2024 Updated Verified AZ-104 dumps Q&As - 100% Pass Guaranteed
Provide Valid Dumps To Help You Prepare For Microsoft Azure Administrator Exam
NEW QUESTION # 87
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?
- A. Start VM1.
- B. View the keys of storageaccount1.
- C. Upload a blob to storageaccount1.
- D. Generate an automation script for RG1.
Answer: C
Explanation:
Explanation
Applying locks can lead to unexpected results because some operations that don't seem to modify the resource actually require actions that are blocked by the lock. Locks are inherited to all of its resources if it applies on resource group level.
Upload a blob to storageaccount1 is possible if we have readonly lock on RG1 since we are trying to modify the data not resource properties.
When a R/O lock is put on a resource, you lock it's properties not the resource. So while a read only lock is present on a storage account(inherited from a resource group), a file can still be uploaded to the already existing container of a storage account.
NEW QUESTION # 88
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
- A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
- B. From the server that runs Azure AD Connect, modify the filtering options.
- C. From Azure AD, add and verify a custom domain name.
- D. From the on-premises network, request a new certificate that contains the Active Directory domain name.
Answer: C
Explanation:
Explanation
Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:
State: Verified
Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.
State: Not verified
Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn't verified.
Action Required: Verify the custom domain in Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin
NEW QUESTION # 89
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)
You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 90
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Use managed disks
- B. Image
- C. OS disk type
- D. Size
- E. Availability options
Answer: A,C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone
NEW QUESTION # 91
You have an Azure Storage account named storage1.
You have Azure App Service apps named App1 and App2 that run in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:
* Minimize the number of secrets used.
* Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point
Answer:
Explanation:
NEW QUESTION # 92
Your network contains an Active Directory domain. The domain contains a user named User1. The domain is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
NEW QUESTION # 93
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Answer:
Explanation:
Explanation:
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs Windows but it won't block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
on-failure : Restart the container if it exits due to an error, which manifests as a non-zero exit code.
As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
NEW QUESTION # 94
You have an Azure subscription
You plan to deploy a new storage account
You need to configure encryption for the account The solution must meet the following requirements
* Use a customer-managed key stored in an key vault
* Use the maximum supported bit length.
Which type of key and which bit length should you use?
Answer:
Explanation:
NEW QUESTION # 95
You have an Azure subscription that contains the resources shown in the following table:
You assign a policy to RG6 as shown in the following table:
To RG6, you apply the tag: RGroup: RG6.
You deploy a virtual network named VNET2 to RG6.
Which tags apply to VNET1 and VNET2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies
NEW QUESTION # 96
You have an Azure subscription that contains the resources in the following table.
You install the Web Server server role (IIS) on VM1 and VM2, and then and VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the LB1 tab.)
Rule1 is configure as shown in the Rule1 exhibit. (Click the Rule tab.) For each of the following statements, select Yes if the statements is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview
NEW QUESTION # 97
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
- A. From the Directory role blade, modify the directory role
- B. From the Groups blade, invite the user account to a new group
- C. From the Licenses blade, assign a new license
Answer: A
Explanation:
Assign a role to a user
1. Sign in to the Azure portal with an account that's a global admin or privileged role admin for the directory.
2. Select Azure Active Directory, select Users, and then select a specific user from the list.
3. For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.
4. Press Select to save.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users- assign-role-azure-portal
NEW QUESTION # 98
Peering for VNET2 is configured as shown in the following exhibit.
Peering for VNET3 is configured as shown in the following exhibit.
How can packets be routed between the virtual networks? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
NEW QUESTION # 99
You have an Azure subscription named AZPT1 that contains the resources shown in the following table:
You create a new Azure subscription named AZPT2.
You need to identify which resources can be moved to AZPT2.
Which resources should you identify?
- A. VM1 and VM1Managed only
- B. VM1, storage1, VNET1, and VM1Managed only
- C. RVAULT1 only
- D. VM1, storage1, VNET1, VM1Managed, and RVAULT1
Answer: D
Explanation:
Explanation
You can move a VM and its associated resources to a different subscription by using the Azure portal.
You can now move an Azure Recovery Service (ASR) Vault to either a new resource group within the current subscription or to a new subscription.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscrip
https://docs.microsoft.com/en-us/azure/key-vault/general/keyvault-move-subscription
NEW QUESTION # 100
You need to resolve the Active Directory issue.
What should you do?
- A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
- B. From Azure AD Connect, modify the outbound synchronization rule.
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
References: https://www.microsoft.com/en-us/download/details.aspx?id=36832 - C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
- D. Run idfix.exe, and then use the Edit action.
Answer: D
NEW QUESTION # 101
You have an Azure Migrate project that has the following assessment properties:
* Target location: East US
* Storage redundancy: Locally redundant
* Comfort factor: 2.0
* Performance history: 1 month
* Percentile utilization: 95th
* Pricing tier: Standard
* Offer: Pay as you go
You discover the following two virtual machines:
* A virtual machine named VM1 that runs Windows Server 2016 and has 10 CPU cores at 20 percent utilization
* A virtual machine named VM2 that runs Windows Server 2012 and has four CPU cores at 50 percent utilization How many CPU cores will Azure Migrate recommend for each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
The equation is: 'core usage x comfort factor'. The comfort factor is 2.0.
So VM 1 is 10 cores at 20% utilization which equals 2 cores. Multiply that the comfort factor and you get 4 cores.
VM 2 is 4 cores at 50% utilization which equals 2 cores. Multiply that the comfort factor and you get 4 cores.
NEW QUESTION # 102
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azurestorage-firewalls-and-virtual-networks/
NEW QUESTION # 103
You create an Azure VM named VM1 that runs Windows Server 2019.
VM1 is configured as shown in the exhibit. (Click the Exhibit button.)
You need to enable Desired State Configuration for VM1.
What should you do first?
- A. Capture a snapshot of VM1.
- B. Start VM1.
- C. Connect to VM1.
- D. Configure a DNS name for VM1.
Answer: B
Explanation:
Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with Azure.
The VM needs to be started.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows
NEW QUESTION # 104
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and Central US.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION # 105
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
Azure DNS provides automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.
Box 2: No
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.
Box 3: Yes
VM6 belongs to registration virtual network, and an A (Host) record exists for VM9 in the DNS zone.
By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
NEW QUESTION # 106
You have an Azure subscription.
You create the following file named Deploy.json.
You connect to the subscription and run the following commands.
New..-ArResourceGroupDeployment - Resoure&GroupName RG1 -TemplateFlle "deploy .J son" For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 107
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
NEW QUESTION # 108
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.
You add a network interface named VM1173 to VM1 as shown in the exhibit. (Click the Exhibit tab.)
From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.
- A. Start VM1.
- B. Change the priority of the RDP rule.
- C. Delete the DenyAlllnBound rule.
- D. Attach a network interface.
Answer: A
Explanation:
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
NEW QUESTION # 109
......
Achieve Success in Actual AZ-104 Exam AZ-104 Exam Dumps: https://freedumps.testpdf.com/AZ-104-practice-test.html
