May/2023 Latest Braindump2go AZ-104 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AZ-104 Real Exam Questions!
QUESTION 390
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.
Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Sea-CA01
B. Hou-NW01
C. NYC-FS01
D. Sea-DC01
E. BOS-DB01
Answer: CE
Explanation:
Azure Migrate provides a centralized hub to assess and migrate to Azure on-premises servers, infrastructure, applications, and data. It provides the following:
– Unified migration platform: A single portal to start, run, and track your migration to Azure.
– Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.
– Assessment and migration: In the Azure Migrate hub, you can assess and migrate:
Servers, databases, and web apps: Assess on-premises servers including web apps and SQL Server instances and migrate them to Azure virtual machines or Azure VMware Solution (AVS) (Preview).
Databases: Assess on-premises databases and migrate them to Azure SQL Database or to SQL Managed Instance.
Web applications: Assess on-premises web applications and migrate them to Azure App Service.
Virtual desktops: Assess your on-premises virtual desktop infrastructure (VDI) and migrate it to Windows Virtual Desktop in Azure.
Data: Migrate large amounts of data to Azure quickly and cost-effectively using Azure Data Box products.
Based on this information let’s analyze each option:
NYC-FS01 : Its role “Server” fall under above categories. Hence it can be accessed by using Azure migrate.
BOS-DB01 : Its role “server” fall under above categories. Hence it can be accessed by using Azure migrate.
Sea-CA01 : Its role “CA” does not fall under above categories. Hence it can not be accessed by using Azure migrate.
Hou-NW01 : Its role “DNS” does not fall under above categories. Hence it can not be accessed by using Azure migrate.
Sea-DC01 : Its role “DC” does not fall under above categories. Hence it can not be accessed by using Azure migrate.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/migrate-services-overview
QUESTION 391
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected].
You need to ensure that the vendor can authenticate to the tenant by using [email protected].
What should you do?
A. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the
C. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
D. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the
Answer: C
Explanation:
We should use Azure portal, add a new guest user, and then specify [email protected] as the email address.
The New-AzureADUser cmdlet creates a new user not a new guest user. The New-AzureADMSInvitation cmdlet is used to invite a new external user to your directory, but the cmdlet uses the -InvitedUserEmailAddress parameter instead of -UserPrincipalName.
QUESTION 392
You set the multi-factor authentication status for a user named [email protected] to Enabled.
Admin1 accesses the Azure portal by using a web browser.
Which additional security verifications can Admin1 use when accessing the Azure portal?
A. a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app
B. an app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app
C. an app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app
D. a phone call, an email message that contains a verification code, and a text message that contains an app password
Answer: A
QUESTION 393
You have an Azure AD tenant that is linked to 10 Azure subscriptions.
You need to centrally monitor user activity across all the subscriptions.
What should you use?
A. Activity log filters
B. Log Analytics workspace
C. access reviews
D. Azure Application Insights Profiler
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#send-to-log-analytics-workspace
Send the activity log to a Log Analytics workspace to enable the Azure Monitor Logs feature, where you:
– Consolidate log entries from multiple Azure subscriptions and tenants into one location for analysis together.
QUESTION 394
A company has an Azure account and current has an Azure premium P2 based subscription. As an IT administrator, you have to configure a conditional access policy as shown below:
You have to ensure the following key requirement:
– Users from select locations would need to authenticate using MFA.
In which of the following sections would you configure the MFA requirement for the policy?
A. Users and Groups
B. Conditions
C. Grants
D. Session
Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
QUESTION 395
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that is configured for hybrid coexistence with the on-premises Active Directory domain. The tenant contains the users shown in the following table.
Whenever possible, you need to enable Azure Multi-Factor Authentication (MFA) for the users in contoso.com.
Which users should you enable for Azure MFA?
A. User1 only
B. User1, User2, and User3 only
C. User1 and User2 only
D. User1, User2, User3, and User4
E. User2 only
Answer: D
QUESTION 396
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on-premises network.
What should you configure?
A. an Azure AD Identity Protection user risk policy.
B. the multi-factor authentication service settings.
C. the default for all the roles in Azure AD Privileged Identity Management
D. an Azure AD Identity Protection sign-in risk policy
Answer: B
QUESTION 397
Hotspot Question
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.
You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Use two fault domains.
2 or 3 is max value, depending on which region you are in.
Use 20 for platformUpdateDomainCount
Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
References:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks
https://github.com/Azure/acs-engine/issues/1030
QUESTION 398
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?
A. Get-Event Event | where ($_.EventType -eq “error”)
B. Get-Event Event | where ($_.EventType == “error”)
C. search in (Event) * | where EventType –eq “error”
D. search in (Event) “error”
E. select *from Event where EventType == “error”
F. Event | where EventType is “error”
Answer: D
Explanation:
To search a term in a specific table, add the table-name just after the search operator.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Event | search “error”
2. Event | where EventType == “error”
3. search in (Event) “error”
Other incorrect answer options you may see on the exam include the following:
1. Get-Event Event | where {$_.EventTye ג€”eq “error”}
2. Event | where EventType is “error”
3. search in (Event) * | where EventType ג€”eq “error”
4. select * from Event where EventType is “error”
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/searchoperator?pivots=azuredataexplorer
QUESTION 399
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the name servers at the domain registrar.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
Delegate the domain
Now that the DNS zone is created and you have the name servers, you need to update the parent domain with the Azure DNS name servers. Each registrar has its own DNS management tools to change the name server records for a domain.
QUESTION 400
You have an Azure subscription named Subscription1 that contains the resource groups shown in the following table.
In RG1, you create a virtual machine named VM1 in the East Asia location.
You plan to create a virtual network named VNET1.
You need to create VNET1, and then connect VM1 to VNET1.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create VNET1 in RG2, and then set East Asia as the location.
B. Create VNET1 in a new resource group in the West US location, and then set West US as the location.
C. Create VNET1 in RG1, and then set East US as the location.
D. Create VNET1 in RG2, and then set East US as the location.
E. Create VNET1 in RG1, and then set East Asia as the location.
Answer: AE
QUESTION 401
You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
You need to specify which resource type to monitor.
What should you specify?
A. metric alert
B. Azure Log Analytics workspace
C. virtual machine
D. virtual machine extension
Answer: B
Explanation:
For the first step to create the new alert tule, under the Create Alert section, you are going to select your Log Analytics workspace as the resource, since this is a log based alert signal.
The log data goes to the analytics workspace and it is from there that the alert is triggered.
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/configure-azure-monitor
QUESTION 402
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet.
What should you do?
A. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a
priority of 501.
B. For Rule5, change the Action to Allow and change the priority to 401.
C. Delete Rule1.
D. Modify the protocol of Rule4.
Answer: B
Explanation:
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port 443.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops.
Incorrect Answers:
A: Rule 2 is blocking HTTPS access (port 443) and has a priority of 500. Creating a rule for the same protocol (443) with a higher priority number will not help.
C: Rule 1 blocks access to port 80, which is used for HTTP, not HTTPS.
D: Rule 2 is blocking HTTPS access (port 443). Changing Rule 4 allows access on UDP but is a higher priority number than Rule. Changing the protocol on Rule 4 to TCP will not help if we don’t also change the priority to a lower number.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
QUESTION 403
Hotspot Question
You have an Azure subscription that contains several virtual machines and an Azure Log Analytics workspace named Workspace1.
You create a log search query as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: 14 days
Two weeks will be covered.
Note: Startofweek returns the start of the week containing the date, shifted by an offset, if provided.
Start of the week is considered to be a Sunday.
Endofweek returns the end of the week containing the date, shifted by an offset, if provided.
Last day of the week is considered to be a Saturday.
Box 2:
The render operator renders results in as graphical output. Timechart is a Line graph, where the first column is x-axis, and should be datetime. Other columns are y-axes. In this case the Y axis has avg (CounterValue) Values.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
https://docs-analytics-eus.azurewebsites.net/queryLanguage/query_language_renderoperator.html
QUESTION 404
You have an Azure subscription that contains a resource group named TestRG.
You use TestRG to validate an Azure deployment.
TestRG contains the following resources:
You need to delete TestRG.
What should you do first?
A. Modify the backup configurations of VM1 and modify the resource lock type of VNET1.
B. Turn off VM1 and delete all data in Vault1.
C. Remove the resource lock from VNET1 and delete all data in Vault1.
D. Turn off VM1 and remove the resource lock from VNET1.
Answer: C
Explanation:
VNET1 as a Lock of type Delete, so therefore we first need to remove the lock to be able to delete this resource (and consequently the entire Resource Group).
You can’t delete a vault that contains backup data. Once backup data is deleted, it will go into the soft deleted state.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault?tabs=portal#before-you-start
QUESTION 410
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
QUESTION 411
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and West US.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Each NIC attached to a VM must exist in the same location and subscription as the VM. Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. You can change the subnet a VM is connected to after it’s created, but you cannot change the VNet.
Meaning that VM <–> VNET <—> NIC. All the three resources MUST be in the same location
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/network-overview#:~:text=Each%20NIC%20attached%20to%20a,you%20cannot%20change%20the%20VNet.
QUESTION 412
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
– A virtual network that has a subnet named Subnet1
– Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
– A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The NSG on the subnet does not allow inbound TCP 3389.
NSGs deny all inbound traffic except from virtual network or load balancers.
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
QUESTION 413
You have an Azure subscription that contains the resources shown in the following table.
VM1 and VM2 run a website that is configured as shown in the following table.
LB1 is configured to balance requests to VM1 and VM2.
You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that the health probe functions correctly.
What should you do?
A. On LB1, change the Unhealthy threshold to 65536.
B. On LB1, change the port to 8080.
C. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.
D. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder.
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-internal-portal
QUESTION 414
You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users.
You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.
What should you do?
A. From the multi-factor authentication page, configure the users’ settings.
B. From Azure AD, create a conditional access policy.
C. From the multi-factor authentication page, configure the service settings.
D. From the MFA blade in Azure AD, configure the MFA Server settings.
Answer: C
Explanation:
Enable remember Multi-Factor Authentication
1. Sign in to the Azure portal.
2. On the left, select Azure Active Directory > Users.
3. Select Multi-Factor Authentication.
4. Under Multi-Factor Authentication, select service settings.
5. On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they trust option.
6. Set the number of days to allow trusted devices to bypass two-step verification. The default is 14 days.
7. Select Save.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
QUESTION 415
You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.
You plan to share a cloud resource to the All Users group.
You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource.
What should you do first?
A. Create a user account of the member type for User4.
B. Create a user account of the member type for User3.
C. Modify the Directory-wide Groups settings.
D. Modify the External collaboration settings.
Answer: C
Explanation:
Ensure that “Enable an ‘All Users’ group in the directory” policy is set to “Yes” in your Azure Active Directory (AD) settings in order to enable the “All Users” group for centralized access administration. This group represents the entire collection of the Active Directory users, including guests and external users, that you can use to make the access permissions easier to manage within your directory.
Incorrect Answers:
A, B: User3 and User4 are guests already.
Note: By default, all users and guests in your directory can invite guests even if they’re not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.
References:
https://www.cloudconformity.com/knowledge-base/azure/ActiveDirectory/enable-all-users-group.html
QUESTION 416
You have a Microsoft 365 subscription and a hybrid deployment of Azure Active Directory (Azure AD).
User identities and password hashes are synced.
You have a user account named User1.
From Active Directory, you select the User must change password at next logon account option for User1.
What will occur if User1 attempts to sigh in to myapps.microsoft.com?
A. User1 will be prompted for a password change.
B. User1 will sign in by using the old password.
C. User1 will be prevented from signing in.
Answer: C
Explanation:
Troubleshoot password synchronization
Some users can’t sign in to Office 365, Azure, or Microsoft Intune In this scenario, passwords of most users appear to be syncing. However, there are some users whose passwords appear not to sync. The following are scenarios in which a user cannot sign in to a Microsoft cloud service such as Office 365, Azure, or Intune. They include information about how to troubleshoot each scenario.
Scenario 1: The “User must change password at next logon” check box is selected for the user’s account To resolve this issue, follow these steps:
1. Do one of the following:
In the user account properties in Active Directory Users and Computers, clear the User must change password at next logon check box.
Have the user change their on-premises user account password.
2. Wait a few minutes for the change to sync between the on-premises Active Directory Domain Services (AD DS) and Azure AD.
References:
https://support.microsoft.com/en-us/help/2855271/how-to-troubleshoot-password-synchronization-when-using-an-azure-ad-sy
QUESTION 417
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain.
The tenant contains the users shown in the following table.
The users have the attributes shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all users.
Solution: You create a new user account in Azure AD for User3.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
QUESTION 418
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain.
The tenant contains the users shown in the following table.
The users have the attributes shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all users.
Solution: You add an office phone number for User2.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
QUESTION 419
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain.
The tenant contains the users shown in the following table.
The users have the attributes shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all users.
Solution: You add a mobile phone number for User2 and User4.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
When MS states that phone calls can be used by MFA Authetication and the question is mentioning user2 and user4.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Resources From:
1.2023 Latest Braindump2go AZ-104 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-104.html
2.2023 Latest Braindump2go AZ-104 PDF and AZ-104 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1UgWYSJj0uEU0eN4Uz8jnKDmXdqJJkSzZ?usp=sharing
3.2023 Free Braindump2go AZ-104 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-104-PDF-Dumps(390-419).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!