ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 35

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
You have an Azure subscription that contains the virtual machines shown in the following table. You deploy a load balancer that has the following configurations: * Name: LB 1 * Type: Internal * SKU: Standard * Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of L81. Solution: You create two Standard SKU public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You have an Azure App Service app named App1 that contains two running instances. You have an auto scale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute period:
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?

Question 341

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table. javascript:void(0)

You deploy virtual machine to Subscription1 as shown in the following table.

javascript:void(0)

You plan to deploy the virtual machines shown in the following table.

javascript:void(0)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.


Question 341
Correct answer: Question 341

Explanation:

The total regional vCPUs is 20 so that means a maximum total of 20 vCPUs across all the different VM sizes.

The deallocated VM with 16 vCPUs counts towards the total. VM20 and VM1 are using 18 of the maximum 20 vCPUs leaving only two vCPUs available.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quotas

Question 342

Report
Export
Collapse

Your VMware vSphere on-premises infrastructure hosts 600 virtual machines (VMs).

Your company is planning to move all of these VMs to Azure. You are asked to provide information about the resources that will be needed in Azure to host all of the VMs.

All VMs hosted in your on-premise infrastructure are based on Windows Server 2012 R2 or newer and RedHat Enterprise Linux 7.0 or newer.

You conduct the initial migration assessment and get a message that some virtual machines are conditionally ready for Azure.

You need to find the cause of this message.

What are two reasons why are you might get this message on some VMs? (Choose two)

Each correct answer presents part of the solution.

A.
The vCenter user does not have enough permissions on affected VMs.
A.
The vCenter user does not have enough permissions on affected VMs.
Answers
B.
The operating system is configured as Windows Server 2003 in vCenter Server.
B.
The operating system is configured as Windows Server 2003 in vCenter Server.
Answers
C.
The operating system is configured as Others in vCenter Server.
C.
The operating system is configured as Others in vCenter Server.
Answers
D.
The VMs are configured with the BIOS boot type.
D.
The VMs are configured with the BIOS boot type.
Answers
E.
The VMs are configured with the UEFI boot type.
E.
The VMs are configured with the UEFI boot type.
Answers
Suggested answer: B, E

Explanation:

To prepare for VMware VM assessment, you need to:

Verify VMware settings. Make sure that the vCenter Server and VMs you want to migrate meet requirements.

Set up permissions for assessment. Azure Migrate uses a vCenter account to access the vCenter

Server, to discover and assess VMs.

Verify appliance requirements. Verify deployment requirements for the Azure Migrate appliance, before you deploy it in the next tutorial.

Reference:

https://docs.microsoft.com/en-us/azure/migrate/tutorial-prepare-vmware

Question 343

Report
Export
Collapse

HOTSPOT

You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.)

You configure the authentication methods for password reset as shown in the Authentication

Methods exhibit. (Click the Authentication Methods tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.)

You configure the authentication methods for password reset as shown in the Authentication

Methods exhibit. (Click the Authentication Methods tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 343
Correct answer: Question 343

Explanation:

Box 1: No

Two methods are required.

Box 2: No

Self-service password reset is only enabled for Group2, and User1 is not a member of Group2.

Box 3: Yes

As a User Administrator User3 can add security questions to the reset process.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr

https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directorypasswords-faq

Question 344

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant.

All administrators must enter a verification code to access the Azure portal.

You need to ensure that the administrators can access the Azure portal only from your on-premises network.

What should you configure?

A.
an Azure AD Identity Protection user risk policy.
A.
an Azure AD Identity Protection user risk policy.
Answers
B.
the multi-factor authentication service settings.
B.
the multi-factor authentication service settings.
Answers
C.
the default for all the roles in Azure AD Privileged Identity Management
C.
the default for all the roles in Azure AD Privileged Identity Management
Answers
D.
an Azure AD Identity Protection sign-in risk policy
D.
an Azure AD Identity Protection sign-in risk policy
Answers
Suggested answer: B

Explanation:

the multi-factor authentication service settings - Correct choice

There are two criterias mentioned in the question.

1. MFA required

2. Access from only a specific geographic region/IP range.

To satisfy both the requirements you need MFA with location conditional access. Please note to achieve this configuration you need to have AD Premium account for Conditional Access policy.

Navigate to Active Directory --> Security --> Conditional Access --> Named Location. Here you can create a policy with location (on-premise IP range) and enable MFA. This will satisfy the requirements.

an Azure AD Identity Protection user risk policy - Incorrect choice

In the Identity Protection, there are three (3) protection policies- User Risk, Sign-In Risk & MFA

Registration. None of those in which you can enable a location (on-prem IP Range) requirement in any blade.

the default for all the roles in Azure AD Privileged Identity Management - Incorrect choice

This option will not help you to restrict the users to access only form on prem.

an Azure AD Identity Protection sign-in risk policy - Incorrect choice

In the Identity Protection, there are three (3) protection policies- User Risk, Sign-In Risk & MFA

Registration. None of those in which you can enable a location (on-prem IP Range) requirement in any blade.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Question 345

Report
Export
Collapse

You have an Azure subscription.

You enable multi-factor authentication for all users.

Some users report that the email applications on their mobile device cannot connect to their Microsoft

Exchange Online mailbox. The users can access Exchange Online by using a web browser and from

Microsoft Outlook 2016 on their computer.

You need to ensure that the users can use the email applications on their mobile device.

What should you instruct the users to do?

A.
Create an app password
A.
Create an app password
Answers
B.
Reset the Azure Active Directory (Azure AD) password
B.
Reset the Azure Active Directory (Azure AD) password
Answers
C.
Enable self-service password reset
C.
Enable self-service password reset
Answers
D.
Reinstall the Microsoft Authenticator app
D.
Reinstall the Microsoft Authenticator app
Answers
Suggested answer: A

Explanation:

If you're enabled for multi-factor authentication, make sure that you have set up app passwords.

Note: During your initial two-factor verification registration process, you're provided with a single app password. If you require more than one, you'll have to create them yourself.

Go to the Additional security verification page.

Reference:

https://docs.microsoft.com/en-us/office365/troubleshoot/sign-in/sign-in-to-office-365-azure-intune

https://docs.microsoft.com/sv-se/azure/active-directory/user-help/multi-factor-authentication-enduser-app-passwords

Question 346

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named Contoso.com that is synced to an Active

Directory domain.

The tenant contains the users shown in the following table.

The user have the attributes shown in the following table.

You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.

Solution: You create a new user account in Azure AD for User3.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

User3 requires a user account in Azure AD.

Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authenticationmethods

Question 347

Report
Export
Collapse

You are deploying a containerized web application in Azure.

When deploying the web app, which of the following are valid container image sources?

A.
Virtual machine
A.
Virtual machine
Answers
B.
Docker hub
B.
Docker hub
Answers
C.
ACR
C.
ACR
Answers
D.
On-premises
D.
On-premises
Answers
Suggested answer: B, C

Explanation:

When you create a web app from a Docker image, you configure the following properties:

. The registry that contains the image. The registry can be Docker Hub, Azure Container

Registry (ACR), or some other private registry.

. The image :This item is the name of the repository.

. The tag : This item indicates which version of the image to use from the repository. By convention, the most recent version is given the tag latest when it's built.

. Startup File :This item is the name of an executable file or a command to be run when the image is loaded. It's equivalent to the command that you can supply to Docker when running an image from the command line by using docker run. If you're deploying a ready-to-run, containerized app that already has the ENTRYPOINT and/or COMMAND values configured, you don't need to fill this in.

Reference:

https://docs.microsoft.com/en-us/learn/modules/deploy-run-container-app-service/4-deploy-webapp

Question 348

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1.

Plan1 is associated to the Free pricing tier.

You discover that App1 stops each day after running continuously for 60 minutes.

You need to ensure that App1 can run continuously for the entire day.

Solution: You add a continuous WebJob to App1.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

A web app can time out after 20 minutes of inactivity. Only requests to the actual web app reset the timer. Viewing the app's configuration in the Azure portal or making requests to the advanced tools site (https://<app_name>.scm.azurewebsites.net) don't reset the timer. If your app runs continuous or scheduled (Timer trigger) WebJobs, enable Always On to ensure that the WebJobs run reliably.

This feature is available only in the Basic, Standard, and Premium pricing tiers.

The app service plan mentioned in the question is associated to the free tier , so addition of a continuous WebJob to App1 is not possible. So the proposed solution won't meet the goal.

Reference :

https://docs.microsoft.com/en-us/azure/app-service/webjobs-create

Question 349

Report
Export
Collapse

HOTSPOT

Your network contains an Active Directory domain. The domain contains a user named User1. The domain is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.


Question 349
Correct answer: Question 349

Explanation:

Box 1: a computer joined in the Active Directory domain

The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password.

Box 2: Stored in both Azure AD and in the Active Director domain

The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password.

To synchronize your password, Azure AD Connect sync extracts your password hash from the onpremises Active Directory instance.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hashsynchronization

Question 350

Report
Export
Collapse

You have an Active Directory forest named contoso.com.

You install and configure Azure AD Connect to use password hash synchronization as the single signon (SSO) method. Staging mode is enabled.

You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.

You need to ensure that the synchronization completes successfully.

What should you do?

A.
From Synchronization Service Manager, run a full import.
A.
From Synchronization Service Manager, run a full import.
Answers
B.
Run Azure AD Connect and set the SSO method to Pass-through Authentication.
B.
Run Azure AD Connect and set the SSO method to Pass-through Authentication.
Answers
C.
From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
C.
From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
Answers
D.
Run Azure AD Connect and disable staging mode.
D.
Run Azure AD Connect and disable staging mode.
Answers
Suggested answer: D

Explanation:

Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnectsync-troubleshoot-password-hash-synchronization#no-passwords-are-synchronizedtroubleshoot-by-using-the-troubleshooting-task

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms