Azure 104 Dumps – 50 Realistic Questions to Prepare with Confidence.
Getting ready for your AZ-104 certification exam? Start your preparation the smart way with our Azure 104 Dumps – a carefully crafted set of 50 realistic, exam-style questions to help you practice effectively and boost your confidence.
Using a Azure 104 Dumps free for AZ-104 exam is one of the best ways to:
- Familiarize yourself with the actual exam format and question style
- Identify areas where you need more review
- Strengthen your time management and test-taking strategy
Below, you will find 50 free questions from our Azure 104 Dumps resource. These questions are structured to reflect the real exam’s difficulty and content areas, helping you assess your readiness accurately.
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements - Planned Changes - Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure. Move the existing product blueprint files to Azure Blob storage. Create a hybrid directory to support an upcoming Microsoft 365 migration project. Technical Requirements - Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers. Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet. Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary. Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines. Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. Minimize administrative effort whenever possible. User Requirements - Contoso identifies the following requirements for users: Ensure that only users who are part of a group named Pilot can join devices to Azure AD. Designate a new user named Admin1 as the service admin for the Azure subscription. Admin1 must receive email alerts regarding service outages. Ensure that a new user named User3 can create network objects for the Azure subscription. You are planning the move of App1 to Azure. You create a network security group (NSG). You need to recommend a solution to provide users with access to App1. What should you recommend?
A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.
Requirements - Planned Changes - Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.
Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.
Associate NSG2 to VNET1/Subnet2. Technical Requirements - Contoso must meet the following technical requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. HOTSPOT - You implement the planned changes for NSG1 and NSG2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.
A. Connect VM2 to VNET1/Subnet1.
B. Redeploy VM1 and VM2 to the same availability zone.
C. Redeploy VM1 and VM2 to the same availability set.
D. Create a new NSG and associate the NSG to VNET1/Subnet1.
You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort. What should you do?
A. Create a user-defined route from VNET1 to VNET3.
B. Create an NSG and associate the NSG to VM1 and VM4.
C. Assign VM4 an IP address of 10.0.1.5/24.
D. Establish peering between VNET1 and VNET3.
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier. Existing Environment - The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs) Requirements - Planned Changes - Litware plans to implement the following changes: Deploy Azure ExpressRoute to the Montreal office. Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical Requirements - Litware must meet the following technical requirements: Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. Connect the New York office to VNet1 over the Internet by using an encrypted connection. Create a workflow to send an email message when the settings of VM4 are modified. Create a custom Azure role named Role1 that is based on the Reader role. Minimize costs whenever possible. HOTSPOT - You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier. Existing Environment - The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
A. Azure AD B2C
B. dynamic groups and conditional access policies
C. Azure AD Identity Protection
D. an Azure logic app and the Microsoft Identity Management (MIM) client
HOTSPOT - Overview - ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York. Existing Environment - Azure Environment - ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3. The subscription contains the storage accounts shown in the following table.The subscription contains the virtual machines shown in the following table.
The subscription has an Azure container registry that contains the images shown in the following table.
The subscription contains the resources shown in the following table.
Azure Key Vault - The subscription contains an Azure key vault named Vault1. Vault1 contains the certificates shown in the following table.
Vault1 contains the keys shown in the following table.
Microsoft Entra Environment - ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.
The tenant contains the groups shown in the following table.
The adatum.com tenant has a custom security attribute named Attribute1. Planned Changes - ADatum plans to implement the following changes: • Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4. • In storage1, create a new container named cont2 that has the following access policies: o Three stored access policies named Stored1, Stored2, and Stored3 o A legal hold for immutable blob storage • Whenever possible, use directories to organize storage account content. • Grant User1 the permissions required to link Zone1 to VNet1. • Assign Attribute1 to supported adatum.com resources. • In storage2, create an encryption scope named Scope1. • Deploy new containers by using Image1 or Image2. Technical Requirements - ADatum must meet the following technical requirements: • Use TLS for WebApp1. • Follow the principle of least privilege. • Grant permissions at the required scope only. • Ensure that Scope1 is used to encrypt storage services. • Use Azure Backup to back up cont1 and share1 as frequently as possible. • Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines. You need to configure Azure Backup to meet the technical requirements for cont1 and share1. To what should you set the backup frequency for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements - Planned Changes - Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure. Move the existing product blueprint files to Azure Blob storage. Create a hybrid directory to support an upcoming Microsoft 365 migration project. Technical Requirements - Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers. Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet. Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary. Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines. Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. Minimize administrative effort whenever possible. User Requirements - Contoso identifies the following requirements for users: Ensure that only users who are part of a group named Pilot can join devices to Azure AD. Designate a new user named Admin1 as the service admin for the Azure subscription. Admin1 must receive email alerts regarding service outages. Ensure that a new user named User3 can create network objects for the Azure subscription. HOTSPOT - You need to configure the Device settings to meet the technical requirements and the user requirements. Which two settings should you modify? To answer, select the appropriate settings in the answer area. Hot Area:
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -
A. From the Azure Active Directory blade, modify the Groups
B. From the Azure Active Directory blade, modify the Properties
C. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings
D. From the Subscriptions blade, select the subscription, and then modify the Properties
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.
Requirements - Planned Changes - Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.
Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.
Associate NSG2 to VNET1/Subnet2. Technical Requirements - Contoso must meet the following technical requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. HOTSPOT - You need to configure Azure Backup to back up the file shares and virtual machines. What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.
Requirements - Planned Changes - Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.
Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.
Associate NSG2 to VNET1/Subnet2. Technical Requirements - Contoso must meet the following technical requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. HOTSPOT - You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements. Which role should you assign to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.
A. On storage2, enable identity-based access for the file shares.
B. Recreate storage2 and set Hierarchical namespace to Enabled.
C. On storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).
D. Create a shared access signature (SAS) for storage1, storage2, and storage4.
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements - Planned Changes - Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure. Move the existing product blueprint files to Azure Blob storage. Create a hybrid directory to support an upcoming Microsoft 365 migration project. Technical Requirements - Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers. Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet. Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary. Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines. Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. Minimize administrative effort whenever possible. User Requirements - Contoso identifies the following requirements for users: Ensure that only users who are part of a group named Pilot can join devices to Azure AD. Designate a new user named Admin1 as the service admin for the Azure subscription. Admin1 must receive email alerts regarding service outages. Ensure that a new user named User3 can create network objects for the Azure subscription. You need to implement a backup solution for App1 after the application is moved. What should you create first?
A. a recovery plan
B. an Azure Backup Server
C. a backup policy
D. a Recovery Services vault
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -
A. Generate an access key. Map a drive, and then copy the files by using File Explorer.
B. Use Azure Storage Explorer to copy the files.
C. Use the Azure Import/Export service.
D. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
Overview - Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment - Currently, Contoso uses multiple types of servers for business operations, including the following: File servers Domain controllers Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier -
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.
Requirements - Planned Changes - Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.
Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.
Associate NSG2 to VNET1/Subnet2. Technical Requirements - Contoso must meet the following technical requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. HOTSPOT - You need to create container1 and share1. Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.
A. storage1
B. storage2
C. storage3
D. storage4
You have an Azure subscription. The subscription contains 10 virtual machines that run Windows Server. Each virtual machine hosts a website in IIS and has the Azure Monitor Agent installed. You need to collect the IIS logs from each virtual machine and store them in a Log Analytics workspace. What should you configure first?
A. a data collection endpoint
B. an Azure Monitor Private Link Scope (AMPLS)
C. Diagnostic settings
D. VM insights
E. a private endpoint
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier. Existing Environment - The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs) Requirements - Planned Changes - Litware plans to implement the following changes: Deploy Azure ExpressRoute to the Montreal office. Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical Requirements - Litware must meet the following technical requirements: Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. Connect the New York office to VNet1 over the Internet by using an encrypted connection. Create a workflow to send an email message when the settings of VM4 are modified. Create a custom Azure role named Role1 that is based on the Reader role. Minimize costs whenever possible. You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
A. Diagram in VNet1
B. Diagnostic settings in Azure Monitor
C. Diagnose and solve problems in Traffic Manager profiles
D. The security recommendations in Azure Advisor
E. IP flow verify in Azure Network Watcher
HOTSPOT - You have an Azure subscription that contains two storage accounts named contoso101 and contoso102. The subscription contains the virtual machines shown in the following table.VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)
The Microsoft.Storage service endpoint has the service endpoint policy shown in the Microsoft.Storage exhibit. (Click the Microsoft.Storage tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier. Existing Environment - The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs) Requirements - Planned Changes - Litware plans to implement the following changes: Deploy Azure ExpressRoute to the Montreal office. Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical Requirements - Litware must meet the following technical requirements: Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. Connect the New York office to VNet1 over the Internet by using an encrypted connection. Create a workflow to send an email message when the settings of VM4 are modified. Create a custom Azure role named Role1 that is based on the Reader role. Minimize costs whenever possible. You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort. What should you do?
A. Create an NSG and associate the NSG to VM1 and VM4.
B. Establish peering between VNET1 and VNET3.
C. Assign VM4 an IP address of 10.0.1.5/24.
D. Create a user-defined route from VNET1 to VNET3.
HOTSPOT - You have an Azure subscription that contains an Azure Backup vault named Backup1, a Recovery Services vault named Recovery1, and the resources shown in the following table.You plan to back up the resources. Which resource can be backed up to Backup1, and which resource can be backed up to Recovery1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier. Existing Environment - The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses two ExpressRoute circuits that connect to two separate on-premises datacenters. You need to create a dashboard to display detailed metrics and a visual representation of the network topology. What should you use?
A. Azure Monitor Network Insights
B. a Data Collection Rule (DCR)
C. Azure Virtual Network Watcher
D. Log Analytics
You deploy Azure virtual machines to three Azure regions Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology. Each subnet contains a network security group (NSG) that has defined rules. A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region. Which two options can you use to diagnose the issue? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Azure Virtual Network Manager
B. IP flow verify
C. Azure Monitor Network Insights
D. Connection troubleshoot
E. elective security rules
You have an Azure subscription. You need to receive an email alert when a resource lock is removed from any resource in the subscription. What should you use to create an activity log alert in Azure Monitor?
A. a resource, a condition, and an action group
B. a resource, a condition, and a Microsoft 365 group
C. a Log Analytics workspace, a resource, and an action group
D. a data collection endpoint, an application security group, and a resource group
HOTSPOT - You have an Azure subscription that contains the alerts shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT - You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit:Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure subscription that contains the vaults shown in the following table.You deploy the virtual machines shown in the following table.
You have the backup policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1. You plan to configure Azure Monitor for VM Insights. You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1. What should you create first?
A. a data collection rule (DCR)
B. a Log Analytics workspace
C. an Azure Monitor Private Link Scope (AMPLS)
D. a private endpoint
HOTSPOT - You have an Azure subscription that contains the vaults shown in the following table.You create a storage account that contains the resources shown in the following table.
To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
You have an Azure subscription that contains an Azure Stream Analytics job named Job1. You need to monitor input events for Job1 to identify the number of events that were NOT processed. Which metric should you use?
A. Out-of-Order Events
B. Output Events
C. Late Input Events
D. Backlogged Input Events
You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.You need to configure access for VNET1. The solution must meet the following requirements: • The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone. • The virtual machines connected to VNET1 must be able to access storage1, storage2, and Azure AD by using the Microsoft backbone. What is the minimum number of service endpoints you should add to VNET1?
A. 1
B. 2
C. 3
D. 5
You have an Azure subscription that contains an Azure SQL database named DB1. You plan to use Azure Monitor to monitor the performance of DB1. You must be able to run queries to analyze log data. Which destination should you configure in the Diagnostic settings of DB1?
A. Send to a Log Analytics workspace.
B. Archive to a storage account.
C. Stream to an Azure event hub.
You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com. What should you do first?
A. Create A records named www.contoso.com and asuid.contoso.com.
B. Create a TXT record named asuid that contains the domain verification ID.
C. Create a CNAME record named asuid that contains the domain verification ID.
D. Create a TXT record named www.contoso.com that has a value of contoso.azurewebsites.net.
You have an Azure subscription. The subscription contains virtual machines that run Windows Server. You have a data collection rule (DCR) named Rule1. You plan to use the Azure Monitor Agent to collect events from Windows System event logs. You only need to collect system events that have an ID of 1001. Which type of query should you use for the data source in Rule1?
A. SQL
B. XPath
C. KQL
You have an Azure subscription that contains 10 network security groups (NSGs), 10 virtual machines, and a Log Analytics workspace named Workspace1. Each NSG is connected to a virtual machine. You need to configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected. What should you do first?
A. Deploy Connection Monitor.
B. Configure data collection endpoints.
C. Configure a private link.
D. Configure NSG flow logs.
You have an Azure subscription that contains a virtual machine named VM1. You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure. You need to use Connection Monitor to identify network latency between VM1 and DC1. What should you install on DC1?
A. the Azure Connected Machine agent for Azure Arc-enabled servers
B. the Azure Network Watcher Agent virtual machine extension
C. the Log Analytics agent
D. an Azure Monitor agent extension
HOTSPOT - You have an Azure subscription named Sub1 that contains the resources shown in the following table.Sub1 contains the following alert rule: • Name: Alert1 • Scope: All resource groups in Sub1 o Include all future resources • Condition: All administrative operations • Actions: Action1 Sub1 contains the following alert processing rule: • Name: Rule1 • Scope: Sub1 • Rule type: Suppress notifications • Apply the rule: On a specific time o Start: August 10, 2022 o End: August 13, 2022 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that has Traffic Analytics configured. You deploy a new virtual machine named VM1 that has the following settings: • Region: East US • Virtual network: VNet1 • NIC network security group: NSG1 You need to monitor VM1 traffic by using Traffic Analytics. Which settings should you configure?
A. Diagnostic settings for VM1
B. NSG flow logs for NSG1
C. Diagnostic settings for NSG1
D. Insights for VM1
You have an Azure subscription that contains a storage account named storage1 in the North Europe Azure region. You need to ensure that when blob data is added to storage1, a secondary copy is created in the East US region. The solution must minimize administrative effort. What should you configure?
A. operational backup
B. object replication
C. geo-redundant storage (GRS)
D. a lifecycle management rule
You have an Azure subscription that contains two Log Analytics workspaces named Workspace1 and Workspace2 and 100 virtual machines that run Windows Server. You need to collect performance data and events from the virtual machines. The solution must meet the following requirements: • Logs must be sent to Workspace1 and Workspace 2. • All Windows events must be captured. • All security events must be captured. What should you install and configure on each virtual machine?
A. the Azure Monitor agent
B. the Windows Azure diagnostics extension (WAD)
C. the Windows VM agent
You have an Azure subscription that contains a virtual machine named VM1 and an Azure function named App1. You need to create an alert rule that will run App1 if VM1 stops. What should you create for the alert rule?
A. an application security group
B. a security group that has dynamic device membership
C. an action group
D. an application group
HOTSPOT - You have two Azure subscriptions named Sub1 and Sub2. Sub1 is in a management group named MG1. Sub2 is in a management group named MG2. You have the resource groups shown in the following table.You have the virtual machines shown in the following table.
You assign roles to users as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure Active Directory (Azure AD) tenant that is linked to 10 Azure subscriptions. You need to centrally monitor user activity across all the subscriptions. What should you use?
A. Azure Application Insights Profiler
B. access reviews
C. Activity log filters
D. a Log Analytics workspace
DRAG DROP - You have an Azure subscription that contains a virtual machine name VM1. VM1 has an operating system disk named Disk1 and a data disk named Disk2. You need to back up Disk2 by using Azure Backup. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated to Subnet1. NSG1 only contains the default rules. You need to create a rule in NSG1 to prevent the hosts on Subnet1 form connecting to the Azure portal. The hosts must be able to connect to other internet hosts. To what should you set Destination in the rule?
A. Application security group
B. IP Addresses
C. Service Tag
D. Any
Access Full Azure 104 Dumps
Want a full-length mock test experience? Click here to unlock the complete Azure 104 Dumps and get access to hundreds of additional practice questions covering all key topics.
We regularly update our question sets to stay aligned with the latest exam objectives—so check back often for fresh content!
Start practicing with our AZ-104 mock test free today—and take a major step toward exam success!