Microsoft: Exam Questions AZ-104

Recommend!!
Get the Full AZ-104 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-104-exam-dumps.html (0 New Questions)
Microsoft
Exam Questions AZ-104
Microsoft Azure Administrator (beta)
Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full AZ-104 dumps in VCE and PDF From SurePassExam
NEW QUESTION 1
- (Exam Topic 1)
You need to meet the technical requirement for VM4. What should you create and configure?
A. an Azure Notification Hub

B. an Azure Event Hub
C. an Azure Logic App
D. an Azure services Bus
Answer: B
Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those
events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a
subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
NEW QUESTION 2
- (Exam Topic 2)
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
B. Addhttp://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Join the client computers in the Miami office to Azure AD.
D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Answer: BE
Explanation:
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using
Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com
E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure
AD Connect.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
NEW QUESTION 3
- (Exam Topic 4)
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.

You need to ensure that VM1 can be created in an Availability Zone.

Which two settings should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Use managed disks

B. Availability options
C. OS disk type
D. Size
E. Image
Answer: AE
NEW QUESTION 4
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?

A. Yes
B. No
Answer: B
Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
You would need the Logic App Contributor role. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
NEW QUESTION 5
- (Exam Topic 4)
You have Azure subscription that includes following Azure file shares: You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1. For each of the following statements, select Yes if the
statement is true. Otherwise, select No.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group. Box 3: Yes
Yes, one or more server endpoints can be added to the sync group. References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
NEW QUESTION 6
- (Exam Topic 4)
You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: always
Endpoint status is enabled. Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an
exception to enable Azure Backup service to access the network restricted storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-
accounts-secured-with-azure-storage
NEW QUESTION 7
- (Exam Topic 4)
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in
Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?
A. Yes
B. No

Answer: A
Explanation:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at
regular intervals, and if results of the log search match particular criteria, then an alert record is created and it can be configured to perform an automated
response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-
premises. It collects data into a Log Analytics workspace.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
NEW QUESTION 8
- (Exam Topic 4)
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the resources shown in the following table.
RG2 contains the resources shown in the following table.
You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
NEW QUESTION 9
- (Exam Topic 4)
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:

Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional
scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and
vulnerabilities. Web applications are increasingly targeted
by malicious attacks that exploit commonly known vulnerabilities. References:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
NEW QUESTION 10
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory
domain. The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
Number of methods required to reset: 2
Methods available to users: Mobile phone, Security questions
Number of questions required to register: 3
Number of questions required to reset: 3 You select the following security questions:
What is your favorite food?
In what city was your first job?
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through
Self-service password reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin
accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password. Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
NEW QUESTION 10
- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US. Does this meet the goal?
A. Yes
B. NO
Answer: A
Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a
region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION 15
- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
You need to create a network interface named NIC1. In which location can you create NIC1?
A. East US and North Europe only.

B. East US and West Europe only.
C. East US, West Europe, and North Europe.
D. East US only.

Answer: D
Explanation:
A virtual network is required when you create a NIC. Select the virtual network for the network interface. You can only assign a network interface to a virtual
network that exists in the same subscription and location as the network interface. Once a network interface is created, you cannot change the virtual network it is
assigned to. The virtual machine you add the network interface to must also exist in the same location and subscription as the network interface.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION 18
- (Exam Topic 4)
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
A. Mastered
B. Not Mastered

Answer: A
Explanation:
Box 1: add a subnet
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on
the subnet they are connected to. We need to add the 192.168.1.0/24 subnet.
Box 2: add a network interface
The 10.2.1.0/24 network exists. We need to add a network interface. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal
NEW QUESTION 20
- (Exam Topic 4)
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP
address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1.
Ensure that you can attach the disks to VM1.
Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
B. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of acount1, add VNet1.
D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Answer: BE
Explanation:
B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
Navigate to the storage account you want to secure.
Click on the settings menu called Firewalls and virtual networks.
To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
Click Save to apply your changes. E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the
virtual network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
NEW QUESTION 25
- (Exam Topic 4)
You have an Azure subscription that includes data in following locations:
You plan to export data by using Azure import/export job named Export1. You need to identify the data that can be exported by using Export1. Which data should
you identify?
A. DB1
B. Table1
C. container1
D. Share1
Answer: D
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION 28
- (Exam Topic 4)
You have the Azure virtual machines shown in the following table.

A DNS service is install on VM1.

You configure the DNS server settings for each virtual network as shown in the following exhibit.
You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?
A. Add service endpoints on VNET2 and VNET3.

B. Configure peering between VNE11, VNETT2, and VNET3.
C. Configure a conditional forwarder on VM1
D. Add service endpoints on VNET1.
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta
NEW QUESTION 29
- (Exam Topic 4)
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
A. an XML manifest file

B. a driveset CSV file
C. a dataset CSV file
D. a PowerShell PS1 file
E. a JSON configuration file
Answer: BC
Explanation:
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the
dataset.csv file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
NEW QUESTION 31
- (Exam Topic 4)
You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1. After creating Backup1, you perform the following changes to VM1:
Modify the size of VM1.
Copy a file named Budget.xls to a folder named Data.
Reset the password for the built-in administrator account.
Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1. You need to ensure that all the changes to VM1 are restored.
Which change should you perform again?
A. Modify the size of VM1.

B. Add a data disk.
C. Reset the password for the built-in administrator account.
D. Copy Budget.xls to Data.
Answer: D
Explanation:
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-disks
NEW QUESTION 34
- (Exam Topic 4)

You have an Azure virtual machine named VM1.

The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.) You deploy a web server on VM1, and then create a secure website
that is accessible by using the
HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
A. Change the priority of Rule3 to 450.

B. Change the priority of Rule6 to 100
C. DeleteRule1.
D. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.
Answer: D
NEW QUESTION 39
- (Exam Topic 4)
Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
NEW QUESTION 40
- (Exam Topic 4)
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers
NEW QUESTION 44
- (Exam Topic 4)
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016. You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A
server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service.
The Server Registration UI should open automatically after installation of the Azure File Sync agent.
NEW QUESTION 46
- (Exam Topic 4)
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and

User3 access to a temporary Microsoft SharePoint

document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. a Security group that uses the Assigned membership type

B. an Office 365 group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type
Answer: BC
Explanation:
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove
inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.
NEW QUESTION 47
- (Exam Topic 4)
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2. What should you do first?
A. From the RSV1 blade, click Backup items and stop the VM2 backup.
B. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
C. From the RSV1 blade, click Backu
D. From the Backup blade, select the backup for the virtual machine, and then click Backup.
E. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.
Answer: D
Explanation:
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm
NEW QUESTION 48
- (Exam Topic 4)
You have a sync group that has the endpoints shown in the following table.
Cloud tiering is enabled for Endpoint3.

You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files. What should you identify? To answer, select the
appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
File1: Endpoint3 only

Cloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares
into a cache, rather than a complete copy of the dataset, to help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed
files can be tiered to Azure Files.
File2: Endpoint1, Endpoint2, and Endpoint3 References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering
NEW QUESTION 50
- (Exam Topic 4)
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in
external.contoso.com.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
A. Yes
B. No
Answer: A
Explanation:
Only a global administrator can add users to this tenant. References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION 54
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users.
You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.
What should you do?
A. From the multi-factor authentication page, configure the users’ settings.

B. From Azure AD, create a conditional access policy.
C. From the multi-factor authentication page, configure the service settings.
D. From the MFA blade in Azure AD, configure the MFA Server settings.
Answer: C
Explanation:
Enable remember Multi-Factor Authentication
Sign in to the Azure portal.
On the left, select Azure Active Directory > Users.
Select Multi-Factor Authentication.
Under Multi-Factor Authentication, select service settings.
On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they
trust option.
Select Save.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
NEW QUESTION 55
- (Exam Topic 4)
You have an Azure subscription named Subcription1 that contains a resource group named RG1. In RG1. you create an internal load balancer named LB1 and a
public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Caen correct selection is worth one point.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 57
- (Exam Topic 4)
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1. You create a backup Policy1 as shown in the exhibit. (Click the
Exhibit tab.)
You configure the backup of VM1 to use Policy1 on Thursday, January 1. You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: 6
4 daily + 1 weekly + monthly Box 2: 8
4 daily + 2 weekly + monthly + yearly
NEW QUESTION 59
- (Exam Topic 4)
Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
NEW QUESTION 62
- (Exam Topic 4)
You plan to configure Azure Backup reports for Vault1.

You are configuring the Diagnostics settings for the AzureBackupReports log.

Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the
answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe. Box 2: Analytics3
Vault1 and Analytics3 are both in West Europe. References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-configure-reports
NEW QUESTION 67
- (Exam Topic 4)
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.
You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.
For contoso.com, you create a virtual network link named link1 as shown in the exhibit. (Click the Exhibit tab.)

You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com.
VM1 can resolve other hosts on the internet.
You need to ensure that VM1 can resolve host names in adatum.com. What should you do?
A. Update the DNS suffix on VM1 to be adatum.com.

B. Create an SRV record in the contoso.com zone.
C. Configure the name servers for adatum.com at the domain registrar.
D. Modify the Access control (IAM) settings for link1.
Answer: D
NEW QUESTION 69
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages. You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
azcopy make 'https://<storage-account-name>.file.core.windows.net/<file-share-name><SAS-token>'
NEW QUESTION 70
- (Exam Topic 4)
Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains
the objects shown in the following table.
You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect. You need to identify which objects are synced to Azure AD.
Which objects should you identify?
A. User1 and Group1 only

B. User1, Group1, and Group2 only
C. User1, Group1, Group2, and Computer1
D. Computer1 only
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization
NEW QUESTION 75
- (Exam Topic 4)

In storage1, you create a blob container named blob1 and a file share named share1.
Which resources can be backed up to Vault1 and Vault2? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: VM1 only
VM1 is in the same region as Vault1. File1 is not in the same region as Vautl1.
SQL is not in the same region as Vault1. Blobs cannot be backup up to service vaults.
Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
Box 2: Share1 only.
Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1.
Note: After you select Backup, the Backup pane opens and prompts you to select a storage account from a list of discovered supported storage accounts. They're
either associated with this vault or present in the same region as the vault, but not yet associated to any Recovery Services vault.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault https://docs.microsoft.com/en-us/azure/backup/backup-afs
NEW QUESTION 76
- (Exam Topic 4)
You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the
correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration. Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Onboard the virtual machines to Azure Automation State Configuration. Onboard the Azure VM for management with Azure Automation State
Configuration Step 4: Assign the node configuration
Step 5: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You
can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status — whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant"
References:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
NEW QUESTION 77
- (Exam Topic 4)
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy

B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Answer: C
Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never
put in plain text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/
NEW QUESTION 82
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.

You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 83
- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources in the following table.
You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown in the LB1 exhibit. (Click the
Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 84
- (Exam Topic 4)
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named
Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual
machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

Box 1: An Azure Log Analytics workspace

In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and
solutions
Box 2: ILB1
References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics
NEW QUESTION 85
- (Exam Topic 4)
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in
external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
A. Yes
B. No
Answer: B
Explanation:
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION 90
- (Exam Topic 4)
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a
self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You export the client certificate from Computer1 and
install the certificate on Computer2. Does this meet this goal?
A. Yes
B. No
Answer: A
Explanation:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root
certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
NEW QUESTION 91
......

Thank You for Trying Our Product
We offer two products:
1st - We have Practice Tests Software with Actual Exam Questions
2nd - Questons and Answers in PDF Format
AZ-104 Practice Exam Features:
* AZ-104 Questions and Answers Updated Frequently
* AZ-104 Practice Questions Verified by Expert Senior Certified Staff
* AZ-104 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* AZ-104 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
100% Actual & Verified — Instant Download, Please Click

Order The AZ-104 Practice Test Here

Powered by TCPDF (www.tcpdf.org)

Microsoft: Exam Questions AZ-104

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Microsoft: Exam Questions AZ-104

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft: Exam Questions AZ-104

Uploaded by

Copyright:

Available Formats

Recommend!!

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. an Azure Notification Hub

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

You need to ensure that VM1 can be created in an Availability Zone.

A. Use managed disks

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

You need to recommend a networking solution to meet the following requirements:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. East US and North Europe only.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A DNS service is install on VM1.

A. Add service endpoints on VNET2 and VNET3.

A. an XML manifest file

A. Modify the size of VM1.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

You have an Azure virtual machine named VM1.

A. Change the priority of Rule3 to 450.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

User3 access to a temporary Microsoft SharePoint

A. a Security group that uses the Assigned membership type

Cloud tiering is enabled for Endpoint3.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. From the multi-factor authentication page, configure the users’ settings.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

You plan to configure Azure Backup reports for Vault1.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Update the DNS suffix on VM1 to be adatum.com.

A. User1 and Group1 only

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Azure Active Directory (AD) Identity Protection and an Azure policy

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Box 1: An Azure Log Analytics workspace

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

AZ-104 Practice Exam Features:

* AZ-104 Questions and Answers Updated Frequently

* AZ-104 Practice Questions Verified by Expert Senior Certified Staff

100% Actual & Verified — Instant Download, Please Click

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

You might also like