This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ] Export date:Sat Apr 12 9:00:34 2025 / +0000 GMT ___________________________________________________ Title: Pass Your Exam Easily! AZ-104 Real Question Answers Updated on Nov 02, 2024 [Q29-Q48] --------------------------------------------------- Pass Your Exam Easily! AZ-104 Real Question Answers Updated on Nov 02, 2024 Actual Questions Answers Pass With Real AZ-104 Exam Dumps The Microsoft AZ-104 exam, in particular, is aimed at the Azure administrators. It does not matter if you don't currently work in this job role, because you can easily go for it if you want to. Passing this test and earning the Microsoft Certified: Azure Administrator Associate certification prepares you to take up this role and be able to perform all the required tasks efficiently. Therefore, you need to develop competence while preparing for this exam to gain practical experience during your preparation. Microsoft AZ-104 (Microsoft Azure Administrator) Certification Exam is designed to test the skills and knowledge of professionals who work with Microsoft Azure. AZ-104 exam focuses on assessing the ability of candidates to manage Azure resources, configure and manage virtual networks, and implement and manage storage solutions. Microsoft Azure Administrator certification exam also evaluates the candidates' proficiency in monitoring and backing up Azure resources, managing Azure identities and governance, and implementing and managing Azure compute resources. Why Take This Exam? The Microsoft AZ-104 is one of the role-based options that were introduced in 2019. Passing it will help a candidate to earn the Microsoft Certified: Azure Administrator Associate certification which is aimed at those specialists who have the relevant skills in implementing and managing a Microsoft Azure environment of an organization. These individuals are the Azure administrators who are responsible for the implementation, management, and monitoring of identity, storage, governance, virtual network, and compute in a Cloud-based environment. They are also in charge of monitoring and adjusting resources when needed. Moreover, these employees function as a part of a bigger team that is focused on implementing the Cloud infrastructure of their company. So, if you want to become such a highly competent specialist, you need to know certain things before going for the Microsoft AZ-104 test.   NO.29 You are deploying a containerized web application in Azure.When deploying the web app, which of the following are valid container image sources?  Virtual machine  Docker hub  ACR  On-premises ExplanationWhen you create a web app from a Docker image, you configure the following properties:* The registry that contains the image. The registry can be , Azure Container Registry (ACR), or some other private registry.* The image :This item is the name of the repository.* The tag : This item indicates which version of the image to use from the repository. By convention, the most recent version is given the tag latest when it’s built.* Startup File :This item is the name of an executable file or a command to be run when the image is loaded.It’s equivalent to the command that you can supply to Docker when running an image from the command line by using docker run. If you’re deploying a ready-to-run, containerized app that already has the ENTRYPOINT and/or COMMAND values configured, you don’t need to fill this in.Reference:https://docs.microsoft.com/en-us/learn/modules/deploy-run-container-app-service/4-deploy-web-appNO.30 You have an Azure subscription named Subscription1.You create an Azure Storage account named contosostorage, and then you create a file share named data.Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Explanation:Box 1: contosostorageThe name of accountBox 2: file.core.windows.netBox 3: dataThe name of the file share is data.Example:References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windowsNO.31 You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select. ExplanationStep 1: Upload a configuration to Azure Automation State Configuration.Import the configuration into the Automation account.Step 2: Compile a configuration into a node configuration.A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.Step 3: Onboard the virtual machines to Azure Automation State Configuration.Onboard the Azure VM for management with Azure Automation State Configuration Step 4: Assign the node configuration Step 5: Check the compliance status of the node Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.On the blade for an individual report, you can see the following status information for the corresponding consistency check:The report status – whether the node is “Compliant”, the configuration “Failed”, or the node is “Not Compliant” References:https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-startedNO.32 You are planning the move of App1 to Azure.You create a network security group (NSG).You need to recommend a solution to provide users with access to App1.What should you recommend?  Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.  Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.  Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.  Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. As App1 is public-facing we need an incoming security rule, related to the access of the web servers.Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.Topic 4, Contoso Ltd (Consulting Company)OverviewThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewGeneral OverviewContoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.EnvironmentExisting EnvironmentContoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant.The Azure AD tenant contains the users shown in the following table.Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.User1 manages the resources in RG1. User4 manages the resources in RG2.Sub1 contains virtual machines that run Windows Server 2019 as shown in the following tableNo network security groups (NSGs) are associated to the network interfaces or the subnets.Sub1 contains the storage accounts shown in the following table.RequirementsPlanned ChangesContoso plans to implement the following changes:Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.Create a storage account named storage5 and configure storage replication for the Blob service.Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.Associate NSG1 to the network interface of VM1.Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.Associate NSG2 to VNET1/Subnet2.Technical RequirementsContoso must meet the following technical requirements:Create container1 and share1.Use the principle of least privilege.Create an Azure AD security group named Group4.Back up the Azure file shares and virtual machines by using Azure Backup.Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.NO.33 You have an Azure subscription that contains a storage account named storage.You have the devices shown in the following table.From which devices can you use AzCopy to copy data to storage1?  Device1 and Device2 only  Device1, Device2 and Device3  Device’ only  Device and Device3 only https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#download-azcopyNO.34 You have an Azure subscription that contains the resources in the following table.To which subnets can you apply NSG1?  the subnets on VNet1 only  the subnets on VNet2 only  the subnets on VNet3 only  the subnets on VNet2. VNet2, and VNet3  the subnets on VNet2 and VNet3 only All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource.References:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-armNO.35 You have an Azure subscription that contains the resources shown in the following table.VMSS1 is set to VM (virtual machines) orchestration mode.You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overviewNO.36 HOTSPOTYou have an Azure subscription named Subscription1 that contains a resource group named RG1.In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege.Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: Section: [none]Explanation:The Network Contributor role lets you manage networks, but not access them.Reference:https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-rolesNO.37 You have an Azure App Service web app named app1.You configure autoscaling as shown in following exhibit.You configure the autoscale rule criteria as shown in the following exhibit.Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic. NOTE Each correct selection is worth one point. NO.38 You have an Azure subscription.You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.How should you configure the template? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-diskshttps://github.com/Azure/acs-engine/issues/1030NO.39 You have an Azure subscription named Sub1.You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.You need to recommend a networking solution to meet the following requirements:* Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.* Protect the web servers from SQL injection attacks.Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationBox 1: an internal load balancerAzure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.Box 2: an application gateway that uses the WAF tierAzure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.References:https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overviewNO.40 You have an Azure Active Directory tenant named Contoso.com that includes following users:Contoso.com includes following Windows 10 devices:You create following security groups in Contoso.com:For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/active-directory/devices/overviewNO.41 VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resourceshttps://docs.microsoft.com/en-us/azure/virtual-network/move-across-regions-publicip-powershellNO.42 You have an Azure subscription that contains the resource groups shown in the following table.RG1 contains the resources shown in the following table.VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:NO.43 You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.Which A records will be added to the adatum.com zone for each virtual machine? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationThe virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses.Reference:https://docs.microsoft.com/en-us/azure/dns/private-dns-overviewhttps://docs.microsoft.com/en-us/azure/dns/private-dns-scenariosNO.44 You have an Azure subscription that contains the storage accounts shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-premium-fileshare?tabs=azure-portalhttps://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiersNO.45 You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:Subnet: 10.0.0.0/24Availability set: AVSetNetwork security group (NSG): NonePrivate IP address: 10.0.0.4 (dynamic)Public IP address: 40.90.219.6 (dynamic)You deploy a standard, Internet-facing load balancer named slb1.You need to configure slb1 to allow connectivity to VM1.Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portalhttps://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overviewNO.46 You need to identify the storage requirements for Contoso.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationStatement 1: YesContoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.Statement 2: NoAzure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data. Common uses of Table storage include:1. Storing TBs of structured data capable of serving web scale applications2. Storing datasets that don’t require complex joins, foreign keys, or stored procedures and can be denormalized for fast access3. Quickly querying data using a clustered index4. Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries Statement 3: No File Storage can be used if your business use case needs to deal mostly with standard File extensions like*.docx, *.png and *.bak then you should probably go with this storage option.Reference:https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-ushttps://docs.microsoft.com/en-us/azure/storage/tables/table-storage-overviewhttps://www.serverless360.com/blog/azure-blob-storage-vs-file-storageNO.47 You have an Azure subscription that contains a virtual network named VNET1 in the East US 2 region. You have the following resources in an Azure Resource Manager template.For each of the following statements, select Yes if the statement is true. Otherwise, select No. Reference:https://docs.microsoft.com/en-us/azure/architecture/resiliency/recovery-loss-azure-regionNO.48 You have a sync group that has the endpoints shown in the following table.Cloud tiering is enabled for Endpoint3.You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.What should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationFile1: Endpoint3 onlyCloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares into a cache, rather than a complete copy of the dataset, to help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files.File2: Endpoint1, Endpoint2, and Endpoint3References:https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering Loading … New AZ-104 Dumps - Real Microsoft Exam Questions: https://www.braindumpsit.com/AZ-104_real-exam.html --------------------------------------------------- Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-11-02 14:57:25 Post date GMT: 2024-11-02 14:57:25 Post modified date: 2024-11-02 14:57:25 Post modified date GMT: 2024-11-02 14:57:25