AZ-104 dumps | AZ-104 dumps pdf | AZ-104 exam dumps | AZ-104 exam questions | AZ-104 study material | AZ-104 braindumps
The Microsoft AZ-104 certification exam is so difficult, it is impossible to do all this without practicing the AZ-104 exam, for which you will need AZ-104 exam questions. If you put in 100% effort, sharing our latest Microsoft AZ-104 exam dumps with you will help you. Choose AZ-104 dumps https://www.pass4itsure.com/az-104.html to help you succeed!
Updated: Microsoft AZ-104 Dumps
| Pass4itsure AZ-104 Exam Questions & Answers | Jul 07, 2020 |
About Microsoft AZ-104 Dumps Pdf
Exam AZ-104: Microsoft Azure Administrator https://docs.microsoft.com/en-us/learn/certifications/exams/az-104
[FREE] Microsoft AZ-104 Dumps Pdf https://drive.google.com/file/d/1hW8GyoIGSMk1vQ6kRBZ-gbK2XBhckcOg/view?usp=sharing From drive.google
Microsoft Azure Administrator Associate AZ-104 [2020] Practice Exam Questions
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure
when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft
Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert
rules that automatically run log searches at regular intervals, and if results of the log search match particular criteria,
then an
alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in
Azure, other cloud providers, and on-premises. It collects data into a Log Analytics workspace.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/enus/azure/azure-monitor/platform/agents-overview
QUESTION 2
You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account
as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: always Endpoint status is enabled. Box 2: Never After you configure firewall and virtual network settings for your
storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure
Backup service to access the network restricted storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/enus/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/
QUESTION 3
You have an Azure subscription that contains the resource groups shown in the following table.
You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to
RG1. Which resources should you identify? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
QUESTION 4
You need to meet the connection requirements for the New York office. What should you do? To answer, select the
appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Create a virtual network gateway and a local network gateway. Azure VPN gateway. The VPN gateway service
enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see
Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following
elements:
*
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing
traffic from the on-premises network to the VNet.
*
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to
the on-premises network is routed through this gateway.
*
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the onpremises VPN appliance to encrypt traffic.
*
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements,
described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection
is private. Traffic does not go over the internet.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn
QUESTION 5
You need to create an Azure Storage account that meets the following requirements:
*
Minimizes costs
*
Supports hot, cool, and archive blob tiers
*
Provides fault tolerance if a disaster affects the Azure region where the account resides How should you complete the
command? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one
point
Hot Area:
Box 1: StorageV2
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2)
accounts. General Purpose v1 (GPv1) accounts do not support tiering. General-purpose v2 accounts deliver the lowest
pergigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
Incorrect Answers:
Locally-redundant storage (LRS): A simple, low-cost replication strategy. Data is replicated within a single storage scale
unit.
Read-access geo-redundant storage (RA-GRS): Cross-regional replication with read access to the replica. RA-GRS
provides read-only access to the data in the secondary location, in addition to geo- replication across two regions, but is
more expensive compared to GRS.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs https://docs.microsoft.com/enus/azure/storage/blobs/storage-blob-storage-tiers
QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
*
A virtual network that has a subnet named Subnet1
*
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
*
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop
connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules
and the
following custom inbound security rule:
*
Priority: 100
*
Source: Any
* Source port range: *
* Destination: *
*
Destination port range: 3389
*
Protocol: UDP
*
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to
Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound
security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork
destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?
A.
Yes
B.
No
Correct Answer: A
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create
your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.
Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest
Labs.
You would need the Logic App Contributor role.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/enus/azure/logic-apps/logic-apps-securing-a-logic-app
QUESTION 8
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the
NSGs. What should you use?
A. Diagram in VNet1
B. the security recommendations in Azure Advisor
C. Diagnostic settings in Azure Monitor
D. Diagnose and solve problems in Traffic Manager Profiles
E. IP flow verify in Azure Network Watcher
Correct Answer: E
QUESTION 9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named
VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client
configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You
modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet this goal?
A. Yes
B. No
Correct Answer: B
QUESTION 10
You need to prepare the environment to meet the authentication requirements. Which two actions should you perform?
Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Correct Answer: BD
D: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through
Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or
selected users\\’ Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com Incorrect Answers:
A: Seamless SSO needs the user\\’s device to be domain-joined, but doesn\\’t need for the device to be Azure AD
Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS). Scenario: Users in the Miami office
must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in
Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start
QUESTION 11
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory
domain. The tenant contains the users shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users. Solution: You add a
mobile phone number for User2 and User4. Does this meet the Goal?
A. Yes
B. No
Correct Answer: B
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
QUESTION 12
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting
a live migration from Azure support. What should you identify?
A. Storage1
B. Storage2
C. Storage3
D. Storage4
Correct Answer: B
ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
Incorrect Answers:
A, not C: Live migration is supported only for storage accounts that use LRS replication. If your account uses GRS or
RA-GRS, then you need to first change your account\\’s replication type to LRS before proceeding. This intermediary
step
removes the secondary endpoint provided by GRS/RA-GRS .
Also, only standard storage account types support live migration. Premium storage accounts must be migrated
manually.
D: ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
QUESTION 13
You have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named
www.contoso.com to webapp1. What should you do first?
A. Upload a certificate.
B. Add a connection string.
C. Stop webapp1.
D. Create a DNS record.
Correct Answer: B
Reviews Confident:
Experience tells everything. Before you consider buying the AZ-104 exam dump, this is a very important thing, because your satisfaction is the top priority of Pass4itsure.
Put You At Ease | Money Back Guarantee:
Any Pass4itsure.com user who fails the corresponding exam has 30 days from the date of purchase of Exam on Pass4itsure.com for a full refund.
Pass4itsure Discount Code 2020
Pass4itsure latest Microsoft AZ-104 exam dumps really helps if you give your 100% to it.
Visit : https://www.pass4itsure.com/az-104.html
