leads4pass AZ-104 dumps are verified and audited by a Microsoft professional team, and they really meet the requirements of the AZ-104 certification exam, covering more than 95% of the exam questions in the exam room!
And, offer the most popular study methods: AZ-104 dumps PDF, and AZ-104 dumps VCE, both study formats contain the latest certification exam questions and answers!
Therefore, the best exam solution is to use AZ-104 dumps with PDF and VCE formats: https://www.leads4pass.com/az-104.html (674 Q&A), to help you practice easily and achieve exam success.
What’s more! Part of the leads4pass AZ-104 dumps exam questions online for free download: https://drive.google.com/file/d/1KLpWW7CdNp5IyM6zXRHIf0c1URlRSF3q/
You can also practice some of the leads4pass AZ-104 dumps exam questions online
Type | Number of exam questions | Exam name | Exam code | Last updated |
Free | 15 | Microsoft Azure Administrator | AZ-104 | az-104 dumps |
Question 1:
HOTSPOT
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Question 2:
HOTSPOT
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Question 3:
HOTSPOT
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Question 4:
HOTSPOT
You need to meet the connection requirements for the New York office. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Create a virtual network gateway and a local network gateway. Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
*
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
*
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
*
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
*
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On-premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn
Question 5:
HOTSPOT
You need the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal.
Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage the migration of on-premises machines to Azure. Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
Question 6:
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
In storage1, you create a blob container named blob1 and a file share named share1. Which resources can be backed up to Vault1 and Vault2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: VM1 only
VM1 is in the same region as Vault1.
File1 is not in the same region as Vautl1.
SQL is not in the same region as Vault1.
Blobs cannot be backup up to service vaults.
Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
Box 2: Share1 only.
Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1. Note: After you select Backup, the Backup pane opens and prompts you to select a storage account from a list of discovered supported storage accounts. They\’re
either associated with this vault or present in the same region as the vault, but not yet associated to any Recovery Services vault.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault https://docs.microsoft.com/en-us/azure/backup/backup-afs ===================================================
Topic 1, Litware, inc.
Overview
Litware, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named Litware.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named Litware.com. All domain controllers are configured as DNS servers and host the Litware.com DNS zone. Litware has finance, human resources, sales, research, and information
technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department.
New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private links.
Litware has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
Litware uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory. The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Litware plans to implement the following changes:
*
Deploy Azure ExpressRoute to the Montreal office.
*
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
*
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
*
Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical Requirements
Litware must meet the following technical requirements:
*
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances*.
*
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
*
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
*
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
*
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com.
*
Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
*
Create a workflow to send an email message when the settings of VM4 are modified.
*
Create a custom Azure role named Role1 that is based on the Reader role.
*
Minimize costs whenever possible.
Question 7:
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules. NSG2 uses the default rules and the following custom incoming rule:
1.
Priority: 100
2.
Name: Rule1
3.
Port: 3389
4.
Protocol: TCP
5.
Source: Any
6.
Destination: Any
7.
Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Box 2: Yes
NSG2 will allow this.
Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
Question 8:
HOTSPOT
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: never For Subnet 10.2.9.0/24, the endpoint (Refer to the first endpoint) is not enabled in the storage account shown in the exhibit. Hence there would not be any connectivity to the file shares in a storage account. To establish this connection you must have to enable the endpoint. Box 2: never After you configure the firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network-restricted storage account. As this required setting is missing, so Azure backup will not be able to take backups of unmanaged disks.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/
Question 9:
HOTSPOT
You have an Azure Active Directory tenant named Contoso.com that includes the following users:
Contoso.com includes the following Windows 10 devices:
You create following security groups in Contoso.com:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes User1 is a Cloud Device Administrator. Device2 is Azure AD joined. Group 1 has the assigned to join type. User1 is the owner of Group1. Note: Assigned groups – Manually add users or devices into a static group. Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD Box
2: No User2 is a User Administrator.
Device 1 is Azure AD registered.
Group1 has the assigned join type, and the owner is User1. Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential.
Box 3: Yes
User2 is a User Administrator.
Device2 is Azure AD joined.
Group2 has the Dynamic Device join type, and the owner is User2.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
Question 10:
HOTSPOT
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 11:
HOTSPOT
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.
You need to recommend a networking solution to meet the following requirements:
1.
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
2.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that
exploit commonly known vulnerabilities.
References:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
Question 12:
HOTSPOT
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named images.
You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: make
Here the purpose is to \’create a container”. So the correct command would be a copy made.
Box 2: blob
The requirement is for storing that image, it\’s not used to build AKS. So blob is the correct option.
Reference:
https://adamtheautomator.com/azcopy-copy-files/
Question 13:
HOTSPOT
You need to create an Azure Storage account that meets the following requirements:
1.
Minimizes costs
2.
Supports hot, cool, and archive blob tiers
3.
Provides fault tolerance if a disaster affects the Azure region where the account resides
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: StorageV2
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts do not support tiering. General-purpose v2 accounts deliver the lowest per-
gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
Incorrect Answers:
Locally-redundant storage (LRS): A simple, low-cost replication strategy. Data is replicated within a single storage scale unit.
Read-access geo-redundant storage (RA-GRS): Cross-regional replication with read access to the replica. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across two regions, but is
more expensive compared to GRS.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
Question 14:
HOTSPOT You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
As the cooling period and scale-in and scale-out durations are not displayed in the graphical view, so we need to consider the default values below for these settings. Cool down (minutes): The amount of time to wait before the rule is applied
again so that the autoscale actions have time to take effect. The default is 5 minutes. Duration: The amount of time monitored before the metric and threshold values are compared.
The default is 10 minutes.
Box 1: 4 virtual machines
The Autoscale scale-out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher for more than or equal to 10 mins due to the default duration for scale in and out is 10 minutes. Since CPU utilization at 85% only lasts for 6
mins, it does not trigger the rules. Hence no of virtual machines will be the same as the initial value which is 4.
Box 2: 4 virtual machines
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower for more than or equal to 10 mins. due to the default duration for scale in and out being 10 minutes. Since CPU utilization at 30% only lasts for 6
mins, it does not trigger the rules. Hence after the first 6 mins instance, the count will be the same as the initial count of 4. After that CPU utilization reached 50% for 6 mins, which again would not trigger the scale in the rule. Therefore no of virtual machines
will be the same as the initial value which is 4.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns
Question 15:
HOTSPOT
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: vNET6 only
The peering status to both VNet1 and Vnet2 is disconnected.
Box 2: delete peering1
Peering to Vnet1 is Enabled but disconnected. We need to update or re-create the remote peering to get it back to the Initiated state.
Reference:
https://blog.kloud.com.au/2018/10/19/address-space-maintenance-with-vnet-peering/
leads4pass AZ-104 dumps share two study materials for free: you can download them online and practice exams online!
Now! Download the AZ-104 best practice solution! Use leads4pass AZ-104 dumps with PDF and VCE: https://www.leads4pass.com/az-104.html Contains 674 latest exam questions and answers to help you pass the exam 100%.