• Home
  • Articles
  • AZ-104 Exam Dumps, AZ-104 Practice Test Questions [Q275-Q292]

AZ-104 Exam Dumps, AZ-104 Practice Test Questions [Q275-Q292]

Share

AZ-104 Exam Dumps, AZ-104 Practice Test Questions

PDF (New 2021) Actual Microsoft AZ-104 Exam Questions

NEW QUESTION 275
You have an Azure Active Directory (Azure AD) tenant that has Azure AD Privileged Identity Management configured.
You have 10 users who are assigned the Security Administrator role for the tenant.
You need the users to verify whether they still require the Security Administrator role.
What should you do?

  • A. From Azure AD Identity Protection, configure a user risk policy.
  • B. From Azure AD Identity Protection, configure the Weekly Digest.
  • C. From Azure AD Privileged Identity Management, create a conditional access policy.
  • D. From Azure AD Privileged Identity Management, create an access review.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review
To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure AD Privileged Identity Management (PIM) to create access reviews for privileged Azure AD roles. You can also configure recurring access reviews that occur automatically.
Steps:
1. Sign in to Azure portal with a user that is a member of the Privileged role administrator role.
2. Open Azure AD Privileged Identity Management.
3. Select Azure AD roles.
4. Under Manage, select Access reviews, and then select New.

References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review

 

NEW QUESTION 276
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
Box 2: ILB1
References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

 

NEW QUESTION 277
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.

You create two user accounts that are configured as shown in the following table.

To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Group 1 only
First rule applies
Box 2: Group1 and Group2 only
Both membership rules apply.
References:
https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections

 

NEW QUESTION 278
You have an Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: storageaccount1 and storageaccount2 only
Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options

 

NEW QUESTION 279
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.

The users have the attribute shown in the following table.

You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You add a mobile phone number for User2 and User4.
Does this meet the Goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Explanation
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

 

NEW QUESTION 280
You have Azure subscription that includes following Azure file shares:
You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group.
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

 

NEW QUESTION 281
You need to create an Azure Storage account that meets the following requirements:
* Minimizes costs
* Supports hot, cool, and archive blob tiers
* Provides fault tolerance if a disaster affects the Azure region where the account resides How should you complete the command? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point

Answer:

Explanation:

Explanation
Box 1: StorageV2
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts do not support tiering.
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.

 

NEW QUESTION 282
You have a sync group that has the endpoints shown in the following table.

Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
File1: Endpoint3 only
Cloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares into a cache, rather than a complete copy of the dataset, to help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files.
File2: Endpoint1, Endpoint2, and Endpoint3
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering

 

NEW QUESTION 283
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks.
Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta

 

NEW QUESTION 284
You have an Azure subscription named Subcription1 that contains the storage accounts shown in the following table.

You plan 10 use the Azure Import/Export service to export data from Subscription1.

  • A. storage1
  • B. storage4
  • C. storage3
  • D. storage2

Answer: B

 

NEW QUESTION 285
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.

  • A. Azure Active Directory (AD) Identity Protection and an Azure policy
  • B. an Azure Key Vault and an access policy
  • C. a Recovery Services vault and a backup policy
  • D. an Azure Storage account and an access policy

Answer: B

Explanation:
D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com Incorrect Answers:
A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start

 

NEW QUESTION 286
You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table.

Answer:

Explanation:

 

NEW QUESTION 287
You have an Azure subscription named Subscription1 that contains the following resource group:
* Name: RG1
* Region: West US
* Tag: "tag1": "value1"
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
* Exclusions: None
* Policy definition: Append tag and its default value
* Assignment name: Policy1
* Parameters:
- Tag name: Tag2
- Tag value: Value2
After Policy1 is assigned, you create a storage account that has the following configurations:
* Name: storage1
* Location: West US
* Resource group: RG1
* Tags: "tag3": "value3"
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Box 1: "tag1": "value1" only
Box 2: "tag2": "value2" and "tag3": "value3"
Tags applied to the resource group are not inherited by the resources in that resource group.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

 

NEW QUESTION 288
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

  • A. Floating IP (direct server return) to Enabled
  • B. Protocol to UDP
  • C. Session persistence to Client IP and Protocol
  • D. Idle Time-out (minutes) to 20

Answer: C

Explanation:
Explanation
With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer For Sticky Sessions set Session persistence to Client IP or to Client IP and protocol.
On the following image you can see sticky session configuration:
Note:
* Client IP and protocol specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
* Client IP specifies that successive requests from the same client IP address will be handled by the same virtual machine.
Reference:
https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

 

NEW QUESTION 289
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?

  • A. Install and configure Azure AD Connect.
  • B. Create an Azure AD conditional access policy.
  • C. Configure a playbook in Azure AD conditional access policy.
  • D. Create and configure the Identify Hub.

Answer: B

Explanation:
Explanation
Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

 

NEW QUESTION 290
You have an Azure web app named App1 that streams video content to users. App1 is located in the East US Azure region.
Users in North America stream the video content without any interruption.
Users in Asia and Europe report that the video buffer often and do not play back smoothly.
You need to recommend a solution to improve video streaming to the European and Asian users.
What should you recommend?

  • A. Configure an Azure Content Delivery Network (CDN) endpoint.
  • B. Scale up the App Service plan.
  • C. Scale out the App Service plan.
  • D. Configure Azure File Sync.

Answer: A

Explanation:
Explanation
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs' store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world.

Reference:
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview

 

NEW QUESTION 291
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.) You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.

You need to ensure that users can connect to the website from the internet.
What should you do?

  • A. Delete Rule1.
  • B. Modify the protocol of Rule4.
  • C. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of
    501.
  • D. For Rule5, change the Action to Allow and change the priority to 401.

Answer: D

Explanation:
Explanation
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port 443.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

 

NEW QUESTION 292
......

Updated Nov-2021 Pass AZ-104 Exam - Real Practice Test Questions: https://www.dumpstillvalid.com/AZ-104-prep4sure-review.html

Dumps Moneyack Guarantee - AZ-104 Dumps UpTo 90% Off: https://drive.google.com/open?id=1d9DLnzmb0JmiN9reowUz6PceNTVttDi4

Related Articles

more
Microsoft AZ-104 Certification Practice Exam

All the exam dumps and exam training material of DumpStillValid are valid and reliable. DumpStillValid provides you with the up to date exam dumps and keeps the latest information for you. Dumps are still valid, to make your decision.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 DumpStillValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy