• Home
  • Articles
  • 2024 100% Free AZ-104 Daily Practice Exam With 298 Questions [Q95-Q120]

2024 100% Free AZ-104 Daily Practice Exam With 298 Questions [Q95-Q120]

Share

2024 100% Free AZ-104 Daily Practice Exam With 298 Questions

AZ-104 exam torrent Microsoft study guide

NEW QUESTION # 95
You have an Azure subscription named Subscription1 that contains the resources in the following table.

VM1 and VM2 run the websites in the following table.

AppGW1 has the backend pools in the following table.

DNS resolves site1.contoso.com, site2.contoso.com, and site3.contoso.com to the IP address of AppGW1.
AppGW1 has the listeners in the following table.

AppGW1 has the rules in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com


NEW QUESTION # 96
You have two Azure subscriptions named Sub1 and Sub2. Sub1 is in a management group named MG1. Sub2 is in a management group named MG2. You have the resource groups shown in the following table.

You have the virtual machines shown in the following table.

Answer:

Explanation:


NEW QUESTION # 97
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.
On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK) You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a new key.
  • B. Select Azure Virtual machines for deployment
  • C. Configure a key rotation policy.
  • D. Create a new secret.
  • E. Select Azure Disk Encryption for volume encryption

Answer: A,C

Explanation:
Explanation
To prepare Vault1 for Azure Disk Encryption, you need to perform the following actions on Vault1:
Create a new key. A key encryption key (KEK) is an encryption key that is used to encrypt the encryption secrets before they are stored in the key vault. You can create a new KEK by using the Azure CLI, the Azure PowerShell, or the Azure portal1. You can also import an existing KEK from another source, such as a hardware security module (HSM)2. The KEK must be a 2048-bit RSA key or a 256-bit AES key3.
Select Azure Disk Encryption for volume encryption. This is an advanced access policy setting that enables Azure Disk Encryption to access the keys and secrets in the key vault. You can select this setting by using the Azure CLI, the Azure PowerShell, or the Azure portal4. You must also enable access to Microsoft Trusted Services if you have enabled the firewall on the key vault.


NEW QUESTION # 98
You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

Read only and Delete lock won't prevent you from moving resources in different resource groups. It will prevent you to do the operations in the resource group where the resources are there.
So the correct answer should be
RG1 --> RG2 = IP1, vnet1 and storage1
RG2 --> RG1 = IP2, vnet2 and storage2
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking


NEW QUESTION # 99
You have an Azure subscription
You need to use an Azure Resource Manager (ARM) template to create a virtual machine that will have multiple data disks.
How should you complete the template? To answer select the appropriate options in the answer area NOTE: Each correct selection n worth one point.

Answer:

Explanation:


NEW QUESTION # 100
You need to create container1 and share1.
Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview


NEW QUESTION # 101
You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You configure the network interfaces of the virtual machines to use the settings shown in the following table

From the settings of VNET1, you configure the DNS servers shown in the following exhibit.

The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#name-resolution-dns


NEW QUESTION # 102
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview


NEW QUESTION # 103
You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Answer:

Explanation:

Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration.
Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Assign the node configuration
Step 4: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status - whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started


NEW QUESTION # 104
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.

Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: User1 and User3 only.
The Owner Role lets you manage everything, including access to resources.
The Network Contributor role lets you manage networks, but not access to them.
Box 2: User1 and User2 only
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles


NEW QUESTION # 105
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.

You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.
Which A records will be added to the adatum.com zone for each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/dns/private-dns-scenarios


NEW QUESTION # 106
You have an Azure subscription that contains the resources shown in the following table.

VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution: You delete VM1. You recreate VM1, and then you create a new network interface for VM1 and connect it to VNET2.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 107
You have an Azure web app named App1 that has two deployment slots named Production and Staging. Each slot has the unique settings shown in the following table.

You perform a slot swap.
What are the configurations of the Production slot after the swap? To answer, select the appropriate options in the answer area.
NOTE: Each correction is worth one point.

Answer:

Explanation:

Explanation:
Which settings are swapped?
When you clone configuration from another deployment slot, the cloned configuration is editable. Some configuration elements follow the content across a swap (not slot specific), whereas other configuration elements stay in the same slot after a swap (slot specific). The following lists show the settings that change when you swap slots.
Box 1 : On
Settings that are swapped:
General settings, such as framework version, 32/64-bit, web sockets
App settings (can be configured to stick to a slot)
Connection strings (can be configured to stick to a slot)
Handler mappings
Public certificates
WebJobs content
Hybrid connections *
Virtual network integration *
Service endpoints *
Azure Content Delivery Network *
Features marked with an asterisk (*) are planned to be unswapped.
So web sockets settings will be swapped. So Production will have web sockets settings from "Off" to "On" after the swap slot.
Box 2: App1-prod.contoso.com
Settings that aren't swapped:
Publishing endpoints
Custom domain names
Non-public certificates and TLS/SSL settings
Scale settings
WebJobs schedulers
IP restrictions
Always On
Diagnostic settings
Cross-origin resource sharing (CORS)
So Custom domain names will not be swapped. So Production will have Custom domain names of its own after the swap slot.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#what-happens-during-a-swap


NEW QUESTION # 108
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions.
Box 2: NSG1
NSG flow logs allow viewing information about ingress and egress IP traffic through a Network security group. Through this, the IP addresses that connect to the ILB can be monitored when the diagnostics are enabled on a Network Security Group.
We cannot enable diagnostics on an internal load balancer to check for the IP addresses.
As for Internal LB, it is basic one. Basic can only connect to storage account. Also, Basic LB has only activity logs, which doesn't include the connectivity workflow. So, we need to use NSG to meet the mentioned requirements.


NEW QUESTION # 109
You have a pay-as-you-go Azure subscription that contains the virtual machines shown in the following table.

You create the budget shown in the following exhibit.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-gb/azure/cost-management-billing/costs/tutorial-acm-create-budgets
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending


NEW QUESTION # 110
You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3.
Peering for VNET1 is configured as shown in the following exhibit.

Peering for VNET2 is configured as shown in the following exhibit.

Peering for VNET3 is configured as shown in the following exhibit.

How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview


NEW QUESTION # 111
You have an Azure subscription that contains the virtual networks shown in the following table.

You have the virtual machines shown in the following table.

You have the virtual network interfaces shown in the following table.

Server1 is a DNS server that contains the resources shown in the following table.

You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 112
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 113
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: storage3 only
Vault1 and storage3 are both in West Europe.
Box 2: Analytics3
Vault1 and Analytics3 are both in West Europe.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-configure-reports


NEW QUESTION # 114
You have a sync group that has the endpoints shown in the following table.

Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering


NEW QUESTION # 115
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You join Computer2 to Azure Active Directory (Azure AD)
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Section: [none]
Explanation:
A client computer that connects to a VNet using Point-to-Site must have a client certificate installed.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site


NEW QUESTION # 116
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Answer:

Explanation:

Explanation:
As cooling period and scale in and scale out durations are not displayed in the graphical view, so we need to consider the default values as below for these settings.
Cool down (minutes) : The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect. Default is 5 minutes.
Duration : The amount of time monitored before the metric and threshold values are compared. Default is 10 minutes.
Box 1: 4 virtual machines
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher for more than or equals to 10 mins due to default duration for scale in and out is 10 minutes. Since CPU utilization at 85% only lasts for 6 mins , it does not trigger the rules.
Hence no of virtual machines will be same as the initial value which is 4.
Box 2: 4 virtual machines
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower for more than or equal to 10 mins. due to default duration for scale in and out is 10 minutes . Since CPU utilization at 30% only lasts for 6 mins , it does not trigger the rules. Hence after first 6 mins instance count will be same as initial count as 4. After that CPU utilization reached to 50% for 6 mins , which again would not trigger the scale in rule. Therefore no of virtual machines will be same as the initial value which is 4.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns


NEW QUESTION # 117
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that allows any traffic from the AzuteLoadBalancer source and has a cost of 150.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 118
Case Study 1 - Humongous Insurance
Overview
Humongous Insurance is an insurance company that has three offices in Miami, Tokyo and Bangkok. Each office has 5.000 users.
Existing Environment
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named
humongousinsurance.com. The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
- Default Azure system routes that will be the only routes used to
route traffic
- A virtual network named Paris-VNet that will contain two subnets
named Subnet1 and Subnet2
- A virtual network named ClientResources-VNet that will contain one
subnet named ClientSubnet
- A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4 You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
- Web administrators will deploy Azure web apps for the marketing
department. Each web app will be added to a separate resource group.
The initial configuration of the web apps will be identical. The web
administrators have permission to deploy web apps to resource groups.
- During the testing phase, auditors in the finance department must be
able to review all Azure costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?

  • A. humongousinsurance.onmicrosoft.com
  • B. humongousinsurance.local
  • C. ad.humongousinsurance.com
  • D. humongousinsurance.com

Answer: D

Explanation:
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as '[email protected].' instead of
'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named
humongousinsurance.com
Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom- domain


NEW QUESTION # 119
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table.

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.
Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview


NEW QUESTION # 120
......


Microsoft AZ-104 exam is intended for individuals who have experience with Azure administration and have a strong understanding of cloud computing technologies. Candidates who pass AZ-104 exam will be able to demonstrate their expertise in Azure administration and will be able to work with Azure services to deploy, manage, and monitor applications and services. Microsoft Azure Administrator certification is recognized globally and is highly valued by organizations that use Azure services. Microsoft Azure Administrator certification can help individuals to advance their careers in cloud computing and open up new job opportunities.


Microsoft AZ-104 exam is a certification exam designed to validate the skills and knowledge of professionals who want to become Microsoft Azure Administrators. AZ-104 exam is intended for individuals who have experience in managing Azure resources and services, implementing and managing storage solutions, deploying and managing virtual machines, and configuring and managing virtual networks, among other essential Azure administration tasks.


Microsoft AZ-104 certification exam is a great way to demonstrate your expertise in managing Azure resources and services. It is also a valuable certification for IT professionals who want to advance their careers in cloud computing. Microsoft Azure Administrator certification exam is highly recognized in the industry and is a great way to showcase your skills to potential employers.

 

Use Valid New AZ-104 Test Notes & AZ-104 Valid Exam Guide: https://topexamcollection.pdfvce.com/Microsoft/AZ-104-exam-pdf-dumps.html

Related Articles

more
Microsoft AZ-104 Certification Practice Exam