This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 2:53:42 2024 / +0000 GMT ___________________________________________________ Title: [Jun 25, 2024] Genuine AZ-104 Exam Dumps Free Demo [Q104-Q118] --------------------------------------------------- [Jun 25, 2024] Genuine AZ-104 Exam Dumps Free Demo Printable & Easy to Use Microsoft Azure Administrator Associate AZ-104 Dumps 100% Same Q&A In Your Real Exam Exam Details The Microsoft AZ-104 exam measures the students' skills in managing Azure governance and identities as well as managing and implementing storage. It also evaluates their expertise in managing and deploying Azure compute resources, backing up and monitoring Azure resources, and configuring virtual networking. To register for the test, you must pay the fee of $165. The registration process is done through the Pearson VUE website. You can choose to take the exam in English, Japanese, Korean, or Simplified Chinese. Although Microsoft does not disclose all the details of its tests, you can surely expect about 40-60 questions to be completed within 120 minutes. The applicants can expect different formats of questions during the delivery of their exam. They include drag and drop, build list, active screen, and multiple choice, among others.   NO.104 You are configuring Azure Active Directory (AD) Privileged Identity Management.You need to provide a user named Admm1 with read access to a resource group named RG1 for only one month.The user role must be assigned immediately.What should you do?  Assign an active role.  Assign an eligible role.  Assign a permanently active role.  Create a custom role and a conditional access policy. ExplanationAzure AD Privileged Identity Management introduces the concept of an eligible admin. Eligible admins should be users that need privileged access now and then, but not all-day, every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.References:https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureNO.105 You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationBox 1: An Azure Log Analytics workspaceIn the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions Box 2: ILB1 References:https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspacehttps://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnosticsNO.106 You have an Azure subscription named Subscription1.You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1.You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deploymentNO.107 You need to recommend an identify solution that meets the technical requirements.What should you recommend?  federated single-on (SSO) and Active Directory Federation Services (AD FS)  password hash synchronization and single sign-on (SSO)  cloud-only user accounts  Pass-through Authentication and single sign-on (SSO) ExplanationActive Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.Scenario: Technical Requirements include:Prevent user passwords or hashes of passwords from being stored in Azure.References: https://www.sherweb.com/blog/active-directory-federation-services/NO.108 You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.Each virtual machine uses a static IP address.You need to create network security groups (NSGs) to meet following requirements:* Allow web requests from the internet to VM3, VM4, VM5, and VM6.* Allow all connections between VM1 and VM2.* Allow Remote Desktop connections to VM1.* Prevent all other network traffic to VNET1.What is the minimum number of NSGs you should create?  1  3  4  12 Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).Each network security group also contains default security rules.References:https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rulesNO.109 You have an Azure subscription that contains the resources shown in the following table.The Not allowed resource types Azure policy that has policy enforcement enabled is assigned to RG1 and uses the following parameters:Microsoft.Network/virtualNetworksMicrosoft.Compute/virtualMachinesIn RG1, you need to create a new virtual machine named VM2 which is connected toVNET1. What should you do first?  Create an Azure Resource Manager template.  AddasubnettoVNET1.  Remove Microsoft. Network/virtualNetworks from the policy.  Remove Microsoft.Compute/virtualMachines from the policy. ExplanationTo create a new virtual machine named VM2 which is connected to VNET1 in RG1, you need to remove Microsoft.Network/virtualNetworks from the policy. This is because the Not allowed resource types Azure policy denies the deployment of the specified resource types in the scope of the assignment. In this case, the policy is assigned to RG1 and uses the parameters Microsoft.Network/virtualNetworks and Microsoft.Compute/virtualMachines. This means that you cannot create or update any virtual networks or virtual machines in RG1. Therefore, to create VM2 and connect it to VNET1, you need to remove Microsoft.Network/virtualNetworks from the policy parameters. This will allow you to create or update virtual networks in RG1, but still prevent you from creating or updating virtual machines. Alternatively, you can also exclude VNET1 from the policy assignment scope, but this will affect the compliance of the policy for the entire virtual network.References:Not allowed resource types (Deny)Create and manage policies to enforce complianceNO.110 You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:Name: VM1Location: West USConnected to: VNET1Private IP address: 10.1.0.4Public IP addresses: 52.186.85.63DNS suffix in Windows Server: Adatum.comYou create the Azure DNS zones shown in the following table.You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.Which zones should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/dns/private-dns-overviewNO.111 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Subscription1 that contains the resources shown in the following table.VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.You need to create a new network interface named NIC2 for VM1.Solution: You create NIC2 in RG2 and Central US.Does this meet the goal?  Yes  No ExplanationThe virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.References:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interfaceNO.112 You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.You add 14 virtual machines to WEBPROD-AS-USE2.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. NO.113 You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.Each virtual machine uses a static IP address.You need to create network security groups (NSGs) to meet following requirements:* Allow web requests from the internet to VM3, VM4, VM5, and VM6.* Allow all connections between VM1 and VM2.* Allow Remote Desktop connections to VM1.* Prevent all other network traffic to VNET1.What is the minimum number of NSGs you should create?  1  3  4  12 ExplanationNote: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).Each network security group also contains default security rules.References:https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rulesNO.114 You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit. NO.115 You have an Azure subscription that contains the Azure virtual machines shown in the following table.You configure the network interfaces of the virtual machines to use the settings shown in the following tableFrom the settings of VNET1, you configure the DNS servers shown in the following exhibit.The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.For each of the following statements, select Yes if the statement is true. Otherwise, select No. Reference:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#name-resolution-dnsNO.116 You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.Subscription1 contains the virtual machines in the following table:The firewalls on all the virtual machines are configured to allow all ICMP traffic.You add the peerings in the following table.For each of the following statements, select Yest if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spokeNO.117 You have an Azure subscription that contains several virtual machines and an Azure Log Analytics workspace named Workspace1. You create a log search query as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overviewhttps://docs-analytics-eus.azurewebsites.net/queryLanguage/query_language_renderoperator.htmlNO.118 You have an Azure subscription that contains the resource groups shown in the following table.RG1 contains the resources shown in the following table.RG2 contains the resources shown in the following table.You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1. Which resources should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation Loading … AZ-104 Practice Test Give You First Time Success with 100% Money Back Guarantee!: https://www.test4engine.com/AZ-104_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-06-25 10:00:02 Post date GMT: 2024-06-25 10:00:02 Post modified date: 2024-06-25 10:00:02 Post modified date GMT: 2024-06-25 10:00:02