PDF Only

$35.00 Free Updates Upto 90 Days
- AZ-104 Dumps PDF
- 408 Questions
- Updated On July 07, 2025
PDF + Test Engine

$55.00 Free Updates Upto 90 Days
- AZ-104 Question Answers
- 408 Questions
- Updated On July 07, 2025
Test Engine

$45.00 Free Updates Upto 90 Days
- AZ-104 Practice Questions
- 408 Questions
- Updated On July 07, 2025
How to pass Microsoft AZ-104 exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Microsoft AZ-104 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know Microsoft AZ-104 Dumps are Worth it?
Did we mention our latest AZ-104 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Microsoft Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our Microsoft Azure Administrator Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Microsoft Azure Administrator Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get AZ-104 Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the AZ-104 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
Microsoft AZ-104 Exam Overview:
Exam Detail | Information |
---|---|
Exam Code | AZ-104 |
Exam Name | Microsoft Azure Administrator |
Exam Cost | $165 USD |
Total Time | 180 minutes (3 hours) |
Available Languages | English, Japanese, Chinese (Simplified), Korean, and Spanish |
Passing Marks | 700 out of 1000 |
Microsoft Azure Administrator Exam Topics Breakdown
Exam Topics | Percentage |
---|---|
Manage Azure identities and governance | 15-20% |
Implement and manage storage | 15-20% |
Deploy and manage Azure compute resources | 20-25% |
Configure and manage virtual networks | 20-25% |
Monitor and back up Azure resources | 10-15% |
Microsoft AZ-104 Frequently Asked Questions
Question # 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users’ operation. Does this meet the goal?
A. Yes
B. No
Question # 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
A. Yes
B. No
Question # 3
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1. A user named User1 has the following roles for Subscription1: • Reader • Security Admin Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?
A. Remove User1 from the Security Reader and Reader roles for Subscription1.
B. Assign User1 the Owner role for VNet1.
C. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
D. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1
Question # 4
You have an Azure subscription that contains the virtual networks shown in the following table.All The virtual machines have only private IP addresses. You deploy an Azure Bastion host named Bastion1 to VNet1.To which virtual machines can you connect through Bastion1 ?
A. VM1 only
B. VM1 and VM2 only
C. VM1 and VM3 only
D. VM1, VM2, and VM3
Question # 5
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?
A. NSG flow logs
B. Connection troubleshoot
C. IP flow verify
D. Connection monitor
Question # 6
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a Power Shell script that runs the New-MgUser cmdlet for each user. Does this meet the goal?
A. Yes
B. NO
Question # 7
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first?
A. Move VM1 to Subscription2.
B. Modify the IP address space of VNet2.
C. Provision virtual network gateways.
D. Move VNet1 to Subscription2.
Question # 8
You have an Azure App Services web app named App1. You plan to deploy App1 by using Web Deploy. You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the principle of least privilege. What should you do?
A. Configure app-level credentials for FTPS.
B. Assign The Website Contributor role to the developers.
C. Assign the Owner role to the developers.
D. Configure user-level credentials for FTPS.
Question # 9
You have an Azure subscription That contains a Recovery Services vault named Vault1. You need to enable multi-user authorization (MAU) for Vaultl. Which resource should you create first?
A. a managed identity
B. a resource guard
C. an administrative unit
D. a custom Azure role
Question # 10
You have an Azure subscription named Subscription1 that contains the storage accountsshown in the following table: You plan to use the Azure Import/Export service to export data from Subscription1. Which account can be used to export the data. What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4
Question # 11
You have an Azure subscription that contains an Azure Storage account. You plan to create an Azure container instance named container1 that will use a Docker image namedImage1. Image1 contains a Microsoft SQL Server instance that requires persistent storage. You need to configure a storage service for Container1. What should you use?
A. Azure Files
B. Azure Blob storage
C. Azure Queue storage
D. Azure Table storage
Question # 12
You have an Azure subscription that contains a storage account. The account stores website data. You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location. What should you configure?
A. load balancing
B. private endpoints
C. Azure Firewall rules
D. Routing preference
Question # 13
You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit (Click the Exhibit tab.) You need to enable Desired State Configuration for VM1. What should you do first?
A. Configure a DNS name for VM1.
B. Start VM1.
C. Capture a snapshot of VM1.
D. Connect to VM1.
Question # 14
You have an Azure subscription that contains the resources shown in the following table. The Not allowed resource types Azure policy that has policy enforcement enabled is assigned to RG1 and uses the following parameters: Microsoft.Network/virtualNetworks Microsoft.Compute/virtualMachines In RG1, you need to create a new virtual machine named VM2 which is connected toVNET1. What should you do first?
A. Create an Azure Resource Manager template.
B. AddasubnettoVNET1.
C. Remove Microsoft. Network/virtualNetworks from the policy.
D. Remove Microsoft.Compute/virtualMachines from the policy.
Question # 15
You have an Azure web app named webapp1. You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to VNET1. You need to ensure that webapp1 can access the data hosted on VM1. What should you do?
A. Connect webapp1 to VNET1.
B. Deploy an internal load balancer.
C. Deploy an Azure Application Gateway,
D. Peer VNET1 to another virtual network.
Question # 16
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Update management blade, you click Enable. Does this meet the goal?
A. Yes
B. No
Question # 17
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address. The virtual machines host several applications that are accessible over port 443 to user on the Internet. Your on-premises network has a site-to-site VPN connection to VNet1. You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network. You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users. What should you do?
A. Modify the address space of the local network gateway.
B. Remove the public IP addresses from the virtual machines.
C. Modify the address space of Subnet1.
D. Create a deny rule in a network security group (NSG) that is linked to Subnet1
Question # 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?
A. Yes
B. No
Question # 19
You are configuring Azure AD authentication for an Azure Storage account named storage1. You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege. Which two roles should you assign to Group1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Storage Blob Data Contributor
B. Reader
C. Storage Blob Data Reader
D. Contributor
E. Storage Account Contributor
Question # 20
You have an Azure subscription that contains the resources in the following table. To which subnets can you apply NSG1?
A. the subnets on VNet1 only
B. the subnets on VNet2 only
C. the subnets on VNet3 only
D. the subnets on VNet2 and VNet3 only
E. the subnets on VNet1 VNet2, and VNet3
Question # 21
You have an Azure subscription. The subscription contains a storage account named storage1 that has the lifecycle management rules shown in the following table. On June 1, you store a blob named File1 in the Hot access tier of storage1. What is the state of File1 on June 7?
A. stored in the Archive access tier
B. stored in the Hot access tier
C. stored in the Cool access tier
D. deleted
Question # 22
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a quest user account in contoso.com for each of the 500 external users. Solution: from Azure AD in the Azure portal, you use the Bulk create user operation. Does this meet the goal?
A. Yes
B. No
Question # 23
You have an Azure policy as shown in the following exhibit.What is the effect of the policy?
A. You are prevented from creating Azure SQL servers anywhere in Subscnption1.
B. You can create Azure SQL servers in ContosoRG1 only.
C. You can create Azure SQL servers in any resource group within Subscnption1.
D. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
Question # 24
You create an App Service plan named plan1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for plan1. What should you do first?
A. From webapp1, modify the Application settings.
B. From webapp1, add a custom domain.
C. From plan1, scale up the App Service plan.
D. From plan1, scale out the App Service plan.
Question # 25
You have an Azure subscription that contains an Azure Stream Analytics job named Job1. You need to monitor input events for Job1 to identify the number of events that were NOT processed. Which metric should you use?
A. Output Events
B. Backlogged Input Events
C. Out-of-Order Events
D. Late Input Events
Question # 26
You need to create an Azure Storage account named storage1. The solution must meet the following requirements: • Support Azure Data Lake Storage. • Minimize costs for infrequently accessed data. • Automatically replicate data to a secondary Azure region. Which three options should you configure for storage1? Each correct answer presents part of the solution. NOTE: Each correct answer is worth one point.
A. the Cool access tier
B. the Hot access tier
C. hierarchical namespace
D. zone-redundant storage (ZRS)
E. geo-redundant storage (GRS)
Question # 27
You have an Azure web app named App1. App1 has the deployment slots shown in the following table: In webapp1-test, you test several changes to App1. You back up App1. You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues. You need to revert to the previous version of App1 as quickly as possible. What should you do?
A. Redeploy App1
B. Swap the slots
C. Clone App1
D. Restore the backup of App1
Question # 28
You create an Azure Storage account named Contoso storage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10. Which outbound port should be open between the home computers and the data file share?
A. 80
B. 443
C. 445
D. 3389
Question # 29
You have an Azure Storage account named storage1. For storage 1. you create an encryption scope named Scope1. Which storage types can you encrypt by using Scope1?
A. file shares only
B. containers only
C. file shares and containers only
D. containers and tables only
E. file shares, containers, and tables only
F. file shares, containers, tables, and queues
Question # 30
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address. The virtual machines host several applications that are accessible over port 443 to user on the Internet. Your on-premises network has a site-to-site VPN connection to VNet1. You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network. You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users. What should you do?
A. Modify the address space of the local network gateway.
B. Remove the public IP addresses from the virtual machines.
C. Modify the address space of Subnet1.
D. Create a deny rule in a network security group (NSG) that is linked to Subnet1.
Question # 31
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles; • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?
A. Assign User1 the Contributor role for VNet1.
B. Remove User from the Security Reader and Reader roles tot Subscription1.
C. Assign User1 the Network Contributor role for VNet1.
D. Assign User1 the User Access Administrator role for VNet1
Question # 32
You have an app named App1 that runs on an Azure web app named webapp1. The developers at your company upload an update of App1 to a Git repository named GUI. Webapp1 has the deployment slots shown in the following table You need to ensure that the App1 update is tested before the update is made available to users. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Swap the slots
B. Deploy the App1 update to webapp1-prod, and then test the update
C. Stop webapp1-prod
D. Deploy the App1 update to webapp1-test, and then test the update
E. Stop webapp1-test
Question # 33
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. a Security group that uses the Assigned membership type
B. an Office 365 group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type
Question # 34
You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?
A. Create an PTR record named research in the adatum.com zone.
B. Create an NS record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an A record named *. research in the adatum.com zone
Question # 35
You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job. What can you use as the destination of the imported data?
A. Azure Data Lake Store
B. a virtual machine
C. the Azure File Sync Storage Sync Service
D. Azure Blob storage
Question # 36
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage. You need to use AzCopy to copy data to the blob storage and file storage in storage1. Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Question # 37
You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the following table. You need to provide internet users with access to the applications that run in Cluster1. Which IP address should you include in the DNS record for Ousted?
A. 172.17.7.1
B. 131.107.2.1
C. 192.168.10.2
D. 10.0.10.11
Question # 38
question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the virtual machines shown in the following table. You deploy a load balancer that has the following configurations: •Name: LB1 •Type: Internal •SKU: Standard •Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine. Does this meet the goal?
A. Yes
B. No
Question # 39
You have an azure subscription that contains the resources shown in the following table. You create a public IP address named IPI. Which two resources can you associate to IP1. Each correct answer presents a complete solution NOTE: Each correct selection is worth one point
A. VM1
B. NIC1
C. VPN1
D. LB1
E. VNet1
Question # 40
You have an Azur« subscription that contains a virtual machine named VM1 and an Azure key vault named KV1. You need to configure encryption for VM1. The solution must meet the following requirements: • Store and use the encryption key in KV1. • Maintain encryption if VM1 is downloaded from Azure. • Encrypt both the operating system disk and the data disks. Which encryption method should you use?
A. encryption at host
B. customer-managed keys
C. Azure Disk Encryption
D. Confidential disk encryption
Question # 41
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure container registry named Registry1 that contains an image named image1. You receive an error message when you attempt to deploy a container instance by using image1. You need to be able to deploy a container instance by using image1. Solution: You set Admin user to Enable for Registry1. Does this meet the goal?
A. Yes
B. No
Question # 42
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Does this meet the goal?
A. Yes
B. No
Question # 43
You have an Azure subscription that contains 10 virtual machines, a key vault named Vault 1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region. The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet. You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort. What should you configure as the destination of the outbound security rule for NSG1?
A. a service tag
B. an application security group
C. an IP address range
Question # 44
You have an Azure subscription. You plan to migrate 50 virtual machines from VMware vSphere to the subscription. You create a Recovery Services vault. What should you do next?
A. Configure an extended network.
B. Create a recovery plan.
C. Deploy an Open Virtualization Application (OVA) template to vSphere.
D. Configure a virtual network.
Question # 45
You have an Azure subscription that contains the virtual machines shown in the following table. javascript:void(0) You deploy a load balancer that has the following configurations: • Name: LB1 • Type internal • SKU: Standard • Virtual network VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1. Does this meet the goal?
A. Yes
B. No
Question # 46
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Operator role to the Developers group. Does this meet the goal?
A. Yes
B. No
Question # 47
You have an Azure subscription. You plan to deploy the Azure container instances shown in the following table. Which instances can you deploy to a container group?
A. Instance1 only
B. Instance2only
C. Instance1 and lnstance2 only
D. Instance3 and Instance4 only
Question # 48
You have the Azure virtual machines shown in the following table. You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first?
A. Create a new Recovery Services vault.
B. Configure the extensions for VM3 and VM4.
C. Create a storage account.
D. Create a new backup policy.
Question # 49
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Question # 50
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?
A. Yes
B. NO
Question # 51
You have an on-premises server that contains a folder named D:\Folder1. You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contoso data. Which command should you run?
A. https://contosodata.blob.core.windows.net/public
B. azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot
C. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive
D. az storage blob copy start-batch D:\Folder1 https:// contosodata.blob.core.windows.net/public
Question # 52
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named Adatum.com and an Azure Subscription named Subscription1. Adatum.com contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?
A. Yes
B. No
Question # 53
You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com. What should you do first?
A. Create a CNAME record named asuid that contains the domain verification ID.
B. Create A records named www.contoso.com and asuid.contoso.com.
C. Create a TXT record named asuid that contains the domain verification ID.
D. Create a TXT record named www.contoso.com that has a value of contoso.azurewebsites.net.
Question # 54
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable. What should you deploy?
A. all three virtual machines in a single Availability Zone
B. all virtual machines in a single Availability Set
C. each virtual machine in a separate Availability Zone
D. each virtual machine in a separate Availability Set
Question # 55
You have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named www.contoso.com to webapp1. What should you do first?
A. Upload a certificate.
B. Add a connection string.
C. Stop webapp1.
D. Create a DNS record.
Question # 56
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK) You need to prepare Vault! for Azure Disk Encryption. Which two actions should you perform on Vault1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Create a new key.
B. Select Azure Virtual machines for deployment
C. Configure a key rotation policy.
D. Create a new secret.
E. Select Azure Disk Encryption for volume encryption
Question # 57
You have an Azure subscription that contains a virtual machine named VM1. You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure. You need to use Connection Monitor to identify network latency between VM1 and DC1. What should you install on DC1?
A. the Log Analytics agent
B. the Azure Network Watcher Agent virtual machine extension
C. an Azure Monitor agent extension
D. the Azure Connected Machine agent for Azure Arc-enabled servers
Question # 58
You have an Azure subscription named Sub1 that contains the blob containers shown in the following table. Sub1 contains two users named User1 and User2. Both users are assigned the Reader role at the Sub1 scope.You have a condition named Condition1 as shown in the following exhibit.
Question # 59
You have an on-premises network. You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3. The virtual networks are peered and connected to the on-premises network. The subscription contains the virtual machines shown in the following table. You need to monitor connectivity between the virtual machines and the on-premises network by using Connection Monitor. What is the minimum number of connection monitors you should deploy?
A. 1
B. 2
C. 3
D. 4
Question # 60
You have an Azure subscription that has the public IP addresses shown in the following table. You plan to deploy an Azure Bastion Basic SKU host named Bastion1. Which IP addresses can you use for Bastion1?
A. IP1 only
B. IP1 and IP2 only
C. IP3, IP4, and IPS only
D. IP1, IP2, IP4, and IP5 only
E. IP1, IP2, IP3, IP4, and IPS
Question # 61
Yon have an Azure Storage account named storage1 that contains a blob container named comainer1. You need to prevent new content added to contalner1 from being modified for one year. What should you configure?
A. an access policy
B. the access level
C. the access tier
D. the Access control (JAM) settings
Question # 62
You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size. You plan to make the following changes to VM1: • Change the size to D8s v3. • Add a 500-GB managed disk. • Add the Puppet Agent extension. • Enable Desired State Configuration Management. Which change will cause downtime for VM1?
A. Add the Puppet Agent extension.
B. Change the size to D8s v3.
C. Enable Desired State Configuration Management.
D. Add a 500-GB managed disk.
Question # 63
You have an Azure subscription that contains a storage account named storage 1. You need to ensure that the access keys for storage! rotate automatically. What should you configure?
A. a backup vault
B. redundancy for storage!
C. lifecycle management for storage1
D. an Azure key vault
E. a Recovery Services vault
Question # 64
You have an Azure subscription that contains a resource group named RG26. RG26 is sot to the West Europe location and is used to create temporary resources for a project. RG26 contains the resources shown in the following table. SQLD01 is backed up to RGV1. When the project is complete, you attempt to delete RG26 from the Azure portal. Thedeletion fails. You need to delete RG26. What should you do first?
A. Stop the backup of SQLDB01.
B. Delete sa001.
C. Delete VM1.
D. StopVM1.
Question # 65
You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template. You need to view the template used for the deployment. From which blade can you view the template that was used for the deployment?
A. RG1
B. VM1
C. Storage1
D. Container1
Question # 66
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?
A. Yes
B. No
Question # 67
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Overview blade, you move the virtual machine to a different resource group. Does this meet the goal?
A. Yes
B. No
Question # 68
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1. You plan to configure Azure Monitor for VM Insights. You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1. What should you create first?
A. an Azure Monitor Private Link Scope (AMPIS)
B. a private endpoint
C. a Log Analytics workspace
D. a data collection rule (DCR)
Question # 69
You have an Azure subscription. You plan to deploy a container. You need to recommend which Azure services can scale the container automatically. What should you recommend?
A. Azure Container Apps only
B. Azure Container Instances only
C. Azure Container Apps or Azure App Service only
D. Azure Container Instances or Azure App Service only
E. Azure Container Apps, Azure Container Instances, or Azure App Service
Question # 70
You have an Azure subscription that contains two Log Analytics workspaces named Workspace 1 and Workspace? and 100 virtual machines that run Windows Server. You need to collect performance data and events from the virtual machines. The solution must meet the following requirements: • Logs must be sent to Workspace! and Workspace? • All Windows events must be captured • All security events must be captured. What should you install and configure on each virtual machine?
A. the Azure Monitor agent
B. the Windows Azure diagnostics extension (WAD)
C. the Windows VM agent
Question # 71
You have an Azure App Service app named App1 that contains two running instances. You have an autoscale rule configured as shown in the following exhibit. For the Instance limits scale condition setting, you set Maximum to 5. During a 30-minute period, App1 uses 80 percent of the available memory. What is the maximum number of instances for App1 during the 30-minute period?
A. 2
B. 3
C. 4
D. 5
Question # 72
You have an Azure App Service app named Appl that contains two running instances. You havean autoscale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute pefiod:
A. 2
B. 3
C. 4
D. 5
Question # 73
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user user1@outlook.com – Generic authorization exception.” You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?
A. From the Roles and administrators blade, assign the Security administrator role to Admin1.
B. From the Organizational relationships blade, add an identity provider.
C. From the Custom domain names blade, add a custom domain.
D. From the Users settings blade, modify the External collaboration settings.
Question # 74
You have an Azure Active Directory (Azure AD) tenant. You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center. You need to create and upload a file for the bulk delete. Which user attributes should you include in the file?
A. The user principal name and usage location of each user only
B. The user principal name of each user only
C. The display name of each user only
D. The display name and usage location of each user only
E. The display name and user principal name of each user only
Question # 75
You plan to create the Azure web apps shown in the following Table. What is the minimum number of App Service plans you should create for the web apps?
A. 1
B. 2
C. 3
D. 4
Question # 76
You have an Azure subscription that contains a storage account named storage 1. You need to allow access to storage1 from selected networks and your home office. The solution must minimize administrative effort. What should you do first for storage1?
A. Add a private endpoint.
B. Modify the Public network access settings.
C. Select Internet routing
D. Modify the Access Control (1AM) settings.
Question # 77
You have an Azure subscription that contains two virtual machines named VM1 and VM2 You create an Azure load balancer. You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2. Which two additional load balance resources should you create before you can create the load balancing rule? Each correct answer presents part of the solution MOTL Each correct selection 5 worth one point.
A. a frontend IP address
B. a backend pool
C. a health probe
D. an inbound NAT rule
E. a virtual network
Question # 78
You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1. You need to prevent VM1 from accessing VM2 on port 3389. What should you do?
A. Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
B. Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.
C. Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1.
D. Configure Azure Bastion in VNet1.
Question # 79
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure container registry named Registry1 that contains an image named image1. You receive an error message when you attempt to deploy a container instance by using image1. You need to be able to deploy a container instance by using image1. Solution: You create a private endpoint connection for Registry1. Does this meet the goal?
A. Yes
B. No
Question # 80
You have an Azure subscription that contains the virtual networks shown in the following table. You need to ensure that all the traffic between VNet1 and VNet2 traverses the Microsoft backbone network. What should you configure?
A. ExpressRoute
B. a private endpoint
C. peering
D. a route table
Question # 81
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule. Does this meet the goal?
A. Yes
B. No
Question # 82
You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic. Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. a Data Collection Rule (OCR) in Azure Monitor
B. a Log Analytics workspace
C. an Azure Monitor workbook
D. a storage account
E. a Microsoft Sentinel workspace
Leave a comment
Your email address will not be published. Required fields are marked *