ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Which blade should you instruct the finance department auditors to use?

Question 11

Report
Export
Collapse

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

A.
Azure Active Directory (AD) Identity Protection and an Azure policy
A.
Azure Active Directory (AD) Identity Protection and an Azure policy
Answers
B.
a Recovery Services vault and a backup policy
B.
a Recovery Services vault and a backup policy
Answers
C.
an Azure Key Vault and an access policy
C.
an Azure Key Vault and an access policy
Answers
D.
an Azure Storage account and an access policy
D.
an Azure Storage account and an access policy
Answers
Suggested answer: C

Explanation:

D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.

B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD

URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com

Incorrect Answers:

A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined.

C: Azure AD connect does not port 8080. It uses port 443.

E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).

Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.

Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnect-sso-quick-start

Question 12

Report
Export
Collapse

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.
Join the client computers in the Miami office to Azure AD.
A.
Join the client computers in the Miami office to Azure AD.
Answers
B.
Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
B.
Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
Answers
C.
Allow inbound TCP port 8080 to the domain controllers in the Miami office.
C.
Allow inbound TCP port 8080 to the domain controllers in the Miami office.
Answers
D.
Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication
D.
Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication
Answers
E.
Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
E.
Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
Answers
Suggested answer: B, D

Explanation:

Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name.

Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as '[email protected].' instead of 'alice@domain name.onmicrosoft.com'.

Scenario:

Network Infrastructure: Each office has a local data center that contains all the servers for that office.

Each office has a dedicated connection to the Internet.

Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com

Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-customdomain

Question 13

Report
Export
Collapse

You need to resolve the Active Directory issue.

What should you do?

A.
From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
A.
From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
Answers
B.
Run idfix.exe, and then use the Edit action.
B.
Run idfix.exe, and then use the Edit action.
Answers
C.
From Active Directory Domains and Trusts, modify the list of UPN suffixes.
C.
From Active Directory Domains and Trusts, modify the list of UPN suffixes.
Answers
D.
From Azure AD Connect, modify the outbound synchronization rule.
D.
From Azure AD Connect, modify the outbound synchronization rule.
Answers
Suggested answer: B

Explanation:

IdFix is used to perform discovery and remediation of identity objects and their attributes in an onpremises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure

Active Directory.

Scenario: Active Directory Issue

Several users in humongousinsurance.com have UPNs that contain special characters.

You suspect that some of the characters are unsupported in Azure AD.

Reference: https://www.microsoft.com/en-us/download/details.aspx?id=36832

Question 14

Report
Export
Collapse

Which blade should you instruct the finance department auditors to use?

A.
invoices
A.
invoices
Answers
B.
partner information
B.
partner information
Answers
C.
cost analysis
C.
cost analysis
Answers
D.
External services
D.
External services
Answers
Suggested answer: C

Explanation:

Cost analysis: Correct Option

In cost analysis blade of Azure, you can see all the detail for custom time span. You can use this to determine expenditure of last few day, weeks, and month. Below options are available in Cost analysis blade for filtering information by time span: last 7 days, last 30 days, and custom date range. Choosing the first option (last 7 days) auditors can view the costs by time span.

Cost analysis shows data for the current month by default. Use the date selector to switch to common date ranges quickly. Examples include the last seven days, the last month, the current year, or a custom date range. Pay-as-you-go subscriptions also include date ranges based on your billing period, which isn't bound to the calendar month, like the current billing period or last invoice. Use the <PREVIOUS and NEXT> links at the top of the menu to jump to the previous or next period, respectively. For example, <PREVIOUS will switch from the Last 7 days to 8-14 days ago or 15-21 days ago.

Invoice: Incorrect Option

Invoices can only be used for past billing periods not for current billing period, i.e. if your requirement is to know the last week's cost then that also not filled by invoices because Azure generates invoice at the end of the month. Even though Invoices have custom timespan, but when you put in dates for a week, the pane would be empty. Below is from Microsoft document:

Resource Provider: Incorrect Option

When deploying resources, you frequently need to retrieve information about the resource providers and types. For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. This resource provider offers a resource type called vaults for creating the key vault. This is not useful for reviewing all Azure costs from the past week which is required for audit.

Payment method: Incorrect Option

Payment methods is not useful for reviewing all Azure costs from the past week which is required for audit.

Reference:

https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost-analysis

https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/download-azure-invoicedaily-usage-date

Question 15

Report
Export
Collapse

You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

A.
ad.humongousinsurance.com
A.
ad.humongousinsurance.com
Answers
B.
humongousinsurance.onmicrosoft.com
B.
humongousinsurance.onmicrosoft.com
Answers
C.
humongousinsurance.local
C.
humongousinsurance.local
Answers
D.
humongousinsurance.com
D.
humongousinsurance.com
Answers
Suggested answer: D

Explanation:

Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.

The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as '[email protected].' instead of 'alice@domain name.onmicrosoft.com'.

Scenario:

Network Infrastructure: Each office has a local data center that contains all the servers for that office.

Each office has a dedicated connection to the Internet.

Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com

Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

Question 16

Report
Export
Collapse

You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Allow inbound TCP port 8080 to the domain controllers in the Miami office.
A.
Allow inbound TCP port 8080 to the domain controllers in the Miami office.
Answers
B.
Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
B.
Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
Answers
C.
Join the client computers in the Miami office to Azure AD.
C.
Join the client computers in the Miami office to Azure AD.
Answers
D.
Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
D.
Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
Answers
E.
Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
E.
Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Answers
Suggested answer: B, E

Explanation:

B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory:

https://autologon.microsoftazuread-sso.com

E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Question 17

Report
Export
Collapse

You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

A.
From the Groups blade, invite the user accounts to a new group.
A.
From the Groups blade, invite the user accounts to a new group.
Answers
B.
From the Profile blade, modify the usage location.
B.
From the Profile blade, modify the usage location.
Answers
C.
From the Directory role blade, modify the directory role.
C.
From the Directory role blade, modify the directory role.
Answers
Suggested answer: B

Explanation:

Scenario: Licensing Issue

1. You attempt to assign a license in Azure to several users and receive the following error message:

"Licenses not assigned. License agreement failed for one user."

2. You verify that the Azure subscription has the available licenses.

Solution:

License cannot be assigned to a user without a usage location specified.

Some Microsoft services aren't available in all locations because of local laws and regulations. Before you can assign a license to a user, you must specify the Usage location property for the user. You can specify the location under the User > Profile > Settings section in the Azure portal.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groupsresolve-problems

Question 18

Report
Export
Collapse

HOTSPOT

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.


Question 18
Correct answer: Question 18

Explanation:

Statement 1: Yes

All client computers in the Paris office will be joined to an Azure AD domain.

A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.

Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks. Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.

Statement 2: Yes

A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.

As this is a registration network so this will work.

Statement 3: No

Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local

Reference:

https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vmsand-role-instances

Question 19

Report
Export
Collapse

HOTSPOT

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.


Question 19
Correct answer: Question 19

Explanation:

Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices-VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.

All Azure resources connected to a VNet have outbound connectivity to the Internet by default.

Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

https://docs.microsoft.com/en-us/azure/networking/networking-overview#internet-connectivity


Question 20

Report
Export
Collapse

You need to meet the user requirement for Admin1.

What should you do?

A.
From the Subscriptions blade, select the subscription, and then modify the Properties.
A.
From the Subscriptions blade, select the subscription, and then modify the Properties.
Answers
B.
From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
B.
From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
Answers
C.
From the Azure Active Directory blade, modify the Properties.
C.
From the Azure Active Directory blade, modify the Properties.
Answers
D.
From the Azure Active Directory blade, modify the Groups.
D.
From the Azure Active Directory blade, modify the Groups.
Answers
Suggested answer: A

Explanation:

Change the Service administrator for an Azure subscription

Sign in to Account Center as the Account administrator.

Select a subscription.

On the right side, select Edit subscription details.

Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.

Reference: https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscriptionadministrator

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms