this is incorrect. if you will assign that IP to VM4 you need to redeploy the VM itself and connect it to Vnet 1 .
microsoft AZ-104 Exam Questions
Questions for the AZ-104 were updated on : Jul 20 ,2024
Page 1 out of 24. Viewing questions 1-15 out of 346
Question 1 Topic 1, Case Study 1Case Study Question View Case
HOTSPOT
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
Hot Area:
Answer:
Explanation:
Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their
identity.
Discussions
0
/ 1000
Question 2 Topic 1, Case Study 1Case Study Question View Case
You need to meet the user requirement for Admin1.
What should you do?
- A. From the Azure Active Directory blade, modify the Groups
- B. From the Azure Active Directory blade, modify the Properties
- C. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings
- D. From the Subscriptions blade, select the subscription, and then modify the Properties
Answer:
D
Explanation:
Scenario:
Designate a new user named Admin1 as the service admin for the Azure subscription. Admin1 must receive email alerts
regarding service outages.
Follow these steps to change the Service Administrator in the Azure portal.
1. Make sure your scenario is supported by checking the limitations for changing the Service Administrator.
2. Sign in to the Azure portal as the Account Administrator.
3. Open Cost Management + Billing and select a subscription.
4. In the left navigation, click Properties.
5. Click Service Admin.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/classic-administrators
Discussions
0
/ 1000
Question 3 Topic 2, Case Study 2Case Study Question View Case
HOTSPOT
You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must
meet the technical requirements.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Discussions
0
/ 1000
Question 4 Topic 2, Case Study 2Case Study Question View Case
You need to ensure that you can grant Group4 Azure RBAC read only permissions to all the Azure file shares.
What should you do?
- A. On storage2, enable identity-based access for the file shares.
- B. Recreate storage2 and set Hierarchical namespace to Enabled.
- C. On storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).
- D. Create a shared access signature (SAS) for storage1, storage2, and storage4.
Answer:
A
Explanation:
Azure Files supports identity-based authentication over Server Message Block (SMB) through on-premises Active Directory
Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
Discussions
0
/ 1000
Question 5 Topic 3, Case Study 3Case Study Question View Case
You need to implement a backup solution for App1 after the application is moved.
What should you create first?
- A. a recovery plan
- B. an Azure Backup Server
- C. a backup policy
- D. a Recovery Services vault
Answer:
D
Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure
VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
Reference: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
Discussions
0
/ 1000
Question 6 Topic 3, Case Study 3Case Study Question View Case
You need to move the blueprint files to Azure.
What should you do?
- A. Generate an access key. Map a drive, and then copy the files by using File Explorer.
- B. Use Azure Storage Explorer to copy the files.
- C. Use the Azure Import/Export service.
- D. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
Answer:
B
Explanation:
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS,
and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include:
Copy the blueprint files to Azure over the Internet.
Reference: https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-
using-azure-storage-explorer
Discussions
0
/ 1000
Question 7 Topic 3, Case Study 3Case Study Question View Case
HOTSPOT
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.
Box 2: No
Box 3: No
Deploy and manage Azure compute resources
Discussions
0
/ 1000
Question 8 Topic 4, Case Study 4Case Study Question View Case
HOTSPOT
You need to create container1 and share1.
Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers https://docs.microsoft.com/en-
us/azure/storage/common/storage-account-overview
Discussions
0
/ 1000
Question 9 Topic 4, Case Study 4Case Study Question View Case
HOTSPOT
You need to create storage5. The solution must support the planned changes.
Which type of storage account should you use, and which account should you configure as the destination storage account?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/object-replication-configure?tabs=portal
Discussions
0
/ 1000
Question 10 Topic 5, Case Study 5Case Study Question View Case
You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort.
What should you do?
- A. Create an NSG and associate the NSG to VM1 and VM4.
- B. Establish peering between VNET1 and VNET3.
- C. Assign VM4 an IP address of 10.0.1.5/24.
- D. Create a user-defined route from VNET1 to VNET3.
Answer:
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
Discussions
0
/ 1000
1 year, 1 month ago
Question 11 Topic 5, Case Study 5Case Study Question View Case
HOTSPOT
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN
appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN
gateway includes the following elements:
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic
from the on-premises network to the VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the
on-premises network is routed through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-
premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements,
described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is
private. Traffic does not go over the internet.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn
Configure and manage virtual networking
Discussions
0
/ 1000
Question 12 Topic 6, Case Study 6Case Study Question View Case
HOTSPOT
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL
Server on Windows for the data tier.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
Monitor and back up Azure resources
Discussions
0
/ 1000
Question 13 Topic 6, Case Study 6Case Study Question View Case
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
- A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
- B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
- C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
- D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
Answer:
A
Explanation:
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Discussions
0
/ 1000
Question 14 Topic 7, Case Study 7Case Study Question View Case
You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.
What should you do?
- A. Establish peering between VNET1 and VNET3.
- B. Assign VM4 an IP address of 10.0.1.5/24.
- C. Create a user-defined route from VNET1 to VNET3.
- D. Create an NSG and associate the NSG to VM1 and VM4.
Answer:
A
Explanation:
We need a VPN site-to-site to communicate between Azure and on-premises.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
Discussions
0
/ 1000
Question 15 Topic 7, Case Study 7Case Study Question View Case
HOTSPOT
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: No
NSG2 blocks RDP to VM2
Box 2: Yes
ICMP is not blocked
Box 3: No
NSG2 blocks RDP from VM2
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Discussions
0
/ 1000