[Feb 08, 2022] AZ-104 PDF Recently Updated Questions Dumps to Improve Exam Score
AZ-104 Dumps Full Questions with Free PDF Questions to Pass
How to Leverage Your Career as Microsoft Azure Administrator?
Currently, Azure is leading the world in cloud computing and the world is in need of Azure experts. So, if you're done exploring what the Azure Administrator certification offers, it's time to look for advancement opportunities. To make this happen, a candidate can go for the Microsoft Certified: DevOps Engineer Expert certificate that will make you an expert in Azure administration and development in one go. Still, one exam AZ-400: Designing and Implementing Microsoft DevOps Solutions is necessary to earn this certification. Undoubtedly, having this expert-level certification by your side will help you in career advancement at multiple levels and will cultivate the most advanced and in-demand skills.
NEW QUESTION 277
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?
- A. the AzurePerformanceDiagnostics extension
- B. Azure HDInsight
- C. Linux Diagnostic Extension (LAD) 3.0
- D. Azure Analysis Services
Answer: A
Explanation:
Section: [none]
Explanation:
You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring
NEW QUESTION 278
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Answer:
Explanation:
NEW QUESTION 279
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.
You plan to require the use of HTTPS to access WebApp1.
You need to upload certificates to WebApp1.
In which formats should you upload the certificate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A PFX file contains the public key file (SSL Certificate) and its unique private key file. This is required for HTTPS access. The web app will distribute the public key (in a CER file) to clients that connect to the web app.
The CER file is an SSL Certificate which has the public key of the external service. The external service will have the private key associated with the public key contained in the CER file.
NEW QUESTION 280
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
- A. Modify the properties of NSG1.
- B. Associate NIC1 to ASG1.
- C. Modify the properties of ASG1.
Answer: B
Explanation:
Explanation
Application Security Group can be associated with NICs.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security-groups
NEW QUESTION 281
You have an Azure subscription that contains 10 virtual machines.
You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.
What is the minimum number of rules and action groups that you require?
- A. three rules and three action groups
- B. one rule and three action groups
- C. three rules and one action group
- D. one rule and one action group
Answer: C
Explanation:
An action group is a collection of notification preferences defined by the user. Azure Monitor and Service Health alerts are configured to use a specific action group when the alert is triggered. Various alerts may use the same action group or different action groups depending on the user's requirements.
References: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups
NEW QUESTION 282
You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
NEW QUESTION 283
You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup.
You delete VM1.
You need to remove the backup data stored for VM1.
What should you do first?
- A. Delete the storage account.
- B. Delete the Recovery Services vault.
- C. Modify the backup policy.
- D. Stop the backup.
Answer: D
Explanation:
Explanation
Azure Backup provides backup for virtual machines - created through both the classic deployment model and the Azure Resource Manager deployment model - by using custom-defined backup policies in a Recovery Services vault.
With the release of backup policy management, customers can manage backup policies and model them to meet their changing requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and delete unnecessary policies to meet their compliance requirements.
NEW QUESTION 284
You have an Azure subscription named Subscription1 that contains the resources in the following table.
You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 285
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
* Ensure that you can upload the disk files to account1.
* Ensure that you can attach the disks to VM1.
* Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From the Firewalls and virtual networks blade of acount1, add VNet1.
- B. From the Firewalls and virtual networks blade of account1, select Selected networks.
- C. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
- D. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
- E. From the Service endpoints blade of VNet1, add a service endpoint.
Answer: B,D
Explanation:
By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
1. Navigate to the storage account you want to secure.
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
4. Click Save to apply your changes.
Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
NEW QUESTION 286
You have the Azure virtual machines shown in the following table.
You have a Recovery Services vault that protects VM1 and VM2.
You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?
- A. Create a storage account.
- B. Configure the extensions for VM3 and VM4.
- C. Create a new Recovery Services vault.
- D. Create a new backup policy.
Answer: C
Explanation:
Explanation
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
NEW QUESTION 287
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther443 inbound security rule.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Reference:
https://fastreroute.com/azure-network-security-groups-explained/
NEW QUESTION 288
You have an Azure subscription that contains the resources shown in the following table:
You assign a policy to RG6 as shown in the following table:
To RG6, you apply the tag: RGroup: RG6.
You deploy a virtual network named VNET2 to RG6.
Which tags apply to VNET1 and VNET2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
VNET1: Department: D1, and Label:Value1 only.
Tags applied to the resource group or subscription are not inherited by the resources.
Note: Azure Policy allows you to use either built-in or custom-defined policy definitions and assign them to either a specific resource group or across a whole Azure subscription.
VNET2: Label:Value1 only.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies
NEW QUESTION 289
You have a deployment template named Template1 that is used to deploy 10 Azure web apps.
You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs.
What should you identify?
- A. one App Service plan
- B. one Azure Application Gateway
- C. five Azure Application Gateways
- D. one Azure Traffic Manager
- E. 10 App Service plans
Answer: D
NEW QUESTION 290
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Answer:
Explanation:
Explanation
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs Windows but it won't block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
on-failure : Restart the container if it exits due to an error, which manifests as a non-zero exit code.
As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
NEW QUESTION 291
You have an on premises data center and an Azure subscription. The data center contains two VPN devices.
The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: 4
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
Box 2: 2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
NEW QUESTION 292
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
NEW QUESTION 293
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
- A. an Azure Storage account and an access policy
- B. a Recovery Services vault and a backup policy
- C. an Azure Key Vault and an access policy
- D. Azure Active Directory (AD) Identity Protection and an Azure policy
Answer: A,B
Explanation:
D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com
Incorrect Answers:
A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start
NEW QUESTION 294
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
- A. Yes
- B. No
Answer: B
Explanation:
Explanation
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION 295
DRAG DROP
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
Answer:
Explanation:
Section: [none]
Explanation:
At a high level, an import job involves the following steps:
Step 1: Attach an external disk to Server1 and then run waimportexport.exe Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage.
Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker.
Step 2: From the Azure portal, create an import job.
Create an import job in your target storage account in Azure portal. Upload the drive journal files.
Step 3: Detach the external disks from Server1 and ship the disks to an Azure data center.
Provide the return address and carrier account number for shipping the drives back to you.
Ship the disk drives to the shipping address provided during job creation.
Step 4: From the Azure portal, update the import job
Update the delivery tracking number in the import job details and submit the import job.
The drives are received and processed at the Azure data center.
The drives are shipped using your carrier account to the return address provided in the import job.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION 296
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers
NEW QUESTION 297
You have an Azure subscription that contains a resource group named RG26.
RG26 is set to the West Europe location and is used to create temporary resources for a project. RG26 contains the resources shown in the following table.
SQLDB01 is backed up to RGV1.
When the project is complete, you attempt to delete RG26 from the Azure portal. The deletion fails.
You need to delete RG26.
What should you do first?
- A. Delete VM1
- B. Stop VM1
- C. Stop the backup of SQLDB01
- D. Delete sa001
Answer: C
NEW QUESTION 298
......
How to Register For Exam AZ-104: Microsoft Azure Administrator?
Key Details of Microsoft AZ-104 Exam
Microsoft doesn’t reveal the details of its certification exams. However, from the experience of the previous test takers, it is known that Microsoft AZ-104 consists of around 40 to 60 questions that are to be completed within the allocated time of 120 minutes. All the questions are available in Korean, English, Japanese, and Simplified Chinese. As for the price, the exam will cost you $165. This is the amount set for the U.S. residents. If you are located in another country, this sum can be lower for you.
100% Updated Microsoft AZ-104 Enterprise PDF Dumps: https://www.crampdf.com/AZ-104-exam-prep-dumps.html
Free Microsoft Azure Administrator Associate AZ-104 Official Cert Guide PDF Download: https://drive.google.com/open?id=1AWG0N_9p8vXnPzRGIzjejtfV74OrjTsQ