[2022] Use Real Microsoft Dumps - 100% Free AZ-104 Exam Dumps [Q198-Q223]

[2022] Use Real Microsoft Dumps - 100% Free AZ-104 Exam Dumps

Realistic AZ-104 Dumps Latest Microsoft Practice Tests Dumps

Module 3: Azure Compute Resources Deployment and Management

After explaining about Azure implementation and storage, the test moves to Azure resource management. In this domain, the candidates have to learn about different ways to configure VMs for scalability as well as high availability. The concepts of creating and setting up Azure Kubernetes Service along with Azure Container Service (ACS) will be observed in detail in this section too. Finally, pay attention to the automation of configurations and deployment processes.

NEW QUESTION 198
You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager.
Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.
What should you do first?

A. Deploy a function app
B. Deploy the IT Service Management Connector (ITSM)
C. Create a notification
D. Create an automation runbook

Answer: B

Explanation:
The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service, such as the Microsoft System Center Service Manager.
With ITSMC, you can create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts).
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview

NEW QUESTION 199
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions.
You need to ensure that you can view all the resources in all the subscriptions.
What should you do?

A. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.
B. From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.
C. From the Azure portal, modify the properties of the Azure AD tenant.
D. From the Azure portal, modify the profile settings of your account.

Answer: A

Explanation:
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD). Use it for the application report.
References:
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduserapproleassignment?view=azureadps-2.0

NEW QUESTION 200
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION 201
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: B1
B1 (Basic) would minimize cost compared P1v2 (premium) and S1 (standard).
Box 2: Cross Origin Resource Sharing (CORS)
Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.
Note: CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy. This prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors

NEW QUESTION 202
HOTSPOT
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-
4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
* Can be assigned only to the resource groups in Subscription1
* Prevents the management of the access permissions for the resource groups
* Allows the viewing, creating, modifying, and deleting of resources within the resource groups What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider- operations#microsoftresources

NEW QUESTION 203
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.
You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the- attributes from Azure AD? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

Explanation
Box 1: User1 and User3 only
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.
Box 2: User1, User2, and User3
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal

NEW QUESTION 204
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?

A. IP flow verify in Azure Network Watcher
B. The security recommendations in Azure Advisor
C. Diagram in VNet1
D. Diagnostic settings in Azure Monitor
E. Diagnose and solve problems in Traffic Manager profiles

Answer: A

Explanation:
Section: [none]
Explanation:
Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview Question Set 1

NEW QUESTION 205
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Reference:
https://docs.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-move-a-vm-to-a-different-vnet-on-azure
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vmbetween-vnets

NEW QUESTION 206
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?

A. operating system
B. virtual machine size
C. administrator username
D. resource group

Answer: C

Explanation:
Explanation
When deploying a virtual machine from a template, you must specify:
* the Resource Group name and location for the VM
* the administrator username and password
* an unique DNS name for the public IP
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

NEW QUESTION 207
You have peering configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: vNET6 only
Box 2: Modify the address space
The virtual networks you peer must have non-overlapping IP address spaces.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints

NEW QUESTION 208
You have a general purpose v1 storage account named storageaccount1 that has a private container named container1. You need to allow read access to the data inside container1, but only within a 14 day window. How do you accomplish this?

A. Upgrade the storage account to general purpose v2
B. Create a shared access signatures
C. Create a stored access policy
D. Create a service SAS

Answer: B,C

Explanation:
Explanation
A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).
A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access.

NEW QUESTION 209
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected].
You need to ensure that the vendor can authenticate to the tenant by using [email protected].
What should you do?

A. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
B. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
C. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
D. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.

Answer: D

Explanation:
Explanation
UserPrincipalName - contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in Contoso.com, the UPN would be [email protected] Example:
To create the user, call the New-AzureADUser cmdlet with the parameter values:
powershell New-AzureADUser -AccountEnabled $True -DisplayName "Abby Brown"
-PasswordProfile$PasswordProfile -MailNickName "AbbyB" -UserPrincipalName "[email protected]" References:
https://docs.microsoft.com/bs-cyrl-ba/powershell/azure/active-directory/new-user-sample?view=azureadps-2.0

NEW QUESTION 210
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.

You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.

You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1 : 4
As there are 4 distinct set of resource types (Ingress, Egress, Delete storage account, Restore blob ranges), so you need 4 alert rules. In one alert rule you can't specify different type of resources to monitor. So you need 4 alert rules.
Box 2 : 3
There are 3 distinct set of "Users to notify" as (User 1 and User 3), (User1 only), and (User1, User2, and User3). You can't set the action group based on existing group (Group1 and Group2) as there is no specific group for User1 only. So you need to create 3 action group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups

NEW QUESTION 211
You plan to create the Azure web apps shown in the following table.

What is the minimum number of App Service plans you should create for the web apps?

A. 0
B. 1
C. 2
D. 3

Answer: B

Explanation:
Section: [none]

NEW QUESTION 212
You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 213
You have an Azure subscription that contains the resources in the following table.

Store1 contains a file share named Data. Data contains 5,000 files.
You need to synchronize the files in Data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create a container instance.
B. Register Server1.
C. Create a sync group.
D. Download an automation script.
E. Install the Azure File Sync agent on Server1.

Answer: B,C,E

Explanation:
Step 1 (E): Install the Azure File Sync agent on Server1 The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share Step 2 (D): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. Step 3 (C): Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment- guide

NEW QUESTION 214
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

A. Floating IP (direct server return) to Enabled
B. Protocol to UDP
C. Session persistence to Client IP and Protocol
D. Idle Time-out (minutes) to 20

Answer: C

Explanation:
Section: Configure and manage virtual networking
Explanation:
With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer For Sticky Sessions set Session persistence to Client IP.
On the following image you can see sticky session configuration:

Reference:
https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

NEW QUESTION 215
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.

You create two user accounts that are configured as shown in the following table.

To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Group 1 only
First rule applies
Box 2: Group1 and Group2 only
Both membership rules apply.
References:
https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections

NEW QUESTION 216
You create an Azure file sync group named Sync 1 and perform the following actions:
* Add share as the cloud endpoint for Sync1.
* Add data1 as a server endpoint for Sync1.
* Register Server1 and Server2 to Sync1.
For each of the following statements, select Yes if the statement is true Otherwise, select No.
NOTE Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION 217
HOTSPOT
You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3.
Peering for VNET1 is configured as shown in the following exhibit.

Peering for VNET2 is configured as shown in the following exhibit.

Peering for VNET3 is configured as shown in the following exhibit.

How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation:
Box 1. VNET2 and VNET3
Box 2: VNET1
Gateway transit is disabled.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

NEW QUESTION 218
Hotspot Question
You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
Task2: Validate outbound connectivity from an Azure virtual machine to an external host.
Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Task 1: IP flow verify
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Task 2:
With the addition of Connection Troubleshoot, Network Watcher will see an incremental increase in its capabilities and ways for you to utilize it in your day to day operations. You can now, for example, check connectivity between source (VM) and destination (VM, URI, FQDN, IP Address).
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
https://azure.microsoft.com/en-us/blog/network-watcher-connection-troubleshoot-now-generally- available/

NEW QUESTION 219
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: add an address space
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the address space of the subnet they are connected to. We need to add the 192.168.1.0/24 address space.
Box 2: add a subnet
Address space is present but need to add subnet

References:
https://docs.microsoft.com/en-us/microsoft-365/solutions/cloud-architecture-models?view=o365-worldwide
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal

NEW QUESTION 220
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommended?

A. an Azure logic app and the Microsoft Identity Management (MIM) client
B. Azure AP B2C
C. Azure AD Identity Protection
D. dynamic groups and conditional access policies

Answer: A

Explanation:
Explanation
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 221
You have an Azure subscription that contains the public load balancers shown in the following table.

You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers

NEW QUESTION 222
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.
VM1 is backed up daily by Azure Backup without using the Azure Backup agent.
VM1 is affected by ransomware that encrypts data.
You need to restore the latest backup of VM1.
To which location can you restore the backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1 : VM1 and VM2 only
When recovering files, you can't restore files to a previous or future operating system version.You can restore files from a VM to the same server operating system, or to the compatible client operating system. Therefore -
"VM1 and VM2 only" is the best answer since both run on Windows Server 2016.
"A new Azure virtual machine only" ,this will also work but why to create unnecessary new VM in Azure if existing VM will do the task. So this option is incorrect.
Box 2 : VM1 or A new Azure virtual machine only
When restoring a VM, you can't use the replace existing VM option for encrypted VMs. This option is only supported for unencrypted managed disks. And also You can restore files from a VM to the same server operating system, or to the compatible client operating system only. Hence "VM1 or A new Azure virtual machine only" is correct answer.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm#system-requirements