The latest Microsoft AZ-104 dumps by Lead4Pass helps you pass the AZ-104 exam for the first time! Lead4Pass Latest Update Microsoft AZ-104 VCE Dump and AZ-104 PDF Dumps, Lead4Pass AZ-104 Exam Questions Updated, Answers corrected! Get the latest LeadPass AZ-104 dumps with Vce and PDF: https://www.leads4pass.com/az-104.html (Q&As: 395 dumps)

[Free AZ-104 PDF] Microsoft AZ-104 Dumps PDF can be collected on Google Drive shared by Lead4Pass:
https://drive.google.com/file/d/1IoLu2bisZ7Q5axj5BKZHEukOvECNqt5f/

[Lead4pass AZ-104 Youtube] Microsoft AZ-104 Dumps can be viewed on Youtube shared by Lead4Pass

https://youtube.com/watch?v=IaurLHMVDuQ

Microsoft AZ-104 Online Exam Practice Questions

QUESTION 1
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1.
VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
A. IP flow verify
B. Connection troubleshoot
C. Connection monitor
D. NSG flow logs
Correct Answer: C

The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency,
and network topology changes between the VM and the endpoint Incorrect Answers:
A: The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or
UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the
connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the
communication, so that you can resolve the problem.
B: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a
URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but
tests the connection at a point in time, rather than monitoring it over time, as the connection monitor does.
D: The NSG flow log capability allows you to log the source and destination IP address, port, protocol, and whether
traffic was allowed or denied by an NSG.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

 

QUESTION 2
You have an Azure subscription that contains the storage accounts shown in the following table.lead4pass az-104 exam questions q2

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting
a live migration from Azure support. What should you identify?
A. Storage1
B. Storage2
C. Storage3
D. Storage4
Correct Answer: B
ZRS currently supports standard general-purpose v2, FileStorage, and BlockBlobStorage storage account types.
Incorrect Answers:
A, not C: Live migration is supported only for storage accounts that use LRS replication. If your account uses GRS or
RA-GRS, then you need to first change your account\\’s replication type to LRS before proceeding. This intermediary
step
removes the secondary endpoint provided by GRS/RA-GRS.
Also, only standard storage account types support live migration. Premium storage accounts must be migrated
manually.
D: ZRS currently supports standard general-purpose v2, FileStorage, and BlockBlobStorage storage account types.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

QUESTION 3
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. From the Licenses blade, assign a new license
B. From the Directory role blade, modify the directory role
C. From the Groups blade, invite the user account to a new group
Correct Answer: B
Assign a role to a user
Sign in to the Azure portal with an account that\\’s a global admin or privileged role admin for the directory.
Select Azure Active Directory, select Users, and then select a specific user from the list.
For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory
roles list, such as Conditional access administrator.
Press Select to save.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

 

QUESTION 4
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named
contoso.onmicrosoft.com:lead4pass az-104 exam questions q4

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts on external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create user accounts.
Does that meet the goal?
A. Yes
B. No
Correct Answer: B
Only a global administrator can add users to this tenant.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

 

QUESTION 5
You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit. (Click
the Exhibit button.)lead4pass az-104 exam questions q5

You need to enable the Desired State Configuration for VM1. What should you do first?
A. Configure a DNS name for VM1.
B. Start VM1.
C. Connect to VM1.
D. Capture a snapshot of VM1.
Correct Answer: B
Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with Azure.
The VM needs to be started.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows

 

QUESTION 6
You have an Azure subscription named Subscription1 that contains the resources in the following table.lead4pass az-104 exam questions q6

Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.) For each of the following statements, select
Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area: lead4pass az-104 exam questions q6-1

Correct Answer:

lead4pass az-104 exam questions q6-2

 

QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1
contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-firsttemplate?tabs=azure-powershell

 

QUESTION 8
You need to recommend an identity solution that meets the technical requirements. What should you recommend?
A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
B. password hash synchronization and single sign-on (SSO)
C. cloud-only user accounts
D. Pass-through Authentication and single sign-on (SSO)
Correct Answer: A
Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows
sharing of identity information outside a company\\’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure. References:
https://www.sherweb.com/blog/active-directory-federation-services/

 

QUESTION 9
You have a pay-as-you-go Azure subscription that contains the virtual machines shown in the following table.lead4pass az-104 exam questions q9

You create the budget shown in the following exhibit.

lead4pass az-104 exam questions q9-1

The AG1 action group contains a user named [email protected] only. Use the drop-down menus to select the
answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct
selection is worth one point.
Hot Area:

lead4pass az-104 exam questions q9-2

Box 1: VM1 is turned off, and VM2 continues to run
The budget alerts are for Resource Group RG1, which include VM1, but not VM2. Box 2: one email notification will be
sent each month. Budget alerts for Resource Group RG1, which include VM1, but not VM2.VM1 consumes 20
Euro/day.
The 50%,500 Euro limit, will be reached in 25 days, and an email will be sent. The 70% and 100% alert conditions will
not be reached within a month, and they don\\’t trigger email actions anyway.
Credit alerts: Credit alerts are generated automatically at 90% and at 100% of your Azure credit balance. Whenever an
alert is generated, it\\’s reflected in cost alerts and in the email sent to the account owners. 90% and 100% will not be
reached though.
References:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending

 

QUESTION 10
HOTSPOT
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
1.
Replicates synchronously.
2.
Remains available if a single data center in the region fails.
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-104 exam questions q10

Correct Answer:

lead4pass az-104 exam questions q10-1

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only supports GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

QUESTION 11
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is
synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.lead4pass az-104 exam questions q11

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication
methods:
*
Number of methods required to reset: 2
*
Methods available to users: Mobile phone, Security questions
*
Number of questions required to register: 3
*
Number of questions required to reset: 3
You select the following security questions:
*
What is your favorite food?
*
In what city was your first job?
*
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-104 exam questions q11-1

Box 1: No Administrator accounts are special accounts with elevated permissions. To secure them, the following
restrictions apply to change passwords of administrators: On-premises enterprise administrators or domain
administrators cannot reset their password through Self-service password reset (SSPR). They can only change their
password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin accounts to Azure
AD. An administrator cannot use secret Questions and Answers as a method to reset passwords. Box 2: Yes Self-service
password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without
needing to contact IT, staff. Box 3: Yes References: https://docs.microsoft.com/en-us/azure/activedirectory/authentication/howto-sspr-deployment

 

QUESTION 12
Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the
following resources:
1.
A web app named webapp1
2.
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1.
What should you deploy?
A. an Azure Application Gateway
B. an Azure Active Directory (Azure AD) Application Proxy
C. an Azure Virtual Network Gateway
Correct Answer: C
A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network
over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a VPN gateway,
located on-premises that has an externally facing public IP address assigned to it.
Incorrect Answers:
B: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote
client.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-managerportal

 

QUESTION 13
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name
should you use it?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Correct Answer: D
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial
domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For
example, your organization probably has other domain names used to do business and users who sign in using your
corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory
that are familiar to your users, such as \\’[email protected].\\’ instead of \\’alice@domain name.onmicrosoft.com\\’.
Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each
office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest
named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be
synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/addcustom-domain


latest updated Microsoft AZ-104 exam questions from the Lead4Pass AZ-104 dumps! 100% pass the AZ-104 exam! Download Lead4Pass AZ-104 VCE and PDF dumps: https://www.leads4pass.com/az-104.html (Q&As: 395 dumps)

Get free Microsoft AZ-104 dumps PDF online: https://drive.google.com/file/d/1IoLu2bisZ7Q5axj5BKZHEukOvECNqt5f/