Microsoft Azure (AZ-104) Test Bank 2022 Microsoft Azure (AZ-104) Test Bank 2022
Uploaded by
John JessenMicrosoft Azure (AZ-104) Test Bank 2022 Microsoft Azure (AZ-104) Test Bank 2022
Uploaded by
John JessenlOMoARcPSD|23500241
Microsoft Azure (AZ-104) Test Bank 2022
Information systems (Caucasus University)
Studocu is not sponsored or endorsed by any college or university
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Microsoft.AZ-104.v2022-03-25.q165
Exam Code: AZ-104
Exam Name: Microsoft Azure Administrator
Certification Provider: Microsoft
Free Question Number: 165
Version: v2022-03-25
# of views: 115
# of Questions views: 1728
https://www.freecram.net/torrent/Microsoft.AZ-104.v2022-03-25.q165.html
NEW QUESTION: 1
You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should be open between the home computers and the data file share?
A. 80
B. 443
C. 445
D. 3389
Answer: (SHOW ANSWER)
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will
fail if port 445 is blocked.
NEW QUESTION: 2
You have an Azure subscription that contains a resource group named Test RG.
You use TestRG to validate an Azure deployment.
TestRG contains the following resources:
You need to delete TestRG.
What should you do first?
A. Modify the backup configurations of VM1 and modify the resource lock type of VNET1.
B. Turn off VM1 and delete all data in Vault1.
C. Remove the resource lock from VNET1 and delete all data in Vault1.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
D. Turn off VM1 and remove the resource lock from VNET1.
Answer: (SHOW ANSWER)
You can't delete a vault that contains backup data. You must remove the delete locks before
trying to delete a resource group. When you delete a resource group, all of its resources are also
deleted. Deleting a resource group deletes all of its template deployments and currently stored
operations. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/delete-
resource-group?tabs=azure-powershell
NEW QUESTION: 3
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-
USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on
the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
NEW QUESTION: 4
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the
following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and West US.
Does this meet the goal?
A. Yes
B. NO
Answer: (SHOW ANSWER)
The virtual machine you attach a network interface to and the virtual network you connect it to
must exist in the same location, here West US, also referred to as a region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION: 5
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named
contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace.
Answer: (SHOW ANSWER)
With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes
resources within a namespace or across the cluster. To obtain a kubectl configuration context, a
user can run the az aks get-credentials command. When a user then interacts with the AKS
cluster with kubectl, they're prompted to sign in with their Azure AD credentials. This approach
provides a single source for user account management and password credentials. The user can
only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an
identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect,
see the Open ID connect documentation. From inside of the Kubernetes cluster, Webhook Token
Authentication is used to verify authentication tokens. Webhook token authentication is configured
and managed as part of the AKS cluster.
Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://docs.microsoft.com/en-us/azure/aks/concepts-identity
NEW QUESTION: 6
You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
NEW QUESTION: 7
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual
machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.
VM1 is backed up daily by Azure Backup without using the Azure Backup agent.
VM1 is affected by ransomware that encrypts data.
You need to restore the latest backup of VM1.
To which location can you restore the backup? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm#system-
requirements
NEW QUESTION: 8
You have an Azure subscription named Subscription1. You have a virtualization environment that
contains the virtualization server in the following table.
The virtual machines are configured as shown on the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption
(BitLocker). You plan to use Azure Site Recovery to migrate the virtual machines to Azure.
Which virtual machines can you migrate? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-
requirements
NEW QUESTION: 9
You have web app in the West US, Central US and East US Azure regions.
You have the App plans shown in the following table.
You plan to create an additional App Service plan named ASPs that will use the Linux operating
system.
You need to identify in which of the currently used locations you can deploy ASPs.
What should you recommend?
A. Central US only
B. West US, Central US, or East US
C. East US only
D. West US only
Answer: (SHOW ANSWER)
NEW QUESTION: 10
A. Modify the address space of the local network gateway.
B. Remove the public IP addresses from the virtual machines.
C. Modify the address space of Subnet1.
D. Create a deny rule in a network security group (NSG) that is linked to Subnet1.
Answer: D (LEAVE A REPLY)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network.
Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-
site VPN connection. You don't have to allow direct RDP or SSH access over the internet. And
this can be achieved by configuring a deny rule in a network security group (NSG) that is linked to
Subnet1 for RDP / SSH protocol coming from internet.
Modify the address space of Subnet1 : Incorrect choice
Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual
network.
Modify the address space of the local network gateway : Incorrect choice Modifying the address
space of the local network gateway will have no impact on RDP traffic flow to the virtual network.
Remove the public IP addresses from the virtual machines : Incorrect choice If you remove the
public IP addresses from the virtual machines, none of the applications be accessible publicly by
the Internet users.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
NEW QUESTION: 11
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure
virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer
named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from
Computer2.
Solution: You export the client certificate from Computer1 and install the certificate on Computer2.
Does this meet this goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Each client computer that connects to a VNet using Point-to-Site must have a client certificate
installed. You generate a client certificate from the self-signed root certificate, and then export
and install the client certificate. If the client certificate is not installed, authentication fails.
Reference:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
NEW QUESTION: 12
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure
virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer
named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from
Computer2.
Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet this goal?
A. No
B. Yes
Answer: A (LEAVE A REPLY)
NEW QUESTION: 13
You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete.
Which user attributes should you include in the file?
A. The user principal name and usage location of each user only
B. The user principal name of each user only
C. The display name of each user only
D. The display name and usage location of each user only
E. The display name and user principal name of each user only
Answer: B (LEAVE A REPLY)
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-bulk-delete
NEW QUESTION: 14
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
Virtual machines connect to the virtual networks.
The virtual networks n on-premises server named Server1 the configured as shown in the
following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the
hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
1 - Remove peering between Vnet1 and VNet2.
2 - Add the 10.44.0.0/16 address space to VNet1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
NEW QUESTION: 15
You have the App Service plans shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You plan to create the Azure web apps shown in the following table.
You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?pivots=platform-linux
https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage#
NEW QUESTION: 16
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual
machine scale set by using an Azure Resource Manager template.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
A. Azure Active Directory (Azure AD) Application Proxy
B. Azure Application Insights
C. Azure Custom Script Extension
D. the New-AzConfigurationAssignement cmdlet
Answer: (SHOW ANSWER)
The Custom Script Extension downloads and executes scripts on Azure VMs. This extension is
useful for post deployment configuration, software installation, or any other configuration /
management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the
Azure portal at extension run time.
The Custom Script extension integrates with Azure Resource Manager templates, and can also
be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.
You can use the Custom Script Extension with both Windows and Linux VMs.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-automate-vm-
deployment?toc=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-machines
%2Fextensions%2Ftoc.json&bc=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fdocs.microsoft.com%2Fen-us%2Fazure
%2Fbread%2Ftoc.json
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 17
You have an Azure subscription that contains the resources shown in the following table.
You need to create a network interface named NIC1.
In which location can you create NIC1?
A. East US and North Europe only.
B. East US and West Europe only.
C. East US, West Europe, and North Europe.
D. East US only.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer: (SHOW ANSWER)
A virtual network is required when you create a NIC. Select the virtual network for the network
interface. You can only assign a network interface to a virtual network that exists in the same
subscription and location as the network interface. Once a network interface is created, you
cannot change the virtual network it is assigned to. The virtual machine you add the network
interface to must also exist in the same location and subscription as the network interface.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION: 18
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned
the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope: owner,
contributor, reader, or network contributor.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
NEW QUESTION: 19
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. Azure Data Lake Store
B. a virtual machine
C. the Azure File Sync Storage Sync Service
D. Azure Blob storage
Answer: (SHOW ANSWER)
Azure Import/Export service is used to securely import large amounts of data to Azure Blob
storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION: 20
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
A. Modify the properties of NSG1.
B. Modify the properties of ASG1.
C. Associate NIC1 to ASG1.
Answer: (SHOW ANSWER)
Application Security Group can be associated with NICs.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security-
groups
NEW QUESTION: 21
You have an Azure subscription named AZPT1 that contains the resources shown in the following
table:
You create a new Azure subscription named AZPT2.
You need to identify which resources can be moved to AZPT2.
Which resources should you identify?
A. VM1, storage1, VNET1, and VM1Managed only
B. VM1 and VM1Managed only
C. VM1, storage1, VNET1, VM1Managed, and RVAULT1
D. RVAULT1 only
Answer: (SHOW ANSWER)
You can move a VM and its associated resources to a different subscription by using the Azure
portal.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You can now move an Azure Recovery Service (ASR) Vault to either a new resource group within
the current subscription or to a new subscription.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-
group-and-subscription
https://docs.microsoft.com/en-us/azure/key-vault/general/keyvault-move-subscription
NEW QUESTION: 22
You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a
file named File1.txt.
You on-premises network contains servers that run Windows Server 2016. The servers are
configured as shown in the following table.
You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for
Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning
http://techgenix.com/azure-file-sync-replicating-data/
NEW QUESTION: 23
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com.
You have a Microsoft account that you use to sign in to both tenants.
You need to configure the default sign-in tenant for the Azure portal.
What should you do?
A. From Azure Cloud Shell, run Set-AzContext.
B. From the Azure portal, change the directory.
C. From Azure Cloud Shell, run Select- AzSubscription.
D. From the Azure portal, configure the portal settings.
Answer: A (LEAVE A REPLY)
NEW QUESTION: 24
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
A. Diagram in VNet1
B. the security recommendations in Azure Advisor
C. Diagnostic settings in Azure Monitor
D. Diagnose and solve problems in Traffic Manager Profiles
E. IP flow verify in Azure Network Watcher
Answer: (SHOW ANSWER)
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications
servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information
consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
denied by a security group, the name of the rule that denied the packet is returned. While any
source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose
connectivity issues from or to the internet and from or to the on-premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION: 25
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the
following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and Central US.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
The virtual machine you attach a network interface to and the virtual network you connect it to
must exist in the same location, here West US, also referred to as a region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION: 26
You have an Azure subscription named Subscription1 that contains the virtual networks in the
following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Subscripton1 contains the virtual machines in the following table.
In Subscription1, you create a load balancer that has the following configurations:
Name: LB1
SKU: Basic
Type: Internal
Subnet: Subnet12
Virtual network: VNET1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
NEW QUESTION: 27
You have an Azure subscription that has a Recovery Services vault named Vault1. The
subscription contains the virtual machines shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You plan to schedule backups to occur every night at 23:00.
Which virtual machines can you back up by using Azure Backup?
A. VM1 only
B. VM1 and VM3 only
C. VM1. VM2, VM3andVM4
D. VM1 and VM2 only
Answer: (SHOW ANSWER)
Azure Backup supports backup of 64-bit Windows server operating system from Windows Server
2008.
Azure Backup supports backup of 64-bit Windows 10 operating system.
Azure Backup supports backup of 64-bit Ubuntu Server operating system from Ubuntu 12.04.
Azure Backup supports backup of VM that are shutdown or offline.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-support-matrix-iaas
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/endorsed-distros
NEW QUESTION: 28
You are the global administrator for an Azure Active Directory (Azure AD) tenet named
adatum.com.
You need to enable two-step verification for Azure users.
What should you do?
A. Create a sign-in risk policy in Azure AD Identity Protection
B. Enable Azure AD Privileged Identity Management.
C. Create and configure the Identity Hub.
D. Configure a security policy in Azure Security Center.
Answer: (SHOW ANSWER)
Identity Protection analyzes signals from each sign-in, both real-time and offline, and calculates a
risk score based on the probability that the sign-in wasn't performed by the user. Administrators
can make a decision based on this risk score signal to enforce organizational requirements.
Administrators can choose to block access, allow access, or allow access but require multi-factor
authentication.
If risk is detected, users can perform multi-factor authentication to self-remediate and close the
risky sign-in event to prevent unnecessary noise for administrators.
With Azure Active Directory Identity Protection, you can:
require users to register for multi-factor authentication
handle risky sign-ins and compromised users
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows
NEW QUESTION: 29
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and
VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify
that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from
131.107.100.50 over TCP port 443.
Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
The rule currently has the highest priority.
Reference:
https://fastreroute.com/azure-network-security-groups-explained/
Allow_131.107.100.50 rule already has the highest priority.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
NEW QUESTION: 30
A. From the Azure portal modify the Access control (1AM) settings of VM1.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
B. From the Azure portal, modify the Policies settings of RG1.
C. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
D. From the Azure portal, modify the Access control (IAM) settings of RG1.
Answer: (SHOW ANSWER)
A managed identity from Azure Active Directory allows your app to easily access other AAD-
protected resources such as Azure Key Vault. The identity is managed by the Azure platform and
does not require you to provision or rotate any secrets.
User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale
Sets.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity
NEW QUESTION: 31
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share
named data.
Which UNC path should you include in a script that references files from the data file share? To
answer, drag the appropriate values to the correct targets. Each value may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 32
You have an Azure subscription named Subscription1 that contains the quotas shown in the
following table.
You deploy virtual machines to Subscription1 as shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
NEW QUESTION: 33
You have an Azure subscription that contains a resource group named RG26.
RG26 is sot to the West Europe location and is used to create temporary resources for a project.
RG26 contains the resources shown in the following table.
SQLD01 is backed up to RGV1.
When the project is complete, you attempt to delete RG26 from the Azure portal. The deletion
fails.
You need to delete RG26.
What should you do first?
A. Stop the backup of SQLDB01.
B. Delete sa001.
C. Delete VM1.
D. StopVM1.
Answer: (SHOW ANSWER)
You can't delete a vault that contains backup data. So in this case at first you have to delete the
backup of 'SQLD01' before you attempt to delete the vault.
Reference:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
NEW QUESTION: 34
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow
inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1
uses only the default rules.
NSG2 uses the default and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-
connection
NEW QUESTION: 35
You need to configure the Device settings to meet the technical requirements and the user
requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer
area.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 36
You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
1 - Install the Azure File Sync agent on Server1
2 - Register Server1.
3 - Add a server endpoint
NEW QUESTION: 37
You have two Azure virtual machines named VM1 and VM2. VM1 has a single data disk named
Disk1. You need to attach Disk1 to VM2. The solution must minimize downtime for both virtual
machines.
Which four actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
1 - Stop VM1.
2 - Detach Disk1 from VM1.
3 - Start VM1.
4 - Attach Disk1 to VM2
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/detach-disk
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-attach-detach-data-disk
NEW QUESTION: 38
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow
Remote Desktop connections NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-
Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any
source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. You
remove NSG-VM1 from the network interface of VM1.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created
automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by
default.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-
connection
NEW QUESTION: 39
You have the Azure virtual networks shown in the following table.
To which virtual networks can you establish a peering connection from VNet1?
A. VNet2 and VNet3 only
B. VNet2 only
C. VNet3 and VNet4 only
D. VNet2, VNet3, and VNet4
Answer: (SHOW ANSWER)
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
You can connect virtual networks to each other with virtual network peering. These virtual
networks can be in the same region or different regions (also known as Global VNet peering).
Once virtual networks are peered, resources in both virtual networks are able to communicate
with each other, with the same latency and bandwidth as if the resources were in the same virtual
network.
Global VNet Peering is now generally available in all Azure public regions, excluding the China,
Germany, and Azure Government regions.
The address space is the most critical configuration for a VNet in Azure. This is the IP range for
the entire network that will be divided into subnets. The address space can almost be any IP
range that you wish (public or private). You can add multiple address spaces to a VNet. To
ensure this VNet can be connected to other networks, the address space should never overlap
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
with any other networks in your environment. If a VNet has an address space that overlaps with
another Azure VNet or on-premises network, the networks cannot be connected, as the routing of
traffic will not work properly.
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
https://azure.microsoft.com/en-in/updates/general-availability-global-vnet-peering/#:~:text=Global
%20VNet%20Peering%20is%20now,transit%20over%20the%20public%20internet.
https://www.microsoftpressstore.com/articles/article.aspx?p=2873369
NEW QUESTION: 40
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate
actions to the correct targets. Each action may be used once, more than once, or not at all. You
may need to drag the split bar between panes or scroll to view content.
Answer:
1 - Create a Storage Sync Service
2 - Create a sync group
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?
tabs=azure-portal
NEW QUESTION: 41
You have an Azure Active Directory (Azure AD) tenant named Tenant1 and an Azure subscription
named You enable Azure AD Privileged Identity Management.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You need to secure the members of the Lab Creator role. The solution must ensure that the lab
creators request access when they create labs.
What should you do first?
A. From Azure AD Privileged Identity Management, edit the role settings for Lab Creator.
B. From Subscription1 edit the members of the Lab Creator role.
C. From Azure AD Identity Protection, creates a user risk policy.
D. From Azure AD Privileged Identity Management, discover the Azure resources of Conscription.
Answer: (SHOW ANSWER)
As a Privileged Role Administrator you can:
Enable approval for specific roles
Specify approver users and/or groups to approve requests
View request and approval history for all privileged roles
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-
configure
NEW QUESTION: 42
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
NEW QUESTION: 43
You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets
named Gatesway, perimeter, NVA, and production.
The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between
the perimeter subnet and the production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the
following requirements:
The NVAs must run in an active-active configuration that uses automatic failover.
The NVA must load balance traffic to two services on the Production subnet. The services have
different IP addresses Which three actions should you perform? Each correct answer presents
parts of the solution.
NOTE: Each correct selection is worth one point.
A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
B. Deploy a standard load balancer.
C. Add a frontend IP configuration, two backend pools, and a health prob.
D. Add a frontend IP configuration, a backend pool, and a health probe.
E. Add two load balancing rules that have HA Ports and Floating IP enabled.
F. Deploy a basic load balancer.
Answer: (SHOW ANSWER)
A standard load balancer is required for the HA ports.
-Two backend pools are needed as there are two services with different IP addresses.
-Floating IP rule is used where backend ports are reused.
Incorrect Answers:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
F: HA Ports are not available for the basic load balancer.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview The
following diagram presents a hub-and-spoke virtual network deployment. The spokes force-tunnel
their traffic to the hub virtual network and through the NVA, before leaving the trusted space. The
NVAs are behind an internal Standard Load Balancer with an HA ports configuration. All traffic
can be processed and forwarded accordingly. When configured as show in the following diagram,
an HA Ports load-balancing rule additionally provides flow symmetry for ingress and egress
traffic.
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ha-ports-overview#a-single-
floating-ip-direct-server-return-ha-ports-configuration-on-an-internal-standard-load-balancer
NEW QUESTION: 44
You have an Azure subscription that contains a resource group named RG1. RG1 contains 100
virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance.
You need to associate each virtual machine to a specific cost center.
What should you do?
A. Add an extension to the virtual machines.
B. Modify the inventory settings of the virtual machine.
C. Assign tags to the virtual machines.
D. Configure locks for the virtual machine.
Answer: (SHOW ANSWER)
You apply tags to your Azure resources, resource groups, and subscriptions to logically organize
them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply
the name "Environment" and the value "Production" to all the resources in production Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
NEW QUESTION: 45
You have an Azure subscription named Subscription1 that contains the resources shown in the
following table.
You create virtual machines in Subscription1 as shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You plan to use Vault1 for the backup of as many virtual machines as possible.
Which virtual machines can be backed up to Vault1?
A. VM1, VM3, VMA, and VMC only
B. VM1 and VM3 only
C. VM1, VM2, VM3, VMA, VMB, and VMC
D. VM1 only
E. VM3 and VMC only
Answer: (SHOW ANSWER)
To create a vault to protect virtual machines, the vault must be in the same region as the virtual
machines. If you have virtual machines in several regions, create a Recovery Services vault in
each region.
Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
NEW QUESTION: 46
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will
be part of the same availability set.
You need to ensure that as many virtual machines as possible are available if the fabric fails or
during servicing.
How should you configure the template? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-
managed-disks
https://github.com/Azure/acs-engine/issues/1030
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 47
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your company has 100 users located in an office in Paris.
The on-premises network contains the servers shown in the following table.
You create a new subscription. You need to move all the servers to Azure.
Solution: You run azcopy.exe.
Does this meet the goal?
A. No
B. Yes
Answer: (SHOW ANSWER)
NEW QUESTION: 48
You have an Azure subscription that contains the following resources:
* a virtual network named VNet1
* a replication policy named ReplPolicy1
* a Recovery Services vault named Vault1
* an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows
Server 2019.
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
1 - Deploy an EC2 virtual machine as a configuration server
2 - Install Azure Site Recovery Unified Setup.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure
NEW QUESTION: 49
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an
Active Directory domain. The tenant contains the users shown in the following table.
The users have the attributes shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four
users.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Solution: You add an office phone number for User2.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that
cannot be disabled.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-
methods
NEW QUESTION: 50
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the
users shown in the following table:
User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
NEW QUESTION: 51
You have an Azure subscription named Subscription1 that contains the quotas shown in the
following table.
You deploy virtual machine to Subscription1 as shown in the following table.
You plan to deploy the virtual machines shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quotas
NEW QUESTION: 52
You have an Azure Storage account named storage1.
You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?
A. blob, file, table, and queue
B. blob and file only
C. file and table only
D. file only
E. blob, table, and queue only
Answer: (SHOW ANSWER)
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage
account.
Incorrect Answers:
A, C, E: AzCopy does not support table and queue storage services.
D: AzCopy supports file storage services, as well as blob storage services.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
NEW QUESTION: 53
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted
in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between
the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork
provider.
Does this meet the goal?
A. Yes
B. No
Answer: B (LEAVE A REPLY)
You should use a policy definition.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
NEW QUESTION: 54
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone
for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP
address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Modify the Name Server (NS) record.
A NS record would be created automatically and you cannot modify it (but you can add to it to
support co-hosting domains). You can add additional name servers to this NS record set, to
support co-hosting domains with more than one DNS provider. You can also modify the TTL and
metadata for this record set. However, you cannot remove or modify the pre-populated Azure
DNS name servers.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
NEW QUESTION: 55
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD
Seamless SSO) for an on-premises network. Users report that when they attempt to access
myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an
account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active
Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure
resources.
What should you do first?
A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
B. From Azure AD, add and verify a custom domain name.
C. From the on-premises network, request a new certificate that contains the Active Directory
domain name.
D. From the server that runs Azure AD Connect, modify the filtering options.
Answer: B (LEAVE A REPLY)
Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them
with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be
taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active
Directory and displays the corresponding status against each suffix. The status values can be one
of the following:
State: Verified
Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can
sign in by using their on-premises credentials.
State: Not verified
Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN
suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after
synchronization if the domain isn't verified.
Action Required: Verify the custom domain in Azure AD.
NEW QUESTION: 56
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
You should use Azure Network Watcher.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
NEW QUESTION: 57
Note: The question is included in a number of questions that depicts the identical set-up.
However, every question has a distinctive result. Establish if the solution satisfies the
requirements.
Your company's Azure solution makes use of Multi-Factor Authentication for when users are not
in the office. The Per Authentication option has been configured as the usage model.
After the acquisition of a smaller business and the addition of the new staff to Azure Active
Directory (Azure AD) obtains a different company and adding the new employees to Azure Active
Directory (Azure AD), you are informed that these employees should also make use of Multi-
Factor Authentication.
To achieve this, the Per Enabled User setting must be set for the usage model.
Solution: You create a new Multi-Factor Authentication provider with a backup from the existing
Multi-Factor Authentication provider data.
Does the solution meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-authentication-server/
NEW QUESTION: 58
You have an Azure subscription that contains the virtual networks shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
The subscription contains the private DNS zones shown in the following table.
You add virtual network links to the private DNS zones as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-virtual-network-links
https://docs.microsoft.com/en-us/azure/dns/private-dns-autoregistration
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 59
HOTSPOT
You have an Azure subscription that contains the file shares shown in the following table.
You have the on-premises file shares shown in the following table.
You create an Azure file sync group named Sync1 and perform the following actions:
Add share1 as the cloud endpoint for Sync1.
Add data1 as a server endpoint for Sync1.
Register Server1 and Server2 to Sync1
.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?
tabs=azure-portal%2Cproactive-portal#create-a-sync-group-and-a-cloud-endpoint
NEW QUESTION: 60
You have the Azure management groups shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You add Azure subscriptions to the management groups as shown in the following table.
You create the Azure policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#moving-
management-groups-and-subscriptions
NEW QUESTION: 61
You have an Azure subscription that contains the resources shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You need to configure a proximity placement group for VMSS1 Which proximity placement
groups should you use?
A. Proximity2 only
B. Proximity 1, Proximity2, and Proximity3
C. Proximity 1 and Proximity3 only
D. Proximity1 only
Answer: A (LEAVE A REPLY)
Resource Group location of VMSS1 is the RG2 location, which is West US.
Only Proximity2, which also in RG2, is location in West US
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups/
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 62
Which blade should you instruct the finance department auditors to use?
A. Partner information
B. Overview
C. Payment methods
D. Invoices
Answer: (SHOW ANSWER)
You can opt in and configure additional recipients to receive your Azure invoice in an email. This
feature may not be available for certain subscriptions such as support offers, Enterprise
Agreements, or Azure in Open.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all
Azure costs from the past week.
NEW QUESTION: 63
You have an Azure subscription.
You enable multi-factor authentication for all users.
Some users report that the email applications on their mobile device cannot connect to their
Microsoft Exchange Online mailbox. The users can access Exchange Online by using a web
browser and from Microsoft Outlook 2016 on their computer.
You need to ensure that the users can use the email applications on their mobile device.
What should you instruct the users to do?
A. Create an app password
B. Reset the Azure Active Directory (Azure AD) password
C. Enable self-service password reset
D. Reinstall the Microsoft Authenticator app
Answer: A (LEAVE A REPLY)
If you're enabled for multi-factor authentication, make sure that you have set up app passwords.
Note: During your initial two-factor verification registration process, you're provided with a single
app password. If you require more than one, you'll have to create them yourself.
Go to the Additional security verification page.
Reference:
https://docs.microsoft.com/en-us/office365/troubleshoot/sign-in/sign-in-to-office-365-azure-intune
https://docs.microsoft.com/sv-se/azure/active-directory/user-help/multi-factor-authentication-end-
user-app-passwords
NEW QUESTION: 64
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You have an Azure subscription that contains the following storage account:
You need 10 create a request to Microsoft Support to perform a live migration of storage1 to Zone
Redundant Storage (ZRS) replication. How should you modify storage1 before the Live
migration?
A. Disable Advanced threat protection
B. Remove the lock
C. Set the access tier to Hot
D. Set the replication to Locally-redundant storage (IRS)
Answer: (SHOW ANSWER)
NEW QUESTION: 65
You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be
based on the executions of the app.
What should you configure when you create the function app?
A. the Windows operating system and the Consumption plan hosting plan
B. the Windows operating system and the App Service plan hosting plan
C. the Docker container and an App Service plan that uses the Bl1 pricing tier
D. the Docker container and an App Service plan that uses the SI pricing
Answer: (SHOW ANSWER)
Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The
Consumption plan automatically allocates compute power when your code is running. Your app is
scaled out when needed to handle load, and scaled down when code is not running.
Incorrect Answers:
B: When you run in an App Service plan, you must manage the scaling of your function app.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function
NEW QUESTION: 66
You have an Azure subscription that contains an Azure Storage account storageaccount1.
You export storage account as an Azure Resource Manager template. The template contains the
following sections.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
NEW QUESTION: 67
You create an Azure Migrate project named TestMig in a resource group named test-migration.
You need to discover which on-premises virtual machines to assess for migration.
Which three actions should you perform in sequence? To answer, select the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
NEW QUESTION: 68
Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a
host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP
address.
You need to resolve the name resolution issue.
Solution: You modify the name server at the domain registrar.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
NEW QUESTION: 69
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services
vaults named RSV1 and RSV2.
VM2 is backed up to RSV1.
You need to back up VM2 to RSV2.
What should you do first?
A. From the RSV1 blade, click Backup items and stop the VM2 backup
B. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual
machine, and then click Backup
C. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2
as the Recovery Services vault
D. From the RSV1 blade, click Backup Jobs and export the VM2 job
Answer: (SHOW ANSWER)
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm
NEW QUESTION: 70
You have an Azure subscription that contains the virtual machines shown in the following table:
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow
inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1
uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-
connection
NEW QUESTION: 71
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure Cloud Shell, you run az aks.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Installing Azure CLI doesn't mean that Azure Kubernates client is installed. So before running
kubectl client command, you have install kubectl, the Kubernetes command-line client.
First need to run az aks install-cli to install Kubernetes CLI, which is kubectl Reference:
https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest
NEW QUESTION: 72
You plan to deploy an Azure container instance by using the following Azure Resource Manager
template.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Use the drop-down menus to select the answer choice that completes each statement based on
the information presented in the template.
Answer:
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
NEW QUESTION: 73
You have the Azure resources shown on the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You plan to track resource usage and prevent the deletion of resources.
To which resources can you apply locks and tags? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?
tabs=json
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?
tabs=json
NEW QUESTION: 74
You have an Azure Storage account named storage1.
You have an Azure App Service app named app1 and an app named App2 that runs in an Azure
container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1 for the next 30 days.
What should you configure in storage1 for each app?
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
NEW QUESTION: 75
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory
tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
A. yes
B. No
Answer: B (LEAVE A REPLY)
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION: 76
You have an Azure subscription that contains a virtual network named VNET1 in the East US 2
region. You have the following resources in an Azure Resource Manager template.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/architecture/resiliency/recovery-loss-azure-region
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 77
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You have an Azure subscription that contains the resources shown in the following table.
You need to deploy Application1 to Cluster1.
Which command should you run?
A. az aks create
B. kubectl apply
C. az acr build
D. docker build
Answer: C (LEAVE A REPLY)
NEW QUESTION: 78
You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-
business application that is available 24 hours a day. VM1 has one network interface and one
managed disk. VM1 uses the D4s v3 size.
You plan to make the following changes to VM1:
Change the size to D8s v3.
Add a 500-GB managed disk.
Add the Puppet Agent extension.
Attach an additional network interface.
Which change will cause downtime for VM1?
A. Add a 500-GB managed disk.
B. Attach an additional network interface.
C. Add the Puppet Agent extension.
D. Change the size to D8s v3.
Answer: (SHOW ANSWER)
While resizing the VM it must be in a stopped state.
NEW QUESTION: 79
Which blade should you instruct the finance department auditors to use?
A. invoices
B. partner information
C. cost analysis
D. External services
Answer: (SHOW ANSWER)
Cost analysis: Correct Option
In cost analysis blade of Azure, you can see all the detail for custom time span. You can use this
to determine expenditure of last few day, weeks, and month. Below options are available in Cost
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
analysis blade for filtering information by time span: last 7 days, last 30 days, and custom date
range. Choosing the first option (last 7 days) auditors can view the costs by time span.
Cost analysis shows data for the current month by default. Use the date selector to switch to
common date ranges quickly. Examples include the last seven days, the last month, the current
year, or a custom date range. Pay-as-you-go subscriptions also include date ranges based on
your billing period, which isn't bound to the calendar month, like the current billing period or last
invoice. Use the <PREVIOUS and NEXT> links at the top of the menu to jump to the previous or
next period, respectively. For example, <PREVIOUS will switch from the Last 7 days to 8-14 days
ago or 15-21 days ago.
Invoice: Incorrect Option
Invoices can only be used for past billing periods not for current billing period, i.e. if your
requirement is to know the last week's cost then that also not filled by invoices because Azure
generates invoice at the end of the month. Even though Invoices have custom timespan, but
when you put in dates for a week, the pane would be empty. Below is from Microsoft document:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Resource Provider: Incorrect Option
When deploying resources, you frequently need to retrieve information about the resource
providers and types. For example, if you want to store keys and secrets, you work with the
Microsoft.KeyVault resource provider. This resource provider offers a resource type called vaults
for creating the key vault. This is not useful for reviewing all Azure costs from the past week which
is required for audit.
Payment method: Incorrect Option
Payment methods is not useful for reviewing all Azure costs from the past week which is required
for audit.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost-analysis
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/download-azure-
invoice-daily-usage-date
NEW QUESTION: 80
A. NSG flow logs
B. Connection troubleshoot
C. IP flow verify
D. Connection monitor
Answer: (SHOW ANSWER)
The Connection Monitor feature in Azure Network Watcher is now generally available in all public
regions. Connection Monitor provides you RTT values on a per-minute granularity. You can
monitor a direct TCP connection from a virtual machine to a virtual machine, FQDN, URI, or IPv4
address.
Reference:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection-
monitor-in-all-public-regions/
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 81
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of
[email protected].
You need to ensure that the vendor can authenticate to the tenant by using [email protected].
What should you do?
A. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the -
UserPrincipalName [email protected] parameter.
B. From the Azure portal, add a custom domain name, create a new Azure AD user, and then
specify [email protected] as the username.
C. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -
UserPrincipalName [email protected] parameter.
D. From the Azure portal, add a new guest user, and then specify [email protected] as the
email address.
Answer: (SHOW ANSWER)
UserPrincipalName - contains the UserPrincipalName (UPN) of this user. The UPN is what the
user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in
Contoso.com, the UPN would be [email protected] Example:
To create the user, call the New-AzureADUser cmdlet with the parameter values:
powershell New-AzureADUser -AccountEnabled $True -DisplayName "Abby Brown" -
PasswordProfile$PasswordProfile -MailNickName "AbbyB" -UserPrincipalName
"[email protected]" Reference:
https://docs.microsoft.com/bs-cyrl-ba/powershell/azure/active-directory/new-user-sample?
view=azureadps-2.0
NEW QUESTION: 82
You have an Azure subscription that contains the resources shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
The Not allowed resource types Azure policy is assigned to RG1 and uses the following
parameters:
* Microsoft.Network/virtualNetwork
* Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1.
What should you do first?
A. Remove Microsoft.Network/virtualNetworks from the policy
B. Create an Azure Resource Manager template
C. Remove Microsoft.Compute/virtualMachines from the policy
D. Add a subnet to VNET1
Answer: (SHOW ANSWER)
The Not allowed resource types Azure policy prohibits the deployment of specified resource
types. You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/
NEW QUESTION: 83
You are developing an Azure web app named WebApp1. WebApp1 uses an Azure App Service
plan named Plan1 that uses the B1 pricing tier.
You need to configure WebApp1 to add additional instances of the app when CPU usage
exceeds 70 percent for 10 minutes.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/
NEW QUESTION: 84
You have an Azure Active Directory tenant named Contoso.com that includes following users:
Contoso.com includes following Windows 10 devices:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You create following security groups in Contoso.com:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
NEW QUESTION: 85
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual
machine scale set by using an Azure Resource Manager template. You need to ensure that
NGINX is available on all the virtual machines after they are deployed. What should you use?
A. a Desired State Configuration (DSC) extension
B. thePublish-AzVMDscConfigurationCmdlet
C. a Microsoft Intune device configuration profile
D. Deployment Center in Azure App Service
Answer: (SHOW ANSWER)
The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a
VM to the Azure Automation State Configuration (DSC) service. The service provides benefits
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
that include ongoing management of the VM configuration and integration with other operational
tools, such as Azure Monitoring. Using the extension to register VM's to the service provides a
flexible solution that even works across Azure subscriptions.
You can use the DSC extension independently of the Automation DSC service.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
NEW QUESTION: 86
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in
the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down
time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on
the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
NEW QUESTION: 87
You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the
following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on
the information presented in the graphic. NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni
NEW QUESTION: 88
You have an Azure subscription named Subscription1. Subscription1 contains the resources in
the following table.
VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses
a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative
effort.
Which two actions should you perform? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-move-a-vm-to-a-different-
vnet-on-azure
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-
azure-vmbetween-vnets
NEW QUESTION: 89
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the
following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US.
Does this meet the goal?
A. Yes
B. NO
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer: (SHOW ANSWER)
The virtual machine you attach a network interface to and the virtual network you connect it to
must exist in the same location, here West US, also referred to as a region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION: 90
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Answer: (SHOW ANSWER)
Every Azure AD directory comes with an initial domain name in the form of
domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain
name to Azure AD as well. For example, your organization probably has other domain names
used to do business and users who sign in using your corporate domain name. Adding custom
domain names to Azure AD allows you to assign user names in the directory that are familiar to
your users, such as '[email protected].' instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that
office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named
humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory
domain will be synchronized to Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
NEW QUESTION: 91
You have an Azure subscription named Subscription1 that has the following providers registered:
Authorization
Automation
Resources
Compute
KeyVault
Network
Storage
Billing
Web
Subscription1 contains an Azure virtual machine named VM1 that has the following con
figurations:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
* Private IP address: 10.0.0.4 (dynamic)
* Network security group (NSG): NSG1
* Public IP address: None
* Availability set: AVSet
* Subnet: 10.0.0.0/24
* Managed disks: No
* Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Register the Microsoft.Insights resource provider
B. Add an Azure Network Watcher connection monitor
C. Register the Microsoft.LogAnalytics provider
D. Enable Azure Network Watcher in the East US Azure region
E. Create an Azure Storage account
F. Enable Azure Network Watcher flow logs
Answer: (SHOW ANSWER)
NSG flow log data is written to an Azure Storage account. You need to create an Azure Storage
account, With an Azure Storage account NSG flow logs can be enabled.
Enable network watcher in the East US region.
NSG flow logging requires the Microsoft.Insights provider.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 92
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-
addresses
NEW QUESTION: 93
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a
financial reporting app named App1 that does not support multiple active instances.
At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the
end of each month.
What task should you include in the runbook?
A. Add the Azure Performance Diagnostics agent to VM1.
B. Modify the VM size property of VM1.
C. Add VM1 to a scale set.
D. Increase the vCPU quota for the subscription.
E. Add a Desired State Configuration (DSC) extension to VM1.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer: (SHOW ANSWER)
If you have a CPU/performance issue then the solution is to scale up (increase VM size) or to
scale out (scale set) given that the App does not support multiple instances then scale up is the
obvious choice.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/resize-vm
NEW QUESTION: 94
You have an A2ure virtual machine named VMV
The network interface for VM1 is configured as shown in the exhibit(Click the Exhibit tab.)
You deploy a web server on VM1. and then create a secure website that is accessible by using
the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet.
What should you do?
A. For Rule4. change the protocol from UDP to Any
B. Modify the protocol of Rule4.
C. Modify the action of Rule1.
D. Change the priority of Rute3 to 450
Answer: (SHOW ANSWER)
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 3 (ports 60-500) and giving it a lower priority number will allow access on port
443.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Note: Rules are processed in priority order, with lower numbers processed before higher
numbers, because lower numbers have higher priority. Once traffic matches a rule, processing
stops.
Incorrect Answers:
A: HTTPS uses port 443. Rule6 only applies to ports 150 to 300.
C, D: Rule 1 blocks access to port 80, which is used for HTTP, not HTTPS.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
NEW QUESTION: 95
You have a general-purpose v1 Azure Storage account named storage1 that uses locally-
redundant storage (LRS).
You need to ensure that the data in the storage account is protected if a zone fails. The solution
must minimize costs and administrative effort.
What should you do first?
A. Create a new storage account.
B. Configure object replication rules.
C. Upgrade the account to general-purpose v2.
D. Modify the Replication setting of storage1.
Answer: (SHOW ANSWER)
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
NEW QUESTION: 96
You have an Azure subscription that contains the resources shown in the following table.
You need to perform the tasks shown in the following table.
Which tasks can you perform by using Azure Storage Explorer ?
A. Task1Task2 and Task3 only
B. Task1 and Task3 only
C. Task2, Task3, and Task4 only
D. Task1. Task2 and Task3 only
E. Take1,Take2, Take3, and Take4
Answer: (SHOW ANSWER)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 97
You create a Recovery Services vault backup policy named Policy1 as shown in the following
exhibit.
Answer:
NEW QUESTION: 98
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of
@contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate cmdlets
from the list of cmdlets to the answer area and arrange them in the correct order.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
1 - Add a custom domain name.
2 - Add a record to the public contoso.com DNS zone.
3 - Verify the domain.
NEW QUESTION: 99
You need to create an Azure Storage account that meets the following requirements:
* Minimizes costs
* Supports hot, cool, and archive blob tiers
* Provides fault tolerance if a disaster affects the Azure region where the account resides How
should you complete the command? To answer, select the appropriate options in the answer are
a. NOTE: Each correct selection is worth one point
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
NEW QUESTION: 100
A. Create 2 user-defined route from VNET1 to VNET3.
B. Assign VM4 an IP address of 10.0.1.5/24.
C. Establish peering between VNET1 and VNET3.
D. Create an NSG and associate the NSG to VMI and VM4.
Answer: (SHOW ANSWER)
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal Overview
Topic 3, Contoso Ltd
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client
computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS
only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile
phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service administrator of the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.
NEW QUESTION: 101
You have an Azure subscription named Subscription1 that has a subscription ID of
c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
Can be assigned only to the resource groups in Subscription1
Prevents the management of the access permissions for the resource groups Allows the viewing,
creating, modifying, and deleting of resource within the resource groups What should you specify
in the assignable scopes and the permission elements of the definition of CR1? To answer, select
the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-
operations#microsoftauthorization
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-
operations#microsoftresources
NEW QUESTION: 102
VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.
RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned
to a virtual machine.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-
resources
https://docs.microsoft.com/en-us/azure/virtual-network/move-across-regions-publicip-powershell
NEW QUESTION: 103
You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant
named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.
You plan to share a cloud resource to the All Users group.
You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud
resource.
What should you do first?
A. Create a user account of the member type for User4.
B. Create a user account of the member type for User3.
C. Modify the Directory-wide Groups settings.
D. Modify the External collaboration settings.
Answer: (SHOW ANSWER)
Ensure that "Enable an 'All Users' group in the directory" policy is set to "Yes" in your Azure
Active Directory (AD) settings in order to enable the "All Users" group for centralized access
administration. This group represents the entire collection of the Active Directory users, including
guests and external users, that you can use to make the access permissions easier to manage
within your directory.
Incorrect Answers:
A, B: User3 and User4 are guests already.
Note: By default, all users and guests in your directory can invite guests even if they're not
assigned to an admin role. External collaboration settings let you turn guest invitations on or off
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
for different types of users in your organization. You can also delegate invitations to individual
users by assigning roles that allow them to invite guests.
Reference:
https://www.cloudconformity.com/knowledge-base/azure/ActiveDirectory/enable-all-users-
group.html
NEW QUESTION: 104
You have an Azure Resource Manager template named Template1 that is used to deploy an
Azure virtual machine.
Template1 contains the following text:
The variables section in Template1 contains the following text:
"location": "westeurope"
The resources section in Template1 contains the following text:
You need to deploy the virtual machine to the West US location by using Template1.
What should you do?
A. Modify the location in the variables section to westus
B. Select West US during the deployment
C. Modify the location in the resource section to westus
Answer: C (LEAVE A REPLY)
NEW QUESTION: 105
You have an Azure subscription that contains the following users in an Azure Active Directory
tenant named contoso.onmicrosoft.com:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
A. Yes
B. No
Answer: (SHOW ANSWER)
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION: 106
You have an Azure subscription named Subscription1. Subscription1 contains the resources in
the following table.
In Azure, you create a private DNS zone named adatum.com. You set the registration virtual
network to VNet2. The adatum.com zone is configured as shown in the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 107
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named
contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft
SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted
automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a Security group that uses the Assigned membership type
B. an Office 365 group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type
Answer: (SHOW ANSWER)
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to
clean up unused groups. Expiration policies can help remove inactive groups from the system
and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.)
are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.
Incorrect Answers:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
A, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure
AD).
Reference:
https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expiration-
policy?view=o365-worldwide
NEW QUESTION: 108
You plan to automate the deployment of a virtual machine scale set that uses the Windows
Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web
server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
A. Modify the extensionProfile section of the Azure Resource Manager template.
B. Create a new virtual machine scale set in the Azure portal.
C. Create an Azure policy.
D. Create an automation account.
E. Upload a configuration script.
Answer: (SHOW ANSWER)
Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC)
extension handler. Virtual machine scale sets provide a way to deploy and manage large
numbers of virtual machines, and can elastically scale in and out in response to load. DSC is
used to configure the VMs as they come online so they are running the production software.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc
NEW QUESTION: 109
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of
messages.
What should you do?
A. Set the Lock Duration setting to 10 seconds.
B. Enable duplicate detection.
C. Set the Max Size setting of the queue to 5 GB.
D. Enable partitioning.
E. Enable sessions.
Answer: (SHOW ANSWER)
Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-
first-out (FIFO) delivery of messages.
Reference:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-
bus-queues-compared-contrasted
NEW QUESTION: 110
A. metric alert
B. Azure Log Analytics workspace
C. virtual machine
D. virtual machine extension
Answer: (SHOW ANSWER)
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics
workspace for analysis of details and correlations. Installing the Log Analytics VM extension for
Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
Azure Log Analytics workspace is also used for on-premises computers monitored by System
Center Operations Manager.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
NEW QUESTION: 111
You have a sync group that has the endpoints shown in the following table.
Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding
the files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering
NEW QUESTION: 112
You have an Azure subscription. You need to transfer 34TB of data from an on-premise Windows
2016 server to your Azure storage account. You need to ensure that the data transfer has zero
impact on the network, preserves your existing drives and is the fastest and most secure method.
What should be your first step?
A. Start an Import Job via the Azure Portal
B. Order an Azure Databox via the Azure Portal
C. Open a ticket with Microsoft Support
D. Prepare your hard drives using the WAImportExport tool
Answer: (SHOW ANSWER)
The Microsoft Azure Data Box cloud solution lets you send terabytes of data into and out of Azure
in a quick, inexpensive, and reliable way.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
https://docs.microsoft.com/en-us/azure/databox/data-box-overview
NEW QUESTION: 113
You have an Azure subscription that contains the Azure virtual machines shown in the following
table.
You add inbound security rules to a network security group (NSG) named NSG1 as shown in the
following table.
You run Azure Network Watcher as shown in the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You run Network Watcher again as shown in the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
NEW QUESTION: 114
You have an Azure subscription.
You deploy a virtual machine scale set that is configured as shown in the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Use the drop-down menus to select the answer choice that answers each question based on the
information presented in the graphic NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-
autoscale-portal
NEW QUESTION: 115
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the
following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
The planned disk configurations for VM1 are shown in the following exhibit.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Use managed disks
B. Availability options
C. OS disk type
D. Size
E. Image
Answer: (SHOW ANSWER)
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone
NEW QUESTION: 116
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone
for a host named www that has an IP address of 131.107.1.10.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP
address.
You need to resolve the name resolution issue.
Solution: You modify the SOA record in the contoso.com zone.
A. Yes
B. No
Answer: (SHOW ANSWER)
Modify the NS record, not the SOA record.
Note: The SOA record stores information about the name of the server that supplied the data for
the zone; the administrator of the zone; the current version of the data file; the number of seconds
a secondary name server should wait before checking for updates; the number of seconds a
secondary name server should wait before retrying a failed zone transfer; the maximum number
of seconds that a secondary name server can use data before it must either be refreshed or
expire; and a default number of seconds for the time-to live file on resource records.
Reference:
https://searchnetworking.techtarget.com/definition/start-of-authority-record
NEW QUESTION: 117
You have an Azure subscription that contains two virtual machines as shown in the following
table.
You perform a reverse DNS lookup for 10.0.0.4 from VM2.
Which FQDN will be returned?
A. vm1.core.windows.net
B. vm1.internal.cloudapp.net
C. vm1.westeurope.cloudapp.azure.com
D. vm1.azure.com
Answer: (SHOW ANSWER)
This is an excerpt from the official documentation in the section "Reverse DNS Considerations"
Form : https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-
for-vms-and-role-instances#dns-client-configuration [..." - All PTR queries for IP addresses of
virtual machines will return FQDNs of form [vmname].internal.cloudapp.net - Forward lookup on
FQDNs of form [vmname].internal.cloudapp.net will resolve to IP address assigned to the virtual
machine. - If the virtual network is linked to an Azure DNS private zones as a registration virtual
network, the reverse DNS queries will return two records. One record will be of the form
[vmname].[privatednszonename] and the other will be of the form [vmname].internal.cloudapp.net
"...]
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-
and-role-instances
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 118
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
A. NSEC
B. PTR
C. DNSKEY
D. TXT
Answer: (SHOW ANSWER)
TXT : Correct Choice
You need to go to your hosting domain registrar and add in a TXT record.
NSEC3 : Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to
prove a name does not exist.
RRSIG : Incorrect Choice
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
This contains a cryptographic signature.
DNSKEY : Incorrect Choice
This will verify that the records are originating from an authorized sender.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-
your-custom-domain-name
https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY%20%2D
%20Contains%20a%20public%20signing,s)%20in%20the%20parent%20zone.
NEW QUESTION: 119
Note: The question is included in a number of questions that depicts the identical set-up.
However, every question has a distinctive result. Establish if the solution satisfies the
requirements.
Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is
configured for hybrid coexistence with the on-premises Active Directory domain.
You have a server named DirSync1 that is configured as a DirSync server.
You create a new user account in the on-premise Active Directory. You now need to replicate the
user information to Azure AD immediately.
Solution: You restart the NetLogon service on a domain controller.
Does the solution meet the goal?
A. No
B. Yes
Answer: (SHOW ANSWER)
NEW QUESTION: 120
You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery.
The Hyper-V environment is managed by using Microsoft System Center Virtual Machine
Manager (VMM).
The Hyper-V environment contains the virtual machines in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Which virtual machine can be migrated by using Azure Site Recovery?
A. DC1
B. FS1
C. CA1
D. SQL1
Answer: (SHOW ANSWER)
DC1 : Not supported as it is Gen2 and OS disk size is greater than 300 GB FS1 : Not supported
as it is Gen2 and Linux VM. Linux Generation 2 VMs aren't supported.
CA1 : Not supported as bitlocker is enabled. BitLocker must be disabled before you enable
replication for a VM.
SQL1: Supported
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-
requirements
NEW QUESTION: 121
You have a Recovery Service vault that you use to test backups. The test backups contain two
protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?
A. From the Recovery Service vault, stop the backup of each backup item.
B. From the Recovery Service vault, delete the backup data.
C. Modify the disaster recovery properties of each virtual machine.
D. Modify the locks of each virtual machine.
Answer: (SHOW ANSWER)
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If
you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items.
In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure
virtual machines.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 122
You have an Azure subscription named Subscription1. Subscription1 contains the resource
groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?
A. The App Service plan to WebApp1 moves to North Europe. Policy2 applies to WebApp1.
B. The App Service plan to WebApp1 moves to North Europe. Policy1 applies to WebApp1.
C. The App Service plan to WebApp1 remains to West Europe. Policy2 applies to WebApp1.
D. The App Service plan to WebApp1 remains to West Europe. Policy1 applies to WebApp1.
Answer: (SHOW ANSWER)
You can move an app to another App Service plan, as long as the source plan and the target plan
are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it's in. However, you
cannot change an App Service plan's region.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 123
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted
in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between
the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Resource policy definition used by Azure Policy enables you to establish conventions for
resources in your organization by describing when the policy is enforced and what effect to take.
However, there are no built-in policy definitions. Though there are sample policy defintions.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
NEW QUESTION: 124
You have an Azure subscription named Subscription1 that contains the following resource group:
Name: RG1
Region: West US
Tag: "tag1": "value1"
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
Exclusions: None
Policy definition: Append tag and its default value
Assignment name: Policy1
Parameters:
- Tag name: Tag2
- Tag value: Value2
After Policy1 is assigned, you create a storage account that has the following configurations:
Name: storage1
Location: West US
Resource group: RG1
Tags: "tag3": "value3"
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
NEW QUESTION: 125
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to
VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
* Create files on drive D.
* Modify the screen saver timeout.
* Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
A. the modified screen saver timeout
B. the new desktop background
C. the new files on drive D
D. The new files on drive C
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer: (SHOW ANSWER)
As D drive is temporary storage so new files on D drive will be lost. The screensaver, wall paper,
new files on C drive are available after Redeploy.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/redeploy-to-new-node-
windows
NEW QUESTION: 126
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription
named Subscription1. Adatum contains a group named Developers. Subscription1 contains a
resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev
resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
The Contributor role can manage all resources (and add resources) in a Resource Group.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
NEW QUESTION: 127
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com
contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? To answer. select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
NEW QUESTION: 128
You create a Recovery Services vault backup policy named Policy1 as shown in the following
exhibit:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Use the drop-down menus to select the answer choice that completes each statement based on
the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
NEW QUESTION: 129
You have the Azure virtual machines shown in the following table.
VNET1, VNET2, and VNET3 are peered.
VM4 has a DNS server that is authoritative for a zone named Contoso.com and contains the
records shown in the following table.
VNET1 and VNET2 are linked to an Azure private DNS zone named Contoso.com that contains
the records shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
The virtual networks are configured to use the DNS servers shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
NEW QUESTION: 130
A. From the RSV1 blade, click Backup items and stop the VM2 backup.
B. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
C. From the RSV1 blade, click Backup. From the Backup blade, select the backup for the virtual
machine, and then click Backup.
D. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2
as the Recovery Services vault.
Answer: (SHOW ANSWER)
The Azure Site Recovery service contributes to your disaster recovery strategy by managing and
orchestrating replication, failover, and failback of on-premises machines and Azure virtual
machines (VMs).
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
NEW QUESTION: 131
You have an Azure subscription that is used by four departments in your company. The
subscription contains 10 resource groups. Each department uses resources in several resource
groups.
You need to send a report to the finance department. The report must detail the costs for each
department. Which three actions should you perform in sequence? To answer, move the
appropriate actions from the list of actions to the answer area and arrange them in the correct
order.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
1 - Assign a tag to each resource.
2 - From the Cost analysis blade, filter the view by tag
3 - Download the usage report
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started
NEW QUESTION: 132
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that users can connect to the website from the internet.
What should you do?
A. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a
priority of 501.
B. For Rule5, change the Action to Allow and change the priority to 401.
C. Delete Rule1.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
D. Modify the protocol of Rule4.
Answer: (SHOW ANSWER)
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port
443.
Note: Rules are processed in priority order, with lower numbers processed before higher
numbers, because lower numbers have higher priority. Once traffic matches a rule, processing
stops.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
NEW QUESTION: 133
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
* Name: LB1
* Type internal
* SKU: Standard
* Virtual network VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network
interface of VM1, and then start VM1.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
A Backend Pool configured by IP address has the following limitations:
Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management You can only
attach virtual machines in the same region and that have a standard SKU public IP configuration
or no public IP configuration. All IP configurations must be on the same virtual network.
NEW QUESTION: 134
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
Network Watcher Connection Monitor enables you to configure and track connection reachability,
latency, and network topology changes. It helps reduce the amount of time to detect connectivity
problems. The returned results can provide insights into whether a connectivity problem is due to
a platform or a user configuration problem. This is not used in cases where we need to inspect for
all the network traffic from one vm to another vm.
On the other hand Network Watcher packet capture allows you to create capture sessions to
track traffic to and from a virtual machine. So in this scenario we need to use Network Watcher
packet capture Reference:
https://azure.microsoft.com/en-in/updates/general-availability-azure-network-watcher-connection-
monitor-in-all-public-regions/#:~:text=Network%20Watcher%20Connection%20Monitor
%20helps,or%20a%20user%20configuration%20problem
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-
manage-portal
NEW QUESTION: 135
You create an Azure subscription named Subscription1 and an associated Azure Active Directory
(Azure AD) tenant named Tenant1. Tenant1 contains the users in the following table.
You need to add an Azure AD Privileged Identity Management application to Tenant1.
Which account can you use?
A. [email protected]
B. [email protected]
C. [email protected]
D. [email protected]
Answer: (SHOW ANSWER)
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role
administrator or Global administrator role can manage assignments for other administrators. You
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
can grant access to other administrators to manage Privileged Identity Management. Global
Administrators, Security Administrators, Global readers, and Security Readers can also view
assignments to Azure AD roles in Privileged Identity Management.
Only owner can create an subscription and only global administrator can perform Privileged
Identity Management changes. So you can create subscription with external user and then
promote him to global administrator to get things done.
As it is mentioned as it is associated with azure tenant so that tenant has an AD domain. So in
azure AD the default domain ends with onmicrosoft.com. So you can't have Hotmail IDs there.
Moreover always remember the principle of least privileges, when you can get your job done with
Global Administrator then you should not look for owner for security purpose.
[email protected] : Correct Choice
As Admin1 is Global Administrator and part of default AD domain so Admin1 can add an Azure
AD Privileged Identity Management application to Tenant1 [email protected] :
Incorrect Choice As per the above Admin3 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
As per the above Admin2 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
Although this user is Global Administrator but referring to the least privileges principal and default
domain consideration this option is incorrect.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-
getting-started
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
NEW QUESTION: 136
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You deploy a web server on VM1, and then create a secure website that is accessible by using
the HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
A. Change the priority of Rule3 to 450.
B. Change the priority of Rule6 to 100
C. DeleteRule1.
D. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a
priority of 501.
E. For Rule5, change the Action to Allow and change the priority to 401
Answer: E (LEAVE A REPLY)
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with
lower numbers processed before higher numbers, because lower numbers have higher priority.
Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities
(higher numbers) that have the same attributes as rules with higher priorities are not processed.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 137
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named
ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises
network. The solution must minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 138
You are planning to deploy an Ubuntu Server virtual machine to your company's Azure
subscription.
You are required to implement a custom deployment that includes adding a particular trusted root
certification authority (CA).
Which of the following should you use to create the virtual machine?
A. The New-AzureRmVm cmdlet.
B. The New-AzVM cmdlet.
C. The Create-AzVM cmdlet.
D. The az vm create command.
Answer: (SHOW ANSWER)
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment
NEW QUESTION: 139
You have a general purpose v1 storage account named storageaccount1 that has a private
container named container1. You need to allow read access to the data inside container1, but
only within a 14 day window. How do you accomplish this?
A. Create a stored access policy
B. Create a service SAS
C. Create a shared access signatures
D. Upgrade the storage account to general purpose v2
Answer: (SHOW ANSWER)
A Stored Access Policy allows granular control over a single storage container using a Shared
Access Signature (SAS).
A Shared Access Signature (SAS) allows you to have granular control over your storage account,
including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete,
list, add, or create access.
NEW QUESTION: 140
A. Modify the size of VM1.
B. Add a data disk.
C. Reset the password for the built-in administrator account.
D. Copy Budget.xls to Data.
Answer: (SHOW ANSWER)
The scenario mentioned in the question, we are using the replace option. So in this case we
would lose the existing data written to the disk after the backup was taken. The file was copied to
the disk after the backup was taken. Hence, we would need to copy the file once again.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-
disks
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 141
You have an Azure subscription named Sub1 that contains the Azure resources shown in the
following table.
You assign an Azure policy that has the following settings:
* Scope: Sub1
* Exclusions: Sub1/RG1/VNET1
* Policy definition: Append a tag and its value to resources
* Policy enforcement: Enabled
* Tag name: Tag4
* Tag value: value4
You assign tags to the resources as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?
tabs=json
NEW QUESTION: 142
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard public IP addresses and associate a Standard SKU public IP
address to the network interface of each virtual machine.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
A Backend Pool configured by IP address has the following limitations:
Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 143
You have an Azure subscription.
You are deploying an Azure Kubemetes Service (AKS) cluster that will contain multiple pods. The
pods will use kubermetes networking, You need to restrict network traffic between the pods.
What should you configure on the AKS cluster?
A. the Calico network policy
B. pod security policies
C. an application security group
D. the Azure network policy
Answer: (SHOW ANSWER)
NEW QUESTION: 144
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure
Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then
powers it back on, retaining all your configuration options and associated resources.
NEW QUESTION: 145
You have an Azure virtual machine that runs Windows Server 2019 and has the following
configurations:
Name: VM1
Location: West US
Connected to: VNET1
Private IP address: 10.1.0.4
Public IP addresses: 52.186.85.63
DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1
can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
NEW QUESTION: 146
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription
named Subscription1. Adatum contains a group named Developers. Subscription1 contains a
resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev
resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
The Logic App Contributor role lets you manage logic app, but not access to them. It provides
access to view, edit, and update a logic app.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
NEW QUESTION: 147
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active
Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions.
You need to ensure that you can view all the resources in all the subscriptions.
What should you do?
A. From the Azure portal, modify the profile settings of your account.
B. From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.
C. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.
D. From the Azure portal, modify the properties of the Azure AD tenant.
Answer: C (LEAVE A REPLY)
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure
Active Directory (AD). Use it for the application report.
NEW QUESTION: 148
You need to resolve the Active Directory issue.
What should you do?
A. From Active Directory Users and Computers, select the user accounts, and then modify the
User Principal Name value.
B. Run idfix.exe, and then use the Edit action.
C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
D. From Azure AD Connect, modify the outbound synchronization rule.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer: (SHOW ANSWER)
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-
premises Active Directory environment in preparation for migration to Azure Active Directory.
IdFix is intended for the Active Directory administrators responsible for directory synchronization
with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Topic 1, Humongous Insurance
Existing Environment
Huongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and
Bankok. Each has 5000 users.
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named
humongousinsurance.com. The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a
dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error
message: "Licenses not assigned. License agreement failed for one user." You verify that the
Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000
users who will be hired during the next 12 months. All the resources used by the Paris office
users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
Default Azure system routes that will be the only routes used to route traffic A virtual network
named Paris-VNet that will contain two subnets named Subnet1 and Subnet2 A virtual network
named ClientResources-VNet that will contain one subnet named ClientSubnet A virtual network
named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4 You plan to
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote
gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration
network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2,
Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
Web administrators will deploy Azure web apps for the marketing department. Each web app will
be added to a separate resource group. The initial configuration of the web apps will be identical.
The web administrators have permission to deploy web apps to resource groups.
During the testing phase, auditors in the finance department must be able to review all Azure
costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD
Seamless SSO) when accessing resources in Azure.
NEW QUESTION: 149
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a packet capture.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection-
monitor-inall-public-regions/
NEW QUESTION: 150
A. From the multi-factor authentication page, configure the Multi-Factor Auth status for each user
B. From Azure Active Directory admin center, create a conditional access policy
C. From the multi-factor authentication page, modify the verification options
D. From the Azure Active Directory admin center, configure an authentication method
Answer: (SHOW ANSWER)
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
NEW QUESTION: 151
You have an Azure web app named App1 that has two deployment slots named Production and
Staging. Each slot has the unique settings shown in the following table.
You perform a slot swap.
What are the configurations of the Production slot after the swap? To answer, select the
appropriate options in the answer area.
NOTE: Each correction is worth one point.
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#what-happens-during-a-
swap
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 152
You have the Azure virtual machines shown in the following table.
A DNS service is install on VM1.
You configure the DNS server settings for each virtual network as shown in the following exhibit.
You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS
service on VM1. What should you do?
A. Add service endpoints on VNET2 and VNET3.
B. Configure peering between VNE11, VNETT2, and VNET3.
C. Configure a conditional forwarder on VM1
D. Add service endpoints on VNET1.
Answer: (SHOW ANSWER)
An Azure AD DS DNS zone should only contain the zone and records for the managed domain
itself.
A conditional forwarder is a configuration option in a DNS server that lets you define a DNS
domain, such as contoso.com, to forward queries to. Instead of the local DNS server trying to
resolve queries for records in that domain, DNS queries are forwarded to the configured DNS for
that domain. This configuration makes sure that the correct DNS records are returned, as you
don't create a local a DNS zone with duplicate records in the managed domain to reflect those
resources.
To create a conditional forwarder in your managed domain, complete the following steps:
1. Select your DNS zone, such as aaddscontoso.com.
2. Select Conditional Forwarders, then right-select and choose New Conditional Forwarder...
3. Enter your other DNS Domain, such as contoso.com, then enter the IP addresses of the DNS
servers for that namespace, as shown in the following example:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
4. Check the box for Store this conditional forwarder in Active Directory, and replicate it as
follows, then select the option for All DNS servers in this domain, as shown in the following
example:
5. To create the conditional forwarder, select OK.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Name resolution of the resources in other namespaces from VMs connected to the managed
domain should now resolve correctly. Queries for the DNS domain configured in the conditional
forwarder are passed to the relevant DNS servers.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-
and-role-instances
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns
NEW QUESTION: 153
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the resources shown in the following table.
Answer:
NEW QUESTION: 154
You create the following resources in an subscription:
* An Azure Container Registry instance named Registry1
* An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App 1 on your administrative workstation.
You need to deploy App1 to cluster 1.
What should you do first?
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
A. Create a host pool on Cluster1
B. Run the docker push command.
C. Run the kubect1 apply command.
D. Run the az aks create command.
Answer: (SHOW ANSWER)
An Azure container registry stores and manages private Docker container images, similar to the
way Docker Hub stores public Docker images. You can use the Docker command-line interface
(Docker CLI) for login, push, pull, and other operations on your container registry.
After you login to the registry you can run push command to upload the image.
Below is an sample of that command
docker push myregistry.azurecr.io/samples/nginx
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
NEW QUESTION: 155
You have an on-premises network that includes a Microsoft SQL Server instance named SQL1.
You create an Azure Logic App named App1.
You need to ensure that App1 can query a database on SQL1.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
1 - From an on-premises computer, install an on-premises data gateway.
2 - From the Azure portal, create an on-premises data gateway
3 - From the Logic Apps Designer in the Azure portal, add a connector
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection
NEW QUESTION: 156
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to reses clients connect n on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
1 - In the Backup dashboard menu, click File Recovery.
2 - From the Select recovery point drop-down menu, select the recovery point that holds the files
you want. By default, the latest recovery point is already selected.
3 - To download the software used to copy files from the recovery point, click Download
Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is
generated).
4 - Copy the files by using AzCopy
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy
NEW QUESTION: 157
You are troubleshooting a performance issue for an Azure Application Gateway.
You need to compare the total requests to the failed requests during the past six hours.
What should you use?
A. Metrics in Application Gateway
B. Diagnostics logs in Application Gateway
C. NSG flow logs in Azure Network Watcher
D. Connection monitor in Azure Network Watcher
Answer: (SHOW ANSWER)
Application Gateway currently has seven metrics to view performance counters.
Metrics are a feature for certain Azure resources where you can view performance counters in the
portal. For Application Gateway, the following metrics are available:
Total Requests
Failed Requests
Current Connections
Healthy Host Count
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Response Status
Throughput
Unhealthy Host count
You can filter on a per backend pool basis to show healthy/unhealthy hosts in a specific backend
pool Reference:
Metrics
NEW QUESTION: 158
You have an Azure Service Bus.
You create a queue named Queue1. Queue1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on
the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/message-expiration
https://docs.microsoft.com/en-us/azure/service-bus-messaging/message-transfers-locks-
settlement
NEW QUESTION: 159
You have an Azure subscription named Subscription' that contains an Azure Log Analytics
workspace named Workspace', You need to view the error events from a table named Event.
Which query should you run in Workspace1?
A. search in (Event) * | where EventType -eq "error"
B. Event | where EventType is "error"
C. select * from Event where EventType is "error"
D. search in (Event) "error"
Answer: (SHOW ANSWER)
NEW QUESTION: 160
A. Yes
B. No
Answer: (SHOW ANSWER)
You should redeploy the VM.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 161
You have an Azure Active Directory (Azure AD) tenant that syncs to on-premises Active Directory
and contains the users shown in the following table.
You create a group named Group1 and add User1 to the group. You need to configure the
ownership of Group 1. Which users can you add as owners of Group1?
A. East US, West Europe, and North Europe
B. East US and West Europe only
C. East US only
D. East US and North Europe only
Answer: (SHOW ANSWER)
Before creating a network interface, you must have an existing virtual network in the same
location and subscription you create a network interface in.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION: 162
You have an Azure subscription that contains a virtual network named VNET in the East Us 2
region. A network interface named VM1-NI is connected to VNET1.
You successfully deploy the following Azure Resource Manager template.
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
Answer:
NEW QUESTION: 163
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an
external service that requires certificate authentication.
You plan to require the use of HTTPS to access WebApp1.
You need to upload certificates to WebApp1.
In which formats should you upload the certificate? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
NEW QUESTION: 164
You have an Azure subscription that contains the following resources:
100 Azure virtual machines
20 Azure SQL databases
50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup.
What is the minimum number of backup policies that you must create?
A. 1
B. 2
C. 3
D. 150
E. 170
Answer: (SHOW ANSWER)
There is a limit of 100 VMs that can be associated to the same backup policy from portal. We
recommend that for more than 100 VMs, create multiple backup policies with same schedule or
different schedule.
One policy for VMS, one for SQL databases, and one for the file shares.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vm-backup-faq
NEW QUESTION: 165
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow
Remote Desktop connections NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
Downloaded by John Jessen ([email protected])
lOMoARcPSD|23500241
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-
Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a
protocol.
Does this meet the goal?
A. Yes
B. No
Answer: (SHOW ANSWER)
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic,
Azure processes the rules in a network security group associated to a subnet first, and then the
rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the
creation of VM , unless you change the setting during creation. Subnets usually do not have any
NSG associated unless you go out of the way to do so, which this scenario does. when you
create that extra NSG, it won't have an RDP rule by default, thus blocking inbound connections.
Request first goes to NSG -subnet1 and as there is no allow rule for RDP so it will block the
request by default.Since the Subnet NSG (the one with the default rules) is evaluated first, it
blocks the inbound RDP connection.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-
connection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Valid AZ-104 Dumps shared by Fast2test.com for Helping Passing AZ-104 Exam!
Fast2test.com now offer the newest AZ-104 exam dumps, the Fast2test.com AZ-104 exam
questions have been updated and answers have been corrected get the newest
Fast2test.com AZ-104 dumps with Test Engine here: https://www.fast2test.com/AZ-104-
premium-file.html (482 Q&As Dumps, 30%OFF Special Discount: freecram)
Downloaded by John Jessen ([email protected])
You might also like
- Microsoft - Az 400.LAB .VMay 2024.by .Ancher.126qNo ratings yetMicrosoft - Az 400.LAB .VMay 2024.by .Ancher.126q116 pages
- AZ 104T00 A Microsoft Azure AdministratorNo ratings yetAZ 104T00 A Microsoft Azure Administrator9 pages
- Amazon Licence Plate LP Receive Vendor Manual EDINo ratings yetAmazon Licence Plate LP Receive Vendor Manual EDI4 pages
- Microsoft - Selftestengine.az 104.practice - Test.2024 Apr 25.by - Kim.124q.vceNo ratings yetMicrosoft - Selftestengine.az 104.practice - Test.2024 Apr 25.by - Kim.124q.vce16 pages
- Microsoft Testkings Az-104 Vce 2023-Jun-17 by Hugh 408q VceNo ratings yetMicrosoft Testkings Az-104 Vce 2023-Jun-17 by Hugh 408q Vce44 pages
- Microsoft (AZURE) AZ-301 Dumps PDF - Best Study Material EverNo ratings yetMicrosoft (AZURE) AZ-301 Dumps PDF - Best Study Material Ever8 pages
- Microsoft Azure Administrator: Microsoft AZ-104 Dumps Available Here atNo ratings yetMicrosoft Azure Administrator: Microsoft AZ-104 Dumps Available Here at30 pages
- Az-220 Dumps Microsoft Azure Iot Developer: 100% Valid and Newest Version Az-220 Questions & Answers Shared by Certleader0% (1)Az-220 Dumps Microsoft Azure Iot Developer: 100% Valid and Newest Version Az-220 Questions & Answers Shared by Certleader13 pages
- Microsoft Actualtests AZ-104 v2021-04-05No ratings yetMicrosoft Actualtests AZ-104 v2021-04-0528 pages
- Sample Questions For Microsoft Azure Administrator AZ-104 Certification ExamNo ratings yetSample Questions For Microsoft Azure Administrator AZ-104 Certification Exam7 pages
- Microsoft Transcender Az-900 Actual Test 2020-Jan-03 by Aubrey 113q VceNo ratings yetMicrosoft Transcender Az-900 Actual Test 2020-Jan-03 by Aubrey 113q Vce12 pages
- Implementing Microsoft Azure Infrastructure Solutions: Exam 70-533No ratings yetImplementing Microsoft Azure Infrastructure Solutions: Exam 70-53399 pages
- Mod 6 - Lab - Use Azure Network Watcher For Monitoring and Troubleshooting Network ConnectivityNo ratings yetMod 6 - Lab - Use Azure Network Watcher For Monitoring and Troubleshooting Network Connectivity10 pages
- Expert Veri Ed, Online, Free.: Microsoft AZ-104 Exam Actual QuestionsNo ratings yetExpert Veri Ed, Online, Free.: Microsoft AZ-104 Exam Actual Questions1 page
- Exam AZ-305 Title Designing Microsoft Azure Infrastructure Solutions (Beta) 1.0 Product Type 59 Q&A With ExplanationsNo ratings yetExam AZ-305 Title Designing Microsoft Azure Infrastructure Solutions (Beta) 1.0 Product Type 59 Q&A With Explanations64 pages
- Microsoft - Exambible.az 104.practice - Test.2022 Jul 04.by - Payne.322q.vce100% (1)Microsoft - Exambible.az 104.practice - Test.2022 Jul 04.by - Payne.322q.vce17 pages
- Website: VCE To PDF Converter: Facebook: Twitter:: SectionsNo ratings yetWebsite: VCE To PDF Converter: Facebook: Twitter:: Sections25 pages
- How CMOs Are Using AI To Transform Their Strategies EMARKETERNo ratings yetHow CMOs Are Using AI To Transform Their Strategies EMARKETER9 pages
- Exam Ms 201 Implementing A Hybrid and Secure Messaging Platform Skills Measured PDFNo ratings yetExam Ms 201 Implementing A Hybrid and Secure Messaging Platform Skills Measured PDF5 pages
- SharePoint 2013 - 2016 - 2019 - How To Replace Expired WorkFlow Manager Certificates - Microsoft Community HubNo ratings yetSharePoint 2013 - 2016 - 2019 - How To Replace Expired WorkFlow Manager Certificates - Microsoft Community Hub13 pages
- Microsoft Test-King AZ-900 v2019-04-19 by Martin 40qNo ratings yetMicrosoft Test-King AZ-900 v2019-04-19 by Martin 40q25 pages
- AZ-104 Exam - Free Actual Q&As, Page 2 - ExamTopicsNo ratings yetAZ-104 Exam - Free Actual Q&As, Page 2 - ExamTopics8 pages
