• Home
  • Blogs
  • [Dec 21, 2021] AZ-104 Practice Exam Dumps - 99% Marks In Microsoft Exam [Q227-Q250]

[Dec 21, 2021] AZ-104 Practice Exam Dumps - 99% Marks In Microsoft Exam [Q227-Q250]

Share

[Dec 21, 2021] AZ-104 Practice Exam Dumps - 99% Marks In Microsoft Exam

Updated Verified AZ-104 Q&As - Pass Guarantee or Full Refund


The Microsoft AZ-104 exam, in particular, is aimed at the Azure administrators. It does not matter if you don't currently work in this job role, because you can easily go for it if you want to. Passing this test and earning the Microsoft Certified: Azure Administrator Associate certification prepares you to take up this role and be able to perform all the required tasks efficiently. Therefore, you need to develop competence while preparing for this exam to gain practical experience during your preparation.


Introduction to AZ-104:Microsoft Azure Administrator Exam

Candidates for AZ-104 Exam are seeking to prove fundamental Microsoft Azure administration knowledge and skills. Before taking this exam, exam aspirants ought to have a solid fundamental information of the concepts shared in preparation guide as well as on Azure.

It is suggested that professionals accustomed to the ideas and also the technologies represented here by taking relevant training courses. Candidates are expected to have a strong understanding of core Azure services, Azure workloads, security, and governance . After passing this exam, candidates get a certificate from Microsoft that helps them to demonstrate their proficiency in Azure administration to their clients and employers.


The candidates for the Microsoft AZ-104: Microsoft Azure Administrator exam must have competence in implementing, monitoring, and managing the organizations’ environments. These environments include identity, storage, governance, virtual networks, and compute within the Cloud areas. The individuals should also have the skills in provisioning, monitoring, adjusting, and sizing resources as required. Those who pass this test will be awarded the Microsoft Certified: Azure Administrator Associate certification. Additionally, they may be eligible for the ACE college credit.

 

NEW QUESTION 227
You have an Azure subscription that contains the following resources:
* a virtual network named VNet1
* a replication policy named ReplPolicy1
* a Recovery Services vault named Vault1
* an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Step 1: Deploy an EC2 virtual machine as a configuration server
Prepare source include:
* Use an EC2 instance that's running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.
* Configure the proxy on the EC2 instance VM you're using as the configuration server so that it can access the service URLs.
Step 2: Install Azure Site Recovery Unified Setup.
Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you're using as the configuration server.
Step 3: Enable replication for VM1.
Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure

 

NEW QUESTION 228
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected].
You need to ensure that the vendor can authenticate to the tenant by using [email protected].
What should you do?

  • A. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
  • B. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
  • C. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
  • D. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.

Answer: B

Explanation:
Explanation
UserPrincipalName - contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in Contoso.com, the UPN would be [email protected] Example:
To create the user, call the New-AzureADUser cmdlet with the parameter values:
powershell New-AzureADUser -AccountEnabled $True -DisplayName "Abby Brown"
-PasswordProfile$PasswordProfile -MailNickName "AbbyB" -UserPrincipalName "[email protected]" References:
https://docs.microsoft.com/bs-cyrl-ba/powershell/azure/active-directory/new-user-sample?view=azureadps-2.0

 

NEW QUESTION 229
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)

You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: 6
4 daily + 1 weekly + monthly
Box 2: 8
4 daily + 2 weekly + monthly + yearly

 

NEW QUESTION 230
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:
* Name: LB1
* Type: Internal
* SKU: Standard
* Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation
A Backend Pool configured by IP address has the following limitations:
* Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management

 

NEW QUESTION 231
You have an Azure Subscription named Subcription1.has
Subcription1 contains the virtual machines in the following table.

Subcription1 contains the virtual machines in the following table.

VM3 has multiple network, including a network adapter named NIC3, IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1 that contains the routes in the following table.

You apply RT1 to subnet1 and Sybnet2.
For each of the following statements, select Yes if the statements is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
IP forwarding enables the virtual machine a network interface is attached to:
Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.
Send network traffic with a different source IP address than the one assigned to one of a network interface's IP configurations.
The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it.
Box 1: Yes
The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.
Box 3: Yes
The routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
https://www.quora.com/What-is-IP-forwarding

 

NEW QUESTION 232
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
First action: Delete VM1
Second action: Create a new virtual machine
Reference:
https://docs.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-move-a-vm-to-a-different-vnet-on-azure
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vmbetween-vnets

 

NEW QUESTION 233
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to reses clients connect n on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine's menu, click Backup to open the Backup dashboard.
Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is generated).
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy

 

NEW QUESTION 234
HOTSPOT
You have a virtual network named VNET1 that contains the subnets shown in the following table:

You have two Azure virtual machines that have the network configurations shown in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation:
Box 1: Yes
The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433 from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.
Box 2: Yes
No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.
Box 3: Yes
No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

 

NEW QUESTION 235
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

Subscription1 contains the virtual machines in the following table:

The firewalls on all the virtual machines are configured to allow all ICMP traffic.
You add the peerings in the following table.

For each of the following statements, select Yest if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Statement 1: Yes
Vnet1 and Vnet3 are peers.
Statement 2: No
Statement 3: No
Peering connections are non-transitive.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke

 

NEW QUESTION 236
You have a service deployed to a Kubernetes cluster.
Another application needs to access the service via the private IP address of the pod.
Which of the following would you define as the networking type for the cluster to meet this requirement?

  • A. Kubenet
  • B. Service Endpoints
  • C. Azure container networking plugin
  • D. Network security groups

Answer: C

 

NEW QUESTION 237
You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit.

Answer:

Explanation:

 

NEW QUESTION 238
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.

  • A. No
  • B. Yes

Answer: B

Explanation:
Explanation
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

 

NEW QUESTION 239
You have an Azure subscription that contains the resources shown in the following table.

The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:

In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1.
What should you do first?

  • A. Remove Microsoft.Compute/virtualMachines from the policy.
  • B. Remove Microsoft.Network/virtualNetworks from the policy.
  • C. Create an Azure Resource Manager template.
  • D. Add a subnet to VNET1.

Answer: A

Explanation:
Explanation
The Not allowed resource types Azure policy prohibits the deployment of specified resource types. You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types

 

NEW QUESTION 240
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit.
(Click the Exhibit button.)

You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?

  • A. Integration Services
  • B. the processor
  • C. the network adapters
  • D. the hard drive
  • E. the memory

Answer: D

Explanation:
From the exhibit we see that the disk is in the VHDX format.
Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is
1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.

 

NEW QUESTION 241
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You add the Microsoft Monitoring Agent VM extension to VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

 

NEW QUESTION 242
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network that has a subnet named Subnet1
* Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
* A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
* Priority: 100
* Source: Any
* Source port range: *
* Destination: *
* Destination port range: 3389
* Protocol: UDP
* Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1.
NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic, Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation. Subnets usually do not have any NSG associated unless you go out of the way to do so, which this scenario does. when you create that extra NSG, it won't have an RDP rule by default, thus blocking inbound connections.
Request first goes to NSG -subnet1 and as there is no allow rule for RDP so it will block the request by default.Since the Subnet NSG (the one with the default rules) is evaluated first, it blocks the inbound RDP connection.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules

 

NEW QUESTION 243
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
Box 2: ILB1
References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

 

NEW QUESTION 244
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines VM1 and VM2. VM1 and VM2 run Windows Server 2016.
VM1 is backed up daily by Azure Backup without using the Azure Backup agent.
VM1 is affected by ransomware that encrypts data.
You need to restore the latest backup of VM1.
To which location can you restore the backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation:
Note: The new VM must be in the same region.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

 

NEW QUESTION 245
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?

  • A. From the Licenses blade of Azure AD, assign a license.
  • B. From the Azure AD domain, add an enterprise application.
  • C. From the Groups blade of each user, invite the users to a group.
  • D. From the Directory role blade of each user, modify the directory role.

Answer: A

Explanation:
Many Azure Active Directory (Azure AD) services require you to license each of your users or groups (and associated members) for that service. Only users with active licenses will be able to access and use the licensed Azure AD services for which that's true. Licenses are applied per tenant and do not transfer to other tenants.
Not all Microsoft services are available in all locations. Before a license can be assigned to a group, you must specify the Usage location for all members. You can set this value in the Azure Active Directory > Users > Profile > Settings area in Azure AD. Any user whose usage location is not specified inherits the location of the Azure AD organization.
You can add the licensing rights to users or to an entire group. Check the reference link for the steps.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups

 

NEW QUESTION 246
You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2016 Datacenter by using an Azure Marketplace image.
You need to complete the storageProfile section of the template.
How should you complete the storageProfile section? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

...
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2016-Datacenter",
"version": "latest"
},
...
References:
https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate

 

NEW QUESTION 247
You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.

You plan to share a cloud resource to the All Users group.
You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource.
What should you do first?

  • A. Create a user account of the member type for User4.
  • B. Create a user account of the member type for User3.
  • C. Modify the Directory-wide Groups settings.
  • D. Modify the External collaboration settings.

Answer: C

Explanation:
Ensure that "Enable an 'All Users' group in the directory" policy is set to "Yes" in your Azure Active Directory (AD) settings in order to enable the "All Users" group for centralized access administration. This group represents the entire collection of the Active Directory users, including guests and external users, that you can use to make the access permissions easier to manage within your directory.
Incorrect Answers:
A, B: User3 and User4 are guests already.
Note: By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.
References:
https://www.cloudconformity.com/knowledge-base/azure/ActiveDirectory/enable-all-users-group.html

 

NEW QUESTION 248
You have the Azure virtual machines shown in the following table.

You have a Recovery Services vault that protects VM1 and VM2.
You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?

  • A. Create a storage account.
  • B. Create a new Recovery Services vault.
  • C. Create a new backup policy.
  • D. Configure the extensions for VM3 and VM4.

Answer: B

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services
References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

 

NEW QUESTION 249
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?

  • A. Modify the disaster recovery properties of each virtual machine.
  • B. Modify the locks of each virtual machine.
  • C. From the Recovery Service vault, stop the backup of each backup item.
  • D. From the Recovery Service vault, delete the backup data.

Answer: C

Explanation:
Explanation
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

 

NEW QUESTION 250
......

AZ-104 Real Valid Brain Dumps With 465 Questions: https://www.prep4away.com/Microsoft-certification/braindumps.AZ-104.ete.file.html

AZ-104  Certification with Actual Questions: https://drive.google.com/open?id=1t8N-lEqlQjf8Pmo9Ucu8Vkt2BvmVvUuL

Related Blogs

more
Microsoft AZ-104 Certification Practice Exam