• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • AZ-104 Dumps PDF
  • 320 Questions
  • Updated On April 19, 2024

PDF + Test Engine

$55.00 Free Updates Upto 90 Days

  • AZ-104 Question Answers
  • 320 Questions
  • Updated On April 19, 2024

Test Engine

$45.00 Free Updates Upto 90 Days

  • AZ-104 Practice Questions
  • 320 Questions
  • Updated On April 19, 2024
Check Our Free Microsoft AZ-104 Online Test Engine Demo.

How to pass Microsoft AZ-104 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Microsoft AZ-104 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Microsoft AZ-104 Dumps are Worth it?

Did we mention our latest AZ-104 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Microsoft Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Microsoft Azure Administrator Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Microsoft Azure Administrator Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get AZ-104 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the AZ-104 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Microsoft AZ-104 Exam Overview:

Exam Detail Information
Exam Code AZ-104
Exam Name Microsoft Azure Administrator
Exam Cost $165 USD
Total Time 180 minutes (3 hours)
Available Languages English, Japanese, Chinese (Simplified), Korean, and Spanish
Passing Marks 700 out of 1000

Microsoft Azure Administrator Exam Topics Breakdown

Exam Topics Percentage
Manage Azure identities and governance 15-20%
Implement and manage storage 15-20%
Deploy and manage Azure compute resources 20-25%
Configure and manage virtual networks 20-25%
Monitor and back up Azure resources 10-15%
Microsoft AZ-104 Sample Question Answers

Question # 1

You deploy Azure virtual machines to three Azure regions.Each region contains a virtual network. Each virtual network contains multiple subnetspeered in a full mesh topology.Each subnet contains a network security group (NSG) that has defined rules.A user reports that he cannot use port 33000 to connect from a virtual machine in oneregion to a virtual machine in another region.Which two options can you use to diagnose the issue? Each correct answer presents acomplete solution.NOTE: Each correct selection is worth one point.

A. Azure Virtual Network Manager
B. IP flow verify
C. Azure Monitor Network Insights
D. Connection troubleshoot
E. elective security rules

Question # 2

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have an Azure subscription that contains the virtual machines shown in the followingtable.You deploy a load balancer that has the following configurations:•Name: LB1•Type: Internal•SKU: Standard•Virtual network: VNET1You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.Solution: You create a Standard SKU public IP address, associate the address to thenetwork interface of VM1, and then stop VM2.Does this meet the goal?

A. Yes
B. No

Question # 3

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result,thesequestions will not appear in the review screen.You manage a virtual network named VNet1 that is hosted in the West US Azure region.VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.Solution: From Performance Monitor, you create a Data Collector Set (DCS).Does this meet the goal?

A. Yes
B. No

Question # 4

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.Another administrator plans to create several network security groups (NSGs) in thesubscription.You need to ensure that when an NSG is created, it automatically blocks TCP port 8080between the virtual networks.Solution: You create a resource lock, and then you assign the lock to the subscription.Does this meet the goal?

A. Yes
B. No

Question # 5

You have an Azure subscription that contains the virtual machines shown in the following table. javascript:void(0) You deploy a load balancer that has the following configurations:• Name: LB1• Type internal• SKU: Standard • Virtual network VNET1You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.Solution: You create a Basic SKU public IP address, associate the address to the networkinterface of VM1, and then start VM1.Does this meet the goal?

A. Yes
B. No

Question # 6

You have an Azure DNS zone named adatum.com. You need to delegate a subdomainnamed research.adatum.com to a different DNS server in Azure. What should you do?

A. Create an PTR record named research in the adatum.com zone.
B. Create an NS record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an A record named *. research in the adatum.com zone

Question # 7

You plan to create the Azure web apps shown in the following Table. What is the minimum number of App Service plans you should create for the web apps?

A. 1
B. 2
C. 3
D. 4

Question # 8

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have an Azure Active Directory (Azure AD) tenant named Adatum and an AzureSubscription named Subscription1. Adatum contains a group named Developers.Subscription1 contains a resource group named Dev.You need to provide the Developers group with the ability to create Azure logic apps in theDev resource group.Solution: On Dev, you assign the Logic App Operator role to the Developers group.Does this meet the goal?

A. Yes
B. No

Question # 9

You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK)You need to prepare Vault! for Azure Disk Encryption.Which two actions should you perform on Vault1? Each correct answer presents part of thesolution.NOTE: Each correct selection is worth one point.

A. Create a new key.
B. Select Azure Virtual machines for deployment
C. Configure a key rotation policy.
D. Create a new secret.
E. Select Azure Disk Encryption for volume encryption

Question # 10

You have an Azure subscription that contains a storage account named account1.You plan to upload the disk files of a virtual machine to account! from your on-premisesnetwork. The on-premises network uses a public IP address space of 131.107.1.0/24.You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 willbe attached to a virtual network named VNet1. VNet1 uses an IP address space of192.168.0.0/24.You need to configure account1 to meet the following requirements:• Ensure that you can upload the disk files to account1.• Ensure that you can attach the disks to VM1.• Prevent all other access to account1.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. From the Networking blade of account1, select Selected networks
B. From the Service endpoints blade of VNet1, add a service endpoint.
C. From the Networking blade of account11, add the 131.107.1.0/24 IP address range.
D. From the Networking blade of account1. select Allow trusted Microsoft services toaccess this storage account
E. From the Networking blade of account1, add VNet1.

Question # 11

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have an Azure virtual machine named VM1. VM1 was deployed by using a customAzure Resource Manager template named ARM1.json.You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.Solution: From the Update management blade, you click Enable.Does this meet the goal?

A. Yes
B. No

Question # 12

You have an Azure AD tenant that contains the groups shown In the following table. You purchase Azure Active Directory Premium P2 licenses. To which groups can youassign a license?

A. Group 1 only
B. Group1 and Group3 only
C. Group3 and Group4 only
D. Group1, Group2, and Group3 only
E. Group1, Group2, Group3, and Group4

Question # 13

You have an Azure Active Directory (Azure AD) tenant named contoso.com.You have a CSV file that contains the names and email addresses of 500 external users.You need to create a quest user account in contoso.com for each of the 500 externalusers.Solution: from Azure AD in the Azure portal, you use the Bulk create user operation.Does this meet the goal?

A. Yes
B. No

Question # 14

You have an Azure subscription that contains 20 virtual machines, a network security group(NSG) named NSG1, and two virtual networks named VNET1 and VNET2 that are peered.You plan to deploy an Azure Bastion Basic SKU host named Bastion1 to VNET1.You need to configure NSG1 to allow inbound access from the internet to Bastion1.Which port should you configure for the inbound security rule?

A. 22
B. 443
C. 3389
D. 8080

Question # 15

After you answer a question in this section, you will NOT be able to return to it. As a result,these questions will not appear in the review screen.You have an app named App1 that is installed on two Azure virtual machines named VM1and VM2. Connections to Appl are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit. You discover that connections 10 Appl from 131.107.100.50 over TCP port 443 fail.You verity that the Load Balancer rules are configured correctly.You need to ensure that connections to Appl can be established successfully from131.107.100.50 over TCP port 443.Solution: You create an inbound security rule that allows any traffic from the AzureloadBalancer source and has a priority of 150.Does this meet the goal?

A. Yes
B. No

Question # 16

You have an Azure Storage account named storage1. You plan to use AzCopy to copy data to storage1. You need to identify the storage services in storage1 to which you can copy the data. What should you identify?

A. blob, file, table, and queue 
B. blob and file only
 C. file and table only 
D. file only 
E. blob, table, and queue only 

Question # 17

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment. Does this meet the goal?

A. Yes 
B. No 

Question # 18

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? 

A. a Desired State Configuration (DSC) extension 
B. thePublish-AzVMDscConfigurationCmdlet 
C. a Microsoft Intune device configuration profile 
D. Deployment Center in Azure App Service 

Question # 19

You have an Azure subscription that contains the resources in the following table. Store1 contains a Tile share named data. Data contains 5,000 files. You need to synchronize the files in the file share named data to an on-premises server named Server1. Which three actions should you perform? Each correct answer presents part of the solution.

A. Download an automation script. 
B. Create a container instance. 
C. Create a sync group. 
D. Register Server1.
 E. Install the Azure File Sync agent on Server1. 

Question # 20

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1. Solution: From the Azure CLI, you run the kubectl client. Does this meet the goal?

A. Yes 
B. No 

Question # 21

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?

A. NSG flow logs 
B. Connection troubleshoot 
C. IP flow verify 
D. Connection monitor 

Question # 22

You have an on-premises server that contains a folder named D:\Folder1. You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contoso data. Which command should you run?

A. https://contosodata.blob.core.windows.net/public 
B. azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot 
C. azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive 
D. az storage blob copy start-batch D:\Folder1 https:// contosodata.blob.core.windows.net/public

Question # 23

You have an Azure subscription named AZPT1 that contains the resources shown in the following table: 

A. VM1, storage1, VNET1, and VM1Managed only 
B. VM1 and VM1Managed only 
C. VM1, storage1, VNET1, VM1Managed, and RVAULT1 
D. RVAULT1 only 

Question # 24

You have an Azure subscription that contains the resources shown in the following table. 

A. Remove Microsoft.Network/virtualNetworks from the policy. 
B. Create an Azure Resource Manager template. 
C. Remove Microsoft.Compute/virtualMachines from the policy. 
D. Add a subnet to VNET1. 

Question # 25

You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1. What can you configure during the deployment of VM2?

A. virtual machine size 
B. operating system 
C. administrator username 
D. resource group 

Question # 26

You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2. You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2. What should you include in the Availability Set?

A. one update domain 
B. two fault domains 
C. one fault domain 
D. two update domains 

Question # 27

Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains a datacenter. You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered. You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters. What should you create? 

A. three virtual WANs and one virtual hub 
B. three virtual hubs and one virtual WAN 
C. three On-premises data gateways and one Azure Application Gateway 
D. three Azure Application Gateways and one On-premises data gateway 

Question # 28

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments. Does this meet the goal? 

A. Yes 
B. No 

Question # 29

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.  Each virtual machine uses a static IP address. You need to create network security groups (NSGs) to meet following requirements: Allow web requests from the internet to VM3, VM4, VM5, and VM6. Allow all connections between VM1 and VM2. Allow Remote Desktop connections to VM1. Prevent all other network traffic to VNET1. What is the minimum number of NSGs you should create?

A. 1 
B. 3 
C. 4 
D. 12

Question # 30

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal? 

A. Yes 
B. No 

Question # 31

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? 

A. Floating IP (direct server return) to Enabled
 B. Idle Time-out (minutes) to 20 
C. Protocol to UDP 
D. Session persistence to Client IP and Protocol 

Question # 32

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Add a service endpoint to VNet1 
B. Reset GW1 
C. Create a route-based virtual network gateway
 D. Add a connection to GW1 
E. Delete GW1 
F. Add a public IP address space to VNet1 

Question # 33

You have the Azure virtual machines shown in the following table. You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first?

A. Configure the extensions for VM3 and VM4. 
B. Create a new Recovery Services vault. 
C. Create a storage account. 
D. Create a new backup policy. 

Question # 34

You have an Azure subscription. You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines. What should you modify on VM1?

A. Integration Services 
B. the network adapters 
C. the memory 
D. the hard drive 
E. the processor 

Question # 35

You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use?

A. Linux Diagnostic Extension (LAD) 3.0 
B. Azure Analysis Services 
C. the AzurePerformanceDiagnostics extension 
D. Azure HDInsight 

Question # 36

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use?

A. Azure Active Directory (Azure AD) Application Proxy 
B. Azure Application Insights 
C. Azure Custom Script Extension 
D. the New-AzConfigurationAssignement cmdlet 

Question # 37

Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: A web app named webapp1 A virtual network named VNET1 You need to ensure that webapp1 can connect to Share1. What should you deploy?

A. an Azure Application Gateway 
B. an Azure Active Directory (Azure AD) Application Proxy 
C. an Azure Virtual Network Gateway 

Question # 38

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour. Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source. Does this meet the goal?

A. Yes 
B. No 

Question # 39

You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users. You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA. What should you do?

A. From the multi-factor authentication page, configure the users’ settings. 
B. From Azure AD, create a conditional access policy. 
C. From the multi-factor authentication page, configure the service settings. 
D. From the MFA blade in Azure AD, configure the MFA Server settings. 

Question # 40

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: A virtual network that has a subnet named Subnet1 Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: Priority: 100 Source: Any Source port range: * Destination: * Destination port range: 3389 Protocol: UDP Action: Allow VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSGSubnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol. Does this meet the goal?

A. Yes 
B. No 

Question # 41

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour. Solution: You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source. Does this meet the goal?

A. Yes
 B. No 

Question # 42

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: A virtual network that has a subnet named Subnet1 Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: Priority: 100 Source: Any Source port range: * Destination: * Destination port range: 3389 Protocol: UDP Action: Allow VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSGSubnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. Does this meet the goal?

A. Yes 
B. No 

Question # 43

You have an Azure subscription that contains the resources shown in the following table. You plan to restore the backup to a different virtual machine. You need to restore the backup to VM2. What should you do first?

A. From VM2, install the Microsoft Azure Recovery Services Agent 
B. From VM1, install the Windows Server Backup feature 
C. From VM2, install the Windows Server Backup feature 
D. From VM1, install the Microsoft Azure Recovery Services Agent 

Question # 44

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic. Does this meet the goal?

A. Yes 
B. No 

Question # 45

You have an Azure subscription that contains the resources shown in the following table. You need to ensure that the health probe functions correctly. What should you do?

A. On LB1, change the Unhealthy threshold to 65536. 
B. On LB1, change the port to 8080. 
C. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder. 
D. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder. 

Question # 46

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?

A. Yes 
B. No 

Question # 47

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You modify the Azure Active Directory (Azure AD) authentication policies. Does this meet this goal? 

A. Yes 
B. No 

Question # 48

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: A virtual network that has a subnet named Subnet1 Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: Priority: 100 Source: Any Source port range: * Destination: * Destination port range: 3389 Protocol: UDP Action: Allow VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol. Does this meet the goal?

A. Yes 
B. No 

Question # 49

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: A virtual network that has a subnet named Subnet1 Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: Priority: 100 Source: Any Source port range: * Destination: * Destination port range: 3389 Protocol: UDP Action: Allow VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSGSubnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1. Does this meet the goal?

A. Yes 
B. No 

Question # 50

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1 that contains the resources shown in the following table. VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1. Solution: You create NIC2 in RG2 and Central US. Does this meet the goal?

A. Yes
 B. No 

Question # 51

You have an Azure subscription that contains the resources in the following table.  You need to prevent users of VM1 and VM2 from accessing websites on the Internet. What should you do?

A. Associate the NSG to Subnet1. 
B. Disassociate the NSG from a network interface. 
C. Change the DenyWebSites outbound security rule. 
D. Change the Port_80 inbound security rule. 

Question # 52

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table. Adatum.com has the following configurations: Users may join devices to Azure AD is set to User1. Additional local administrators on Azure AD joined devices is set to None. You deploy Windows 10 to a computer named Computer. User1 joins Computer1 to adatum.com. You need to identify which users are added to the local Administrators group on Computer1. 

A. User1 only 
B. User1, User2, and User3 only 
C. User1 and User2 only 
D. User1, User2, User3, and User4 
E. User2 only 

Question # 53

You have the Azure virtual machines shown in the following table. You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?

A. Add service endpoints on VNET2 and VNET3. 
B. Configure peering between VNE11, VNETT2, and VNET3. 
C. Configure a conditional forwarder on VM1 
D. Add service endpoints on VNET1. 

Question # 54

You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table. You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com. VM1 can resolve other hosts on the internet. You need to ensure that VM1 can resolve host names in adatum.com. What should you do?

A. Update the DNS suffix on VM1 to be adatum.com. 
B. Create an SRV record in the contoso.com zone. 
C. Configure the name servers for adatum.com at the domain registrar. 
D. Modify the Access control (IAM) settings for link1. 

Question # 55

Your company has an Azure subscription named Subscription1. The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records. You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed: The DNS Manager console Azure PowerShell Azure CLI 2.0 You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort What should you use?

A. Azure PowerShell 
B. Azure CLI 
C. the Azure portal 
D. the DNS Manager console 

Question # 56

You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares. What should you do? 

A. On storagel and storage4, change the Account kind type to StorageV2 (general purpose v2). 
B. Recreate storage2 and set Hierarchical namespace to Enabled. 
C. On storage2, enable identity-based access for the file shares. 
D. Create a shared access signature (SAS) for storagel, storage2, and storage4. 

Question # 57

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. 

A. a Security group that uses the Assigned membership type 
B. an Office 365 group that uses the Assigned membership type 
C. an Office 365 group that uses the Dynamic User membership type 
D. a Security group that uses the Dynamic User membership type 
E. a Security group that uses the Dynamic Device membership type 

Question # 58

You create an App Service plan named plan1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for plan1. What should you do first?

A. From webapp1, modify the Application settings.
 B. From webapp1, add a custom domain. 
C. From plan1, scale up the App Service plan. 
D. From plan1, scale out the App Service plan. 

Question # 59

You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit. (Click the Exhibit button.) You need to enable Desired State Configuration for VM1. What should you do first?

A. Configure a DNS name for VM1. 
B. Start VM1. 
C. Connect to VM1. 
D. Capture a snapshot of VM1. 

Question # 60

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user user1@outlook.com – Generic authorization exception.” You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?

A. From the Roles and administrators blade, assign the Security administrator role to Admin1. 
B. From the Organizational relationships blade, add an identity provider. 
C. From the Custom domain names blade, add a custom domain. 
D. From the Users settings blade, modify the External collaboration settings. 

Question # 61

You have an Azure subscription. Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. a public load balancer 
B. Traffic Manager 
C. an Azure Content Delivery Network (CDN) 
D. an internal load balancer 
E. an Azure Application Gateway 

Question # 62

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?

A. Yes 
B. No 

Question # 63

You have an Azure subscription that contains a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

A. Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
 B. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources. 
C. Assign the Global administrator role to User1, and then modify the default conditional access policies. 
D. Assign the Owner role to User1, and then modify the default conditional access policies. 

Question # 64

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1 that contains the resources shown in the following table. VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1. Solution: You create NIC2 in RG1 and West US. Does this meet the goal?

A. Yes 
B. NO