[MAR 2021] Microsoft AZ-104 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft AZ-104 exam dumps and free AZ-104 exam practice questions and answers! Latest updates from Lead4Pass Microsoft AZ-104 Dumps PDF and AZ-104 Dumps VCE, Lead4Pass AZ-104 exam questions updated and answers corrected!
Get the full Microsoft AZ-104 dumps from https://www.lead4pass.com/az-104.html (VCE&PDF)

Latest AZ-104 PDF for free

Share the Microsoft AZ-104 Dumps PDF for free From Lead4pass AZ-104 Dumps part of the distraction collected on Google Drive shared by Lead4pass

The latest updated Microsoft AZ-104 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

You deploy an Azure Application Gateway.
You need to ensure that all the traffic requesting https://adatum.com/internal resources is directed to an internal server
pool and all the traffic requesting https://adatum.com/external resources are directed to an external server pool.
What should you configure on the Application Gateway?
A. URL path-based routing
B. multi-site listeners
C. basic routing
D. SSL termination
Correct Answer: A
URL Path-Based Routing allows you to route traffic to backend server pools based on the URL Paths of the request.
In the question, there are two different paths from where the traffic is getting generated as below
https://adatum.com/internal https://adatum.com/external
So in this case we can use the URL path-based routing feature of Application Gateway.[2021.3] lead4pass az-104 practice test q1

Reference: https://docs.microsoft.com/en-us/azure/application-gateway/url-route-overview

You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name
should you use it?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Correct Answer: D
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial
domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For
example, your organization probably has other domain names used to do business and users who sign in using your
corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory
that are familiar to your users, such as \\’[email protected]\\’ instead of \\’[email protected] name.onmicrosoft.com\\’.
Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each
office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest
named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be
synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/addcustom-domain


You need to meet the connection requirements for the New York office. What should you do? To answer, select the
appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:[2021.3] lead4pass az-104 practice test q3

Correct Answer:

[2021.3] lead4pass az-104 practice test q3-1

Box 1: Create a virtual network gateway and a local network gateway. Azure VPN gateway. The VPN gateway service
enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see
Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing
traffic from the on-premises network to the VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to
the on-premises network is routed through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements,
described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On-premises create a site-to-site connection for the virtual network gateway and the local network gateway.

[2021.3] lead4pass az-104 practice test q3-2

Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection
is private. Traffic does not go over the internet.


You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated with a different
Azure AD tenant. Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine
named VM1
and has an IP address space of Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of
You need to connect VNet1 to VNet2.
What should you do first?
A. Move VNet1 to Subscription2.
B. Modify the IP address space of VNet2.
C. Provision virtual network gateways.
D. Move VM1 to Subscription2.
Correct Answer: C
The virtual networks can be in the same or different regions, and from the same or different subscriptions. When
connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active
Directory tenant. Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual
network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-tosite IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure
tunnel using IPsec/IKE, and both function the same way when communicating. The local network gateway for each
VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway
in order to route traffic. References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnetresource-manager-portal


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear on the review screen. You have an Azure virtual machine named VM1. VM1
was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: Solution: From the Overview blade, you move the virtual machine to a different subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You would need to Redeploy the VM.


You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure
networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:[2021.3] lead4pass az-104 practice test q6

Correct Answer:

[2021.3] lead4pass az-104 practice test q6-1


You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup.
You delete VM1.
You need to remove the backup data stored for VM1.
What should you do first?
A. Modify the backup policy.
B. Delete the Recovery Services vault.
C. Stop the backup.
D. Delete the storage account.
Correct Answer: C
Azure Backup provides backup for virtual machines — created through both the classic deployment model and the Azure
Resource Manager deployment model — by using custom-defined backup policies in a Recovery Services vault. With
release of backup policy management, customers can manage backup policies and model them to meet their changing
requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and
unnecessary policies to meet their compliance requirements.
Incorrect Answers:
You can\\’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a
vault, but can\\’t, the vault is still configured to receive backup data.


You have the Azure virtual machines shown in the following table.[2021.3] lead4pass az-104 practice test q8

You need 10 to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What
should you do?
A. Add service endpoints on VNET2 and VNET3.
B. Configure peering between VNE11, VNETT2, and VNET3.
C. Configure a conditional forwarder on VM1
D. Add service endpoints on VNET1.
Correct Answer: C
An Azure AD DS DNS zone should only contain the zone and records for the managed domain itself. A conditional
forwarder is a configuration option in a DNS server that lets you define a DNS domain, such as contoso.com, to forward
queries to. Instead of the local DNS server trying to resolve queries for records in that domain, DNS queries are
forwarded to the configured DNS for that domain. This configuration makes sure that the correct DNS records are
returned, as you don\\’t create a local DNS zone with duplicate records in the managed domain to reflect those
resources. To create a conditional forwarder in your managed domain, complete the following steps:
Select your DNS zone, such as aaddscontoso.com.
Select Conditional Forwarders, then right-select and choose New Conditional Forwarder…
Enter your other DNS Domain, such as contoso.com, then enter the IP addresses of the DNS servers for that
namespace, as shown in the following example:
Check the box for Store this conditional forwarder in Active Directory, and replicate it as follows, then select the option
for All DNS servers in this domain, as shown in the following example:
To create the conditional forwarder, select OK.
Name resolution of the resources in other namespaces from VMs connected to the managed domain should now
resolve correctly. Queries for the DNS domain configured in the conditional forwarder are passed to the relevant DNS

[2021.3] lead4pass az-104 practice test q8-1 [2021.3] lead4pass az-104 practice test q8-2

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-roleinstances https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns


You have an Azure subscription that contains the public load balancers shown in the following table.[2021.3] lead4pass az-104 practice test q9

You plan to create six virtual machines and load balancer requests to the virtual machines. Each load balancer will
load balance three virtual machines. You need to create the virtual machines for the planned solution. How should you
create virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-104 practice test q9-1

Box 1: be created in the same availability set or virtual machine scale set. The Basic tier is quite restrictive. A load
balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability
sets, and machines.


You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named
contoso.onmicrosoft.com. The tenant contains the users shown in the following table.[2021.3] lead4pass az-104 practice test q10

You plan to share a cloud resource with the All Users group. You need to ensure that User1, User2, User3, and User4 can
connect successfully to the cloud resource.
What should you do first?
A. Create a user account of the member type for User4.
B. Create a user account of the member type for User3.
C. Modify the Directory-wide Groups settings.
D. Modify the External collaboration settings.
Correct Answer: C
Ensure that “Enable an \\’ All Users\\’ group in the directory” policy is set to “Yes” in your Azure Active Directory (AD)
settings in order to enable the “All Users” group for centralized access administration. This group represents the entire
collection of Active Directory users, including guests and external users, that you can use to make the access
permissions easier to manage within your directory.
Incorrect Answers:
A, B: User3 and User4 are guests already.
Note: By default, all users and guests in your directory can invite guests even if they\\’re not assigned to an admin role.
External collaboration settings let you turn guest invitations on or off for different types of users in your organization.
can also delegate invitations to individual users by assigning roles that allow them to invite guests.


You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2. You plan to implement an
Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the
hardware hosting VM1 and VM2.
What should you include in the Availability Set?
A. one update domain
B. two fault domains
C. one fault domain
D. two update domains
Correct Answer: D
Microsoft updates, which Microsoft refers to as planned maintenance events, sometimes require that VMs be rebooted
to complete the update. To reduce the impact on VMs, the Azure fabric is divided into updated domains to ensure that
all VMs are rebooted at the same time.
Incorrect Answers:
A: An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
B, C: A fault domain shares common storage as well as a common power source and network switch. It is used to
protect against unplanned system failure.
References: https://petri.com/understanding-azure-availability-sets https://docs.microsoft.com/en-us/azure/virtualmachines/windows/tutorial-availability-sets


You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app
named App1.
You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
What should you deploy?
A. all three virtual machines in a single Availability Zone
B. all virtual machines in a single Availability Set
C. each virtual machine in a separate Availability Zone
D. each virtual machine in a separate Availability Set
Correct Answer: B
Availability sets are a datacenter configuration to provide VM redundancy and availability. This configuration within a
datacenter ensures that during either a planned or unplanned maintenance event, at least one virtual machine is

You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.[2021.3] lead4pass az-104 practice test q13

You need to recommend a networking solution to meet the following requirements:
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-104 practice test q13-1

Correct Answer:

[2021.3] lead4pass az-104 practice test q13-2

Box 1: an internal load balancer Azure Internal Load Balancer (ILB) provides network load balancing between virtual
machines that reside inside a cloud service or a virtual network with a regional scope. Box 2: an application gateway
that uses the WAF tier Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized
protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted
by malicious attacks that exploit commonly known vulnerabilities. References: https://docs.microsoft.com/enus/azure/web-application-firewall/ag/ag-overview

Fulldumps shares the latest updated Microsoft AZ-104 exam exercise questions, AZ-104 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-104 exam dumps questions at: https://www.lead4pass.com/az-104.html (pdf&vce)

Get free Microsoft AZ-104 dumps PDF online: https://drive.google.com/file/d/1D1USsX5ML464scD9Df8P_Hga4jFL94Af/