[Oct 10, 2022] AZ-104 Questions Truly Valid For Your Microsoft Exam!
AZ-104 Actual Questions - Instant Download Tests Free Updated Today!
AZ-104:Microsoft Azure Administrator Exam Certified Professional salary
The average salary of an AZ-104: Microsoft Azure Administrator Exam Certified Expert in
- Europe - 60,547 EURO
- England - 60,532 POUNDS
- United States - 80,000 USD
- India - 12,10,327 INR
Microsoft AZ-104 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Manage Azure identities and governance (15-20%) | |
| Manage Azure Active Directory (Azure AD) objects | -create users and groups -create administrative units -manage user and group properties -manage device settings -perform bulk user updates -manage guest accounts -configure Azure AD Join -configure self-service password reset |
| Manage role-based access control (RBAC) | -create a custom role - provide access to Azure resources by assigning roles at different scopes -interpret access assignments |
| Manage subscriptions and governance | -configure Azure policies -configure resource locks -apply and manage tags on resources - manage resource groups -manage subscriptions - manage costs -configure management groups |
Implement and manage storage (15-20%) | |
| Secure storage | -configure network access to storage accounts -create and configure storage accounts -generate shared access signature (SAS) tokens -manage access keys -configure Azure AD Authentication for a storage account - Configure access to Azure Files |
| Manage Storage | -export from Azure job -import into Azure job -install and use Azure Storage Explorer -copy data by using AZCopy - implement Azure Storage replication - configure blob object replication |
| Configure Azure files and Azure blob storage | - create an Azure file share -create and configure Azure File Sync service -configure Azure Blob Storage -configure storage tiers - configure blob lifecycle management |
Deploy and manage Azure compute resources (20-25%) | |
| Automate deployment of virtual machines (VMs) by using Azure Resource Manager templates | - modify an Azure Resource Manager template -configure a virtual hard disk (VHD) template - deploy from a template -save a deployment as an Azure Resource Manager template - deploy virtual machine extensions |
| Configure VMs | -configure Azure Disk Encryption -move VMs from one resource group to another -manage VM sizes -add data disks -configure networking -redeploy VMs - configure high availability - deploy and configure scale sets |
| Create and configure containers | - configure sizing and scaling for Azure Container Instances -configure container groups for Azure Container Instances -configure storage for Azure Kubernetes Service (AKS) - configure scaling for AKS - configure network connections for AKS - upgrade an AKS cluster |
| Create and configure Azure App Service | - create an App Service plan -configure scaling settings in an App Service plan - create an App Service - secure an App Service - configure custom domain names - configure backup for an App Service - configure networking settings - configure deployment settings |
Configure and manage virtual networking (25-30%) | |
| Implement and manage virtual networking | - create and configure virtual networks, including peering - configure private and public IP addresses - configure user-defined network routes - implement subnets - configure endpoints on subnets - configure private endpoints- configure Azure DNS, including custom DNS settings and private or public DNS zones |
| Secure access to virtual networks | -create security rules -associate a network security group (NSG) to a subnet or network interface -evaluate effective security rules -implement Azure Firewall -implement Azure Bastion |
| Configure load balancing | -configure Azure Application Gateway -configure an internal or public load balancer -troubleshoot load balancing |
| Monitor and troubleshoot virtual networking | -monitor on-premises connectivity - configure and useAzure Monitor for Networks -use Azure Network Watcher -troubleshoot external networking -troubleshoot virtual network connectivity |
| Integrate an on-premises network with an Azure virtual network | -create and configure Azure VPN Gateway - create and configure Azure ExpressRoute -configure Azure Virtual WAN |
AZ-104 Requirements
Luckily, this test has no official requirements. However, Microsoft recommends that the candidates have a minimum of six months of practical experience in administering Azure. It is not a mandatory prerequisite, but you need to have a good understanding of Azure workloads, core Azure services, governance, and security. Additionally, you should have skills in using Azure CLI, Azure Resource Manager templates, PowerShell, and Azure portal.
NEW QUESTION 214
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
NEW QUESTION 215
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
Name: VM1
Location: West US
Connected to: VNET1
Private IP address: 10.1.0.4
Public IP address: 52.186.85.63
DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
NEW QUESTION 216
You have an Azure subscription that contains several virtual machines and an Azure Log Analytics workspace named Workspace1. You create a log search query as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: 14 days
Two weeks will be covered.
Note: Startofweek returns the start of the week containing the date, shifted by an offset, if provided.
Start of the week is considered to be a Sunday.
Endofweek returns the end of the week containing the date, shifted by an offset, if provided.
Last day of the week is considered to be a Saturday.
Box 2:
The render operator renders results in as graphical output. Timechart is a Line graph, where the first column is x-axis, and should be datetime. Other columns are y-axes. In this case the Y axis has avg(CounterValue) Values.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
https://docs-analytics-eus.azurewebsites.net/queryLanguage/query_language_renderoperator.html
NEW QUESTION 217
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
Name: VM1
Location: West US
Connected to: VNET1
Private IP address: 10.1.0.4
Public IP address: 52.186.85.63
DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
NEW QUESTION 218
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
Azure DNS provides automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.
Box 2: No
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.
Box 3: Yes
VM6 belongs to registration virtual network, and an A (Host) record exists for VM9 in the DNS zone.
By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
NEW QUESTION 219
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther443 inbound security rule.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Reference:
https://fastreroute.com/azure-network-security-groups-explained/
We have a higher priority rule which allows the traffic.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
NEW QUESTION 220
You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table.
Answer:
Explanation:
NEW QUESTION 221
You have an app named App1 that runs on an Azure web app named webapp1.
The developers at your company upload an update of App1 to a Git repository named GUI.
Webapp1 has the deployment slots shown in the following table.
You need to ensure that the App1 update is tested before the update is made available to users. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
- A. Stop webapp1-test
- B. Swap the slots.
- C. Deploy the App1 update to webapp1-test, and then test the update.
- D. Deploy the App1 update to webapp1-prod, and then test the update.
- E. Stop webapp1 prod.
Answer: C,D
NEW QUESTION 222
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
- A. No
- B. yes
Answer: A
Explanation:
Explanation
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
NEW QUESTION 223
You have an Azure subscription named Subscription1. You have a virtualization environment that contains the virtualization server in the following table.
The virtual machines are configured as shown on the following table.
All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to use Azure Site Recovery to migrate the virtual machines to Azure.
Which virtual machines can you migrate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Not VM1 because it has BitLocker enabled.
Not VM2 because the OS disk is larger than 2TB.
Not VMC because the Data disk is larger than 4TB.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirements
NEW QUESTION 224
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 225
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1.
You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
What should you deploy?
- A. all virtual machines in a single Availability Set
- B. each virtual machine in a separate Availability Set
- C. all three virtual machines in a single Availability Zone
- D. each virtual machine in a separate Availability Zone
Answer: A
Explanation:
Explanation
Availability sets are a datacenter configuration to provide VM redundancy and availability. This configuration within a datacenter ensures that during either a planned or unplanned maintenance event, at least one virtual machine is available.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets
NEW QUESTION 226
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
Answer:
Explanation:
Explanation
Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Require Multi-Factor Auth to join devices.
From scenario:
* Ensure that only users who are part of a group named Pilot can join devices to Azure AD
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
NEW QUESTION 227
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1 : 4
As there are 4 distinct set of resource types (Ingress, Egress, Delete storage account, Restore blob ranges), so you need 4 alert rules. In one alert rule you can't specify different type of resources to monitor. So you need 4 alert rules.
Box 2 : 3
There are 3 distinct set of "Users to notify" as (User 1 and User 3), (User1 only), and (User1, User2, and User3). You can't set the action group based on existing group (Group1 and Group2) as there is no specific group for User1 only. So you need to create 3 action group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
NEW QUESTION 228
You have an Azure subscription named AZPT1 that contains the resources shown in the following table:
You create a new Azure subscription named AZPT2.
You need to identify which resources can be moved to AZPT2.
Which resources should you identify?
- A. RVAULT1 only
- B. VM1 and VM1Managed only
- C. VM1, storage1, VNET1, and VM1Managed only
- D. VM1, storage1, VNET1, VM1Managed, and RVAULT1
Answer: D
Explanation:
Explanation
You can move a VM and its associated resources to a different subscription by using the Azure portal.
You can now move an Azure Recovery Service (ASR) Vault to either a new resource group within the current subscription or to a new subscription.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscrip
https://docs.microsoft.com/en-us/azure/key-vault/general/keyvault-move-subscription
NEW QUESTION 229
......
Get instant access of 100% real exam questions with verified answers: https://www.braindumpspass.com/Microsoft/AZ-104-practice-exam-dumps.html
Exam Dumps for the Preparation of Latest AZ-104 Exam Questions: https://drive.google.com/open?id=1wunlQA_rybe9XvzQohBZFOErGcJcSB8p
