New AZ-104 Exam Dumps [Free Use] Exam Questions Online

New AZ-104 Exam Dumps

Pass4itSure launched the new AZ-104 exam dumps on March 11, 2024, with 775 new AZ-104 exam questions. Guaranteed authentic and up-to-date!

Friends, you can go and download the new AZ-104 exam dumps https://www.pass4itsure.com/az-104.html (PDF+VCE) format to choose from and use the new questions to prepare for the AZ-104 Microsoft Azure Administrator exam and pass it easily.

Some of the best free Microsoft AZ-104 exams dumps online practice questions and some useful study resources will be shared next.

Free to use new AZ-104 exam dumps exam questions online

Where did it come fromNumber of questions/total questionsHow it compares to other dumps questionsCorrelation
Pass4itSure 15/775There is an analysis of the exam questions, as well as a link, to help you better understandMicrosoft Azure
Question 1:

You have an Azure subscription that contains the resources in the following table.

az-104 exam questions online 1

To which subnets can you apply NSG1?

A. the subnets on VNet1 only

B. the subnets on VNet2 only

C. the subnets on VNet3 only

D. the subnets on VNet2. VNet2, and VNet3

E. the subnets on VNet2 and VNet3 only

Correct Answer: C

All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm

Question 2:

A web developer creates a web application you plan to deploy as an Azure web app. Users must enter credentials to access the web application.

You create a new web app named WebApp1 and deploy the web application to WebApp1.

You need to disable anonymous access to WebApp1.

What should you configure?

A. Access control (IAM)

B. Advanced Tools

C. Deployment credentials

D. Authentication/Authorization

Correct Answer: D

Anonymous access is an authentication method. It allows users to establish an anonymous connection.

References: https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems

Question 3:

HOTSPOT

You have several Azure virtual machines on a virtual network named VNet1.

You configure an Azure Storage account as shown in the following exhibit.

az-104 exam questions online 3

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Hot Area:

az-104 exam questions online 3-2

Correct Answer:

az-104 exam questions online 3-3

Box 1: never For Subnet 10.2.9.0/24, the endpoint (Refer to the first endpoint) is not enabled in the storage account shown in the exhibit. Hence there would not be any connectivity to the file shares in a storage account. To establish this connection you must have to enable the endpoint. Box 2: never After you configure the firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network-restricted storage account. As this required setting is missing, so Azure backup will not be able to take backups of unmanaged disks.

az-104 exam questions online 3-4

Reference:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured- with-azure-storage-firewalls-and-virtual-networks/

Question 4:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you canNOT return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

az-104 exam questions online 4

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.

It would be best if you created a new network interface named NIC2 for VM1.

Solution: You create NIC2 in RG2 and Central US.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here in West US, also referred to as a region.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

Question 5:

HOTSPOT

You have an Azure subscription named Subscription1.

Subscription1 contains the virtual machines in the following table:

az-104 exam questions online 5

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table:

az-104 exam questions online 5-2

VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3. You create a route table named RT1 that contains the routes in the following table:

az-104 exam questions online 5-3

You apply RT1 to Subnet1 and Subnet2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

az-104 exam questions online 5-4

Correct Answer:

az-104 exam questions online 5-5

IP forwarding enables the virtual machine to a network interface attached to:

Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.

Send network traffic with a different source IP address than the one assigned to one of a network interface\’s IP configurations.

The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a

single network interface attached to it.

Box 1: Yes

The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.

Box 2: No

VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.

Box 3: Yes

The routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview https://www.quora.com/What-is-IP-forwarding

Question 6:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you canNOT return to it. As a result, these questions will not appear in the review screen.

Your company registers a domain name of contoso.com.

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the name servers at the domain registrar.

Does this meet the goal?

A. Yes

B. No

Correct Answer: A

Modify the Name Server (NS) record.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question 7:

HOTSPOT –

You have an Azure subscription.

You plan to deploy a storage account named storage1 by using the following Azure Resource Manager (ARM) template.

az-104 exam questions online 7

Hot Area:

az-104 exam questions online 7-2

Correct Answer:

Question 8:

You have an Azure subscription.

You are deploying an Azure Kubernetes Service (AKS) cluster that will contain multiple pods. The pods will use Kubernetes networking.

You need to restrict network traffic between the pods.

What should you configure on the AKS cluster?

A. the Azure network policy

B. the Calico network policy

C. pod security policies

D. an application security group

Correct Answer: B

Reference: https://docs.microsoft.com/en-us/azure/aks/use-network-policies

Question 9:

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.

Your company has a public DNS zone for contoso.com.

You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.

Which type of DNS record should you create?

A. NSEC

B. PTR

C. DNSKEY

D. TXT

Correct Answer: D

TXT: Correct Choice

You need to go to your hosting domain registrar and add a TXT record.

az-104 exam questions online 9

NSEC3: Incorrect Choice

This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.

RRSIG: Incorrect Choice

This contains a cryptographic signature.

DNSKEY: Incorrect Choice

This will verify that the records are originating from an authorized sender.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-domain-name

https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY%20%2D%20Contains%20a%20public%20signing,s)%20in%20the%20parent %20zone.

Question 10:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you canNOT return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

How can I freeze or lock my production/critical Azure resources from accidental deletion? There is a way to do this with both ASM and ARM resources using Azure resource lock.

References: https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy-and-azure-lock-to-control-your-azure-resources/

Question 11:

You have a general purpose v1 storage account named storageaccount1 that has a private container named container1. You need to allow read access to the data inside container 1, but only within a 14-day window. How do you accomplish this?

A. Create a stored access policy

B. Create a service SAS

C. Create shared access signatures

D. Upgrade the storage account to general purpose v2

Correct Answer: AC

A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).

A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access.

Question 12:

HOTSPOT

You have an Azure subscription named Subscription1.

You plan to deploy a Ubuntu Server virtual machine named VM1 to Subscription1. You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

az-104 exam questions online 12

Correct Answer:

az-104 exam questions online 12-2

Box 1: Cloud-init.txt

Cloud-init.txt is used to customize a Linux VM on the first boot-up. It can be used to install packages and write files, or to configure users and security. No additional steps or agents are required to apply your configuration.

Box 2: The az vm create command

Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, and sing the — customdata parameter to provide the full path to the cloud-init.txt file.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment

Question 13:

You have an Azure subscription that contains the resources in the following table.

az-104 exam questions online 13

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.

You need to apply ASG1 to VM1.

What should you do?

A. Modify the properties of NSG1.

B. Modify the properties of ASG1.

C. Associate NIC1 to ASG1.

Correct Answer: C

Associate Virtual Machines

An application security group is a logical collection of virtual machines (NICs). You join virtual machines to the application security group and then use the application security group as a source or destination in NSG rules.

The Networking blade of virtual machine properties has a new button called Configure The Application Security Groups for each NIC in the virtual machine. If you click this button, a pop-up blade will appear and you can select which (none,

one, many) application security groups this NIC should join, and then click Save to commit the change.

https://petri.com/understanding-application-security-groups-in-the-azure-portal#:~:text=You%20can%20start%20the%20process,Application%20Security%20Group%20blade%20appears.

Question 14:

You create an App Service plan named App1 and an Azure web app named webapp1.

You discover that the option to create a staging slot is unavailable. You need to create a staging slot for App1.

What should you do first?

A. From webapp1, modify the Application settings.

B. From webapp1, add a custom domain.

C. From App1, scale up the App Service plan.

D. From App1, scale out the App Service plan.

Correct Answer: C

The app must be running in the Standard, Premium, or Isolated tier in order for you to enable multiple deployment slots.

If the app isn’t already in the Standard, Premium, or Isolated tier, you receive a message that indicates the supported tiers for enabling staged publishing. At this point, you have the option to select Upgrade and go to the Scale tab of your app

before continuing.

Scale up: Get more CPU, memory, disk space, and extra features like dedicated virtual machines (VMs), custom domains and certificates, staging slots, autoscaling, and more.

Incorrect:

Scale-out: Increase the number of VM instances that run your app. You can scale out to as many as 30 instances

Reference:

https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots

https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up

Question 15:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you cannot return to it. As a result, these questions will not appear in the review screen.

You are the global administrator for an Azure Active Directory (Azure AD) tenant that has several subscriptions.

You need to create a report that lists all the resources for the tenant.

Solution: You run the New-AzureADUserAppRoleAssignment Windows PowerShell cmdlet.

Does this meet the goal?

A. Yes

B. No

Correct Answer: A

The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD). Use it for the application report.

Reference:

https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduserapproleassignment? view=azureadps-2.0

More Microsoft certification exam questions. . .

New Microsoft Certification AZ-104 exam study resources shared online

The AZ-104 exam is already mature and popular, there are a lot of AZ-104 exam study resources, and if you just google “AZ-104 exam study resources”, you will see a lot of results. It’s confusing, how can you decide which one is the best and worth investing time and money in? Let me make this process easy for you, and I’ve put together a new collection of learning resources (with links) for you, as follows:

Documentation:

Book:

  1. Exam Ref AZ-104 Microsoft Azure Administrator
  2. Exam Ref AZ-104 Microsoft Azure Administrator 1st Edition, Kindle Edition

Conclusion

The AZ-104 exam is a valuable certification that proves your knowledge and expertise. The exam is not difficult, what matters is how you prepare. You can easily do this with Pass4itSure’s new AZ-104 exam dumps https://www.pass4itsure.com/az-104.html (PDF+VCE), which provide you with new and authentic and valid AZ-104 exam questions for you to practice with.

Previous PostNextNext Post