This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ] Export date:Sat Apr 5 14:12:35 2025 / +0000 GMT ___________________________________________________ Title: Authentic Microsoft AZ-104 Exam Dumps PDF - 2023 Updated [Q144-Q168] --------------------------------------------------- Authentic Microsoft AZ-104 Exam Dumps PDF - 2023 Updated Get Prepared for Your AZ-104 Exam With Actual 548 Questions Microsoft AZ-104 certification exam is an essential credential for professionals who want to demonstrate their skills and knowledge in managing Azure environments. Microsoft Azure Administrator certification covers a range of topics, including Azure security, governance, identity, and access management, as well as Azure cost management and optimization. Microsoft Azure Administrator certification is highly respected by employers and is a valuable asset for professionals looking to advance their careers in cloud computing.   Q144. You have an Azure subscription that contains the resources shown in the following table.VM1 connects to VNET1.You need to connect VM1 to VNET2.Solution: You delete VM1. You recreate VM1, and then you create a new network interface for VM1 and connect it to VNET2.Does this meet the goal?  Yes  No Q145. You have two Azure virtual machines as shown in the following table.You create the Azure DNS zones shown in the following table.You perform the following actions:To fabrikam.com, you add a virtual network link to vnet1 and enable auto registration.For contoso.com, you assign vm1 and vm2 the Owner role.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worm one point. Q146. You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – Assign a tag to each resource.2 – From the Cost analysis blade, filter the view by tag3 – Download the usage reportReference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tagshttps://docs.microsoft.com/en-us/azure/billing/billing-getting-startedQ147. You have the Azure virtual networks shown in the following table.To which virtual networks can you establish a peering connection from VNet1?  VNet2 and VNet3 only  VNet2 only  VNet3 and VNet4 only  VNet2, VNet3, and VNet4 ExplanationReferences:https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal You can connect virtual networks to each other with virtual network peering. These virtual networks can be in the same region or different regions (also known as Global VNet peering). Once virtual networks are peered, resources in both virtual networks are able to communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network.Global VNet Peering is now generally available in all Azure public regions, excluding the China, Germany, and Azure Government regions.The address space is the most critical configuration for a VNet in Azure. This is the IP range for the entire network that will be divided into subnets. The address space can almost be any IP range that you wish (public or private). You can add multiple address spaces to a VNet. To ensure this VNet can be connected to other networks, the address space should never overlap with any other networks in your environment. If a VNet has an address space that overlaps with another Azure VNet or on-premises network, the networks cannot be connected, as the routing of traffic will not work properly.https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portalhttps://azure.microsoft.com/en-in/updates/general-availability-global-vnet-peering/#:~:text=Global%20VNet%20https://www.microsoftpressstore.com/articles/article.aspx?p=2873369Q148. You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.You create two user accounts that are configured as shown in the following table.To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation:Box 1: Group 1 onlyFirst rule appliesBox 2: Group1 and Group2 onlyBoth membership rules apply.References: https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collectionsQ149. You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.For each of the following statements, select Yes if the statement is true. Otherwise, select No. ExplanationOnce the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices-VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.All Azure resources connected to a VNet have outbound connectivity to the Internet by default. Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.Reference:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overviewhttps://docs.microsoft.com/en-us/azure/networking/networking-overview#internet-connectivityQ150. You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.What should you include in the recommended?  Azure AP B2C  Azure AD Identity Protection  an Azure logic app and the Microsoft Identity Management (MIM) client  dynamic groups and conditional access policies Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.References:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstatesQ151. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1.RG1 contains resources that were deployed by using templates.You need to view the date and time when the resources were created in RG1.Solution: From the RG1 blade, you click Deployments.Does this meet the goal?  Yes  No Explanation1. Select the resource group (Here RG1) you want to examine.2. Select the link under Deployments.3. Select one of the deployments from the deployment history.4. You will see a history of deployment for the resource group, including the correlation ID.Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-history?tabs=azure-portalQ152. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.You need to view the date and time when the resources were created in RG1.Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.Does this meet the goal?  Yes  No From the RG1 blade, click Deployments. You see a history of deployment for the resource group.Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azure-powershell Through activity logs, you can determine:§ what operations were taken on the resources in your subscription§ who started the operation§ when the operation occurred§ the status of the operation§ the values of other properties that might help you research the operation On the Azure portal menu, select Monitor, or search for and select Monitor from any page2. Select Activity Log.3. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on the summary includes who started the action and when it happened.https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logsQ153. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.You need to create new user accounts in external.contoso.com.onmicrosoft.com.Solution: You instruct User1 to create the user accounts.  Yes  No ExplanationOnly a global administrator can add users to this tenant.References:https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-adQ154. You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.You assign an Azure policy that has the following settings:* Scope: Sub1* Exclusions: Sub1/RG1/VNET1* Policy definition: Append a tag and its value to resources* Policy enforcement: Enabled* Tag name: Tag4* Tag value: value4You assign tags to the resources as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=jsonQ155. You have the Azure virtual machines shown in the following table.A DNS service is install on VM1.You configure the DNS server settings for each virtual network as shown in the following exhibit.You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1.What should you do?  Add service endpoints on VNET2 and VNET3.  Configure peering between VNE11, VNETT2, and VNET3.  Configure a conditional forwarder on VM1  Add service endpoints on VNET1. ExplanationAn Azure AD DS DNS zone should only contain the zone and records for the managed domain itself.A conditional forwarder is a configuration option in a DNS server that lets you define a DNS domain, such as contoso.com, to forward queries to. Instead of the local DNS server trying to resolve queries for records in that domain, DNS queries are forwarded to the configured DNS for that domain. This configuration makes sure that the correct DNS records are returned, as you don’t create a local a DNS zone with duplicate records in the managed domain to reflect those resources.To create a conditional forwarder in your managed domain, complete the following steps:1. Select your DNS zone, such as aaddscontoso.com.2. Select Conditional Forwarders, then right-select and choose New Conditional Forwarder…3. Enter your other DNS Domain, such as contoso.com, then enter the IP addresses of the DNS servers for that namespace, as shown in the following example:4. Check the box for Store this conditional forwarder in Active Directory, and replicate it as follows, then select the option for All DNS servers in this domain, as shown in the following example:5. To create the conditional forwarder, select OK.Name resolution of the resources in other namespaces from VMs connected to the managed domain should now resolve correctly. Queries for the DNS domain configured in the conditional forwarder are passed to the relevant DNS servers.Reference:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instahttps://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dnsQ156. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.Connections to App1 are managed by using an Azure Load Balancer.The effective network security configurations for VM2 are shown in the following exhibit.You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.Solution: You create an inbound security rule that allows any traffic from the AzuteLoadBalancer source and has a cost of 150.Does this meet the goal?  Yes  No Q157. You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.NOTE:More than one order of answer choices is correct. You will receive credit for any of the correct orders you select. ExplanationStep 1: Upload a configuration to Azure Automation State Configuration.Import the configuration into the Automation account.Step 2: Compile a configuration into a node configuration.A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.Step 3: Onboard the virtual machines to Azure Automation State Configuration.Onboard the Azure VM for management with Azure Automation State Configuration Step 4: Assign the node configuration Step 5: Check the compliance status of the node Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.On the blade for an individual report, you can see the following status information for the corresponding consistency check:The report status – whether the node is “Compliant”, the configuration “Failed”, or the node is “Not Compliant” References:https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-startedQ158. You have an Azure Active Directory (Azure AD) tenant.You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.Which three settings should you configure? To answer, select the appropriate settings in the answer area. Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfaQ159. You have an Azure subscription that contains an Azure Service Bus named Bus1.Your company plans to deploy two Azure web apps named App1 and App2. The web apps will create messages that have the following requirements:* Each message created by App1 must be consumed by only a single consumer* Each message created by App2 will be consumed by multiple consumers.Which resource should you create for each web app? To answer, drag the appropriate resources to the correct web apps. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-queues-topics-subscriptionsQ160. You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:* Number of methods required to reset: 2* Methods available to users: Mobile phone, Security questions* Number of questions required to register: 3* Number of questions required to reset: 3You select the following security questions:* What is your favorite food?* In what city was your first job?* What was the name of your first pet?For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:Box 1: NoAdministrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin accounts to Azure AD.An administrator cannot use secret Questions & Answers as a method to reset password.Box 2: YesSelf-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.Box 3: YesReferences:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deploymentQ161. You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN.In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16. VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24.You need to create a site-to-site VPN to Azure.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select. ExplanationA Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. For more information about VPN gateways, see About VPN gateway.1. Create a virtual networkYou can create a VNet with the Resource Manager deployment model and the Azure portal2. Create the gateway subnet :The virtual network gateway uses specific subnet called the gateway subnet. The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use.3. Create the VPN gateway :You create the virtual network gateway for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.4. Create the local network gateway:The local network gateway typically refers to your on-premises location. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.5. Configure your VPN device:Site-to-Site connections to an on-premises network require a VPN device. In this step, you configure your VPN device. When configuring your VPN device, you need the following:A shared key. This is the same shared key that you specify when creating your Site-to-Site VPN connection. In our examples, we use a basic shared key. We recommend that you generate a more complex key to use.The Public IP address of your virtual network gateway. You can view the public IP address by using the Azure portal, PowerShell, or CLI. To find the Public IP address of your VPN gateway using the Azure portal, navigate to Virtual network gateways, then click the name of your gateway.6. Create the VPN connection:Create the Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portalQ162. You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.You deploy virtual machine to Subscription1 as shown in the following table.You plan to deploy the virtual machines shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No. Reference:https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quotasQ163. You have an Azure subscription that contains the resources in the following table.Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.You need to apply ASG1 to VM1.What should you do?  Associate NIC1 to ASG1  Modify the properties of ASG1  Modify the properties of NSG1 Section: [none]Explanation:Application Security Group can be associated with NICs.References:https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security-groupsQ164. This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Subscription1 that contains the resources shown in the following table.VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.You need to create a new network interface named NIC2 for VM1.Solution: You create NIC2 in RG1 and Central US.Does this meet the goal?  Yes  No The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.Reference:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interfaceQ165. You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:* Subnet: 10.0.0.0/24* Availability set: AVSet* Network security group (NSG): None* Private IP address: 10.0.0.4 (dynamic)* Public IP address: 40.90.219.6 (dynamic)You deploy a standard, Internet-facing load balancer named slb1.You need to configure slb1 to allow connectivity to VM1.Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation:Box 1: Remove the public IP address from VM1If the Public IP on VM1 is set to Dynamic, that means it is a Public IP with Basic SKU because Public IPs with Standard SKU have Static assignments by default, that cannot be changed. We cannot associate Basic SKUs IPs with Standard SKUs LBs. One cannot create a backend SLB pool if the VM to be associated has a Public IP. For Private IP it doesn’t matter weather it is dynamic or static, still we can add the such VM into the SLB backend pool.Box 2: Create and configure an NSGStandard Load Balancer is built on the zero trust network security model at its core. Standard Load Balancer secure by default and is part of your virtual network. The virtual network is a private and isolated network. This means Standard Load Balancers and Standard Public IP addresses are closed to inbound flows unless opened by Network Security Groups. NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a subnet or NIC of your virtual machine resource, traffic is not allowed to reach this resource. To learn more about NSGs and how to apply them for your scenario, see Network Security Groups. Basic Load Balancer is open to the internet by default.Reference:https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portalhttps://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overviewQ166. From Azure Active Directory (AD) Privileged Identify Management, you configure the Role settings for the Owner role of an Azure subscription as shown in the following exhibit.From Azure AD Privileged Identify Management, you assign the Owner role for the subscription to a user named User1, and you set the Assignment type to Active and Permanently eligible.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. ExplanationReference:https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-role-toQ167. You have an Azure subscription that contains the resources shown in the following table.You need to deploy Application1 to Cluster1. Which command should you run?  az acr build  az ales create  kubect1 apply  docker build Q168. You need to prepare the environment to meet the authentication requirements.Which two actions should you perform? Each correct answer presents part of the solution.NOTE Each correct selection is worth one point.  Azure Active Directory (AD) Identity Protection and an Azure policy  a Recovery Services vault and a backup policy  an Azure Key Vault and an access policy  an Azure Storage account and an access policy D: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users’ Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com Incorrect Answers:A: Seamless SSO needs the user’s device to be domain-joined, but doesn’t need for the device to be Azure AD Joined.C: Azure AD connect does not port 8080. It uses port 443.E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-startTopic 3, Contoso LtdOverviewContoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.Contoso products are manufactured by using blueprint files that the company authors and maintains.Existing EnvironmentCurrently, Contoso uses multiple types of servers for business operations, including the following:* File servers* Domain controllers* Microsoft SQL Server serversYour network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.You have a public-facing application named App1. App1 is comprised of the following three tiers:* A SQL database* A web front end* A processing middle tierEach tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.RequirementsPlanned ChangesContoso plans to implement the following changes to the infrastructure:Move all the tiers of App1 to Azure.Move the existing product blueprint files to Azure Blob storage.Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.Technical RequirementsContoso must meet the following technical requirements:* Move all the virtual machines for App1 to Azure.* Minimize the number of open ports between the App1 tiers.* Ensure that all the virtual machines for App1 are protected by backups.* Copy the blueprint files to Azure over the Internet.* Ensure that the blueprint files are stored in the archive storage tier.* Ensure that partner access to the blueprint files is secured and temporary.* Prevent user passwords or hashes of passwords from being stored in Azure.* Use unmanaged standard storage for the hard disks of the virtual machines.* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.Minimize administrative effort whenever possible.User RequirementsContoso identifies the following requirements for users:* Ensure that only users who are part of a group named Pilot can join devices to Azure AD.* Designate a new user named Admin1 as the service administrator of the Azure subscription.* Admin1 must receive email alerts regarding service outages.* Ensure that a new user named User3 can create network objects for the Azure subscription. Loading … Accurate & Verified New AZ-104 Answers As Experienced in the Actual Test!: https://www.validbraindumps.com/AZ-104-exam-prep.html --------------------------------------------------- Images: https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-08-01 15:03:12 Post date GMT: 2023-08-01 15:03:12 Post modified date: 2023-08-01 15:03:12 Post modified date GMT: 2023-08-01 15:03:12