Practice Free Microsoft AZ-104 Exam Questions Online, AZ-104 Free Demo

Question 16 Selectable Answer

You have a registered DNS domain named contoso.com.
You create a public Azure DNS zone named contoso.com.
You need to ensure that records created in the contoso.com zone are resolvable from the internet.
What should you do?

A. Create NS records in contoso.com.
B. Modify the SOA record in the DNS domain registrar.
C. Create the SOA record in contoso.com.
D. Modify the NS records in the DNS domain registrar.

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question 17 Written Answer

Drag and Drop
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of contoso.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Answer:

Explanation:
The process is simple:
Add the custom domain name to your directory
Add a DNS entry for the domain name at the domain name registrar Verify the custom domain name in Azure AD
References: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain

Question 18 Written Answer

You ma nage two Azure subscriptions named Subscription1 and S ubscription2.
Subscription1 has following virtual networks:

The virtual networks contain the following subnets:

Subscription2 contains the following virtual network:
- Name: VNETA
- Address space: 10.10.128.0/17
- Location: Canada Central
VNETA contains the following subnets:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer: NYY
Explanation:
Box 1: Yes
With VNet-to-VNet you can connect Virtual Networks in Azure across different regions.
Box 2: Yes
Azure supports the following types of peering:
Virtual network peering: Connect virtual networks within the same Azure region.
Global virtual network peering: Connecting virtual networks across Azure regions.
Box 3: No
The virtual networks you peer must have non-overlapping IP address spaces.
Reference:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-across-different-regions/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints

Question 19 Selectable Answer

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You add the Microsoft Monitoring Agent VM extension to VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

A. Yes
B. No

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

Question 20 Written Answer

Drag and Drop
You have downloaded an Azure Resource Manager (ARM) template to deploy numerous virtual machines (VMs). The ARM template is based on a current VM, but must be adapted to reference an administrative password.
You need to make sure that the password cannot be stored in plain text.
You are preparing to create the necessary components to achieve your goal.
Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area.

Answer:

Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.

Question 21 Selectable Answer

Case Study 1 - Humongous Insurance

Overview
Existing Environment
Humongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok.
Each has 5000 users.

Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com.
The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.

Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.

Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.

Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.

Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.

Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.

Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group namedAll_Resources:
✑ Default Azure system routes that will be the only routes used to route traffic
✑ A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
✑ A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
✑ A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4
You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.

Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.

Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
✑ Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups.
✑ During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.

Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.

You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?

A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com

Answer:
Explanation:
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

Question 22 Selectable Answer

You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?

A. Linux Diagnostic Extension (LAD) 3.0
B. Azure Analysis Services
C. The AzurePerformanceDiagnostics extension
D. Azure HDInsight

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/diagnostics-linux

Question 23 Selectable Answer

You have an Azure subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution. NOTE:Each correct selection is worth one point.

A. Modify the firewall of storageacct1234.
B. View blob data in storageacct1234.
C. View file shares in storageacct1234.
D. Upload blob data to storageacct1234.
E. Assign roles to User2 for storageacct1234.

Answer:

Question 24 Written Answer

Drag and Drop
You have an Azure subscription that contains two om-premises locations named site1 and site2.
You need to connect site1 and site2 by using an Azure Virtual WAN.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal

Question 25 Selectable Answer

You have an Azure subscription that contains an Azure Storage account.
You plan to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.
You need to configure a storage service for Container1.
What should you use?

A. Azure Files
B. Azure Blob storage
C. Azure Queue storage
D. Azure Table storage

Answer:
Explanation:
Azure file shares can be used as persistent volumes for stateful containers. Containers deliver "build once, run anywhere" capabilities that enable developers to accelerate innovation. For the containers that access raw data at every start, a shared file system is required to allow these containers to access the file system no matter which instance they run on. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

Question 26 Written Answer

Drag and Drop
You have an on-premises network that includes a Microsoft SQL Server instance named SQL1.
You create an Azure Logic App named App1.
You need to ensure that App1 can query a database on SQL1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
To access data sources on premises from your logic apps, you can create a data gateway resource in Azure so that your logic apps can use the on-premises connectors.
Box 1: From an on-premises computer, install an on-premises data gateway. Before you can connect to on-premises data sources from Azure Logic Apps, download and install the on-premises data gateway on a local computer.
Box 2: From the Azure portal, create an on-premises data gateway Create Azure resource for gateway
After you install the gateway on a local computer, you can then create an Azure resource for your gateway. This step also associates your gateway resource with your Azure subscription.
✑ Sign in to the Azure portal. Make sure you use the same Azure work or school email address used to install the gateway.
✑ On the main Azure menu, select Create a resource > Integration > On-premises data gateway.

✑ On the Create connection gateway page, provide this information for your gateway resource.
✑ To add the gateway resource to your Azure dashboard, select Pin to dashboard. When you're done, choose Create.
Box 3: From the Logic Apps Designer in the Azure portal, add a connector After you create your gateway resource and associate your Azure subscription with this resource, you can now create a connection between your logic app and your on-premises data source by using the gateway.
✑ In the Azure portal, create or open your logic app in the Logic App Designer.
✑ Add a connector that ✑ supports on-premises connections, for example, SQL Server.
✑ Set up your connection.
References: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection

Question 27 Selectable Answer

You have an Azure Resource Manager template named Template1 that is used to deploy an Azure virtual machine.
Template1 contains the following text:

The variables section in Template1 contains the following text:
"location": "westeurope"
The resources section in Template1 contains the following text:

You need to deploy the virtual machine to the West US location by using Template1.
What should you do?

A. Modify the location in the resource section to westus
B. Select West US during the deployment
C. Modify the location in the variables section to westus

Answer:

Question 28 Written Answer

You have a virtual network named VNET1 that contains the subnets shown in the following table:

You have two Azure virtual machines that have the network configurations shown in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Yes
The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433 from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.
Box 2: Yes
No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.
Box 3: Yes
No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 29 Selectable Answer

SIMULATION

Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab
You may start the lab by clicking the Next button.
Your company plans to host in Azure the source files of several line-of-business applications.
You need to create an Azure file share named corpsoftware in the storagelod8095859 storageaccount. The solution must ensure the corpsoftware can store only up to 250 GB of data.

What should you do from the Azure portal?

A. See below explanation

Answer:
Explanation:
Step 1. Go to the Storage Account blade on the Azure portal:

Step 2. Click on add File Share button:

Step 3. Provide Name (storagelod8095859) and Quota (250 GB).

References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share

Question 30 Written Answer

You have an Azure subscription named Subscription1 that contains a virtual network VNet1.
You add the users in the following table.

Which user can perform each configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: User1 and User3 only.
User1: The Owner Role lets you manage everything, including access to resources. User3: The Network Contributor role lets you manage networks, including creating subnets.
Box 2: User1 only.
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftnetwork

Test Online Free Microsoft AZ-104 Exam Questions and Answers