Our pass rate is high to 98.9% and the similarity percentage between our AZ-104 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft AZ-104 exam in just one try? I am currently studying for the Microsoft AZ-104 exam. Latest Microsoft AZ-104 Test exam practice questions and answers, Try Microsoft AZ-104 Brain Dumps First.
Online AZ-104 free questions and answers of New Version:
NEW QUESTION 1
HOTSPOT
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log
Analytics environment with its own data repository, data sources, and solutions.Box 2: NSG1
NSG flow logs allow viewing information about ingress and egress IP traffic through a Network security group. Through this, the IP addresses that connect to the ILB can be monitored when the diagnostics are enabled on a Network Security Group.
We cannot enable diagnostics on an internal load balancer to check for the IP addresses. As for Internal LB, it is basic one. Basic can only connect to storage account. Also, Basic LB has only activity logs, which doesn't include the connectivity workflow. So, we need to use NSG to meet the mentioned requirements.
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 2
HOTSPOT
You have an Azure subscription that has offices in the East US and West US Azure regions.
You plan to create the storage account shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.
Solution:
The default routing tier setting determines how network traffic is routed from the internet to the storage account. By default, the Microsoft global network routing option is selected, which means that traffic is routed over the Microsoft global network for the bulk of its path, maximizing network performance and reliability. However, this option also incurs network charges for data transfer between different Azure regions. The internet routing option, on the other hand, minimizes the traversal of traffic over the Microsoft global network, handing it off to the transit ISP at the earliest opportunity. This option lowers networking costs, but may compromise network performance and reliability. Therefore, to minimize the network costs of accessing adatum22, which is located in the East US region, from the West US region, you should modify the default routing tier setting to use internet routing instead of Microsoft global network routing. For more information, see Network routing preference for Azure Storage.
Box2 = Encryption Type
https://learn.microsoft.com/en-us/azure/storage/common/infrastructure-encryption- enable?tabs=portal
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 3
HOTSPOT
You have an Azure subscription.
You plan to create a role definition to meet the following requirements:
• Users must be able to view the configuration data of a storage account.
• Users must be able to perform all actions on a virtual network.
• The solution must use the principle of least privilege.
What should you include in the role definition for each requirement? To answer, select the appropriate options in the answer area.
Solution:
Perform all actions on a virtual network: “Microsoft.Network/virtualNetworks/*”
View the configuration data of a storage account: “Microsoft.Storage/StorageAccounts/read”
To perform all actions on a virtual network, you need to use the wildcard () character in the action string, which grants access to all actions that match the string. The action string for virtual networks is "Microsoft.Network/virtualNetworks/". To view the configuration data of a storage account, you need to use the read action substring in the action string, which enables read actions (GET). The action string for storage accounts is “Microsoft.Storage/StorageAccounts/read”. References:
✑ https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions
✑ https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 4
You have an Azure subscription that contains the resources shown in the following table.
The Not allowed resource types Azure policy that has policy enforcement enabled is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2 which is connected toVNET1. What should you do first?
- A. Create an Azure Resource Manager template.
- B. AddasubnettoVNET1.
- C. Remove Microsof
- D. Network/virtualNetworks from the policy.
- E. Remove Microsoft.Compute/virtualMachines from the policy.
Answer: C
Explanation:
To create a new virtual machine named VM2 which is connected to VNET1 in RG1, you need to remove Microsoft.Network/virtualNetworks from the policy. This is because the Not allowed resource types Azure policy denies the deployment of the specified resource types in the scope of the assignment. In this case, the policy is assigned to RG1 and uses the parameters Microsoft.Network/virtualNetworks and Microsoft.Compute/virtualMachines. This means that you cannot create or update any virtual networks or virtual machines in RG1. Therefore, to create VM2 and connect it to VNET1, you need to remove Microsoft.Network/virtualNetworks from the policy parameters. This will allow you to create or update virtual networks in RG1, but still prevent you from creating or updating virtual machines. Alternatively, you can also exclude VNET1 from the policy assignment scope, but this will affect the compliance of the policy for the entire virtual network.
References:
✑ Not allowed resource types (Deny)
✑ Create and manage policies to enforce compliance
NEW QUESTION 5
HOTSPOT
You plan to use Azure Network Watcher to perform the following tasks:
✑ Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine
✑ Task2: Validate outbound connectivity from an Azure virtual machine to an
external host
Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: IP flow verify
At some point, a VM may become unable to communicate with other resources, because of a security rule. The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which.
Box 2: Connection troubleshoot
Diagnose outbound connections from a VM: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does. Learn more about how to troubleshoot
connections using connection-troubleshoot.Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 6
HOTSPOT
You have an Azure subscription.
You create the following file named Deploy.json.
You connect to the subscription and run the following commands.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 7
Which blade should you instruct the finance department auditors to use?
- A. Partner information
- B. Overview
- C. Payment methods
- D. Invoices
Answer: D
Explanation:
You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.
✑ Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click Invoices then Email my invoice.A screenshot of a computer
Description automatically generated
✑ Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date
NEW QUESTION 8
You have an Azure subscription mat contains a virtual machine named VM1 and an Azure function named App1. You need to create an alert rule that will run App1 if VM1 stops. What should you create for the alert rule?
- A. a security group that has dynamic device membership
- B. an action group
- C. an application security group
- D. an application group
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule You create an alert rule by combining:
- The resources to be monitored.
- The signal or telemetry from the resource.
- Conditions.
Then you define these elements for the resulting alert actions by using:
- Alert processing rules
- Action groups
NEW QUESTION 9
HOTSPOT
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 10
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommended?
- A. Azure AP B2C
- B. Azure AD Identity Protection
- C. an Azure logic app and the Microsoft Identity Management (MIM) client
- D. dynamic groups and conditional access policies
Answer: D
Explanation:
Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user's OU attribute will change when the admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate dynamic group on next AADC delta sync.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic- membership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa- userstates
NEW QUESTION 11
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
Solution:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB. Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 12
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: Group 1 only First rule applies
Box 2: Group1 and Group2 only Both membership rules apply.
References: https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create- collections
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 13
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
NSG1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Yes - VM1 can access the Storage account because there is nothing blocking it the on the virtual network. There is a rule that actually allows outbound access to storage.
Yes- VM2 is on the Same VNET there is nothing blocking access to it from VM1 on the Virtual network. The Deny rule for HTTPS_VM1_Deny is for inbound connections from the
internet.No- You have a Inbound deny rule for VM1 from the the internet with a destination of the 10.3.0.15 which is in Subnet1. This proves the NSG is associated to Subnet1 and only subnet one because the image shows it is connected to only 1 subnet. VM2 is on Subnet2 which you can determined by its IP address. This means that NSG1 does not apply to VM2.
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 14
HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier. What should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
Solution:
1) storage1, storage2, storage3
"Lifecycle management policies are supported for block blobs and append blobs in general- purpose v2, premium block blob, and Blob Storage accounts." https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview
2) storage2
"The archive tier isn't supported for ZRS, GZRS, or RA-GZRS accounts." https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview#archive- access-tier
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 15
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users. You need to create a quest user account in contoso.com for each of the 500 external users.
Solution: from Azure AD in the Azure portal, you use the Bulk create user operation. Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
"Bulk Create" is for new Azure AD Users. For Guests:
- Use "Bulk invite users" to prepare a comma-separated value (.csv) file with the user information and invitation preferences
- Upload the .csv file to Azure AD
- Verify the users were added to the directory
NEW QUESTION 16
HOTSPOT
You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2.
You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup.
What should you create first and what should you use to exclude Fokier2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal#create-a-custom-backup
In Storage account, select an existing storage account (in the same subscription) or select Create new. Do the same with Container. https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal#configure-partial-backups
Partial backups are supported for custom backups (not for automatic backups). Sometimes you don't want to back up everything on your app. To exclude folders and files from being stored in your future backups, create a _backup.filter file in the %HOME%\site\wwwroot folder of your app. Specify the list of files and folders you want to exclude in this file.
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 17
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter. NVA and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
• The NVAs must run in an active-active configuration that uses automatic failover.
• The toad balancer must load balance traffic to two services on the Production subnet. The services have different IP addresses.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
- B. Deploy a basic load balancer.
- C. Add a frontend IP configuration, a backend pool, and a health probe.
- D. Add two load balancing rules that have HA Ports and Floating IP enabled.
- E. Deploy a standard load balancer.
- F. Add a frontend IP configuration, two backend pools, and a health probe.
Answer: DEF
NEW QUESTION 18
......
Recommend!! Get the Full AZ-104 dumps in VCE and PDF From Dumps-files.com, Welcome to Download: https://www.dumps-files.com/files/AZ-104/ (New 232 Q&As Version)