ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 36

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
You have an Azure subscription that contains the virtual machines shown in the following table. You deploy a load balancer that has the following configurations: * Name: LB 1 * Type: Internal * SKU: Standard * Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of L81. Solution: You create two Standard SKU public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You have an Azure App Service app named App1 that contains two running instances. You have an auto scale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute period:
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?

Question 351

Report
Export
Collapse

You sign up for Azure Active Directory (Azure AD) Premium.

You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.

What should you configure in Azure AD?

A.
Device settings from the Devices blade.
A.
Device settings from the Devices blade.
Answers
B.
General settings from the Groups blade.
B.
General settings from the Groups blade.
Answers
C.
User settings from the Users blade.
C.
User settings from the Users blade.
Answers
D.
Providers from the MFA Server blade.
D.
Providers from the MFA Server blade.
Answers
Suggested answer: A

Explanation:

When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:

The Azure AD global administrator role

The Azure AD device administrator role

The user performing the Azure AD join

In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:

1. Sign in to your Azure portal as a global administrator or device administrator.

2. On the left navbar, click Azure Active Directory.

3. In the Manage section, click Devices.

4. On the Devices page, click Device settings.

5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

Question 352

Report
Export
Collapse

HOTSPOT

Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.

Adatum.com contains the user accounts in the following table.

Adatum.onmicrosoft.com contains the user accounts in the following table.

You need to implement Azure AD Connect. The solution must follow the principle of least privilege.

Which user accounts should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 352
Correct answer: Question 352

Explanation:

Box 1: User5

In Express settings, the installation wizard asks for the following:

AD DS Enterprise Administrator credentials

Azure AD Global Administrator credentials

The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in

Active Directory can be set in all domains.

Box 2: UserA

Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnect-accounts-permissions

Question 353

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected].

You need to ensure that the vendor can authenticate to the tenant by using [email protected].

What should you do?

A.
From Windows PowerShell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
A.
From Windows PowerShell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName [email protected] parameter.
Answers
B.
From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
B.
From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
Answers
C.
From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the - UserPrincipalName [email protected] parameter.
C.
From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the - UserPrincipalName [email protected] parameter.
Answers
D.
From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
D.
From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
Answers
Suggested answer: D

Explanation:

UserPrincipalName - contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in Contoso.com, the UPN would be [email protected]

Example:

To create the user, call the New-AzureADUser cmdlet with the parameter values:

powershell New-AzureADUser -AccountEnabled rue -DisplayName "Abby Brown" -

PasswordProfile$PasswordProfile -MailNickName "AbbyB" -UserPrincipalName

"[email protected]"

Reference:

https://docs.microsoft.com/bs-cyrl-ba/powershell/azure/active-directory/new-usersample?view=azureadps-2.0

Question 354

Report
Export
Collapse

DRAG DROP

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.

You have a domain name of contoso.com registered at a third-party registrar.

You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.

Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.


Question 354
Correct answer: Question 354

Explanation:

The process is simple:

Add the custom domain name to your directory

Add a DNS entry for the domain name at the domain name registrar

Verify the custom domain name in Azure AD

Reference: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain

Question 355

Report
Export
Collapse

You have an Azure resource manager template that will be used to deploy 10 Azure Web Apps.

You have to ensure to deploy the pre-requisites before the deployment of the template.

You have to minimize the costs associated with the implementation.

Which of the following would you deploy as pre-requisites?

A.
An Azure Load Balancer
A.
An Azure Load Balancer
Answers
B.
An Application Gateway
B.
An Application Gateway
Answers
C.
10 Azure App Service Plans
C.
10 Azure App Service Plans
Answers
D.
One App Service Plan
D.
One App Service Plan
Answers
Suggested answer: D

Explanation:

In App Service (Web Apps, API Apps, or Mobile Apps), an app always runs in an App Service plan. an App Service plan defines a set of compute resources for a web app to run.

One App Service Plan : Correct Choice

For an Azure Web App, you need to have an Azure App Service Plan in place. You can associate multiple Azure Web Apps with the same App Service Plan. Hence to save on costs, you can just have one Azure App Service Plan in place.

An Azure Load Balancer : Incorrect Choice

An Azure load balancer is a Layer-4 (TCP, UDP) load balancer that provides high availability by distributing incoming traffic among healthy VMs. A load balancer health probe monitors a given port on each VM and only distributes traffic to an operational VM

An Application Gateway : Incorrect Choice

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

10 Azure App Service Plans : Incorrect Choice

For an Azure Web App, you need to have an Azure App Service Plan in place. You can associate multiple Azure Web Apps with the same App Service Plan. Hence to save on costs, you can just have one Azure App Service Plan in place. So there is no need for 10 App Service Plans.

Reference:

https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-load-balancer

https://docs.microsoft.com/en-us/azure/application-gateway/overview

Question 356

Report
Export
Collapse

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.

You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.

You need to ensure that the users can use single-sign on (SSO) to access Azure resources.

What should you do first?

A.
From the on-premises network, deploy Active Directory Federation Services (AD FS).
A.
From the on-premises network, deploy Active Directory Federation Services (AD FS).
Answers
B.
From Azure AD, add and verify a custom domain name.
B.
From Azure AD, add and verify a custom domain name.
Answers
C.
From the on-premises network, request a new certificate that contains the Active Directory domain name.
C.
From the on-premises network, request a new certificate that contains the Active Directory domain name.
Answers
D.
From the server that runs Azure AD Connect, modify the filtering options.
D.
From the server that runs Azure AD Connect, modify the filtering options.
Answers
Suggested answer: B

Explanation:

Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken.

The Azure

AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:

State: Verified

Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.

State: Not verified

Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn't verified.

Action Required: Verify the custom domain in Azure AD.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-usersignin

Question 357

Report
Export
Collapse

You have an Azure subscription that contains the following storage account:

You need 10 create a request to Microsoft Support to perform a live migration of storage1 to Zone

Redundant Storage (ZRS) replication. How should you modify storage1 before the Live migration?

A.
Set the replication to Locally-redundant storage (IRS)
A.
Set the replication to Locally-redundant storage (IRS)
Answers
B.
Disable Advanced threat protection
B.
Disable Advanced threat protection
Answers
C.
Remove the lock
C.
Remove the lock
Answers
D.
Set the access tier to Hot
D.
Set the access tier to Hot
Answers
Suggested answer: A

Explanation:

If you want to live migration from RA-GRS to ZRS, at first you have to Switch the storage tier to LRS and then only you can request a live migration.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/redundancymigration?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=portal

Question 358

Report
Export
Collapse

You have an Azure Kubernetes cluster in place.

You have to deploy an application using an Azure Container registry image.

Which of the following command can be used for this requirement?

A.
az kubernetes deploy
A.
az kubernetes deploy
Answers
B.
kubectl apply
B.
kubectl apply
Answers
C.
New-AzKubernetes set
C.
New-AzKubernetes set
Answers
D.
docker run
D.
docker run
Answers
Suggested answer: B

Explanation:

kubectl apply : Correct Choice

The kubectl command can be used to deploy applications to a Kubernetes cluster.

az kubernetes deploy : Incorrect Choice

This command is used to manage Azure Kubernetes Services. This is not used to deploy applications to a Kubernetes cluster.

New-AzKubernetes set : Incorrect Choice

This command is used to create a new managed Kubernetes cluster. This is not used to deploy applications to a Kubernetes cluster.

docker run : Incorrect Choice

This is run command in a new container. This is not used to deploy applications to a Kubernetes cluster.

Reference:

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply

https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest

https://docs.microsoft.com/en-us/powershell/module/az.aks/New-AzAks?view=azps-3.8.0&viewFallbackFrom=azps-4.3.0

https://docs.docker.com/engine/reference/commandline/run/

Question 359

Report
Export
Collapse

HOTSPOT

You have an Azure Storage account named storage1.

You have an Azure App Service app named app1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.

You need to ensure that App1 and App2 can read blobs from storage1 for the next 30 days.

What should you configure in storage1 for each app?


Question 359
Correct answer: Question 359

Explanation:

With Shared access signature you can limit the resources for access and at the same time can control the duration of the access.

A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your dat a. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Question 360

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

With Traffic Manager Contributor role you can manage Traffic Manager profiles, do traffic analysis but does not let you control who has access to them.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms