Secure Triumph with Assurance: Latest AZ-104 Braindumps Assure Exam Success and Provide a Boost of Confidence in Your Abilities!
Harness the power of open-mindedness as you delve into the vast universe of knowledge contained within the AZ-104 dumps. Designed to cater to a modern learner\’s evolving needs, the AZ-104 dumps shine a spotlight on a diverse range of practice questions, facilitating a holistic understanding. Whether it\’s the crisp clarity of the PDFs that piques curiosity or the immersive experience of the VCE format that fosters engagement, the AZ-104 dumps are your companions in this journey. A pioneering study guide, in perfect harmony with the AZ-104 dumps, navigates the vast seas of knowledge, ensuring smooth sailing. Embracing the transformative potential of these tools, we proudly uphold our 100% Pass Guarantee.
Embark on a journey to victory with our free download of the AZ-104 study guide and braindumps
Question 1:
HOTSPOT
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
1.
Subnet: 10.0.0.0/24
2.
Availability set: AVSet
3.
Network security group (NSG): None
4.
Private IP address: 10.0.0.4 (dynamic)
5.
Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1.
You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Remove the public IP address from VM1 If the Public IP on VM1 is set to Dynamic, that means it is a Public IP with Basic SKU because Public IPs with Standard SKU have Static assignments by default, that cannot be changed. We cannot associate Basic SKUs IPs with Standard SKUs LBs. One cannot create a backend SLB pool if the VM to be associated has a Public IP. For Private IP it doesn\’t matter weather it is dynamic or static, still we can add the such VM into the SLB backend pool.
Box 2: Create and configure an NSG Standard Load Balancer is built on the zero trust network security model at its core. Standard Load Balancer secure by default and is part of your virtual network. The virtual network is a private and isolated network. This means Standard Load Balancers and Standard Public IP addresses are closed to inbound flows unless opened by Network Security Groups. NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a subnet or NIC of your virtual machine resource, traffic is not allowed to reach this resource. To learn more about NSGs and how to apply them for your scenario, see Network Security Groups. Basic Load Balancer is open to the internet by default.
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portal https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Question 2:
You have an Azure Active Directory (Azure AD) tenant named Contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.
The user have the attributes shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You create a new user account in Azure AD for User3.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication- methods
Question 3:
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Use managed disks
B. Availability options
C. OS disk type
D. Size
E. Image
Correct Answer: AB
Your VMs should use managed disks if you want to move them to an Availability Zone by using Site Recovery.
When you create a VM for an Availability Zone, Under Settings > High availability, select one of the numbered zones from the Availability zone dropdown.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone
https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#availability-zones
Question 4:
HOTSPOT
You have an Azure subscription that contains a virtual network named VNET1 in the East US 2 region. A network interface named VM1-NI is connected to VNET1.
You successfully deploy the following Azure Resource Manager template.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:Eachcorrectselectionisworthonepoint.
Hot Area:
Correct Answer:
Question 5:
You have an on-premises network that contains a database server named dbserver1.
You have an Azure subscription.
You plan to deploy three Azure virtual machines. Each virtual machine will be deployed to a separate availability zone.
You need to configure an Azure VPN gateway for a site-to-site VPN. The solution must ensure that the virtual machines can connect to dbserver1.
Which type of public IP address SKU and assignment should you use for the gateway?
A. a basic SKU and a static IP address assignment
B. a standard SKU and a static IP address assignment
C. a basic SKU and a dynamic IP address assignment
Correct Answer: B
Azure VPN gateways support both dynamic and static IP address assignment options.
By using a Standard SKU public IP address with a static IP address assignment, you can ensure a reliable and consistent VPN gateway configuration for your site-to-site VPN. This will allow the virtual machines deployed across different
availability zones in Azure to connect securely to dbserver1 in your on-premises network.
Question 6:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You need to use a custom policy definition, because there is not a built-in policy.
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and
more easily manage your resources.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies
Question 7:
You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?
A. slots to the Testing in production blade
B. a performance test
C. a WebJob
D. templates to the Automation script blade
Correct Answer: A
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or
more of your deployment slots.
Example:
References: https://stackify.com/azure-deployment-slots/
Question 8:
HOTSPOT
You have an Azure App Service web app named app1.
You configure autoscaling as shown in following exhibit.
You configure the autoscale rule criteria as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic. NOTE Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 9:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You add the Microsoft Monitoring Agent VM extension to VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You add the Microsoft Monitoring Agent VM extension to VM1 > This is WRONG You Install the Microsoft Monitoring Agent VM agent to VM1 > This is Correct
1.
Log analytics agent – Install in VM.
2.
Log analytics workspace – collect the log files from Log Analytics Agent.
3.
Azure Monitor – Create alert based on logs read from Log Analytics Workspace.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Question 10:
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
A. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.
B. For Rule5, change the Action to Allow and change the priority to 401.
C. Delete Rule1.
D. Modify the protocol of Rule4.
Correct Answer: B
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500. Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port 443. Note: Rules are processed in priority order, with lower numbers
processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops.
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 11:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription with a storage account.
You want to use the Azure Import/Export service to import files to the storage account.
Solution: You create a XML manifest file.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file Modify the driveset.csv file in the root folder where the tool resides.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
Question 12:
HOTSPOT
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shows in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
1.
Number of methods required to reset: 2
2.
Methods available to users: Mobile phone, Security questions
3.
Number of questions required to register: 3
4.
Number of questions required to reset: 3
You select the following security questions:
1.
What is your favorite food?
2.
In what city was your first job?
3.
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not
syncing on-prem AD admin accounts to Azure AD. An administrator cannot use secret Questions and Answers as a method to reset password.
Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
Question 13:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the name servers at the domain registrar.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Modify the Name Server (NS) record.
References:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
Question 14:
DRAG DROP
You create an Azure Migrate project named TestMig in a resource group named test-migration. You need to discover which on-premises virtual machines to assess for migration. Which three actions should you perform in sequence? To answer, select the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Download the OVA file for the collection appliance Azure Migrate uses an on-premises VM called the collector appliance, to discover information about your on-premises machines. To create the appliance, you download a setup file in
Open Virtualization Appliance (.ova) format, and import it as a VM on your on-premises vCenter Server.
Step 2: Create a migration group in the project
For the purposes of assessment, you gather the discovered VMs into groups. For example, you might group VMs that run the same application. For more precise grouping, you can use dependency visualization to view dependencies of a
specific machine, or for all machines in a group and refine the group.
Step 3: Create an assessment in the project
After a group is defined, you create an assessment for it.
References:
https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Question 15:
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
A. Move VNet1 to Subscription2.
B. Modify the IP address space of VNet2.
C. Provision virtual network gateways.
D. Move VM1 to Subscription2.
Correct Answer: C
There is no overlap between the VNets: VNet1: 10.0.0.0/16 – CIDR IP Range 10.0.0.0 – 10.0.255.255 VNet2: 10.10.0.0/24 – CIDR IP Range 10.10.0.0 – 10.0.0.255
Note: If a virtual network has address ranges that overlap with another virtual network or on-premises network, the two networks can\’t be connected.
You can connect virtual networks (VNets) by using the VNet-to-VNet connection type. Virtual networks can be in different regions and from different subscriptions. When you connect VNets from different subscriptions, the subscriptions don\’t need to be associated with the same Active Directory tenant.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways