Pass4itsure Cisco (CCNA, CCNP, Meraki Solutions Specialist, CCDP…) dumps updates throughout the year and share some exam questions for free to help you 100% pass the exam

[2021.3] Prep Actual Microsoft AZ-104 Exam Questions For Free Share

Valid Microsoft AZ-104 questions shared by Pass4itsure for helping to pass the Microsoft AZ-104 exam! Get the newest Pass4itsure Microsoft AZ-104 exam dumps with VCE and PDF here: https://www.pass4itsure.com/az-104.html (427 Q&As Dumps).

[Free PDF] Microsoft AZ-104 pdf https://drive.google.com/file/d/18D79ZrAsHfnoTFDI4IQQRCmDqPiEc8KT/view?usp=sharing

Suitable for AZ-104 complete Microsoft learning pathway

The content is rich and diverse, and learning will not become boring. You can learn in multiple ways through the Microsoft AZ-104 exam.

  1. Download 
  2. Answer practice questions, the actual Microsoft AZ-104 test

Microsoft AZ-104 Microsoft Azure Administrator

Free Microsoft AZ-104 dumps download

[PDF] Free Microsoft AZ-104 dumps pdf download https://drive.google.com/file/d/18D79ZrAsHfnoTFDI4IQQRCmDqPiEc8KT/view?usp=sharing

Pass4itsure offers the latest Microsoft AZ-104 practice test free of charge 1-13

QUESTION 1
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

AZ-104 exam questions-q1

In storage1, you create a blob container named blob1 and a file share named share1. Which resources can be backed
up to Vault1 and Vault2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is
worth one point.
Hot Area:

 

AZ-104 exam questions-q1-2

Correct Answer:

AZ-104 exam questions-q1-3

Box 1: VM1 only
VM1 is in the same region as Vault1.
File1 is not in the same region as Vautl1.
SQL is not in the same region as Vault1.
Blobs cannot be backup up to service vaults.
Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
Box 2: Share1 only.
Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1. Note: After you select Backup, the Backup
pane opens and prompts you to select a storage account from a list of discovered supported storage accounts.
They\\’re
either associated with this vault or present in the same region as the vault, but not yet associated to any Recovery
Services vault.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault https://docs.microsoft.com/enus/azure/backup/backup-afs
===================================================
Topic 1, Litware, inc.
Overview
Litware, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New
York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200
employees.
All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active
Directory (Azure AD) tenant uses a domain named Litware.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named Litware.com. All domain controllers are configured as DNS
servers and host the Litware.com DNS zone. Litware has finance, human resources, sales, research, and information
technology departments. Each department has an organizational unit (OU) that contains all the accounts of that
respective department. All the user accounts have the department attribute set to their respective department.
New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private links.
Litware has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a
VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

AZ-104 exam questions-q1-4

The network security team implements several network security groups (NSGs).
Planned Changes
Litware plans to implement the following changes:
*
Deploy Azure ExpressRoute to the Montreal office.
*
Migrate the virtual machines hosted on Server1 and Server2 to Azure
*
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
*
Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical Requirements
Litware must meet the following technical requirements:
*
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five
instance*.
*
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal
office.
*
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
*
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
*
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com.
*
Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
*
Create a workflow to send an email message when the settings of VM4 are modified.
*
Create a custom Azure role named Role1 that is based on the Reader role.
*
Minimize costs whenever possible.

QUESTION 2
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to
deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must
prevent the password from being stored in plain text.
What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Correct Answer: C
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a
Key Vault. Therefore the password is never put in plain text in the template parameter file.
References:
https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/


QUESTION 3
Your company has a main office in London that contains 100 client computers. Three years ago, you migrated to Azure
Active Directory (Azure AD). The company\\’s security policy states that all personal devices and corporate-owned
devices
must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network. You verify that other
users can join their devices to Azure AD. You need to ensure that User1 can join the device to Azure AD.
What should you do?
A. From the Device settings blade, modify the Users may join devices to Azure AD setting.
B. From the Device settings blade, modify the Maximum number of devices per user setting.
C. Create a point-to-site VPN from the home network of User1 to Azure.
D. Assign the User administrator role to User1.
Correct Answer: B
The Maximum number of devices setting enables you to select the maximum number of devices that a user can have in
Azure AD. If a user reaches this quota, they will not be able to add additional devices until one or more of the existing
devices are removed.
Incorrect Answers:
A: The Users may join devices to Azure AD setting enables you to select the users who can join devices to Azure AD.
Options are All, Selected and None. The default is All.
C: Azure AD Join enables users to join their devices to Active Directory from anywhere as long as they have
connectivity with the Internet.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
http://techgenix.com/pros-and-cons-azure-ad-join/

QUESTION 4
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter
image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components
installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
A. Modify the extensionProfile section of the Azure Resource Manager template.
B. Create a new virtual machine scale set in the Azure portal.
C. Create an Azure policy.
D. Create an automation account.
E. Upload a configuration script.
Correct Answer: AE
Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual
machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in
and
out in response to load. DSC is used to configure the VMs as they come online so they are running the production
software.
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc


QUESTION 5
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

AZ-104 exam questions-q5

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2 in the same region. VNet2 has an address space of
10.2.0.0/16.
You need to create the peering.
What should you do first?
A. Configure a service endpoint on VNet2.
B. Modify the address space of VNet1.
C. Add a gateway subnet to VNet1.
D. Create a subnet on VNet1 and VNet2.
Correct Answer: B
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an
address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for
VNet1.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints

QUESTION 6
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an
Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to
AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace.
Correct Answer: B
With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a
namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-credentials
command.
When a user then interacts with the AKS cluster with kubectl, they\\’re prompted to sign in with their Azure AD
credentials. This approach provides a single source for user account management and password credentials. The user
can only
access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on
top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation.
From
inside of the Kubernetes cluster, Webhook Token Authentication is used to verify authentication tokens. Webhook token
authentication is configured and managed as part of the AKS cluster.

AZ-104 exam questions-q6

Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/ https://docs.microsoft.com/enus/azure/aks/concepts-identity


QUESTION 7
You have an Azure subscription that contains the resources shown in the following table.

AZ-104 exam questions-q7

In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1. What should you do first?
A. Remove Microsoft.Network/virtualNetworks from the policy.
B. Create an Azure Resource Manager template.
C. Remove Microsoft.Compute/virtualMachines from the policy.
D. Add a subnet to VNET1.
Correct Answer: C
The Not allowed resource types Azure policy prohibits the deployment of specified resource types.
You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types


QUESTION 8
You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password
hash synchronization as the single sign- on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any
sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
A. From Synchronization Service Manager, run a full import.
B. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
C. From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
D. Run Azure AD Connect and disable staging mode.
Correct Answer: D
Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is
temporarily disabled.

QUESTION 9
You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to
receive an email notification when any user activates an administrative role. What should you do?
A. Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management,
B. Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
C. Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
D. Purchase Azure AD Premium PI and enable Azure AD Identity Protection.
Correct Answer: A
When key events occur in Azure AD Privileged Identity Management (PIM), email notifications are sent. For example,
PIM sends emails for the following events:
1.
When a privileged role activation is pending approval
2.
When a privileged role activation request is completed
3.
When a privileged role is activated
4.
When a privileged role is assigned
5.
When Azure AD PIM has enabled References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identitymanagement/pim-email-notifications

QUESTION 10
You have an Azure subscription that contains a storage account named account1. You plan to upload the disk files of a
virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space
of 131.107.1.0/24. You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be
attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
1.
Ensure that you can upload the disk files to account1.
2.
Ensure that you can attach the disks to VM1.
3.
Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct
selection is worth one point.
A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
B. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of acount1, add VNet1.
D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this
storage account.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Correct Answer: AB
By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you
must first change the default action. Azure portal
1.
Navigate to the storage account you want to secure.
2.
Click on the settings menu called Firewalls and virtual networks.
3.
To deny access by default, choose to allow access from \\’Selected networks\\’. To allow traffic from all networks,
choose to allow access from \\’All networks\\’.
4.
Click Save to apply your changes.
Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks. By enabling a Service
Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service.
The
identities of the virtual network and the subnet are also transmitted with each request.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

QUESTION 11
You have an Azure subscription named Subscription1 that has the following providers registered:
1.
Authorization
2.
Automation
3.
?Resources
4.
Compute
5.
KeyVault
6.
Network
7.
Storage
8.
Billing
9.
Web
Subscription1 contains an Azure virtual machine named VM1 that has the following con figurations:
*
Private IP address: 10.0.0.4 (dynamic)
*
Network security group (NSG): NSG1
*
Public IP address: None
*
Availability set: AVSet
*
Subnet: 10.0.0.0/24
*
Managed disks: No
*
Location: East US
You need to record all the successful and failed connection attempts to VM1. Which three actions should you perform?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
Register the Microsoft.Insights resource provider
B.
Add an Azure Network Watcher connection monitor
C.
Register the Microsoft.LogAnalytics provider
D.
Enable Azure Network Watcher in the East US Azure region
E.
Create an Azure Storage account
F.
Enable Azure Network Watcher flow logs
Correct Answer: CDE
NSG flow log data is written to an Azure Storage account. You need to create an Azure Storage account, With an Azure
Storage account NSG flow logs can be enabled.
Enable network watcher in the East US region.
NSG flow logging requires the Microsoft.Insights provider.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

QUESTION 12
HOTSPOT
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that
have the following configurations:
1.
Operating system: Windows Server 2016
2.
Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:

AZ-104 exam questions-q12

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

AZ-104 exam questions-q12-2

Correct Answer:

AZ-104 exam questions-q12-3

The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual
machine. Box 1: 0 The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a
manual upgrade of each existing VM. Box 2: 1 Below is clearly mentioned in the official Website “The upgrade
orchestrator identifies the batch of VM instances to upgrade, with any one batch having a maximum of 20% of the total
instance count, subject to a minimum batch size of one virtual machine.”So, 20% from 4 ~1
Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scaleset https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade


QUESTION 13
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must
establish a point-to-site VPN to access the Azure resources.
The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run
Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a public load balancer
B. Traffic Manager
C. an Azure Content Delivery Network (CDN)
D. an internal load balancer
E. an Azure Application Gateway
Correct Answer: DE
Line-of-business apps means custom apps. Generally these are used by internal staff members of the company.
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
Internal Load Balancer provides a higher level of availability and scale by spreading incoming requests across virtual
machines (VMs) within the virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview https://docs.microsoft.com/enus/azure/application-gateway/overview

Summarize:

[Q1-Q13] Free Microsoft AZ-104 pdf download https://drive.google.com/file/d/18D79ZrAsHfnoTFDI4IQQRCmDqPiEc8KT/view?usp=sharing

Share all the resources: Latest Microsoft AZ-104 practice questions, latest Microsoft AZ-104 pdf dumps. The latest updated Microsoft AZ-104 dumps https://www.pass4itsure.com/az-104.html Study hard and practices a lot. This will help you prepare for the Microsoft AZ-104 exam. Good luck!