Guaranteed AZ-104 Faq 2021

NEW QUESTION 1

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and Central US. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

NEW QUESTION 2

You have an Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1. You need to identify the data that can be exported by using Export1. Which data should you identify?

• A. DB1
• B. Table1
• C. container1
• D. Share1

Answer: D

Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

NEW QUESTION 3

You have Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following resource groups:

RG1 includes a web app named App1 in the West Europe location. Subscription2 contains the following resource groups:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-limitations/app-service-mov

NEW QUESTION 4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
You would need the Logic App Contributor role. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet this goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 6

You have an Azure policy as shown in the following exhibit.

What is the effect of the policy?
Which of the following statements are true?

• A. You can create Azure SQL servers in ContosoRG1.
• B. You are prevented from creating Azure SQL servers anywhere in Subscription 1.
• C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
• D. You can create Azure SQL servers in any resource group within Subscription 1.

Answer: A

Explanation:
You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1

NEW QUESTION 7

You have an Azure Active Directory tenant named Contoso.com that includes following users:

Contoso.com includes following Windows 10 devices:

You create following security groups in Contoso.com:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
User1 is a Cloud Device Administrator. Device2 is Azure AD joined.
Group1 has the assigned to join type. User1 is the owner of Group1.
Note: Assigned groups - Manually add users or devices into a static group.
Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD Box 2: No
User2 is a User Administrator. Device1 is Azure AD registered.
Group1 has the assigned join type, and the owner is User1.
Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential.
Box 3: Yes
User2 is a User Administrator. Device2 is Azure AD joined.
Group2 has the Dynamic Device join type, and the owner is User2. References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview

NEW QUESTION 8

You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration. Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Onboard the virtual machines to Azure Automation State Configuration. Onboard the Azure VM for management with Azure Automation State Configuration Step 4: Assign the node configuration
Step 5: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status — whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant"
References:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

NEW QUESTION 9

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com. You configure 60 users to connect to mailboxes in Microsoft Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes.
What should you do?

• A. From the multi-factor authentication page, configure the Multi-Factor Auth status for each user
• B. From Azure Active Directory admin center, create a conditional access policy
• C. From the multi-factor authentication page, modify the verification options
• D. From the Azure Active Directory admin center, configure an authentication method

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 10

You create an App Service plan named App1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for App1.
What should you do first?

• A. From webapp1, modify the Application settings.
• B. From webapp1, add a custom domain.
• C. From App1, scale up the App Service plan.
• D. From App1, scale out the App Service plan.

Answer: C

Explanation:
https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up

NEW QUESTION 11

You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted
by malicious attacks that exploit commonly known vulnerabilities. References:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

NEW QUESTION 12

You have an Azure subscription that contains a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

• A. Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
• B. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
• C. Assign the Global administrator role to User1, and then modify the default conditional access policies.
• D. Assign the Owner role to User1, and then modify the default conditional access policies.

Answer: A

NEW QUESTION 13

You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2021. You plan to set up Azure File Sync between Server1 and the Azure file share. You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service.
The Server Registration UI should open automatically after installation of the Azure File Sync agent.

NEW QUESTION 14

You have an Azure subscription that contains a resource group named Test RG. You use TestRG to validate an Azure deployment.
TestRG contains the following resources:

You need to delete TestRG.
What should you do first?

• A. Modify the backup configurations of VM1 and modify the resource lock type of VNET1.
• B. Turn off VM1 and delete all data in Vault1.
• C. Remove the resource lock from VNET1 and delete all data in Vault1.
• D. Turn off VM1 and remove the resource lock from VNET1.

Answer: D

Explanation:
When you want to delete the resource, you first need to remove the lock. References:
https://docs.microsoft.com/sv-se/azure/azure-resource-manager/management/lock-resources

NEW QUESTION 15

You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 10
One public and one private network interface for each of the five VMs. Box 2: 1
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

NEW QUESTION 16

You have Azure virtual machines that run Windows Server 2021 and are configured as shown in the following table.

You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.
For contoso.com, you create a virtual network link named link1 as shown in the exhibit. (Click the Exhibit tab.)

You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com.
VM1 can resolve other hosts on the internet.
You need to ensure that VM1 can resolve host names in adatum.com. What should you do?

• A. Update the DNS suffix on VM1 to be adatum.com.
• B. Create an SRV record in the contoso.com zone.
• C. Configure the name servers for adatum.com at the domain registrar.
• D. Modify the Access control (IAM) settings for link1.

Answer: D

NEW QUESTION 17

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint
document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. a Security group that uses the Assigned membership type
• B. an Office 365 group that uses the Assigned membership type
• C. an Office 365 group that uses the Dynamic User membership type
• D. a Security group that uses the Dynamic User membership type
• E. a Security group that uses the Dynamic Device membership type

Answer: BC

Explanation:
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.

NEW QUESTION 18

You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 19

You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: always
Endpoint status is enabled. Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.

Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage

NEW QUESTION 20

You plan to deploy an Azure container instance by using the following Azure Resource Manager template.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 21

Your on-premises network contains an Active Directory domain named adatum.com that is synced to Azure Active Directory (Azure AD). Password writeback is disabled.
In adatum.com, you create the users shown in the following table.

Which users must sign in from a computer joined to adatum.com?

• A. User2 only
• B. User1 and User3 only
• C. User1, User2, and User3
• D. User2 and User3 only
• E. User1 only

Answer: E

Explanation:
Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback

NEW QUESTION 22
......