Want to know Certleader AZ-104 Exam practice test features? Want to lear more about Microsoft Microsoft Azure Administrator certification experience? Study Validated Microsoft AZ-104 answers to Regenerate AZ-104 questions at Certleader. Gat a success with an absolute guarantee to pass Microsoft AZ-104 (Microsoft Azure Administrator) test on your first attempt.
Free demo questions for Microsoft AZ-104 Exam Dumps Below:
NEW QUESTION 1
You have an Azure Storage account named storage1. You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?
- A. blob, file, table, and queue
- B. blob and file only
- C. file and table only
- D. file only
- E. blob, table, and queue only
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-requirements
NEW QUESTION 2You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for Appl. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.
What should you include in the Availability Set?
- A. one update domain
- B. two update domains
- C. one fault domain
- D. two fault domains
Answer: B
NEW QUESTION 3
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?
- A. NSG flow logs
- B. Connection troubleshoot
- C. IP flow verify
- D. Connection monitor
Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview#monitoring
The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.
Connection monitor also provides the minimum, average, and maximum latency observed over time. After learning the latency for a connection, you may find that you can decrease the latency by moving your Azure resources to different Azure regions.
NEW QUESTION 4
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?
- A. Diagram in VNet1
- B. the security recommendations in Azure Advisor
- C. Diagnostic settings in Azure Monitor
- D. Diagnose and solve problems in Traffic Manager Profiles
- E. IP flow verify in Azure Network Watcher
Answer: E
Explanation:
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps
administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify- overview
NEW QUESTION 5
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?
- A. Owner
- B. Virtual Machine Administrator Login
- C. Contributor
- D. Virtual Machine Contributor
Answer: D
Explanation:
To ensure that User1 can deploy virtual machines and manage virtual networks, you need to assign an RBAC role that grants the necessary permissions to perform these tasks. The solution must also use the principle of least privilege, which means that you should only grant the minimum level of access required to accomplish the goal.
Based on these requirements, the best RBAC role to assign to User1 is D. Virtual Machine Contributor. This role allows User1 to create and manage virtual machines, disks, snapshots, and network interfaces. It also allows User1 to connect virtual machines to existing virtual networks and subnets. However, it does not allow User1 to create or delete virtual networks or subnets, or to access the virtual machines themselves. This role follows the principle of least privilege by limiting User1’s access to only the resources and actions that are relevant to deploying virtual machines and managing virtual networks1.
NEW QUESTION 6
HOTSPOTYou are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Solution:
Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices- VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.
All Azure resources connected to a VNet have outbound connectivity to the Internet by default. Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have
access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 7
HOTSPOT
You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
No, this does not meet the goal. Unregistering the Microsoft.ClassicNetwork provider does not affect the creation of network security groups (NSGs) in the subscription. The Microsoft.ClassicNetwork provider is used for managing classic deployment model resources, such as virtual networks, network interfaces, and public IP addresses1. However, NSGs are only supported for Resource Manager deployment model resources2. Therefore, unregistering the Microsoft.ClassicNetwork provider will not automatically block TCP port 8080 between the virtual networks.
To meet the goal, you need to create a custom policy definition that enforces a default security rule for NSGs. A policy definition is a set of rules and actions that Azure performs when evaluating your resources3. You can use a policy definition to specify the required properties and values for NSGs, such as the direction, protocol, source, destination, and port of the security rule. You can then assign the policy definition to the subscription scope, so that it applies to all the resource groups and virtual networks in the subscription.
NEW QUESTION 9
HOTSPOT
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Solution:
Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks. Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 10
HOTSPOT
You have an Azure subscription that contains the container images shown in the following table.
You plan to use the following services:
• Azure Container Instances
• Azure Container Apps
• Azure App Service
In which services can you run the images? To answer, select the options in the answer area.
NOTE: Each correct answer is worth one point.
Solution:
Image 1: Azure Container Apps only.image 2: Azure Container Instances, Azure Container Apps, and App Services.
The images you have in your Azure subscription are different types of container images that can run on different Azure services. A container image is a package of software that includes everything needed to run an application, such as code, libraries, dependencies, and configuration files. Container images are portable and consistent across different environments, such as development, testing, and production.
Azure Container Instances is a service that allows you to run containers directly on the Azure cloud, without having to manage any infrastructure or orchestrators. You can use Azure Container Instances to run any container image that is compatible with the Docker image format and follows the Open Container Initiative (OCI) specification. You can also run Windows or Linux containers on Azure Container Instances.
Azure Container Apps is a service that allows you to build and deploy cloud-native applications and microservices using serverless containers. You can use Azure Container Apps to run any container image that is compatible with the Docker image format and follows the Open Container Initiative (OCI) specification. You can also run Windows or Linux containers on Azure Container Apps.
Azure App Service is a service that allows you to build and host web applications, mobile backends, and RESTful APIs using various languages and frameworks. You can use Azure App Service to run custom container images that are compatible with the Docker image format and follow the App Service Docker image contract. You can also run Windows or Linux containers on Azure App Service.
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 11
You have an Azure subscription that contains the resources shown in the following table.
You need to perform the tasks shown in the following table.
Which tasks can you perform by using Azure Storage Explorer?
- A. Task1 and Task3 only
- B. Task1, Task2, and Task3 only
- C. Task1, Task3, and Task4 only
- D. Task2, Task3, and Task4 only
- E. Task1, Task2, Task3, and Task4
Answer: D
NEW QUESTION 12
You create an App Service plan named plan1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for plan1.
What should you do first?
- A. From webapp1, modify the Application settings.
- B. From webapp1, add a custom domain.
- C. From plan1, scale up the App Service plan.
- D. From plan1, scale out the App Service plan.
Answer: C
Explanation:
The app must be running in the Standard, Premium, or Isolated tier in order for you to enable multiple deployment slots. If the app isn't already in the Standard, Premium, orIsolated tier, you receive a message that indicates the supported tiers for enabling staged publishing. At this point, you have the option to select Upgrade and go to the Scale tab of your app before continuing.
Scale up: Get more CPU, memory, disk space, and extra features like dedicated virtual machines (VMs), custom domains and certificates, staging slots, autoscaling, and more.
Scale out: Increase the number of VM instances that run your app. You can scale out to as many as 30 instances
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up
NEW QUESTION 13
You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.
Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
✑ Allow web requests from the internet to VM3, VM4, VM5, and VM6.
✑ Allow all connections between VM1 and VM2.
✑ Allow Remote Desktop connections to VM1.
✑ Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
- A. 1
- B. 3
- C. 4
- D. 12
Answer: C
Explanation:
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).
Each network security group also contains default security rules.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security- rules
NEW QUESTION 14
HOTSPOT
You have an Azure subscription.
You need to deploy a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
- dependsON: resoureceID
- storageProfile: ImageReference Reference :
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-dependency#dependson
https://learn.microsoft.com/en-us/javascript/api/@azure/arm-compute/storageprofile?view=azure-node-latest
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 15
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
NSG1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Yes - VM1 can access the Storage account because there is nothing blocking it the on the virtual network. There is a rule that actually allows outbound access to storage.
Yes- VM2 is on the Same VNET there is nothing blocking access to it from VM1 on the Virtual network. The Deny rule for HTTPS_VM1_Deny is for inbound connections from the
internet.No- You have a Inbound deny rule for VM1 from the the internet with a destination of the 10.3.0.15 which is in Subnet1. This proves the NSG is associated to Subnet1 and only subnet one because the image shows it is connected to only 1 subnet. VM2 is on Subnet2 which you can determined by its IP address. This means that NSG1 does not apply to VM2.
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 16
You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution, NOTE: Each correct selection is worth one point
- A. the set-AzAKs cmdlet
- B. the Azure portal
- C. The az aks command
- D. the kubect1 command
- E. the set Azure cmdlet
Answer: BC
Explanation:
AKS clusters can scale in one of two ways: - The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes. - The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand. Reference: https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
NEW QUESTION 17
......
P.S. Dumps-hub.com now are offering 100% pass ensure AZ-104 dumps! All AZ-104 exam questions have been updated with correct answers: https://www.dumps-hub.com/AZ-104-dumps.html (232 New Questions)
