2022 AZ-104 Premium Files Test pdf - Free Dumps Collection [Q208-Q229]

Share

2022 AZ-104 Premium Files Test pdf - Free Dumps Collection

 Get ready to pass the AZ-104 Exam right now using our Microsoft Azure Administrator Associate  Exam Package


Exam Topics

The Microsoft AZ-104 exam measures the specific skills and knowledge areas to prove that you are worth the certificate. Therefore, you must review all the topics of the test and select resources that will help you gain mastery of the skills that will be evaluated in it. The highlights of the domains are as follows:

  • Back up & Monitor Azure Resources: 10-15%

    This part requires that the learners have the expertise in monitoring resources with the use of Azure Monitor. They also need to understand how to implement recovery and backup. This includes their skills in reviewing and configuring backup reports as well as creating and configuring backup policy and Recovery Service Vault.

  • Manage & Deploy Azure Compute Resources: 25-30%

    This domain requires that the test takers possess the relevant skills in configuring virtual machines for scalability and high availability. It is required to have the expertise in automating the configuration and deployment of virtual machines as well as creating and configuring virtual machines. It also requires competence in creating and configuring containers and Web Apps.

  • Manage & Implement Storage: 10-15%

    The questions from this subject area will measure the ability of the candidates to manage data within Azure storage and storage accounts. They should have the skills in exporting from and importing into the Azure job, installing and using Azure Storage Explorer, and copying data with AZCopy. It will also evaluate their expertise required to configure Azure blob storage and Azure Files. The individuals must be ready to demonstrate their knowledge of how to configure Azure blob storage, object replication, and blob lifecycle management.

  • Manage Azure Identities & Governance: 15-20%

    This topic requires that the individuals develop competence in managing the Azure AD objects and role-based access control. It also requires that they gain mastery of the skills required to manage governance and subscriptions. The learners should be able to configure resource locks, Azure policies, Cost Management, and Management groups. They also need the ability to manage subscriptions and resource groups.

  • Manage & Configure Virtual Networking: 30-35%

    The potential candidates for the AZ-104 exam must demonstrate their ability to manage and implement virtual networking and name resolution. They should also have competence in securing access to VNs and configuring load balancing. This section will also measure their skills in troubleshooting and monitoring virtual networks as well as integrating on-premises networks with Azure virtual networks.

 

NEW QUESTION 208
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks.
Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta

 

NEW QUESTION 209
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
Name: VM1
Location: West US
Connected to: VNET1
Private IP address: 10.1.0.4
Public IP addresses: 52.186.85.63
DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.

You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

 

NEW QUESTION 210
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Explanation:
Box 1: B1
B1 (Basic) would minimize cost compared P1v2 (premium) and S1 (standard).
Box 2: Cross Origin Resource Sharing (CORS)
Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.
Note: CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy. This prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors

 

NEW QUESTION 211
You have an Azure subscription that contains the following storage account:

You need 10 create a request to Microsoft Support to perform a live migration of storage1 to Zone Redundant Storage (ZRS) replication. How should you modify storage1 before the Live migration?

  • A. Set the replication to Locally-redundant storage (IRS)
  • B. Disable Advanced threat protection
  • C. Remove the lock
  • D. Set the access tier to Hot

Answer: A

 

NEW QUESTION 212
VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.
RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources
https://docs.microsoft.com/en-us/azure/virtual-network/move-across-regions-publicip-powershell

 

NEW QUESTION 213
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?

  • A. Generate an automation script for RG1.
  • B. Upload a blob to storageaccount1.
  • C. Start VM1.
  • D. View the keys of storageaccount1.

Answer: B

Explanation:
Applying locks can lead to unexpected results because some operations that don't seem to modify the resource actually require actions that are blocked by the lock. Locks are inherited to all of its resources if it applies on resource group level.
Upload a blob to storageaccount1 is possible if we have readonly lock on RG1 since we are trying to modify the data not resource properties.
When a R/O lock is put on a resource, you lock it's properties not the resource. So while a read only lock is present on a storage account(inherited from a resource group), a file can still be uploaded to the already existing container of a storage account.

Incorrect Answers:
Generate an automation script for RG1 is NOT possible in read only mode.
A read-only lock on a storage account prevents all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations. When we tried to read the Access Key of the Storage Account , get the below message.
Access blocked The resource is locked Cannot access the data plane because of a read lock on the resource or its parent.
A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

 

NEW QUESTION 214
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You sign in to VM1 as a user named User1 and perform the following actions:
- Create files on drive C.
- Create files on drive D.
- Modify the screen saver timeout.
- Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?

  • A. the modified screen saver timeout
  • B. the new files on drive C
  • C. the new desktop background
  • D. the new files on drive D

Answer: A

 

NEW QUESTION 215
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table:

User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

 

NEW QUESTION 216
You have an Active Directory domain named contoso.com that contains the objects shown in the following table.
The groups have the memberships shown in the following table.
OU1 and OU2 are synced to Azure Active Directory (Azure AD).
You modify the synchronization settings and remove OU1 from synchronization. You sync Active Directory and Azure AD.
Which objects are in Azure AD?

  • A. User1, User2, Group1, User4, and Group2 only
  • B. User4 and Group2 only
  • C. User2, Group1, User4, and Group2 only
  • D. User1, User2, User3, User4, Group1, and Group2

Answer: A

 

NEW QUESTION 217
You need to meet the technical requirement for VM4.
What should you create and configure?

  • A. an Azure Logic App
  • B. an Azure services Bus
  • C. an Azure Event Hub
  • D. an Azure Notification Hub

Answer: C

Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
Topic 2, Humongous Insurance Overview
Existing Environment
Huongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok. Each has 5000 users.
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com. The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
* Default Azure system routes that will be the only routes used to route traffic
* A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
* A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
* A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Title Subnet4 You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
* Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups.
* During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.

 

NEW QUESTION 218
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.

Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

 

NEW QUESTION 219
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?

  • A. Change the priority of Rule6 to 100
  • B. Change the priority of Rule3 to 450.
  • C. For Rule5, change the Action to Allow and change the priority to 401
  • D. DeleteRule1.
  • E. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of
    501.

Answer: C

Explanation:
Explanation
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

NEW QUESTION 220
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.

Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

 

NEW QUESTION 221
You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.

You deploy virtual machines to Subscription1 as shown in the following table.

Answer:

Explanation:

 

NEW QUESTION 222
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.
You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Use max for platformFaultDomainCount
2 or 3 is max value, depending on which region you are in.
Use 20 for platformUpdateDomainCount
Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
References:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks
https://github.com/Azure/acs-engine/issues/1030

 

NEW QUESTION 223
You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
You need to specify which resource type to monitor.
What should you specify?

  • A. virtual machine
  • B. virtual machine extension
  • C. metric alert
  • D. Azure Log Analytics workspace

Answer: D

Explanation:
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for analysis of details and correlations. Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
Azure Log Analytics workspace is also used for on-premises computers monitored by System Center Operations Manager.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm

 

NEW QUESTION 224
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?

  • A. Generate an automation script for RG1.
  • B. Upload a blob to storageaccount1.
  • C. Start VM1.
  • D. View the keys of storageaccount1.

Answer: B

Explanation:
Explanation
Applying locks can lead to unexpected results because some operations that don't seem to modify the resource actually require actions that are blocked by the lock. Locks are inherited to all of its resources if it applies on resource group level.
Upload a blob to storageaccount1 is possible if we have readonly lock on RG1 since we are trying to modify the data not resource properties.
When a R/O lock is put on a resource, you lock it's properties not the resource. So while a read only lock is present on a storage account(inherited from a resource group), a file can still be uploaded to the already existing container of a storage account.

 

NEW QUESTION 225
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table.

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.
Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

 

NEW QUESTION 226
You have an Azure Active Directory tenant named Contoso.com that includes following users:

Contoso.com includes following Windows 10 devices:

You create following security groups in Contoso.com:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Yes
User1 is a Cloud Device Administrator.
Device2 is Azure AD joined.
Group1 has the assigned to join type. User1 is the owner of Group1.
Note: Assigned groups - Manually add users or devices into a static group.
Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD Box 2: No User2 is a User Administrator.
Device1 is Azure AD registered.
Group1 has the assigned join type, and the owner is User1.
Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential.
Box 3: Yes
User2 is a User Administrator.
Device2 is Azure AD joined.
Group2 has the Dynamic Device join type, and the owner is User2.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview

 

NEW QUESTION 227
You need to meet the user requirement for Admin1.
What should you do?

  • A. From the Azure Active Directory blade, modify the Properties.
  • B. From the Subscriptions blade, select the subscription, and then modify the Properties.
  • C. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
  • D. From the Azure Active Directory blade, modify the Groups.

Answer: B

Explanation:
Explanation
Change the Service administrator for an Azure subscription
* Sign in to Account Center as the Account administrator.
* Select a subscription.
* On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

 

NEW QUESTION 228
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:

Explanation:
Box 1: Assignments, Users and Groups
When you configure the sign-in risk policy, you need to set:
The users and groups the policy applies to: Select Individuals and Groups

Box 2:
When you configure the sign-in risk policy, you need to set the type of access you want to be enforced.

Box 3:
When you configure the sign-in risk policy, you need to set:
The type of access you want to be enforced when your sign-in risk level has been met:

References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

 

NEW QUESTION 229
......

Master 2022 Latest The Questions Microsoft Azure Administrator Associate and Pass AZ-104  Real Exam!: https://www.prepawayexam.com/Microsoft/braindumps.AZ-104.ete.file.html

A fully updated 2022 AZ-104 Exam Dumps exam guide from training expert PrepAwayExam: https://drive.google.com/open?id=1xbQOQzFe89IWvtvPzjefdV8samY6Ejs8