[Dec-2021] Pass Microsoft AZ-104 Exam in First Attempt Guaranteed!
Full AZ-104 Practice Test and 465 unique questions with explanations waiting just for you, get it now!
NEW QUESTION 62
You have Azure subscription that includes following Azure file shares:
You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group.
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
NEW QUESTION 63
You have an Azure subscription named Subscription1. You have a virtualization environment that contains the virtualization server in the following table.
The virtual machines are configured as shown on the following table.
All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to use Azure Site Recovery to migrate the virtual machines to Azure.
Which virtual machines can you migrate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Not VM1 because it has BitLocker enabled.
Not VM2 because the OS disk is larger than 2TB.
Not VMC because the Data disk is larger than 4TB.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirements
NEW QUESTION 64
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Window Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Answer:
Explanation:
Explanation
At a high level, an import job involves the following steps:
Step 1: Attach an external disk to Server1 and then run waimportexport.exe Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage.
Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker.
Step 2: From the Azure portal, create an import job.
Create an import job in your target storage account in Azure portal. Upload the drive journal files.
Step 3: Detach the external disks from Server1 and ship the disks to an Azure data center.
Provide the return address and carrier account number for shipping the drives back to you.
Ship the disk drives to the shipping address provided during job creation.
Step 4: From the Azure portal, update the import job
Update the delivery tracking number in the import job details and submit the import job.
The drives are received and processed at the Azure data center.
The drives are shipped using your carrier account to the return address provided in the import job.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION 65
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: add a subnet
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the subnet they are connected to. We need to add the 192.168.1.0/24 subnet.
Box 2: add a network interface
The 10.2.1.0/24 network exists. We need to add a network interface.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal
NEW QUESTION 66
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table.
Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.
VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.
You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.
Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
NEW QUESTION 67
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network that has a subnet named Subnet1
* Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
* A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
* Priority: 100
* Source: Any
* Source port range: *
* Destination: *
* Destination port range: 3389
* Protocol: UDP
* Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 68
You have an Azure subscription that contains the virtual machines shown in the following table:
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule:
* Priority: 100
* Name: Rule1
* Port: 3389
* Protocol: TCP
* Source: Any
* Destination: Any
* Action: Allow
NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
NEW QUESTION 69
Your company has offices in New York and Los Angeles.
You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
Each network uses the address spaces shown in the following table.
You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1 : Set-AzureRmVirtualNetworkGatewayDefaultSite
The Set-AzureRmVirtualNetworkGatewayDefaultSite cmdlet assigns a forced tunneling default site to a virtual network gateway. Forced tunneling provides a way for you to redirect Internet-bound traffic from Azure virtual machines to your on-premises network; this enables you to inspect and audit traffic before releasing it. Forced tunneling is carried out by using a virtual private network (VPN) tunnel; this tunnel requires a default site, a local gateway where all the Azure Internet-bound traffic is redirected. Set-AzureRmVirtualNetworkGatewayDefaultSite provides a way to change the default site assigned to a gateway.
Box 2 : 0.0.0.0/0
Forced tunneling must be associated with a VNet that has a route-based VPN gateway. You need to set a "default site" among the cross-premises local sites connected to the virtual network. Also, the on-premises VPN device must be configured using 0.0.0.0/0 as traffic selectors.
Forced Tunneling:
The following diagram illustrates how forced tunneling works
Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/set-azurermvirtualnetworkgatewaydefaultsite?view=azurermps-6.13.0
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
NEW QUESTION 70
You have an Azure subscription that contains several virtual machines and an Azure Log Analytics workspace named Workspace1. You create a log search query as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: 14 days
Two weeks will be covered.
Note: Startofweek returns the start of the week containing the date, shifted by an offset, if provided.
Start of the week is considered to be a Sunday.
Endofweek returns the end of the week containing the date, shifted by an offset, if provided.
Last day of the week is considered to be a Saturday.
Box 2:
The render operator renders results in as graphical output. Timechart is a Line graph, where the first column is x-axis, and should be datetime. Other columns are y-axes. In this case the Y axis has avg(CounterValue) Values.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
https://docs-analytics-eus.azurewebsites.net/queryLanguage/query_language_renderoperator.html
NEW QUESTION 71
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1:
Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80.
Box 2:
If Rule2 is removed internet users can reach the DNS server as well.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
NEW QUESTION 72
Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016.
Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:
* The DNS Manager console
* Azure PowerShell
* Azure CLI 2.0
You need to move the adatum.com zone to an Azure DNS zone in Subscription1. The solution must minimize administrative effort.
What should you use?
- A. the Azure portal
- B. Azure CLI
- C. Azure PowerShell
- D. the DNS Manager console
Answer: C
Explanation:
Step 1: Installing the DNS migration script
Open an elevated PowerShell window (Administrative mode) and run following command install-script PrivateDnsMigrationScript Step 2: Running the script Execute following command to run the script PrivateDnsMigrationScript.ps1 Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-migration-guide
NEW QUESTION 73
You have an Azure virtual machine named VM1 that runs Windows Server 2019. The VM was deployed using default drive settings.
You sign in to VM1 as a user named User1 and perform the following actions:
* Create files on drive C.
* Create files on drive D.
* Modify the screen saver timeout.
* Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
- A. the new desktop background
- B. the modified screen saver timeout
- C. the new files on drive C
- D. the new files on drive D
Answer: D
Explanation:
Section: [none]
NEW QUESTION 74
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions Box 2: ILB1 References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics
NEW QUESTION 75
You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region.
The subscription contains the virtual machines in the following table.
You need to deploy an application gateway named AppGW1 to VNet1.
What should you do first?
- A. Move VM3 to Subnet1.
- B. Add a service endpoint.
- C. Add a virtual network.
- D. Stop VM1 and VM2.
Answer: D
Explanation:
Explanation
If you have an existing virtual network, either select an existing empty subnet or create a new subnet in your existing virtual network solely for use by the application gateway.
Verify that you have a working virtual network with a valid subnet. Make sure that no virtual machines or cloud deployments are using the subnet. The application gateway must be by itself in a virtual network subnet.
References:
https://social.msdn.microsoft.com/Forums/azure/en-US/b09367f9-5d01-4cda-9127-b7a506a0a151/cant-create-ap
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway
NEW QUESTION 76
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Window Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Answer:
Explanation:
Explanation
At a high level, an import job involves the following steps:
Step 1: Attach an external disk to Server1 and then run waimportexport.exe Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage.
Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker.
Step 2: From the Azure portal, create an import job.
Create an import job in your target storage account in Azure portal. Upload the drive journal files.
Step 3: Detach the external disks from Server1 and ship the disks to an Azure data center.
Provide the return address and carrier account number for shipping the drives back to you.
Ship the disk drives to the shipping address provided during job creation.
Step 4: From the Azure portal, update the import job
Update the delivery tracking number in the import job details and submit the import job.
The drives are received and processed at the Azure data center.
The drives are shipped using your carrier account to the return address provided in the import job.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION 77
You have an Azure web app named webapp1.
Users report that they often experience HTTP 500 errors when they connect to webapp1.
You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details.
What should you do first?
- A. From Azure Monitor, create a workbook
- B. From webapp1, turn on Application Logging
- C. From webapp1, enable Web server logging
- D. From Azure Monitor, create a Service Health alert
Answer: C
Explanation:
Explanation
To resolve this you need to catch connection error. When the connection fails for webapp, it happens on web server, not within application. You can find out the web server log by below steps:
Open the web application --> Go to Application Service logs --> Go to Web server logging (there are multiple switches there) You can also see the errors live going to "Log stream" pane.
To ensure that you will get web server log, you have to enable it.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs
NEW QUESTION 78
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1 Which proximity placement groups should you use?
- A. Proximity2 only
- B. Proximity 1, Proximity2, and Proximity3
- C. Proximity 1 and Proximity3 only
- D. Proximity1 only
Answer: A
Explanation:
Resource Group location of VMSS1 is the RG2 location, which is West US.
Only Proximity2, which also in RG2, is location in West US
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups/
NEW QUESTION 79
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Box 1:
Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Box 2:
Only Shared Access Signature (SAS) token is supported for File storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
NEW QUESTION 80
You have an Azure subscription named Subcription1 that contains the storage accounts shown in the following table.
You plan 10 use the Azure Import/Export service to export data from Subscription1.
- A. storage4
- B. storage2
- C. storage1
- D. storage3
Answer: A
NEW QUESTION 81
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
* Name: LB1
* Type: Internal
* SKU: Standard
* Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Section: [none]
Explanation:
A Backend Pool configured by IP address has the following limitations:
* Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management
NEW QUESTION 82
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: vNET6 only
Peering status to both VNet1 and Vnet2 are disconnected.
Box 2: delete peering1
Peering to Vnet1 is Enabled but disconnected. We need to update or re-create the remote peering to get it back to Initiated state.
Reference:
https://blog.kloud.com.au/2018/10/19/address-space-maintenance-with-vnet-peering/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-andconstraints
NEW QUESTION 83
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
Answer:
Explanation:
Explanation

Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Require Multi-Factor Auth to join devices.
From scenario:
* Ensure that only users who are part of a group named Pilot can join devices to Azure AD
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
NEW QUESTION 84
......
Prepare for your Microsoft certification with the updated Test4Engine AZ-104 exam questions: https://drive.google.com/open?id=1v2eutJ-IA390yvSbiKqjRukyYZ87aSv8
Get Latest AZ-104 Dumps Exam Questions in here: https://www.test4engine.com/AZ-104_exam-latest-braindumps.html