Microsoft Azure Administrator Exam

Microsoft AZ-104
Version Demo

Total Demo Questions: 15

Total Premium Questions: 335

Buy Premium PDF

https://dumpsboss.com

support@dumpsboss.com
 Topic Break Down

Topic No. of Questions

Topic 1, Case Study 1 2

Topic 2, Case Study 2 3

Topic 3, Case Study 3 2

Topic 4, Case Study 4 2

Topic 5, Case Study 5 2

Topic 6, Case Study 6 2

Topic 7, Mixed Questions 322

Total 335

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
QUESTION NO: 1

You are planning to deploy an Ubuntu Server virtual machine to your company’s Azure subscription.

You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA).

Which of the following should you use to create the virtual machine?

A. The New-AzureRmVm cmdlet.

B. The New-AzVM cmdlet.

C. The Create-AzVM cmdlet.

D. The az vm create command.

ANSWER: C

Explanation:

Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, using the -custom-data parameter to
provide the full path to the cloud-init.txt file.

Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment

QUESTION NO: 2

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.

You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Upload a configuration script

B. Create an automation account

C. Create an Azure policy

D. Modify the extensionProfile section of the Azure Resource Manager template

E. Create a new virtual machine scale set in the Azure portal

ANSWER: D E

Explanation:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual
machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and
out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc

QUESTION NO: 3 - (HOTSPOT)

HOTSPOT

You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the
following configurations:

Operating system: Windows Server 2016 Size: Standard_D1_v2

You run the get-azvmss cmdlet as shown in the following exhibit:

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in
the graphic.

NOTE: Each correct selection is worth one point.

Hot Area:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
ANSWER:

Explanation:

The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine.

Box 1: 0

The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each
existing VM.

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Box 2: 4

Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically
upgrading the OS disk for all instances in the scale set.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scale-set
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade

QUESTION NO: 4

You have an Azure subscription that contains a storage account named account1.

You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network
uses a public IP address space of 131.107.1.0/24.

You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network
named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.

You need to configure account1 to meet the following requirements:

Ensure that you can upload the disk files to account1.

Ensure that you can attach the disks to VM1. Prevent all other access to account1.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. From the Networking blade of account1, select Selected networks.

B. From the Networking blade of account1, select Allow trusted Microsoft services to access this storage account.

C. From the Networking blade of account1, add the 131.107.1.0/24 IP address range.

D. From the Networking blade of account1, add VNet1.

E. From the Service endpoints blade of VNet1, add a service endpoint.

ANSWER: A E

Explanation:

A: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you
must first change the default action.

Azure portal

1. Navigate to the storage account you want to secure.

2. Click on the settings menu called Firewalls and virtual networks.

3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to
allow access from 'All networks'.

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
4. Click Save to apply your changes.

E: Grant access from a Virtual Network

Storage accounts can be configured to allow access only from specific Azure Virtual Networks.

By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure
Storage service. The identities of the virtual network and the subnet are also transmitted with each request.

Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

QUESTION NO: 5 - (HOTSPOT)

HOTSPOT

You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.

RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
ANSWER:

Explanation:

Box 1: Yes

You can move storage

Box 2: No

You can't move to a new resource group a NIC that is attached to a virtual machine.

Box 3: No

Azure Public IPs are region specific and can't be moved from one region to another.

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources
https://docs.microsoft.com/en-us/azure/virtual-network/move-across-regions-publicip-powershell Configure and manage
virtual networking

QUESTION NO: 6

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway,
Perimeter, NVA, and Production.

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the
Perimeter subnet and the Production subnet.

You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:

The NVAs must run in an active-active configuration that uses automatic failover.

The load balancer must load balance traffic to two services on the Production subnet. The services have different IP
addresses.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Deploy a basic load balancer

B. Deploy a standard load balancer

C. Add two load balancing rules that have HA Ports and Floating IP enabled

D. Add two load balancing rules that have HA Ports enabled and Floating IP disabled

E. Add a frontend IP configuration, a backend pool, and a health probe

F. Add a frontend IP configuration, two backend pools, and a health probe

ANSWER: B C F

Explanation:

A standard load balancer is required for the HA ports.

Two backend pools are needed as there are two services with different IP addresses. Floating IP rule is used where backend
ports are reused.

Incorrect Answers:

E: HA Ports are not available for the basic load balancer.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview https://docs.microsoft.com/en-
us/azure/load-balancer/load-balancer-multivip-overview

QUESTION NO: 7

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library
named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create? Each correct answer presents a complete solution.

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
NOTE: Each correct selection is worth one point.

A. a Microsoft 365 group that uses the Assigned membership type

B. a Security group that uses the Assigned membership type

C. a Microsoft 365 group that uses the Dynamic User membership type

D. a Security group that uses the Dynamic User membership type

E. a Security group that uses the Dynamic Device membership type

ANSWER: A C

Explanation:

You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).

Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups.
Expiration policies can help remove inactive groups from the system and make things cleaner.

When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.

You can set up a rule for dynamic membership on security groups or Office 365 groups.

Incorrect Answers:

B, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).

Reference:

https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expiration-policy? view=o365-worldwide

QUESTION NO: 8

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using
an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

A. the New-AzConfigurationAssignment cmdlet

B. a Desired State Configuration (DSC) extension

C. Azure Active Directory (Azure AD) Application Proxy

D. Azure Application Insights

ANSWER: B

Explanation:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview

QUESTION NO: 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable
Traffic Analytics for an Azure subscription.

Solution: You assign the Owner role at the subscription level to Admin1.

Does this meet the goal?

A. Yes

B. No

ANSWER: A

Explanation:

Your account must meet one of the following to enable traffic analytics:

Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or
network contributor.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq

QUESTION NO: 10

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Azure Monitor, you create a metric on Network In and Network Out.

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Does this meet the goal?

A. Yes

B. No

ANSWER: B

Explanation:

Reference:

https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connectionmonitor-in-all-public-
regions/

QUESTION NO: 11

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.

You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.

You add a network interface named vm1173 to VM1 as shown in the exhibit. (Click the Exhibit tab.)

From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.

You need to establish a Remote Desktop connection to VM1.

What should you do first?

A. Change the priority of the RDP rule

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
B. Attach a network interface

C. Delete the DenyAllInBound rule

D. Start VM1

ANSWER: D

Explanation:

Incorrect Answers:

A: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers
have higher priority. Once traffic matches a rule, processing stops. RDP already has the lowest number and thus the highest
priority.

B: The network interface has already been added to VM. C: The Outbound rules are fine.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

QUESTION NO: 12

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network
named VNet1.

You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Add a service endpoint to VNet1

B. Reset GW1

C. Create a route-based virtual network gateway

D. Add a connection to GW1

E. Delete GW1

F. Add a public IP address space to VNet1

ANSWER: C E

Explanation:

C: A VPN gateway is used when creating a VPN connection to your on-premises network.

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to
different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or
VTI (virtual tunnel interface).

E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is
encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel
encryption and decryption are added to the packet filtering and processing engine.

Incorrect Answers:

F: Point-to-Site connections do not require a VPN device or a public-facing IP address.

Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps

QUESTION NO: 13 - (DRAG DROP)

DRAG DROP

You have an on-premises network that you plan to connect to Azure by using a site-so-site VPN.

In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16 VNet1 contains a
subnet named Subnet1 that uses an address space of 10.0.0.0/24.

You need to create a site-to-site VPN to Azure.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.

NOTE: More than one order of answer choice is correct. You will receive credit for any of the correct orders you select.

Select and Place:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
ANSWER:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Explanation:

QUESTION NO: 14 - (DRAG DROP)

DRAG DROP

You have an Azure Active Directory (Azure AD) tenant that has the contoso.onmicrosoft.com domain name.

You have a domain name of contoso.com registered at a third-party registrar.

You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.

Select and Place:

ANSWER:

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
Explanation:

1. Add the custom domain name to your directory

2. Add a DNS entry for the domain name at the domain name registrar

3. Verify the custom domain name in Azure AD

Reference: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain

Manage Azure identities and governance

QUESTION NO: 15

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a
distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid
coexistence with the on-premises Active Directory domain.

You have a server named DirSync1 that is configured as a DirSync server.

You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure
AD immediately.

Solution: You restart the NetLogon service on a domain controller.

Does the solution meet the goal?

A. Yes

B. No

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com
ANSWER: B

DumpsBoss - Pass Your Next Certification Exam Fast!

dumpsboss.com