Microsoft Azure Administrator exam dumps

Welcome! We go directly to the topic. This is a blog about Microsoft AZ-104 exam questions.
We shared the newly updated Microsoft AZ-104 exam questions and answers. You can practice the test online.
You can also download the AZ-104 exam PDF online for free on Google Drive.
All free content comes from Lead4Pass AZ-104 exam dumps https://www.leads4pass.com/az-104.html (PDF+VCE).
Lead4Pass has complete AZ-104 exam questions and answers. All exam questions have been updated to ensure immediate validity!

Microsoft AZ-104 exam discount code comes from Lead4Pass

Our topic today includes the exam discount code for AZ-104, so here’s a look at the latest updates for 2021!

microsoft coupon code

Microsoft AZ-104 Exam pdf

Microsoft AZ-104 Exam pdf is part of the Lead4Pass AZ-104 exam dumps, and free content is also up-to-date,
helping you stay up-to-date with some of the latest exam content

Microsoft AZ-104 free online practice test

QUESTION 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear on the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www
that has an IP address of 131.107.1.10. You discover that Internet hosts are unable to resolve www.contoso.com to the
131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Modify the Name Server (NS) record.
An NS record would be created automatically and you cannot modify it (but you can add to it to support co-hosting
domains). You can add additional name servers to this NS record set, to support co-hosting domains with more than one DNS provider. You can also modify the TTL and metadata for this recordset. However, you cannot remove or modify the prepopulated Azure DNS name servers.
References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

QUESTION 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a packet capture. Does this meet the goal?

A. Yes
B. No

Correct Answer: A

https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection- monitor-inall-publications/

QUESTION 3

Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that
has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the name server at the domain registrar.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

QUESTION 4

You have an Azure virtual machine mat that runs Windows Server 2019 and has the following configurations:
*
Name: VM1
*
Location: Welt US
*
Connected to: VNfT1
*
Private IP address: 10.1.0.4
*
Public IP address: 52 18685.63
*
DNS suffix m Windows Server.Adatum.com
You create the Azure DNS zones shown in the following table.

microsoft az-104 exam questions q4

1.
Adatum.com only
2.
Adatum. pri and adatum.com only

QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?

A. Yes
B. No

Correct Answer: A

The Logic App Contributor role lets you manage the logic app, but not access them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

QUESTION 6

Which blade should you instruct the finance department auditors to use?

A. Partner information
B. Overview
C. Payment methods
D. Invoices

Correct Answer: D

You can opt-in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.

microsoft az-104 exam questions q6

Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date

QUESTION 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From the Azure CLI, you run a copy.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Kubectl is not installed by installing AZ CLI. As stated Azure CLI is already available but installing Azure CLI doesn\’t mean that the Azure Kubernetes client is also installed. So before running any aks command, we have to install kubectl, the Kubernetes command-line client. az aks install-CLI Reference: https://docs.microsoft.com/en-us/azure/aks/kuberneteswalkthrough#connect-to-the-cluster

QUESTION 8

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any
resources. RG1 contains the resources in the following table.

microsoft az-104 exam questions q8

Which resource can you move to RG2?

A. W10_OsDisk
B. VNet1
C. VNet3
D. W10

Correct Answer: B

When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource. Incorrect Answers:
A: Managed disks don\’t support the move.
C: Virtual networks (classic) can\’t be moved.
D: Virtual machines with the managed disks cannot be moved. References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move- resources#virtual-machineslimitations

QUESTION 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers. Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Through activity logs, you can determine:
1. what operations were taken on the resources in your subscription
2. who started the operation
3. when the operation occurred
4. the status of the operation
5. the values of other properties that might help you research the operation
1. On the Azure portal menu, select Monitor, or search for and select Monitor from any page
2. Select Activity Log.

microsoft az-104 exam questions q9
microsoft az-104 exam questions q9-1
  1. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on
    the summary includes who started the action and when it happened.
microsoft az-104 exam questions q9-2

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs

QUESTION 10

HOTSPOT
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same
availability set. You need to ensure that as many virtual machines as possible are available in the fabric fails or during servicing. How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-104 exam questions q10

Correct Answer:

microsoft az-104 exam questions q10-1

as per https://docs.microsoft.com/en-us/rest/api/compute/availabilitysets/createorupdate

you can only specify an integer, so 3 and 20 are the answers (not max, and for sure not 0) Request Body Name Required Type Description properties.platformFaultDomainCount integer Fault Domain count. properties.platformUpdateDomainCount integer Update Domain count. Use two fault domains. 2 or 3 is the max value, depending on which region you are in. Use 20 for platformUpdateDomainCount Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
References:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks
https://github.com/Azure/acs-engine/issues/1030

QUESTION 11

You have an Azure subscription named Subscription 1 that contains two Azure virtual networks named VNet1 and
VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection
between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a
point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2.
What should you do?

A. Select Allow gateway transit on VNet2.
B. Select Allow gateway transit on VNet1.
C. Download and re-install the VPN client configuration package on Client1.
D. Enable BGP on VPNGW1

Correct Answer: C

References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

QUESTION 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest
Labs. You would need the Logic App Contributor role.

References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

QUESTION 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource provider’s blade, you unregister Microsoft.ClassicNetwork provider.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

You should use a policy definition.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

QUESTION 14

HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources in the following table.

microsoft az-104 exam questions q14

VM1 and VM2 run the websites in the following table.

microsoft az-104 exam questions q14-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-104 exam questions q14-2

Correct Answer:

microsoft az-104 exam questions q14-3

Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com

QUESTION 15

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an
Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to
AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?

A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace.

Correct Answer: B

With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a
namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-credentials
command.
When a user then interacts with the AKS cluster with kubectl, they\’re prompted to sign in with their Azure AD
credentials. This approach provides a single source for user account management and password credentials. The user
can only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on
top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation.
From inside of the Kubernetes cluster, Webhook Token Authentication is used to verify authentication tokens. Webhook token authentication is configured and managed as part of the AKS cluster.

microsoft az-104 exam questions q15

Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/ https://docs.microsoft.com/enus/azure/aks/concepts-identity

Summary:

This article shares the latest updated Microsoft AZ-104 exam dumps https://www.leads4pass.com/az-104.html (Total Questions: 500 Q&A). Free online practice test, free online download of exam pdf, and Lead4pass 15% exam discount code 2021.

ps.

Microsoft AZ-104 Exam pdf is part of the Lead4Pass AZ-104 exam dumps, and free content is also up-to-date,
helping you stay up-to-date with some of the latest exam content