AZ-104 dumps exam preparation materials provide 361 practical and effective latest exam questions and answers, with a refresh rate of over 35%, focusing on five major modules. Each exam question is edited and reviewed by Leads4Pass Microsoft Azure experts, and different weight values ​​are assigned according to the actual situation to ensure that you grasp the key points and pass the exam successfully.
Leads4Pass AZ-104 dumps: https://www.leads4pass.com/az-104.html. The corresponding exam question types are distributed according to the actual exam situation:
| Single & Multiple Choice | 195 |
| Drag Drop | 12 |
| Hotspot | 154 |
| Testlet | 5 |
Welcome to practice the latest AZ-104 dumps exam questions online
| Number of exam questions | Last free share | Continue free share |
| 15 | Compare (Q1-Q15) | Q16-Q30 |
Question 16:
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
A. NSG flow logs
B. Connection troubleshooting
C. IP flow verify
D. Connection monitor
Correct Answer: D
The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint. Incorrect Answers:
A: The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the
connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.
B: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as the connection monitor does.
D: The NSG flow log capability allows you to log the source and destination IP address, port, protocol, and whether traffic was allowed or denied by an NSG.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
Question 17:
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.
Adatum.com has the following configurations:
Users may join devices to Azure AD is set to User1.
Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer. User1 joins Computer1 to adatum.com.
You need to identify which users are added to the local Administrators group on Computer1.
A. User1 only
B. User1, User2, and User3 only
C. User1 and User2 only
D. User1, User2, User3, and User4
E. User2 only
Correct Answer: C
Users may join devices to Azure AD – This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All.
Additional local administrators on Azure AD joined devices – You can select the users who are granted local administrator rights on a device. Users added here are added to the Device Administrators role in Azure AD. Global administrators, here User2, in Azure AD and device owners are granted local administrator rights by default.
References: https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
Question 18:
HOTSPOT
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 4
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
Box 2: 2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically.
and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
Question 19:
HOTSPOT
You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.
You assign an Azure policy that has the following settings:
1.
Scope: Sub1
2.
Exclusions: Sub1/RG1/VNET1
3.
Policy definition: Append a tag and its value to resources
4.
Policy enforcement: Enabled
5.
Tag name: Tag4
6.
Tag value: value4
You assign tags to the resources as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
The Azure Policy will add Tag4 to RG1.
Box 2: No
Tags applied to the resource group or subscription aren’t inherited by the resources, although you can enable inheritance with Azure Policy. Storage1 has Tag3: Value, 1, and the Azure Policy will add Tag4.
Box 3: No
Tags applied to the resource group or subscription aren’t inherited by the resources, so VNET1 does not have Tag2.
VNET1 has Tag3:value2. VNET1 is excluded from the Azure Policy, so Tag4 will not be added to VNET1.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json
Question 20:
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
a virtual network named VNet1
2.
a replication policy named ReplPolicy1
3.
a Recovery Services vault named Vault1
4.
An Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server. You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Deploy an EC2 virtual machine as a configuration server. Prepare source include:
Use an EC2 instance that\’s running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.
Configure the proxy on the EC2 instance VM you\’re using as the configuration server so that it can access the service URLs.
Step 2: Install Azure Site Recovery Unified Setup.
Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you\’re using as the configuration server.
Step 3: Enable replication for VM1.
Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure
Question 21:
HOTSPOT
You need to deploy two Azure web apps named WebApp1 and WebApp2. The web apps have the following requirements:
1.
WebApp1 must be able to use staging slots
2.
WebApp2 must be able to access the resources located on an Azure virtual network
What is the least costly plan that you can use to deploy each web app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
References: https://azure.microsoft.com/en-au/pricing/details/app-service/windows/ https://azure.microsoft.com/en-gb/pricing/details/app-service/plans/
Question 22:
You have an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to configure the cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. The set-AzAKs cmdlet
B. The Azure portal
C. The az aks command
D. The kubectl command
E. the set Azvm cmdlet
Correct Answer: BC
AKS clusters can scale in one of two ways:
The cluster autoscaler watches for pods that cannot be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes. The horizontal pod autoscaler uses the Metrics Server in a
Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand.
Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
Question 23:
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have two external partner organizations named fabrilcam.com and litwareinc.com. FabtAam.com is configured as a connected organization.
You create an access package as shown in the Access package exhibit. (Click the Access package lab.)
You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the lifecycle tab)
For each of the following statements, select Yes if the statement is true. Otherwise, select No
Note: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 24:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure CLI, you run azcopy.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
Question 25:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and West US.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
Question 26:
You have an Azure subscription.
In the Azure portal, you plan to create a storage account named storage1 that will have the following settings:
1.
Performance: Standard
2.
Replication: Zone-redundant storage (ZRS)
3.
Access tier (default): Cool
4.
Hierarchical namespace: Disabled
You need to ensure that you can set the Account kind for storage1 to BlockBlobStorage.
Which setting should you modify first?
A. Performance
B. Replication
C. Access tier (default)
D. Hierarchical namespace
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-performance-tiers
Question 27:
You have an Azure AD tenant that contains the groups shown in the following table.
You purchase Azure Active Directory Premium P2 licenses. To which groups can you assign a license?
A. Group1 only
B. Group1 and Group3 only
C. Group3 and Group4 only
D. Group1, Group2, and Group3 only
E. Group1, Group2, Group3, and Group4
Correct Answer: B
Question 28:
Note: The question is included in a number of questions that depict the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure subscription that includes a storage account, a resource group, a blob container, and a file share.
A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.
You want to review the ARM template that was used by Jon Ross.
Solution: You access the Virtual Machine blade.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: B
You should use the Resource Group blade
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template
Question 29:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain.
You have a server named DirSync1 that is configured as a DirSync server.
You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: B
Question 30:
HOTSPOT
You have an Azure subscription named Subscription1. Subscription 1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1:
Rule 2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80.
Box 2:
If Rule 2 is removed, internet users can reach the DNS server as well. Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule,
processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
…
Download Microsoft AZ-104 dumps exam preparation materials: https://www.leads4pass.com/az-104.html, practice 361 latest updated exam questions and answers, simulate various question types in the real environment, and help you pass the AZ-104 Azure Administrator Associate certification exam.
