Happy Black Friday Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

AZ-104 Exam Dumps - Microsoft Azure Administrator

Question # 4

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.

An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.

You need to ensure that access to AKS1 can be granted to the contoso.com users.

What should you do first?

A.

From contoso.com, modify the Organization relationships settings.

B.

From contoso.com, create an OAuth 2.0 authorization endpoint.

C.

Recreate AKS1.

D.

From AKS1, create a namespace.

Full Access
Question # 5

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You plan to configure Azure Backup reports for Vault1.

You are configuring the Diagnostics settings for the AzureBackupReports log.

Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 6

You have an Azure subscription that contains an Azure file share.

You have an on-premises server named Server1 that runs Windows Server 2016.

You plan to set up Azure File Sync between Server1 and the Azure file share.

You need to prepare the subscription for the planned Azure File Sync.

Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Full Access
Question # 7

Your on-premises network contains an SMB share named Share1.

You have an Azure subscription that contains the following resources:

A web app named webapp1

A virtual network named VNET1

You need to ensure that webapp1 can connect to Share1.

What should you deploy?

A.

an Azure Application Gateway

B.

an Azure Active Directory (Azure AD) Application Proxy

C.

an Azure Virtual Network Gateway

Full Access
Question # 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You assign a built-in policy definition to the subscription.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 9

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

A.

Azure Active Directory (Azure AD) Application Proxy

B.

Azure Application Insights

C.

Azure Custom Script Extension

D.

the New-AzConfigurationAssignement cmdlet

Full Access
Question # 10

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1.

You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

A.

an Azure Cosmos DB database

B.

Azure File Storage

C.

the Azure File Sync Storage Sync Service

D.

Azure Data Factory

Full Access
Question # 11

You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:

You plan to use the Azure Import/Export service to export data from Subscription1.

You need to identify which storage account can be used to export the data.

What should you identify?

A.

storage1

B.

storage2

C.

storage3

D.

storage4

Full Access
Question # 12

You discover that VM3 does NOT meet the technical requirements.

You need to verify whether the issue relates to the NSGs.

What should you use?

A.

Diagram in VNet1

B.

the security recommendations in Azure Advisor

C.

Diagnostic settings in Azure Monitor

D.

Diagnose and solve problems in Traffic Manager Profiles

E.

IP flow verify in Azure Network Watcher

Full Access
Question # 13

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.

What should you include in the recommended?

A.

Azure AP B2C

B.

Azure AD Identity Protection

C.

an Azure logic app and the Microsoft Identity Management (MIM) client

D.

dynamic groups and conditional access policies

Full Access
Question # 14

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 15

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 16

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 17

You need to meet the technical requirement for VM4.

What should you create and configure?

A.

an Azure Notification Hub

B.

an Azure Event Hub

C.

an Azure Logic App

D.

an Azure services Bus

Full Access
Question # 18

You have an Azure Service Bus.

You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.

What should you do?

A.

Set the Lock Duration setting to 10 seconds.

B.

Enable duplicate detection.

C.

Set the Max Size setting of the queue to 5 GB.

D.

Enable partitioning.

E.

Enable sessions.

Full Access
Question # 19

You have an Azure Resource Manager template named Template1 that is used to deploy an Azure virtual machine.

Template1 contains the following text:

The variables section in Template1 contains the following text:

"location": "westeurope"

The resources section in Template1 contains the following text:

You need to deploy the virtual machine to the West US location by using Template1.

What should you do?

A.

Modify the location in the resource section to westus

B.

Select West US during the deployment

C.

Modify the location in the variables section to westus

Full Access
Question # 20

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

A.

Create 2 user-defined route from VNET1 to VNET3.

B.

Assign VM4 an IP address of 10.0.1.5/24.

C.

Establish peering between VNET1 and VNET3.

D.

Create an NSG and associate the NSG to VMI and VM4.

Full Access
Question # 21

You have an Azure subscription that contains the resources shown in the following table.

You need to perform the tasks shown in the following table.

Which tasks can you perform by using Azure Storage Explorer ?

A.

Task1 and Task3 only

B.

Task1. Task2 and Task3 only

C.

Task1Task2 and Task3 only

D.

Task2, Task3, and Task4 only

E.

Take1,Take2, Take3, and Take4

Full Access
Question # 22

You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run Windows Server 2016.

You plan to replicate the virtual machines to Azure by using Azure Site Recovery.

You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1.

You need to add Host1 to ASR1.

What should you do?

A.

Download the installation file for the Azure Site Recovery Provider.

Download the vault registration key.

Install the Azure Site Recovery Provider on Host1 and register the server.

B.

Download the installation file for the Azure Site Recovery Provider.

Download the storage account key.

Install the Azure Site Recovery Provider on Host1 and register the server.

C.

Download the installation file for the Azure Site Recovery Provider.

Download the vault registration key.

Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

D.

Download the installation file for the Azure Site Recovery Provider.

Download the storage account key.

Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

Full Access
Question # 23

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company registers a domain name of contoso.com.

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the name servers at the domain registrar.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 24

You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?

A.

Application Insights Search

B.

Log analytics workspace

C.

Client-side monitoring

D.

Live Metrics Stream in Application Insights

Full Access
Question # 25

You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do?

A.

Deploy five virtual machines. Modify the Size setting for each virtual machine.

B.

Deploy live virtual machines. Modify the Availability Zones setting for each virtual machine.

C.

Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.

D.

Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode.

Full Access
Question # 26

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VM1. VM1 is in a resource group named RG1.

VM1 runs services that will be used to deploy resources to RG1.

You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.

What should you do first?

A.

From the Azure portal modify the Access control (1AM) settings of VM1.

B.

From the Azure portal, modify the Policies settings of RG1.

C.

From the Azure portal, modify the value of the Managed Service Identity option for VM1.

D.

From the Azure portal, modify the Access control (IAM) settings of RG1.

Full Access
Question # 27

You have an Azure resource manager template that will be used to deploy 10 Azure Web Apps.

You have to ensure to deploy the pre-requisites before the deployment of the template.

You have to minimize the costs associated with the implementation.

Which of the following would you deploy as pre-requisites?

A.

An Azure Load Balancer

B.

An Application Gateway

C.

10 Azure App Service Plans

D.

One App Service Plan

Full Access
Question # 28

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain.

You have a server named DirSync1 that is configured as a DirSync server.

You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.

Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.

Does the solution meet the goal?

A.

Yes

B.

No

Full Access
Question # 29

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Performance Monitor, you create a Data Collector Set (DCS).

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 30

You have web app in the West US, Central US and East US Azure regions.

You have the App plans shown in the following table.

You plan to create an additional App Service plan named ASPs that will use the Linux operating system.

You need to identify in which of the currently used locations you can deploy ASPs.

What should you recommend?

A.

West US only

B.

East US only

C.

Central US only

D.

West US, Central US, or East US

Full Access
Question # 31

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

B.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami

office.

C.

Join the client computers in the Miami office to Azure AD.

D.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

E.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

Full Access
Question # 32

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 33

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.

Join the client computers in the Miami office to Azure AD.

B.

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

C.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

D.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

E.

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Full Access
Question # 34

Which blade should you instruct the finance department auditors to use?

A.

Partner information

B.

Overview

C.

Payment methods

D.

Invoices

Full Access
Question # 35

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 36

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

A.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

B.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

C.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

D.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Full Access
Question # 37

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

A.

a recovery plan

B.

an Azure Backup Server

C.

a backup policy

D.

a Recovery Services vault

Full Access
Question # 38

You need to meet the user requirement for Admin1.

What should you do?

A.

From the Subscriptions blade, select the subscription, and then modify the Properties.

B.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

C.

From the Azure Active Directory blade, modify the Properties.

D.

From the Azure Active Directory blade, modify the Groups.

Full Access
Question # 39

You need to move the blueprint files to Azure.

What should you do?

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Full Access
Question # 40

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 41

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Full Access
Question # 42

You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

A.

federated single-on (SSO) and Active Directory Federation Services (AD FS)

B.

password hash synchronization and single sign-on (SSO)

C.

cloud-only user accounts

D.

Pass-through Authentication and single sign-on (SSO)

Full Access
Question # 43

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts.

You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com.

You configure 60 users to connect to mailboxes in Microsoft Exchange Online.

You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes.

What should you do?

A.

From the multi-factor authentication page, configure the Multi-Factor Auth status for each user

B.

From Azure Active Directory admin center, create a conditional access policy

C.

From the multi-factor authentication page, modify the verification options

D.

From the Azure Active Directory admin center, configure an authentication method

Full Access
Question # 44

You have an Azure subscription that contains the resources shown in the following table.

VM1 and VM2 run a website that is configured as shown in the following table.

LB1 is configured to balance requests to VM1 and VM2.

You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that the health probe functions correctly.

What should you do?

A.

On LB1, change the Unhealthy threshold to 65536.

B.

On LB1, change the port to 8080.

C.

On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.

D.

On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder.

Full Access
Question # 45

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.

Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 46

You have an Azure subscription named Subcription1 that contains a resource group named RG1.

In RG1. you create an internal load balancer named LB1 and a public load balancer named 162.

You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.

Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.

NOTE: Caen correct selection is worth one point.

Full Access
Question # 47

You have the Azure virtual machines shown in the following table.

A DNS service is install on VM1.

You configure the DNS server settings for each virtual network as shown in the following exhibit.

You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?

A.

Add service endpoints on VNET2 and VNET3.

B.

Configure peering between VNE11, VNETT2, and VNET3.

C.

Configure a conditional forwarder on VM1

D.

Add service endpoints on VNET1.

Full Access
Question # 48

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

a Security group that uses the Assigned membership type

B.

an Office 365 group that uses the Assigned membership type

C.

an Office 365 group that uses the Dynamic User membership type

D.

a Security group that uses the Dynamic User membership type

E.

a Security group that uses the Dynamic Device membership type

Full Access