Practice Free AZ-104 Exam Online Questions
HOTSPOT
You have a Microsoft Entra tenant that contains a user named External User External User authenticates to the tenant by using [email protected].
You need to ensure that External User authenticates to the tenant by using [email protected].
Which two settings should you configure from the Overview blade? To answer, select the appropriate settings in the answer area. NOTE: Each correct answer is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Entra tenant named Adatum.com and an Azure Subscription named Subscription1. Adatum.com contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure Logic Apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription that contains 20 virtual machines, a network security group (NSG) named NSG1, and two virtual networks named VNET1 and VNET2 that are peered.
You plan to deploy an Azure Bastion Basic SKU host named Bastion1 to VNET1. You need to configure NSG1 to allow inbound access from the internet to Bastion1.
Which port should you configure for the inbound security rule?
- A . 22
- B . 443
- C . 3389
- D . 8080
B
Explanation:
Azure Bastion is a service that provides secure and seamless RDP/SSH connectivity to virtual machines directly over TLS from the Azure portal or via native client. Azure Bastion uses an HTML5 based web client that is automatically streamed to your local device. Your RDP/SSH session is over TLS on port 443. This enables the traffic to traverse firewalls more securely. To allow inbound access from the internet to Bastion1, you need to configure NSG1 to allow port 443 for the inbound security rule.
Reference: What is Azure Bastion?
About Azure Bastion configuration settings
HOTSPOT
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
Sub1 contains the following alert rule:
• Name: Alert1
• Scope: All resource groups in Sub1
o Include all future resources
• Condition: All administrative operations
• Actions: Action1
Sub1 contains the following alert processing rule:
• Name: Rule1
• Scope: Sub1
• Rule type: Suppress notifications
• Apply the rule: On a specific time
o Stan: August 10. 2022
o End: August 13. 2022
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules?tabs=portal#what-should-this-rule-do Suppression: This action removes all the action groups from the affected fired alerts. So, the fired alerts won’t invoke any of their action groups, not even at the end of the maintenance window. Those fired alerts will still be visible when you list your alerts in the portal, Azure Resource Graph, API, or PowerShell.
The alert rule named Alert1 has a scope of all resource groups in Sub1 and includes all future resources. This means that any administrative operation performed on any resource group in Sub1 will trigger the alert rule. The condition of the alert rule is all administrative operations, which includes creating a resource group1. Therefore, if you create a resource group in Sub1 on August 11, 2022, Alert1 will be fired and listed in the Azure portal.
The alert processing rule named Rule1 has a scope of Sub1 and a rule type of suppress notifications. This means that any alert fired in Sub1 will have its notifications suppressed by the rule. The rule applies on a specific time range from August 10, 2022 to August 13, 2022. Therefore, if you create a resource group in Sub1 on August 12, 2022, Alert1 will be fired but no email message will be sent to [email protected] because of Rule1.
The alert processing rule named Rule1 does not apply after August 13, 2022. Therefore, if you add a tag to RG1 on August 15, 2022, Alert1 will be fired and an email message will be sent to [email protected] as specified by the action group Action1.
You have an Azure web app named App1.
App1 has the deployment slots shown in the following table:
- A . Redeploy App1
- B . Swap the slots
- C . Clone App1
- D . Restore the backup of App1
B
Explanation:
When you swap deployment slots, Azure swaps the Virtual IP addresses of the source and destination slots, thereby swapping the URLs of the slots. We can easily revert the deployment by swapping back. Deployment slots are live apps with their own host names. App content and configurations elements can be swapped between two deployment slots, including the production slot.
Deploying your application to a non-production slot has the following benefits:
HOTSPOT
You have an Azure Storage account named storage1 that contains a blob container. The blob container has a default access tier of Hot. Storage1 contains a container named container!.
You create lifecycle management rules in storage1 as shown in the following table.
You perform the actions shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
On October 10, you can read Dep1File1.docx. = NO
Dep1File1.docx is a blob in container1 that was uploaded on October 1 and edited on October 2. According to the lifecycle management rule 1, any blob in container1 that has not been modified for 7 days will be moved to the archive tier. Therefore, on October 9, Dep1File1.docx will be moved to the archive tier. Blobs in the archive tier cannot be read unless they are first rehydrated, which may take several hours or days. Therefore, on October 10, you cannot read Dep1File1.docx unless you rehydrate it first.
On October 10, you can read File2.docx. = YES
File2.docx is a blob in container1 that was uploaded on October 1 and edited on October 5. According to the lifecycle management rule 1, any blob in container1 that has not been modified for 7 days will be moved to the archive tier. Therefore, on October 12, File2.docx will be moved to the archive tier. However, on October 10, File2.docx is still in the hot tier, which means it can be read without any delay or cost.
On October 10, you can read File3.docx. = NO
File3.docx is a blob in container1 that was uploaded on October 1 and edited on October 2. According to the lifecycle management rule 2, any blob in container1 that has not been modified for 5 days will be deleted. Therefore, on October 7, File3.docx will be deleted from the storage account. Therefore, on October 10, you cannot read File3.docx because it no longer exists.
You need to recommend a solution to automate the configuration for the finance department users.
The solution must meet the technical requirements.
What should you include in the recommended?
- A . Azure AP B2C
- B . Azure AD Identity Protection
- C . an Azure logic app and the Microsoft Identity Management (MIM) client
- D . dynamic groups and conditional access policies
D
Explanation:
Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user’s OU attribute will change when the admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate dynamic group on next AADC delta sync.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
DRAG DROP
You have an Azure subscription named Subscription1.
You create an Azure Storage account named Contoso storage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Box 1:
Both Azure Active Directory (AD) and Shared Access Signature (SAS) token are supported for Blob storage.
Box 2:
Only Shared Access Signature (SAS) token is supported for File storage.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter. NVA and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs.
The solution must meet the following requirements:
• The NVAs must run in an active-active configuration that uses automatic failover.
• The toad balancer must load balance traffic to two services on the Production subnet.
The services have different IP addresses.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
- B . Deploy a basic load balancer.
- C . Add a frontend IP configuration, a backend pool, and a health probe.
- D . Add two load balancing rules that have HA Ports and Floating IP enabled.
- E . Deploy a standard load balancer.
- F . Add a frontend IP configuration, two backend pools, and a health probe.