed. So that refers that except deployment all the other operations like start/stop or move etc. are not prevented. But to be noted if the resource already exists, it just marks it as non-compliant.
Replicated this scenario in LAB keeping VM running and below are the outcome :
* VM is not deallocated
* Able to stop and start VM successfully.
* Not able to create new virtual network or VM.
* Not able to modify VM size.
* Not able change the address space of the virtual network.
* Successfully moved virtual network and VM in another resource group.
Statement 1 : Yes
Based on above experiment the policy will mark the VNET1 as non-compliant but it can be moved to RG2 .
Hence this statement is true.
Statement 2 : No
Based on above experiment the policy will mark the VM as non-compliant but it will still be running, not deallocated. Hence this statement is False.
Statement 3 : No
Based on above experiment the address space for VNET2 can not be modified. Hence this statement is False.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal
NEW QUESTION 96
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
- A. NSEC3
- B. PTR
- C. MX
- D. RRSIG
Answer: C
Explanation:
Explanation
TXT or MX : Correct
You can use either a TXT or MX record to verify the custom domain in the Azure AD. MX records can serve the purpose of TXT records
SRV : Incorrect
SRV records are used by various services to specify server locations. When specifying an SRV record in Azure DNS DNSKEY : Incorrect Choice This will verify that the records are originating from an authorized sender.
NSEC : Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.
ference:
https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-d
https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY%20%2D%20Contains%20a%20p
NEW QUESTION 97
You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region.
The subscription contains the virtual machines in the following table.
You need to deploy an application gateway named AppGW1 to VNet1.
What should you do first?
- A. Add a service endpoint.
- B. Add a virtual network.
- C. Move VM3 to Subnet1.
- D. Stop VM1 and VM2.
Answer: D
Explanation:
Explanation
If you have an existing virtual network, either select an existing empty subnet or create a new subnet in your existing virtual network solely for use by the application gateway.
Verify that you have a working virtual network with a valid subnet. Make sure that no virtual machines or cloud deployments are using the subnet. The application gateway must be by itself in a virtual network subnet.
References:
https://social.msdn.microsoft.com/Forums/azure/en-US/b09367f9-5d01-4cda-9127-b7a506a0a151/cant-create-ap
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway
NEW QUESTION 98
You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?
- A. an inbound NAT rule
- B. a new public load balancer for VM3
- C. a frontend IP configuration
- D. a load balancing rule
Answer: A
Explanation:
Explanation
To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
NEW QUESTION 99
You are configuring serverless computing in Azure.
You need to receive an email message whenever a resource is created in or deleted from a resource group. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
Action 1: Create an Azure Logic App
Action 2: Create an Azure Event Grid Trigger
Action 3: Create conditions and actions
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
NEW QUESTION 100
You have an Azure Active Directory tenant named Contoso.com that includes following users:
Contoso.com includes following Windows 10 devices:
You create following security groups in Contoso.com:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Yes
User1 is a Cloud Device Administrator.
Device2 is Azure AD joined.
Group1 has the assigned to join type. User1 is the owner of Group1.
Note: Assigned groups - Manually add users or devices into a static group.
Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD Box 2: No User2 is a User Administrator.
Device1 is Azure AD registered.
Group1 has the assigned join type, and the owner is User1.
Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential.
Box 3: Yes
User2 is a User Administrator.
Device2 is Azure AD joined.
Group2 has the Dynamic Device join type, and the owner is User2.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
NEW QUESTION 101
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: 2
There are 10 update domains. The 14 VMs are shared across the 10 update domains so four update domains will have two VMs and six update domains will have one VM. Only one update domain is rebooted at a time.
Therefore, a maximum of two VMs will be offline.
Box 2: 7
There are 2 fault domains. The 14 VMs are shared across the 2 fault domains, so 7 VMs in each fault domain.
A rack failure will affect one fault domain so 7 VMs will be offline.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
NEW QUESTION 102
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
* Name: VM1
* Location: West US
* Connected to: VNET1
* Private IP address: 10.1.0.4
* Public IP address: 52.186.85.63
* DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
NEW QUESTION 103
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
* Name: LB1
* Type: Internal
* SKU: Standard
* Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
A Backend Pool configured by IP address has the following limitations:
* Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management
NEW QUESTION 104
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Answer:
Explanation:
Explanation
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs Windows but it won't block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
on-failure : Restart the container if it exits due to an error, which manifests as a non-zero exit code.
As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
NEW QUESTION 105
You have an Azure subscription that contains the virtual machines shown in the following table:
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 106
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: A Recovery Services vault
A Recovery Services vault is an entity that stores all the backups and recovery points you create over time.
Box 2: A backup policy
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault
https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq
NEW QUESTION 107
You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.
You deploy virtual machine to Subscription1 as shown in the following table.
You plan to deploy the virtual machines shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation
The total regional vCPUs is 20 so that means a maximum total of 20 vCPUs across all the different VM sizes.
The deallocated VM with 16 vCPUs counts towards the total. VM20 and VM1 are using 18 of the maximum
20 vCPUs leaving only two vCPUs available.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quotas
NEW QUESTION 108
You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Scenario:
1. Web administrators will deploy Azure web apps for the marketing department.
2. Each web app will be added to a separate resource group.
3. The initial configuration of the web apps will be identical.
4. The web administrators have permission to deploy web apps to resource groups.
Steps:
1 --> Create a resource group, and then deploy a web app to the resource group.
2 --> From the Automation script blade of the resource group , click Add to Library.
3 --> From the Templates service, select the template, and then share the template to the web administrators .
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-create-templates-use-the-po
NEW QUESTION 109
......
AZ-104 Exam Dumps, AZ-104 Practice Test Questions: https://www.suretorrent.com/AZ-104-exam-guide-torrent.html
Free AZ-104 Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1gQ8R4h1AQ5RZV7i_KC6lK6qLJsLWhWf6