Posted in AZ-104 Microsoft Azure Administrator Microsoft Microsoft AZ-104 microsoft az-104 dumps microsoft az-104 dumps pdf microsoft az-104 exam dumps microsoft az-104 pdf microsoft az-104 practice test microsoft az-104 study guide Microsoft Role-based Uncategorized

[15% off] Microsoft Azure Administrator – AZ-104 Exam dumps

Microsoft Azure Administrator exam dumps

Welcome! We go directly to the topic. This is a blog about Microsoft AZ-104 exam questions.
We shared the newly updated Microsoft AZ-104 exam questions and answers. You can practice the test online.
You can also download the AZ-104 exam PDF online for free on Google Drive.
All free content comes from Lead4Pass AZ-104 exam dumps https://www.lead4pass.com/az-104.html (PDF+VCE).
Lead4Pass has complete AZ-104 exam questions and answers. All exam questions have been updated to ensure immediate validity!

Microsoft AZ-104 exam discount code comes from Lead4Pass

Our topic today includes the exam discount code for AZ-104, so here’s a look at the latest updates for 2021!

microsoft coupon code

Microsoft AZ-104 Exam pdf

Microsoft AZ-104 Exam pdf is part of the Lead4Pass AZ-104 exam dumps, and free content is also up-to-date,
helping you stay up-to-date with some of the latest exam content

Microsoft AZ-104 free online practice test

QUESTION 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear on the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www
that has an IP address of 131.107.1.10. You discover that Internet hosts are unable to resolve www.contoso.com to the
131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Modify the Name Server (NS) record.
An NS record would be created automatically and you cannot modify it (but you can add to it to support co-hosting
domains). You can add additional name servers to this NS record set, to support co-hosting domains with more than one DNS provider. You can also modify the TTL and metadata for this recordset. However, you cannot remove or modify the prepopulated Azure DNS name servers.
References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

QUESTION 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a packet capture. Does this meet the goal?

A. Yes
B. No

Correct Answer: A

https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection- monitor-inall-publications/

QUESTION 3

Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that
has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the name server at the domain registrar.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

QUESTION 4

You have an Azure virtual machine mat that runs Windows Server 2019 and has the following configurations:
*
Name: VM1
*
Location: Welt US
*
Connected to: VNfT1
*
Private IP address: 10.1.0.4
*
Public IP address: 52 18685.63
*
DNS suffix m Windows Server.Adatum.com
You create the Azure DNS zones shown in the following table.

microsoft az-104 exam questions q4

1.
Adatum.com only
2.
Adatum. pri and adatum.com only

QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?

A. Yes
B. No

Correct Answer: A

The Logic App Contributor role lets you manage the logic app, but not access them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

QUESTION 6

Which blade should you instruct the finance department auditors to use?

A. Partner information
B. Overview
C. Payment methods
D. Invoices

Correct Answer: D

You can opt-in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.

microsoft az-104 exam questions q6

Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date

QUESTION 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From the Azure CLI, you run a copy.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Kubectl is not installed by installing AZ CLI. As stated Azure CLI is already available but installing Azure CLI doesn\’t mean that the Azure Kubernetes client is also installed. So before running any aks command, we have to install kubectl, the Kubernetes command-line client. az aks install-CLI Reference: https://docs.microsoft.com/en-us/azure/aks/kuberneteswalkthrough#connect-to-the-cluster

QUESTION 8

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any
resources. RG1 contains the resources in the following table.

microsoft az-104 exam questions q8

Which resource can you move to RG2?

A. W10_OsDisk
B. VNet1
C. VNet3
D. W10

Correct Answer: B

When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource. Incorrect Answers:
A: Managed disks don\’t support the move.
C: Virtual networks (classic) can\’t be moved.
D: Virtual machines with the managed disks cannot be moved. References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move- resources#virtual-machineslimitations

QUESTION 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers. Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Through activity logs, you can determine:
1. what operations were taken on the resources in your subscription
2. who started the operation
3. when the operation occurred
4. the status of the operation
5. the values of other properties that might help you research the operation
1. On the Azure portal menu, select Monitor, or search for and select Monitor from any page
2. Select Activity Log.

microsoft az-104 exam questions q9
microsoft az-104 exam questions q9-1
  1. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on
    the summary includes who started the action and when it happened.
microsoft az-104 exam questions q9-2

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs

QUESTION 10

HOTSPOT
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same
availability set. You need to ensure that as many virtual machines as possible are available in the fabric fails or during servicing. How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-104 exam questions q10

Correct Answer:

microsoft az-104 exam questions q10-1

as per https://docs.microsoft.com/en-us/rest/api/compute/availabilitysets/createorupdate

you can only specify an integer, so 3 and 20 are the answers (not max, and for sure not 0) Request Body Name Required Type Description properties.platformFaultDomainCount integer Fault Domain count. properties.platformUpdateDomainCount integer Update Domain count. Use two fault domains. 2 or 3 is the max value, depending on which region you are in. Use 20 for platformUpdateDomainCount Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
References:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks
https://github.com/Azure/acs-engine/issues/1030

QUESTION 11

You have an Azure subscription named Subscription 1 that contains two Azure virtual networks named VNet1 and
VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection
between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a
point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2.
What should you do?

A. Select Allow gateway transit on VNet2.
B. Select Allow gateway transit on VNet1.
C. Download and re-install the VPN client configuration package on Client1.
D. Enable BGP on VPNGW1

Correct Answer: C

References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

QUESTION 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest
Labs. You would need the Logic App Contributor role.

References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

QUESTION 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource provider’s blade, you unregister Microsoft.ClassicNetwork provider.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

You should use a policy definition.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

QUESTION 14

HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources in the following table.

microsoft az-104 exam questions q14

VM1 and VM2 run the websites in the following table.

microsoft az-104 exam questions q14-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-104 exam questions q14-2

Correct Answer:

microsoft az-104 exam questions q14-3

Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com

QUESTION 15

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an
Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to
AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?

A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace.

Correct Answer: B

With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a
namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-credentials
command.
When a user then interacts with the AKS cluster with kubectl, they\’re prompted to sign in with their Azure AD
credentials. This approach provides a single source for user account management and password credentials. The user
can only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on
top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation.
From inside of the Kubernetes cluster, Webhook Token Authentication is used to verify authentication tokens. Webhook token authentication is configured and managed as part of the AKS cluster.

microsoft az-104 exam questions q15

Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/ https://docs.microsoft.com/enus/azure/aks/concepts-identity

Summary:

This article shares the latest updated Microsoft AZ-104 exam dumps https://www.lead4pass.com/az-104.html (Total Questions: 500 Q&A). Free online practice test, free online download of exam pdf, and Lead4pass 15% exam discount code 2021.

ps.

Microsoft AZ-104 Exam pdf is part of the Lead4Pass AZ-104 exam dumps, and free content is also up-to-date,
helping you stay up-to-date with some of the latest exam content

Posted in AZ-104 Microsoft Azure Administrator Microsoft Microsoft AZ-104 microsoft az-104 dumps microsoft az-104 dumps pdf microsoft az-104 exam dumps microsoft az-104 pdf microsoft az-104 practice test microsoft az-104 study guide Microsoft Role-based

[MAR 2021] Microsoft AZ-104 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft AZ-104 exam dumps and free AZ-104 exam practice questions and answers! Latest updates from Lead4Pass Microsoft AZ-104 Dumps PDF and AZ-104 Dumps VCE, Lead4Pass AZ-104 exam questions updated and answers corrected!
Get the full Microsoft AZ-104 dumps from https://www.lead4pass.com/az-104.html (VCE&PDF)

Latest AZ-104 PDF for free

Share the Microsoft AZ-104 Dumps PDF for free From Lead4pass AZ-104 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1D1USsX5ML464scD9Df8P_Hga4jFL94Af/

The latest updated Microsoft AZ-104 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
You deploy an Azure Application Gateway.
You need to ensure that all the traffic requesting https://adatum.com/internal resources is directed to an internal server
pool and all the traffic requesting https://adatum.com/external resources are directed to an external server pool.
What should you configure on the Application Gateway?
A. URL path-based routing
B. multi-site listeners
C. basic routing
D. SSL termination
Correct Answer: A
URL Path-Based Routing allows you to route traffic to backend server pools based on the URL Paths of the request.
In the question, there are two different paths from where the traffic is getting generated as below
https://adatum.com/internal https://adatum.com/external
So in this case we can use the URL path-based routing feature of Application Gateway.[2021.3] lead4pass az-104 practice test q1

Reference: https://docs.microsoft.com/en-us/azure/application-gateway/url-route-overview


QUESTION 2
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name
should you use it?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Correct Answer: D
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial
domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For
example, your organization probably has other domain names used to do business and users who sign in using your
corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory
that are familiar to your users, such as \\’[email protected]\\’ instead of \\’[email protected] name.onmicrosoft.com\\’.
Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each
office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest
named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be
synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/addcustom-domain

 

QUESTION 3
You need to meet the connection requirements for the New York office. What should you do? To answer, select the
appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:[2021.3] lead4pass az-104 practice test q3

Correct Answer:

[2021.3] lead4pass az-104 practice test q3-1

Box 1: Create a virtual network gateway and a local network gateway. Azure VPN gateway. The VPN gateway service
enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see
Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following
elements:
*
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing
traffic from the on-premises network to the VNet.
*
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to
the on-premises network is routed through this gateway.
*
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
*
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements,
described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On-premises create a site-to-site connection for the virtual network gateway and the local network gateway.

[2021.3] lead4pass az-104 practice test q3-2

Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection
is private. Traffic does not go over the internet.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn

 

QUESTION 4
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated with a different
Azure AD tenant. Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine
named VM1
and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
A. Move VNet1 to Subscription2.
B. Modify the IP address space of VNet2.
C. Provision virtual network gateways.
D. Move VM1 to Subscription2.
Correct Answer: C
The virtual networks can be in the same or different regions, and from the same or different subscriptions. When
connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active
Directory tenant. Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual
network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-tosite IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure
tunnel using IPsec/IKE, and both function the same way when communicating. The local network gateway for each
VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway
in order to route traffic. References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnetresource-manager-portal

 

QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear on the review screen. You have an Azure virtual machine named VM1. VM1
was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: Solution: From the Overview blade, you move the virtual machine to a different subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You would need to Redeploy the VM.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

 

QUESTION 6
HOTSPOT
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure
networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:[2021.3] lead4pass az-104 practice test q6

Correct Answer:

[2021.3] lead4pass az-104 practice test q6-1

 

QUESTION 7
You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup.
You delete VM1.
You need to remove the backup data stored for VM1.
What should you do first?
A. Modify the backup policy.
B. Delete the Recovery Services vault.
C. Stop the backup.
D. Delete the storage account.
Correct Answer: C
Azure Backup provides backup for virtual machines — created through both the classic deployment model and the Azure
Resource Manager deployment model — by using custom-defined backup policies in a Recovery Services vault. With
the
release of backup policy management, customers can manage backup policies and model them to meet their changing
requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and
delete
unnecessary policies to meet their compliance requirements.
Incorrect Answers:
You can\\’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a
vault, but can\\’t, the vault is still configured to receive backup data.
References:
https://azure.microsoft.com/en-in/updates/azure-vm-backup-policy-management/

 

QUESTION 8
You have the Azure virtual machines shown in the following table.[2021.3] lead4pass az-104 practice test q8

You need 10 to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What
should you do?
A. Add service endpoints on VNET2 and VNET3.
B. Configure peering between VNE11, VNETT2, and VNET3.
C. Configure a conditional forwarder on VM1
D. Add service endpoints on VNET1.
Correct Answer: C
An Azure AD DS DNS zone should only contain the zone and records for the managed domain itself. A conditional
forwarder is a configuration option in a DNS server that lets you define a DNS domain, such as contoso.com, to forward
queries to. Instead of the local DNS server trying to resolve queries for records in that domain, DNS queries are
forwarded to the configured DNS for that domain. This configuration makes sure that the correct DNS records are
returned, as you don\\’t create a local DNS zone with duplicate records in the managed domain to reflect those
resources. To create a conditional forwarder in your managed domain, complete the following steps:
1.
Select your DNS zone, such as aaddscontoso.com.
2.
Select Conditional Forwarders, then right-select and choose New Conditional Forwarder…
3.
Enter your other DNS Domain, such as contoso.com, then enter the IP addresses of the DNS servers for that
namespace, as shown in the following example:
4.
Check the box for Store this conditional forwarder in Active Directory, and replicate it as follows, then select the option
for All DNS servers in this domain, as shown in the following example:
5.
To create the conditional forwarder, select OK.
Name resolution of the resources in other namespaces from VMs connected to the managed domain should now
resolve correctly. Queries for the DNS domain configured in the conditional forwarder are passed to the relevant DNS
servers.

[2021.3] lead4pass az-104 practice test q8-1 [2021.3] lead4pass az-104 practice test q8-2

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-roleinstances https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns

 

QUESTION 9
You have an Azure subscription that contains the public load balancers shown in the following table.[2021.3] lead4pass az-104 practice test q9

You plan to create six virtual machines and load balancer requests to the virtual machines. Each load balancer will
load balance three virtual machines. You need to create the virtual machines for the planned solution. How should you
create virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-104 practice test q9-1

Box 1: be created in the same availability set or virtual machine scale set. The Basic tier is quite restrictive. A load
balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability
sets, and machines.
References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers

 

QUESTION 10
You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named
contoso.onmicrosoft.com. The tenant contains the users shown in the following table.[2021.3] lead4pass az-104 practice test q10

You plan to share a cloud resource with the All Users group. You need to ensure that User1, User2, User3, and User4 can
connect successfully to the cloud resource.
What should you do first?
A. Create a user account of the member type for User4.
B. Create a user account of the member type for User3.
C. Modify the Directory-wide Groups settings.
D. Modify the External collaboration settings.
Correct Answer: C
Ensure that “Enable an \\’ All Users\\’ group in the directory” policy is set to “Yes” in your Azure Active Directory (AD)
settings in order to enable the “All Users” group for centralized access administration. This group represents the entire
collection of Active Directory users, including guests and external users, that you can use to make the access
permissions easier to manage within your directory.
Incorrect Answers:
A, B: User3 and User4 are guests already.
Note: By default, all users and guests in your directory can invite guests even if they\\’re not assigned to an admin role.
External collaboration settings let you turn guest invitations on or off for different types of users in your organization.
You
can also delegate invitations to individual users by assigning roles that allow them to invite guests.
References:
https://www.cloudconformity.com/knowledge-base/azure/ActiveDirectory/enable-all-users-group.html

 

QUESTION 11
You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2. You plan to implement an
Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the
hardware hosting VM1 and VM2.
What should you include in the Availability Set?
A. one update domain
B. two fault domains
C. one fault domain
D. two update domains
Correct Answer: D
Microsoft updates, which Microsoft refers to as planned maintenance events, sometimes require that VMs be rebooted
to complete the update. To reduce the impact on VMs, the Azure fabric is divided into updated domains to ensure that
not
all VMs are rebooted at the same time.
Incorrect Answers:
A: An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
B, C: A fault domain shares common storage as well as a common power source and network switch. It is used to
protect against unplanned system failure.
References: https://petri.com/understanding-azure-availability-sets https://docs.microsoft.com/en-us/azure/virtualmachines/windows/tutorial-availability-sets

 

QUESTION 12
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app
named App1.
You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
What should you deploy?
A. all three virtual machines in a single Availability Zone
B. all virtual machines in a single Availability Set
C. each virtual machine in a separate Availability Zone
D. each virtual machine in a separate Availability Set
Correct Answer: B
Availability sets are a datacenter configuration to provide VM redundancy and availability. This configuration within a
datacenter ensures that during either a planned or unplanned maintenance event, at least one virtual machine is
available.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets


QUESTION 13
HOTSPOT
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.[2021.3] lead4pass az-104 practice test q13

You need to recommend a networking solution to meet the following requirements:
1.
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual
machines.
2.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-104 practice test q13-1

Correct Answer:

[2021.3] lead4pass az-104 practice test q13-2

Box 1: an internal load balancer Azure Internal Load Balancer (ILB) provides network load balancing between virtual
machines that reside inside a cloud service or a virtual network with a regional scope. Box 2: an application gateway
that uses the WAF tier Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized
protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted
by malicious attacks that exploit commonly known vulnerabilities. References: https://docs.microsoft.com/enus/azure/web-application-firewall/ag/ag-overview


Fulldumps shares the latest updated Microsoft AZ-104 exam exercise questions, AZ-104 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-104 exam dumps questions at: https://www.lead4pass.com/az-104.html (pdf&vce)

ps.
Get free Microsoft AZ-104 dumps PDF online: https://drive.google.com/file/d/1D1USsX5ML464scD9Df8P_Hga4jFL94Af/

Posted in AZ-104 Microsoft Azure Administrator Microsoft Microsoft AZ-104 microsoft az-104 dumps microsoft az-104 dumps pdf microsoft az-104 exam dumps microsoft az-104 pdf microsoft az-104 practice test microsoft az-104 study guide Microsoft Role-based

[Jan 2021] Microsoft AZ-104 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft AZ-104 exam dumps and free AZ-104 exam practice questions and answers! Latest updates from Lead4Pass Microsoft AZ-104 Dumps PDF and AZ-104 Dumps VCE, Lead4Pass AZ-104 exam questions updated and answers correct!
Get the full Microsoft AZ-104 dumps from https://www.lead4pass.com/az-104.html (VCE&PDF)

Latest AZ-104 PDF for free

Share the Microsoft AZ-104 Dumps PDF for free From Lead4pass AZ-104 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/10GHBstDA1euJTaQ7IQy0eZYebPePBoHn/

Latest Lead4pass AZ-104 Youtube

Share the latest Microsoft AZ-104 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos

The latest updated Microsoft AZ-104 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial
reporting app named App1 that does not support multiple active instances. At the end of each month, CPU usage for
VM1 peaks when App1 runs. You need to create a scheduled runbook to increase the processor performance of VM1 at
the
end of each month.
What task should you include in the runbook?
A. Add the Azure Performance Diagnostics agent to VM1.
B. Modify the VM size property of VM1.
C. Add VM1 to a scale set.
D. Increase the vCPU quota for the subscription.
E. Add a Desired State Configuration (DSC) extension to VM1.
Correct Answer: B
If you have a CPU/performance issue then the solution is to scale up (increase VM size) or to scale out (scale set) given
that the App does not support multiple instances then scale-up is the obvious choice.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/resize-vm

 

QUESTION 2
HOTSPOT
You have peering configured as shown in the following exhibit.lead4pass az-104 practice test q2 -2021

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-104 practice test q2-1 -2021

Correct Answer:

lead4pass az-104 practice test q2-2 -2021

Box 1: vNET6 only
Peering status to both VNet1 and Vnet2 is disconnected.
Box 2: delete peering1
Peering to Vnet1 is Enabled but disconnected. We need to update or re-create the remote peering to get it back to
Initiated state.
Reference:
https://blog.kloud.com.au/2018/10/19/address-space-maintenance-with-vnet-peering/

 

QUESTION 3
HOTSPOT
You have an Azure Active Directory (Azure AD), tenant. You need to create a conditional access policy that requires all
users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
Hot Area:
lead4pass az-104 practice test q3 -2021

Correct Answer:

lead4pass az-104 practice test q3-1 -2021

Box 1: Assignments, Users and Groups
When you configure the sign-in risk policy, you need to set:
The users and groups the policy applies to: Select Individuals and Groups

lead4pass az-104 practice test q3-2 -2021

Box 2:
When you configure the sign-in risk policy, you need to set the type of access you want to be enforced.

lead4pass az-104 practice test q3-3 -2021

Box 3:
When you configure the sign-in risk policy, you need to set:
The type of access you want to be enforced when your sign-in risk level has been met:

lead4pass az-104 practice test q3-4 -2021

References: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

 

QUESTION 4
You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery. The Hyper-V
environment is managed by using Microsoft System Center Virtual Machine Manager (VMM). The Hyper-V environment
contains the virtual machines in the following table.lead4pass az-104 practice test q4 -2021

Which virtual machine can be migrated by using Azure Site Recovery?
A. DC1
B. FS1
C. CA1
D. SQL1
Correct Answer: D
DC1: Not supported as it is Gen2 and OS disk size is greater than 300 GB FS1: Not supported as it is Gen2 and Linux
VM. Linux Generation 2 VMs aren\\’t supported. CA1: Not supported as BitLocker is enabled. BitLocker must be
disabled before you enable replication for a VM. SQL1: Supported Reference: https://docs.microsoft.com/enus/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirements

 

QUESTION 5
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must
establish a point-to-site VPN to access Azure resources.
The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business app named App1 that runs on several Azure virtual machines. The virtual machines run
Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a public load balancer
B. Traffic Manager
C. an Azure Content Delivery Network (CDN)
D. an internal load balancer
E. an Azure Application Gateway
Correct Answer: DE
Line-of-business apps mean custom apps. Generally, these are used by internal staff members of the company.
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
Internal Load Balancer provides a higher level of availability and scale by spreading incoming requests across virtual
machines (VMs) within the virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview https://docs.microsoft.com/enus/azure/application-gateway/overview

 

QUESTION 6
You have an Azure Storage account named storage1.
You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?
A. blob, file, table, and queue
B. blob and file only
C. file and table only
D. file only
E. blob, table, and queue only
Correct Answer: B
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Incorrect Answers:
A, C, E: AzCopy does not support table and queue storage services.
D: AzCopy supports file storage services, as well as blob storage services.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

 

QUESTION 7
You have an Azure subscription that contains the resources shown in the following table.lead4pass az-104 practice test q7 -2021

You need to deploy Application1 to Cluster1. Which command should you run?
A. az acr build
B. az ales create
C. kubect1 apply
D. docker build
Correct Answer: B

 

QUESTION 8
HOTSPOT
You have an Azure subscription that contains the Azure virtual machines shown in the following table.lead4pass az-104 practice test q8 -2021

You run Azure Network Watcher as shown in the following exhibit.

lead4pass az-104 practice test q8-1 -2021

You run Network Watcher again as shown in the following exhibit

lead4pass az-104 practice test q8-2 -2021

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area: lead4pass az-104 practice test q8-3 -2021

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

 

QUESTION 9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear on the review screen. You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click
Automation script.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial- create-firsttemplate?tabs=azure-PowerShell Through activity logs, you can determine:
1.
what operations were taken on the resources in your subscription? who started the operation
2.
when the operation occurred
3.
the status of the operation
4.
the values of other properties that might help you research the operation
1.
On the Azure portal menu, select Monitor, or search for and select Monitor from any page
2.
Select Activity Log.lead4pass az-104 practice test q9 2021 lead4pass az-104 practice test q9-1 2021

3. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on
the summary includes who started the action and when it happened.

lead4pass az-104 practice test q9-2 2021

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs

 

QUESTION 10
HOTSPOT
You have an Azure web app named WebApp1.
You need to provide developers with a copy of WebApp1 that they can modify without affecting the production
WebApp1. When the developers finish testing their changes, you must be able to switch to the current line version of
WebApp1 to the
new version. Which command should you run to prepare the environment? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 practice test q10  2021

Correct Answer:

lead4pass az-104 practice test q10-1  2021

Box 1: New-AzureRmWebAppSlot
The New-AzureRmWebAppSlot cmdlet creates an Azure Web App Slot in a given resource group that uses the
specified App Service plan and data center.
Box 2: -SourceWebApp
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.websites/new-azurermwebappslot

 

QUESTION 11
HOTSPOT
You are creating an Azure load balancer.
You need to add an IPv6 load balancing rule to the load balancer.
How should you complete the Azure PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 practice test q11  2021

Correct Answer:

lead4pass az-104 practice test q11-1  2021

Powershell command to create a load balancer rule (AzureRm module new version is AZ as given in below command):
$lbrule1v6 = New-AzLoadBalancerRuleConfig -Name “HTTPv6” -FrontendIpConfiguration $FEIPConfigv6
-BackendAddressPool $backendpoolipv6 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 8080
Powershell command to create the load balancer using the previously created objects: New-AzLoadBalancer
-ResourceGroupName NRP-RG -Name \\’myNrpIPv6LB\\’ -Location \\’West US\\’ -FrontendIpConfiguration
$FEIPConfigv6 -InboundNatRule $inboundNATRule1v6 -BackendAddressPool $backendpoolipv6 -Probe $healthProbe
-LoadBalancingRule $lbrule1v6
References: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps

 

QUESTION 12
HOTSPOT
You have an Azure subscription named Subscription1. You have a virtualization environment that contains the
virtualization server in the following table.lead4pass az-104 practice test q12 2021

The virtual machines are configured as shown on the following table.

lead4pass az-104 practice test q12-1 2021

All virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker). You plan to
use Azure Site Recovery to migrate the virtual machines to Azure. Which virtual machines can you migrate? To
answer,
select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-104 practice test q12-2 2021

Correct Answer:

lead4pass az-104 practice test q12-3 2021

Not VM1 because it has BitLocker enabled.
Not VM2 because the OS disk is larger than 2TB.
Not VMC because the Data disk is larger than 4TB.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirements

 

QUESTION 13
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)lead4pass az-104 practice test q13 2021

You deploy a web server on VM1 and then create a secure website that is accessible by using the HTTPS protocol.
VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet. What should you do?
A. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.
B. For Rule5, change the Action to Allow and change the priority to 401.
C. Delete Rule1.
D. Modify the protocol of Rule4.
Correct Answer: B
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500. Changing Rule 5 (ports 50-5000) and giving it a
lower priority number will allow access on port 443. Note: Rules are processed in priority order, with lower numbers
processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing
stops.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview


Fulldumps shares the latest updated Microsoft AZ-104 exam exercise questions, AZ-104 dumps pdf, and Youtube video learning for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-104 exam readiness dump questions at https://www.lead4pass.com/az-104.html (pdf&vce)

ps.
Get free Microsoft AZ-104 dumps PDF online: https://drive.google.com/file/d/10GHBstDA1euJTaQ7IQy0eZYebPePBoHn/

Posted in AZ-104 Microsoft Azure Administrator az-104 Microsoft Azure Administrator Exam azure az-104 practice test free Microsoft Microsoft AZ-104 Microsoft AZ-104 microsoft az-104 dumps microsoft az-104 dumps microsoft az-104 dumps pdf microsoft az-104 exam dumps microsoft az-104 exam dumps microsoft az-104 pdf microsoft az-104 pdf microsoft az-104 practice test microsoft az-104 practice test microsoft az-104 study guide microsoft az-104 study guide Microsoft Azure Administrator Associate Microsoft Role-based

[Nov 2020] The latest update Microsoft AZ-104 dumps and online practice tests from Lead4Pass

The latest Microsoft AZ-104 dumps by Lead4Pass helps you pass the AZ-104 exam for the first time! Lead4Pass Latest Update Microsoft AZ-104 VCE Dump and AZ-104 PDF Dumps, Lead4Pass AZ-104 Exam Questions Updated, Answers corrected! Get the latest LeadPass AZ-104 dumps with Vce and PDF: https://www.lead4pass.com/az-104.html (Q&As: 408 dumps)

[Free AZ-104 PDF] Microsoft AZ-104 Dumps PDF can be collected on Google Drive shared by Lead4Pass:
https://drive.google.com/file/d/1CxGEZSat7nU19EhWVdZ3lvtTpBJHiEKs/

[Lead4pass AZ-104 Youtube] Microsoft AZ-104 Dumps can be viewed on Youtube shared by Lead4Pass

Microsoft AZ-104 Online Exam Practice Questions

QUESTION 1
You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to
a different DNS server in Azure. What should you do?
A. Create an PTR record named research in the adatum.com zone.
B. Create an NS record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an A record named “.research in the adatum.com zone.
Correct Answer: B
You need to create a name server (NS) record for the zone. References: https://docs.microsoft.com/enus/azure/dns/delegate-subdomain

 

QUESTION 2
You have a deployment template named Template1 that is used to deploy 10 Azure web apps. You need to identify
what to deploy before you deploy Template1. The solution must minimize Azure costs. What should you identify?
A. 10 App Service plans
B. one Azure Traffic Manager
C. five Azure Application Gateways
D. one App Service plan
E. one Azure Application Gateway
Correct Answer: D
You create Azure web apps in an App Service plan.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

 

QUESTION 3
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
a virtual network named VNet1
2.
a replication policy named ReplPolicy1
3.
a Recovery Services vault named Vault1
4.
an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server You need to
migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:lead4pass az-104 exam question q3

Correct Answer:

lead4pass az-104 exam question q3-1

Step 1: Deploy an EC2 virtual machine as a configuration server Prepare source include:
Use an EC2 instance that\\’s running Windows Server 2012 R2 to create a configuration server and register it with your
recovery vault.
Configure the proxy on the EC2 instance VM you\\’re using as the configuration server so that it can access the service
URLs.
Step 2: Install the Azure Site Recovery Unified Setup.
Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to
the VM you\\’re using as the configuration server.
Step 3: Enable replication for VM1.
Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically
installs the Mobility service.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure

 

QUESTION 4
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown
in the following table.lead4pass az-104 exam questions q4

You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the
Authentication Methods tab.)

lead4pass az-104 exam questions q4-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-104 exam questions q4-2

Box 1: No
Two methods are required.
Box 2: No
Self-service password reset is only enabled for Group2, and User1 is not a member of Group2.
Box 3: Yes
As a User Administrator, User3 can add security questions to the reset process.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr
https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

 

QUESTION 5
HOTSPOT
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same
availability set.
You need to ensure that as many virtual machines as possible are available in the fabric fails or during servicing.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 exam questions q5

Correct Answer:

lead4pass az-104 exam questions q5-1

as per https://docs.microsoft.com/en-us/rest/api/compute/availabilitysets/createorupdate, you can only specify an integer, so 3 and 20 are the answers (not max, and for sure not 0) Request Body Name Required Type
Description properties.platformFaultDomainCount integer Fault Domain count. properties.platformUpdateDomainCount
integer Update Domain count. Use two fault domains. 2 or 3 is the max value, depending on which region you are in. Use
20 for platformUpdateDomainCount Increasing the update domain (platformUpdateDomainCount) helps with capacity
and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of
their nodes in any given availability set would be rebooted at once.
References:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks
https://github.com/Azure/acs-engine/issues/1030

 

QUESTION 6
You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and
hosts 10 virtual machines that run Windows Server 2016. You plan to replicate the virtual machines to Azure by using
Azure Site Recovery. You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1.
You need to add Host1 to ASR1.
What should you do?
A. Download the installation file for the Azure Site Recovery Provider. Download the vault registration key. Install the
Azure Site Recovery Provider on Host1 and register the server.
B. Download the installation file for the Azure Site Recovery Provider. Download the storage account key. Install the
Azure Site Recovery Provider on Host1 and register the server.
C. Download the installation file for the Azure Site Recovery Provider. Download the vault registration key. Install the
Azure Site Recovery Provider on each virtual machine and register the virtual machines.
D. Download the installation file for the Azure Site Recovery Provider. Download the storage account key. Install the
Azure Site Recovery Provider on each virtual machine and register the virtual machines.
Correct Answer: A
Below are the steps you need to perform in this scenario. Refer to the link mentioned in the reference section.
Download the installation file for the Azure Site Recovery Provider To set up the source environment, you create a
Hyper-V site and add to that site the Hyper-V hosts containing VMs that you want to replicate. Then, you download and
install
the Azure Site Recovery Provider and the Azure Recovery Services agent on each host, and register the Hyper-V site in
the vault.lead4pass az-104 exam questions q6

Download the vault registration key
Download the Vault registration key. You need this when you install the Provider. The key is valid for five days after you
generate it.

lead4pass az-104 exam questions q6-1

Install the Azure Site Recovery Provider on Host1.
Install the downloaded setup file (AzureSiteRecoveryProvider.exe) on each Hyper-V host that you want to add to the
Hyper-V site. Setup installs the Azure Site Recovery Provider and Recovery Services agent on each Hyper-V host.
Register the server
In Registration, after the server is registered in the vault, select Finish.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-tutorial


QUESTION 7
You have an Azure subscription named Subscription that contains the resource groups shown in the following table.lead4pass az-104 exam questions q7

In RG1, you create a virtual machine named VM1 in the East Asia location.
You plan to create a virtual network named VNET1.
You need to create VNET, and then connect VM1 to VNET1. What are two possible ways to achieve this goal? Each
the correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create VNET1 in RG2, and then set East Asia as the location.
B. Create VNET1 in a new resource group in the West US location and then set West US as the location.
C. Create VNET1 in RG1, and then set East Asia as the location
D. Create VNET1 in RG1, and then set East US as the location.
E. Create VNET1 in RG2, and then set East US as the location.
Correct Answer: AC
A network interface can exist in the same, or different resource group, then the virtual machine you attach it to, or the
virtual network you connect it to. The virtual machine you attach a network interface to and the virtual network you
connect it to must exist in the same location, also referred to as a region. Note, Resource groups can span multiple Regions, but
VNets only can hold resources (VMs, Network Adapters) that exist in the same region.
So in this scenario, you need to create VNET1 in any RG and set the location as East Asia.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

 

QUESTION 8
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1
connects to your on-premises network by using Azure ExpressRoute. You need to connect VNet1 to the on-premises
network
by using a site-to-site VPN. The solution must minimize costs.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a local site VPN gateway.
B. Create a VPN gateway that uses the VpnGw1 SKU.
C. Create a VPN gateway that uses the Basic SKU.
D. Create a gateway subnet.
E. Create a connection.
Correct Answer: ABE
Create a Connection: You need to link the ExpressRoute gateway to the ExpressRoute circuit. After this step has been
completed, the connection between your on-premises network and Azure through ExpressRoute will be established.
Hence this is the correct option. Create a local site VPN gateway: This will allow you to provide the local gateway settings,
for example, public IP and the on-premises address space, so that the Azure VPN gateway can connect to it. Hence this
is
correct option.
Create a VPN gateway that uses the VpnGw1 SKU: The GatewaySku is only supported for VpnGw1, VpnGw2,
VpnGw3, Standard, and HighPerformance VPN gateways. ExpressRoute-VPN Gateway coexist configurations are not
supported
on the Basic SKU. The VpnType must be RouteBased. Hence this is the correct option.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-arm

 

QUESTION 9
HOTSPOT
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The
subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails,
or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in
Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 exam questions q9

Correct Answer:

lead4pass az-104 exam questions q9-1

Box 1: 4
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.

lead4pass az-104 exam questions q9-2

Box 2: 2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance
or unplanned disruption that happens to the active instance, the standby instance would take over (failover)
automatically,
and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

 

QUESTION 10
You have an Azure subscription that contains the resources shown in the following table.lead4pass az-104 exam questions q10

You need to deploy Application1 to Cluster1. Which command should you run?
A. az acr build
B. az aks create
C. docker build
D. kubectl apply
Correct Answer: A

 

QUESTION 11
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure
networking infrastructure. For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
Hot Area:lead4pass az-104 exam questions q11

Correct Answer:

lead4pass az-104 exam questions q11-1

 

QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return
to it. As a result, these questions will not appear on the review screen. You have a computer named Computer1 that has
a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named
Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You modify the Azure Active Directory (Azure AD) authentication policies. Does this meet this goal?
A. Yes
B. No
Correct Answer: B
Instead, export the client certificate from Computer1 and install the certificate on Computer2.
Note:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a
client certificate from the self-signed root certificate and then export and install the client certificate. If the client
certificate
is not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

 

QUESTION 13
HOTSPOT
You have an Azure subscription named Subscription1.
You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1. You need to perform a custom
deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the
deployment.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 exam questions q13

Correct Answer:

lead4pass az-104 exam questions q13-1

Box 1: Cloud-init.txt
Cloud-init.txt is used to customize a Linux VM on the first bootup. It can be used to install packages and write files, or to
configure users and security. No additional steps or agents are required to apply your configuration.
Box 2: The az VM create command
Once Cloud-init.txt has been created, you can deploy the VM with az VM create cmdlet, sing the — custom data
parameter to provide the full path to the cloud-init.txt file.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment


latest updated Microsoft AZ-104 exam questions from the Lead4Pass AZ-104 dumps! 100% pass the AZ-104 exam! Download Lead4Pass AZ-104 VCE and PDF dumps: https://www.lead4pass.com/az-104.html (Q&As: 408 dumps)

Get free Microsoft AZ-104 dumps PDF online: https://drive.google.com/file/d/1CxGEZSat7nU19EhWVdZ3lvtTpBJHiEKs/

Posted in AZ-104 Microsoft Azure Administrator Microsoft Microsoft AZ-104 microsoft az-104 dumps microsoft az-104 dumps pdf microsoft az-104 exam dumps microsoft az-104 pdf microsoft az-104 practice test microsoft az-104 study guide Microsoft Role-based

[Otc 2020] New Microsoft AZ-104 Brain dumps and online practice tests are shared from Lead4Pass (latest Updated)

The latest Microsoft AZ-104 dumps by Lead4Pass helps you pass the AZ-104 exam for the first time! Lead4Pass Latest Update Microsoft AZ-104 VCE Dump and AZ-104 PDF Dumps, Lead4Pass AZ-104 Exam Questions Updated, Answers corrected! Get the latest LeadPass AZ-104 dumps with Vce and PDF: https://www.lead4pass.com/az-104.html (Q&As: 395 dumps)

[Free AZ-104 PDF] Microsoft AZ-104 Dumps PDF can be collected on Google Drive shared by Lead4Pass:
https://drive.google.com/file/d/1IoLu2bisZ7Q5axj5BKZHEukOvECNqt5f/

[Lead4pass AZ-104 Youtube] Microsoft AZ-104 Dumps can be viewed on Youtube shared by Lead4Pass

Microsoft AZ-104 Online Exam Practice Questions

QUESTION 1
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1.
VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
A. IP flow verify
B. Connection troubleshoot
C. Connection monitor
D. NSG flow logs
Correct Answer: C

The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency,
and network topology changes between the VM and the endpoint Incorrect Answers:
A: The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or
UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the
connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the
communication, so that you can resolve the problem.
B: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a
URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but
tests the connection at a point in time, rather than monitoring it over time, as the connection monitor does.
D: The NSG flow log capability allows you to log the source and destination IP address, port, protocol, and whether
traffic was allowed or denied by an NSG.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

 

QUESTION 2
You have an Azure subscription that contains the storage accounts shown in the following table.lead4pass az-104 exam questions q2

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting
a live migration from Azure support. What should you identify?
A. Storage1
B. Storage2
C. Storage3
D. Storage4
Correct Answer: B
ZRS currently supports standard general-purpose v2, FileStorage, and BlockBlobStorage storage account types.
Incorrect Answers:
A, not C: Live migration is supported only for storage accounts that use LRS replication. If your account uses GRS or
RA-GRS, then you need to first change your account\\’s replication type to LRS before proceeding. This intermediary
step
removes the secondary endpoint provided by GRS/RA-GRS.
Also, only standard storage account types support live migration. Premium storage accounts must be migrated
manually.
D: ZRS currently supports standard general-purpose v2, FileStorage, and BlockBlobStorage storage account types.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

QUESTION 3
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. From the Licenses blade, assign a new license
B. From the Directory role blade, modify the directory role
C. From the Groups blade, invite the user account to a new group
Correct Answer: B
Assign a role to a user
Sign in to the Azure portal with an account that\\’s a global admin or privileged role admin for the directory.
Select Azure Active Directory, select Users, and then select a specific user from the list.
For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory
roles list, such as Conditional access administrator.
Press Select to save.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

 

QUESTION 4
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named
contoso.onmicrosoft.com:lead4pass az-104 exam questions q4

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts on external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create user accounts.
Does that meet the goal?
A. Yes
B. No
Correct Answer: B
Only a global administrator can add users to this tenant.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

 

QUESTION 5
You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit. (Click
the Exhibit button.)lead4pass az-104 exam questions q5

You need to enable the Desired State Configuration for VM1. What should you do first?
A. Configure a DNS name for VM1.
B. Start VM1.
C. Connect to VM1.
D. Capture a snapshot of VM1.
Correct Answer: B
Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with Azure.
The VM needs to be started.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows

 

QUESTION 6
You have an Azure subscription named Subscription1 that contains the resources in the following table.lead4pass az-104 exam questions q6

Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.) For each of the following statements, select
Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area: lead4pass az-104 exam questions q6-1

Correct Answer:

lead4pass az-104 exam questions q6-2

 

QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1
contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-firsttemplate?tabs=azure-powershell

 

QUESTION 8
You need to recommend an identity solution that meets the technical requirements. What should you recommend?
A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
B. password hash synchronization and single sign-on (SSO)
C. cloud-only user accounts
D. Pass-through Authentication and single sign-on (SSO)
Correct Answer: A
Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows
sharing of identity information outside a company\\’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure. References:
https://www.sherweb.com/blog/active-directory-federation-services/

 

QUESTION 9
You have a pay-as-you-go Azure subscription that contains the virtual machines shown in the following table.lead4pass az-104 exam questions q9

You create the budget shown in the following exhibit.

lead4pass az-104 exam questions q9-1

The AG1 action group contains a user named [email protected] only. Use the drop-down menus to select the
answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct
selection is worth one point.
Hot Area:

lead4pass az-104 exam questions q9-2

Box 1: VM1 is turned off, and VM2 continues to run
The budget alerts are for Resource Group RG1, which include VM1, but not VM2. Box 2: one email notification will be
sent each month. Budget alerts for Resource Group RG1, which include VM1, but not VM2.VM1 consumes 20
Euro/day.
The 50%,500 Euro limit, will be reached in 25 days, and an email will be sent. The 70% and 100% alert conditions will
not be reached within a month, and they don\\’t trigger email actions anyway.
Credit alerts: Credit alerts are generated automatically at 90% and at 100% of your Azure credit balance. Whenever an
alert is generated, it\\’s reflected in cost alerts and in the email sent to the account owners. 90% and 100% will not be
reached though.
References:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending

 

QUESTION 10
HOTSPOT
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
1.
Replicates synchronously.
2.
Remains available if a single data center in the region fails.
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 exam questions q10

Correct Answer:

lead4pass az-104 exam questions q10-1

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only supports GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

QUESTION 11
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is
synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.lead4pass az-104 exam questions q11

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication
methods:
*
Number of methods required to reset: 2
*
Methods available to users: Mobile phone, Security questions
*
Number of questions required to register: 3
*
Number of questions required to reset: 3
You select the following security questions:
*
What is your favorite food?
*
In what city was your first job?
*
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-104 exam questions q11-1

Box 1: No Administrator accounts are special accounts with elevated permissions. To secure them, the following
restrictions apply to change passwords of administrators: On-premises enterprise administrators or domain
administrators cannot reset their password through Self-service password reset (SSPR). They can only change their
password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin accounts to Azure
AD. An administrator cannot use secret Questions and Answers as a method to reset passwords. Box 2: Yes Self-service
password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without
needing to contact IT, staff. Box 3: Yes References: https://docs.microsoft.com/en-us/azure/activedirectory/authentication/howto-sspr-deployment

 

QUESTION 12
Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the
following resources:
1.
A web app named webapp1
2.
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1.
What should you deploy?
A. an Azure Application Gateway
B. an Azure Active Directory (Azure AD) Application Proxy
C. an Azure Virtual Network Gateway
Correct Answer: C
A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network
over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a VPN gateway,
located on-premises that has an externally facing public IP address assigned to it.
Incorrect Answers:
B: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote
client.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-managerportal

 

QUESTION 13
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name
should you use it?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Correct Answer: D
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial
domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For
example, your organization probably has other domain names used to do business and users who sign in using your
corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory
that are familiar to your users, such as \\’[email protected]\\’ instead of \\’[email protected] name.onmicrosoft.com\\’.
Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each
office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest
named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be
synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/addcustom-domain


latest updated Microsoft AZ-104 exam questions from the Lead4Pass AZ-104 dumps! 100% pass the AZ-104 exam! Download Lead4Pass AZ-104 VCE and PDF dumps: https://www.lead4pass.com/az-104.html (Q&As: 395 dumps)

Get free Microsoft AZ-104 dumps PDF online: https://drive.google.com/file/d/1IoLu2bisZ7Q5axj5BKZHEukOvECNqt5f/