NEW 2024 Certification Sample Questions AZ-104 Dumps & Practice Exam
AZ-104 Deluxe Study Guide with Online Test Engine
Microsoft AZ-104 certification exam is an excellent opportunity for professionals who want to demonstrate their skills and knowledge in Azure administration. Microsoft Azure Administrator certification exam covers a broad range of topics, including Azure identity and governance, Azure compute, Azure storage, Azure networking, and Azure monitoring and backup. Passing the exam will demonstrate the candidate's ability to manage Azure resources, implement and manage storage, configure and manage virtual networks, and monitor and backup Azure resources.
How much AZ-104:Microsoft Azure Administrator Exam Cost
The price of the Microsoft Azure Administrator Exam is $165 USD, for more information related to exam price please visit to Microsoft Training website as prices of Microsoft exams fees get varied country wise.
Microsoft AZ-104 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Manage Azure identities and governance (15-20%) | |
| Manage Azure Active Directory (Azure AD) objects | -create users and groups -create administrative units -manage user and group properties -manage device settings -perform bulk user updates -manage guest accounts -configure Azure AD Join -configure self-service password reset |
| Manage role-based access control (RBAC) | -create a custom role - provide access to Azure resources by assigning roles at different scopes -interpret access assignments |
| Manage subscriptions and governance | -configure Azure policies -configure resource locks -apply and manage tags on resources - manage resource groups -manage subscriptions - manage costs -configure management groups |
Implement and manage storage (15-20%) | |
| Secure storage | -configure network access to storage accounts -create and configure storage accounts -generate shared access signature (SAS) tokens -manage access keys -configure Azure AD Authentication for a storage account - Configure access to Azure Files |
| Manage Storage | -export from Azure job -import into Azure job -install and use Azure Storage Explorer -copy data by using AZCopy - implement Azure Storage replication - configure blob object replication |
| Configure Azure files and Azure blob storage | - create an Azure file share -create and configure Azure File Sync service -configure Azure Blob Storage -configure storage tiers - configure blob lifecycle management |
Deploy and manage Azure compute resources (20-25%) | |
| Automate deployment of virtual machines (VMs) by using Azure Resource Manager templates | - modify an Azure Resource Manager template -configure a virtual hard disk (VHD) template - deploy from a template -save a deployment as an Azure Resource Manager template - deploy virtual machine extensions |
NEW QUESTION # 116
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Size
- B. Availability options
- C. Image
- D. Use managed disks
- E. OS disk type
Answer: C,D
NEW QUESTION # 117
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
- B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
- C. Join the client computers in the Miami office to Azure AD.
- D. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
- E. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
Answer: B,D
Explanation:
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
NEW QUESTION # 118
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.
The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
NEW QUESTION # 119
You have an Azure subscription.
You deploy a virtual machine scale set that is configure as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each questions based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 120
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: storage3 only
Vault1 and storage3 are both in West Europe.
Box 2: Analytics3
Vault1 and Analytics3 are both in West Europe.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-configure-reports
NEW QUESTION # 121
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network that has a subnet named Subnet1
* Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
* A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
* Priority: 100
* Source: Any
* Source port range: *
* Destination: *
* Destination port range: 3389
* Protocol: UDP
* Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Explanation
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION # 122
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1.
You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
What should you deploy?
- A. each virtual machine in a separate Availability Set
- B. all virtual machines in a single Availability Set
- C. all three virtual machines in a single Availability Zone
- D. each virtual machine in a separate Availability Zone
Answer: D
NEW QUESTION # 123
You create an App Service plan named Plan1 and an Azure web app named webapp1.
You discover that the option to create a staging slot is unavailable.
You need to create a staging slot for Plan1.
What should you do first?
- A. From webapp1, modify the Application settings
- B. From Plan1, scale out the App Service plan
- C. From Plan1, scale up the App Service plan
- D. From webapp1, add a custom domain
Answer: C
Explanation:
Section: [none]
Explanation:
The app must be running in the Standard, Premium, or Isolated tier in order for you to enable multiple deployment slots.
If the app isn't already in the Standard, Premium, or Isolated tier, you receive a message that indicates the supported tiers for enabling staged publishing. At this point, you have the option to select Upgrade and go to the Scale tab of your app before continuing.
Scale up: Get more CPU, memory, disk space, and extra features like dedicated virtual machines (VMs), custom domains and certificates, staging slots, autoscaling, and more.
Incorrect:
Scale out: Increase the number of VM instances that run your app. You can scale out to as many as 30 instances Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots
https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up
NEW QUESTION # 124
You have an Azure Storage account named storage1.
For storage 1. you create an encryption scope named Scope1.
Which storage types can you encrypt by using Scope1?
- A. file shares only
- B. containers only
- C. containers and tables only
- D. file shares, containers, tables, and queues
- E. file shares, containers, and tables only
- F. file shares and containers only
Answer: B
Explanation:
Explanation
"Encryption scopes enable you to manage encryption at the level of an individual blob or container."
https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal
NEW QUESTION # 125
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2016 and is part of an availability set.
VM1 has virtual machine-level backup enabled.
VM1 is deleted.
You need to restore VM1 from the backup. VM1 must be part of the availability set.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
NEW QUESTION # 126
You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine Task2: Validate outbound connectivity from an Azure virtual machine to an external host Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview
NEW QUESTION # 127
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
* Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
* Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
* Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
* Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn
NEW QUESTION # 128
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
* Number of methods required to reset: 2
* Methods available to users: Mobile phone, Security questions
* Number of questions required to register: 3
* Number of questions required to reset: 3
You select the following security questions:
* What is your favorite food?
* In what city was your first job?
* What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password.
Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
NEW QUESTION # 129
You have an Azure subscription.
You deploy a virtual machine scale set that is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-portal
NEW QUESTION # 130
Your network contains an on-premises Active Directory forest named contoso.com that contains two domains named contoso.com and east.contoso.com.
The forest contains the users shown in the following table.
You plan to sync east.contoso.com to an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to select an account for Azure AD Connect to use to connect to the forest.
Which account should you select?
- A. User2
- B. User3
- C. User4
- D. User1
Answer: C
Explanation:
Explanation
It is no longer supported to use an enterprise admin or a domain admin account as the AD DS Connector account.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
NEW QUESTION # 131
......
AZ-104 dumps review - Professional Quiz Study Materials: https://www.actualtorrent.com/AZ-104-questions-answers.html
AZ-104 Test Prep Training Practice Exam Questions Practice Tests: https://drive.google.com/open?id=1FQElkvfxj2N-f8fBhRpO3x14bD53WV7h