Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Cause all that matters here is passing the Microsoft AZ-104 exam. Cause all that you need is a high score of AZ-104 Microsoft Azure Administrator exam. The only one thing you need to do is downloading Testking AZ-104 exam study guides now. We will not let you down with our money-back guarantee.
Free demo questions for Microsoft AZ-104 Exam Dumps Below:
NEW QUESTION 1
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.
Subscription1 contains the virtual machines in the following table:
The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table.
For each of the following statements, select Yest if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer: A
NEW QUESTION 2
You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
Answer: A
Explanation:
* 1. View template from deployment history
Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
* 2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.
The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template
NEW QUESTION 3
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations: 
Name: VM1
Location: West US
Connected to: VNET1 Private IP address: 10.1.0.4 Public IP address: 52.186.85.63 DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
Answer: A
NEW QUESTION 4
A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application.
You create a new web app named WebApp1 and deploy the web application to WebApp1. You need to disable anonymous access to WebApp1.
What should you configure?
Answer: D
Explanation:
Anonymous access is an authentication method. It allows users to establish an anonymous connection. References:
https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems
NEW QUESTION 5
Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: A web app named webapp1
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1. What should you deploy?
Answer: C
Explanation:
A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.
This type of connection requires a VPN device, a VPN gateway, located on-premises that has an externally facing public IP address assigned to it.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
NEW QUESTION 6
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.
You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com. For contoso.com, you create a virtual network link named link1 as shown in the exhibit. (Click the Exhibit
tab.)
You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com. VM1 can resolve other hosts on the internet.
You need to ensure that VM1 can resolve host names in adatum.com. What should you do?
Answer: C
Explanation:
Adatum.com is a public DNS zone. The Internet top level domain DNS servers need to know which DNS servers to direct DNS queries for adatum.com to. You configure this by configuring the name servers for adatum.com at the domain registrar.
ence:
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
NEW QUESTION 7
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable two-step verification for Azure users.
What should you do?
Answer: B
Explanation:
Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
NEW QUESTION 8
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer: A
NEW QUESTION 9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?
Answer: A
Explanation:
When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
NEW QUESTION 10
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2. What should you do first?
Answer: C
Explanation:
The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.
Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a
Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to
provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.
The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
NEW QUESTION 11
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?
Answer: C
Explanation:
Applying locks can lead to unexpected results because some operations that don't seem to modify the resource actually require actions that are blocked by the lock. Locks are inherited to all of its resources if it applies on resource group level.
Upload a blob to storageaccount1 is possible if we have readonly lock on RG1 since we are trying to modify the data not resource properties.
When a R/O lock is put on a resource, you lock it's properties not the resource. So while a read only lock is present on a storage account(inherited from a resource group), a file can still be uploaded to the already
existing container of a storage account.
NEW QUESTION 12
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer: CE
Explanation:
C: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering.
IPsec tunnel encryption and decryption are added to the packet filtering and processing engine. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
NEW QUESTION 13
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages. You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: A
NEW QUESTION 14
You have an Azure subscription that contains the following resources:
• a virtual network named VNet1
• a replication policy named ReplPolicy1
• a Recovery Services vault named Vault1
• an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Use an EC2 instance that's running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault. Configure the proxy on the EC2 instance VM you're using as the configuration server so that it can access the service URLs.Answer: A
NEW QUESTION 15
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet. Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?
Answer: D
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network. Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-site VPN connection. You don't have to allow direct RDP or SSH access over the internet. And this can be achieved by configuring a deny rule in a network security group (NSG) that is linked to Subnet1 for RDP / SSH protocol coming from internet.
Modify the address space of Subnet1 : Incorrect choice
Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual network. Modify the address space of the local network gateway : Incorrect choice
Modifying the address space of the local network gateway will have no impact on RDP traffic flow to the virtual network.
Remove the public IP addresses from the virtual machines : Incorrect choice
If you remove the public IP addresses from the virtual machines, none of the applications be accessible publicly by the Internet users.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
NEW QUESTION 16
You create an App Service plan named App1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for App1.
What should you do first?
Answer: C
Explanation:
Scale up: Get more CPU, memory, disk space, and extra features like dedicated virtual machines (VMs), custom domains and certificates, staging slots, autoscaling, and more.
You scale up by changing the pricing tier of the App Service plan that your app belongs to. Reference:
https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up
NEW QUESTION 17
Which blade should you instruct the finance department auditors to use?
Answer: C
Explanation:
Cost analysis: Correct Option
In cost analysis blade of Azure, you can see all the detail for custom time span. You can use this to determine expenditure of last few day, weeks, and month. Below options are available in Cost analysis blade for filtering information by time span:
last 7 days, last 30 days, and custom date range. Choosing the first option (last 7 days) auditors can view the costs by time span.
Cost analysis shows data for the current month by default. Use the date selector to switch to common date ranges quickly. Examples include the last seven days, the last month, the current year, or a custom date range. Pay-as-you-go subscriptions also include date ranges based on your billing period, which isn't bound to the calendar month, like the current billing period or last invoice. Use the
links at the top of the menu to jump to the previous or next period, respectively. For example, 
Invoice: Incorrect Option
Invoices can only be used for past billing periods not for current billing period, i.e. if your requirement is to know the last week's cost then that also not filled by invoices because Azure generates invoice at the end of the month. Even though Invoices have custom timespan, but when you put in dates for a week, the pane would be empty. Below is from Microsoft document:
Resource Provider: Incorrect Option
When deploying resources, you frequently need to retrieve information about the resource providers and types. For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. This resource provider offers a resource type called vaults for creating the key vault. This is not useful for reviewing all Azure costs from the past week which is required for audit.
Payment method: Incorrect Option
Payment methods is not useful for reviewing all Azure costs from the past week which is required for audit.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost-analysis https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/download-azure-invoice-daily-usage-d
NEW QUESTION 18
You have an Azure subscription named Subscription1.
You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1.
You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: A
NEW QUESTION 19
......
P.S. Easily pass AZ-104 Exam with 454 Q&As Dumpscollection.com Dumps & pdf Version, Welcome to Download the Newest Dumpscollection.com AZ-104 Dumps: https://www.dumpscollection.net/dumps/AZ-104/ (454 New Questions)