100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader

https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

AZ-104 Dumps

Microsoft Azure Administrator (beta)

https://www.certleader.com/AZ-104-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

NEW QUESTION 1
- (Exam Topic 1)
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommended?

A. Azure AP B2C
B. Azure AD Identity Protection
C. an Azure logic app and the Microsoft Identity Management (MIM) client
D. dynamic groups and conditional access policies

Answer: D

Explanation:
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 2
- (Exam Topic 1)
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see
Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the
VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed
through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section
below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.

Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

NEW QUESTION 3
- (Exam Topic 1)
You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal. Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure. Scenario: Migrate the virtual machines hosted on Server1 and Server2
to Azure.
Server2 has the Hyper-V host role. References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

NEW QUESTION 4
- (Exam Topic 1)
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

NEW QUESTION 5
- (Exam Topic 4)
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

You need to ensure that VM1 can be created in an Availability Zone.

Which two settings should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Use managed disks

B. Availability options
C. OS disk type
D. Size
E. Image

Answer: AE

NEW QUESTION 6
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.

You add 14 virtual machines to WEBPROD-AS-USE2.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

NEW QUESTION 7
- (Exam Topic 4)
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 8
- (Exam Topic 4)
You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: always
Endpoint status is enabled. Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an
exception to enable Azure Backup service to access the network restricted storage account.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-
accounts-secured-with-azure-storage

NEW QUESTION 9
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in
Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

A. Yes
B. No

Answer: A

Explanation:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at
regular intervals, and if results of the log search match particular criteria, then an alert record is created and it can be configured to perform an automated
response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-
premises. It collects data into a Log Analytics workspace.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

NEW QUESTION 10
- (Exam Topic 4)
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and Central US. Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a
region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

NEW QUESTION 10
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and West US. Does this meet the goal?

A. Yes
B. NO

Answer: A

Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a
region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

NEW QUESTION 11
- (Exam Topic 4)
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
* Create files on drive 0.
* Modify the screen saver timeout.
* Change the desktop background. You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?

A. the modified screen saver timeout

B. the new desktop background
C. the new files on drive
D. The new files on drive C

Answer: D

NEW QUESTION 13
- (Exam Topic 4)
You have an Azure subscription that contains the resource groups shown in the following table.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

NEW QUESTION 16
- (Exam Topic 4)
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:

Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional
scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and
vulnerabilities. Web applications are increasingly targeted
by malicious attacks that exploit commonly known vulnerabilities. References:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

NEW QUESTION 17
- (Exam Topic 4)
You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.
The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
The NVAs must run in an active-active configuration that uses automatic failover.
The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
Which three actions should you perform? Each correct answer presents parts of the solution. NOTE: Each correct selection is worth one point.

A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
B. Deploy a standard load balancer.
C. Add a frontend IP configuration, two backend pools, and a health prob.
D. Add a frontend IP configuration, a backend pool, and a health probe.
E. Add two load balancing rules that have HA Ports and Floating IP enabled.
F. Deploy a basic load balancer.

Answer: BCE

Explanation:
A standard load balancer is required for the HA ports.
-Two backend pools are needed as there are two services with different IP addresses.
-Floating IP rule is used where backend ports are reused.

NEW QUESTION 18
- (Exam Topic 4)
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

A. Azure Data Lake Store

B. a virtual machine
C. the Azure File Sync Storage Sync Service
D. Azure Blob storage

Answer: D

Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB. Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

NEW QUESTION 19
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory
domain. The domain contains the users shown in the following table.

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
Number of methods required to reset: 2
Methods available to users: Mobile phone, Security questions
Number of questions required to register: 3
Number of questions required to reset: 3 You select the following security questions:
What is your favorite food?
In what city was your first job?
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through
Self-service password reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin
accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password. Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment

NEW QUESTION 23
- (Exam Topic 4)
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?

A. Storage1
B. Storage2
C. Storage3
D. Storage4

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

Answer: B

Explanation:
ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.

NEW QUESTION 26
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the VirtualNetwork destination for port range 3389 and
uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection

NEW QUESTION 28
- (Exam Topic 4)
You have an Azure virtual machine named VM1. Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
You need to specify which resource type to monitor.
What should you specify?

A. metric alert
B. Azure Log Analytics workspace
C. virtual machine
D. virtual machine extension

Answer: D

Explanation:
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation. Installing the Log
Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm

NEW QUESTION 29
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in
the following table.

The users have the attributes shown in the following table.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users. Solution: You add an office phone number for User2.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

NEW QUESTION 32
- (Exam Topic 4)
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. an XML manifest file

B. a driveset CSV file
C. a dataset CSV file
D. a PowerShell PS1 file
E. a JSON configuration file

Answer: BC

Explanation:
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the
dataset.csv file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

NEW QUESTION 36
- (Exam Topic 4)
You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1. After creating Backup1, you perform the following changes to VM1:
Modify the size of VM1.
Copy a file named Budget.xls to a folder named Data.
Reset the password for the built-in administrator account.
Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1. You need to ensure that all the changes to VM1 are restored.
Which change should you perform again?

A. Modify the size of VM1.

B. Add a data disk.
C. Reset the password for the built-in administrator account.
D. Copy Budget.xls to Data.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-disks

NEW QUESTION 39
- (Exam Topic 4)
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.) You deploy a web server on VM1, and then create a secure website
that is accessible by using the
HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?

A. Change the priority of Rule3 to 450.

B. Change the priority of Rule6 to 100
C. DeleteRule1.
D. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.

Answer: D

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

NEW QUESTION 41
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?

A. Yes
B. No

Answer: A

Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 43
- (Exam Topic 4)
You have an Azure subscription that contains the public load balancers shown in the following table.

You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
References:
https://www.petri.com/comparing-basic-standard-azure-load-balancers

NEW QUESTION 47
- (Exam Topic 4)
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016. You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once,

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A
server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service.
The Server Registration UI should open automatically after installation of the Azure File Sync agent.

NEW QUESTION 49
- (Exam Topic 4)
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and
User3 access to a temporary Microsoft SharePoint
document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. a Security group that uses the Assigned membership type

B. an Office 365 group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type

Answer: BC

Explanation:

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove
inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.

NEW QUESTION 50
- (Exam Topic 4)
You have a sync group that has the endpoints shown in the following table.

Cloud tiering is enabled for Endpoint3.

You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files. What should you identify? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
File1: Endpoint3 only
Cloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares
into a cache, rather than a complete copy of the dataset, to help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed
files can be tiered to Azure Files.
File2: Endpoint1, Endpoint2, and Endpoint3 References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering

NEW QUESTION 54
- (Exam Topic 4)
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in
external.contoso.com.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.

A. Yes
B. No

Answer: A

Explanation:
Only a global administrator can add users to this tenant. References:

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

NEW QUESTION 55
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users.
You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.
What should you do?

A. From the multi-factor authentication page, configure the users’ settings.

B. From Azure AD, create a conditional access policy.
C. From the multi-factor authentication page, configure the service settings.
D. From the MFA blade in Azure AD, configure the MFA Server settings.

Answer: C

Explanation:
Enable remember Multi-Factor Authentication
Sign in to the Azure portal.
On the left, select Azure Active Directory > Users.
Select Multi-Factor Authentication.
Under Multi-Factor Authentication, select service settings.
On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they
trust option.
Select Save.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

NEW QUESTION 56
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol. Does this meet the goal?

A. Yes
B. No

Answer: A

Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection

NEW QUESTION 60
- (Exam Topic 4)
You have an Azure subscription named Subcription1 that contains a resource group named RG1. In RG1. you create an internal load balancer named LB1 and a
public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Caen correct selection is worth one point.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 63
- (Exam Topic 4)
You have peering configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: vNET6 only
Box 2: Modify the address space
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons

NEW QUESTION 68
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a
self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You modify the Azure Active Directory (Azure AD)
authentication policies.
Does this meet this goal?

A. Yes
B. No

Answer: B

NEW QUESTION 71
- (Exam Topic 4)
You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit. (Click the Exhibit button.)

You need to enable Desired State Configuration for VM1. What should you do first?

A. Configure a DNS name for VM1.

B. Start VM1.
C. Connect to VM1.
D. Capture a snapshot of VM1.

Answer: B

Explanation:
Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with Azure. The VM needs to be started.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows

NEW QUESTION 72
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages. You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
azcopy make 'https://<storage-account-name>.file.core.windows.net/<file-share-name><SAS-token>'

NEW QUESTION 73
- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

In storage1, you create a blob container named blob1 and a file share named share1.
Which resources can be backed up to Vault1 and Vault2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

Explanation:
Box 1: VM1 only
VM1 is in the same region as Vault1. File1 is not in the same region as Vautl1.
SQL is not in the same region as Vault1. Blobs cannot be backup up to service vaults.
Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
Box 2: Share1 only.
Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1.
Note: After you select Backup, the Backup pane opens and prompts you to select a storage account from a list of discovered supported storage accounts. They're
either associated with this vault or present in the same region as the vault, but not yet associated to any Recovery Services vault.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault https://docs.microsoft.com/en-us/azure/backup/backup-afs

NEW QUESTION 78
- (Exam Topic 4)
You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt.
You on-premises network contains servers that run Windows Server 2016. The servers are configured as shown in the following table.

You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1. For each of the following statements, select Yes if the
statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
If you add an Azure file share that has an existing set of files as a cloud endpoint to a sync group, the existing files are merged with any other files that are already
on other endpoints in the sync group.
Box 2: No
Box 3: Yes References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning

NEW QUESTION 81
- (Exam Topic 4)
You have Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following resource groups:

RG1 includes a web app named App1 in the West Europe location. Subscription2 contains the following resource groups:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-limitations/app-service-mov

NEW QUESTION 86
......

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version AZ-104 Questions & Answers shared by Certleader
https://www.certleader.com/AZ-104-dumps.html (0 Q&As)

Thank You for Trying Our Product

* 100% Pass or Money Back

All our products come with a 90-day Money Back Guarantee.
* One year free update
You can enjoy free update one year. 24x7 online support.
* Trusted by Millions
We currently serve more than 30,000,000 customers.
* Shop Securely
All transactions are protected by VeriSign!

100% Pass Your AZ-104 Exam with Our Prep Materials Via below:

https://www.certleader.com/AZ-104-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

Powered by TCPDF (www.tcpdf.org)