AZ-104 : Microsoft Azure Administrator 2024 Exam

AZ-104 Dumps
AZ-104 Braindumps
AZ-104 Real Questions
AZ-104 Practice Test
AZ-104 Actual Questions


Microsoft
AZ-104
Microsoft Azure Administrator 2023
https://killexams.com/pass4sure/exam-detail/AZ-104
Question: 81
You manage an Azure Windows Server virtual machine (VM) that hosts several SQL Server databases.
You need to configure backup and retention policies for the VM. The backup policy must include
transaction log backups.
What should you do?
A. Configure point-in-time and long-term retention policies from the SQL Servers Azure portal blade.
B. Configure a SQL Server in Azure VM backup policy from the Recovery Services Azure portal blade.
C. Configure a continuous delivery deployment group from the Virtual Machine Azure portal blade.
D. Configure a point-in-time snapshot from the Disks Azure portal blade.
Answer: B
Explanation:
You should configure a SQL Server in Azure VM backup policy from the Recovery Services Azure portal blade.
The Azure Recovery Services vault has three default policy templates:
Azure Virtual Machine
Azure File Share
SQL Server in Azure VM
Because you need to back up both the SQL Server databases as well as transaction logs, you should create a SQL
Server in Azure VM backup policy. These policies also enable you to specify backup retention durations at the daily,
weekly, monthly, and yearly scopes.
You should not configure point-in-time and long-term retention policies from the SQL Servers Azure portal blade.
These backup and retention policies are available for the Azure SQL Database platform-as-a-service (PaaS) offering,
and not for Azure virtual machines hosting SQL Server databases.
You should not configure a continuous delivery deployment group from the Virtual Machine Azure portal blade. This
feature is unrelated to VM backup and recovery, and allows you to integrate a VM in a Visual Studio Team Services
(VSTS) continuous integration/continuous deployment (Cl/CD) workflow.
You should not configure a point-in-time snapshot from the Disks Azure portal blade. The snapshot functionality in
Azure does not have formal policy associated with it, nor does it back up VM configuration.
Question: 82
Your company’s local environment consists of a single Active Directory Domain Services (AD DS) domain.
You plan to offer your users single sign-on (SSO) access to Azure-hosted software-as-a-service (SaaS) applications
that use Azure Active Directory (Azure AD) authentication. The tenant’s current domain name is
companycom.onmicrosoft.com.
You need to configure Azure AD to use company.com, the organization’s owned public domain name.
What should you do?
A. Add a company.com user principal name (UPN) suffix to the AD DS domain.
B. Run Azure AD Connect from a domain member server and specify the custom installation option.
C. Remove the companycom.onmicrosoft.com domain name from the Azure AD tenant.
D. Add a DNS verification record at the domain registrar.
Answer: D
Explanation:
You should add a Domain Name System (DNS) verification record at the domain registrar. This step is required to
verify to Microsoft that you own the public DNS domain name in question. You perform the validation by creating
either a text (TXT) or mail exchanger (MX) record in your DNS zone file at the registrar’s website, using Microsoft-
provided values. You can delete the verification record after Azure validates the domain for use with Azure AD.
You should not remove the companycom.onmicrosoft.com domain name from the Azure AD tenant. In fact, you
cannot remove this domain name because Azure uses it to identify your directory uniquely across the entire Microsoft
Azure global ecosystem.
You should not add a company.com user principal name (UPN) suffix to the AD DS domain. If you use a non-routable
DNS domain in AD DS, then you may indeed be required to perform thisaction. However, the scenario does not
specify what AD DS domain name is currently defined. You should not run Azure AD Connect from a domain
member server and specify the custom installation option. Configuring the proper public and private DNS domain
names is one of the prerequisite steps that needs to be completed before you run the Azure AD Connect wizard for the
first time.
Question: 83
You have an Azure web app named webapp1.
Users report that they often experience HTTP 500 errors when they connect to webapp1.
You need to provide the developers of webapp1 with real-time access to the connection errors.
The solution must provide all the connection error details.
What should you do first?
A. From webapp1, enable Web server logging
B. From Azure Monitor, create a workbook
C. From Azure Monitor, create a Service Health alert
D. From webapp1, turn on Application Logging
Answer: A
Question: 84
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
You should use a policy definition.
Resource policy definition used by Azure Policy enables you to establish conventions forresources in your organization
by describing when the policy is enforced and what effect to take.
By defining conventions, you can control costs and more easily manage your resources.
Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
Question: 85
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual
machines.
You need to delete the Recovery Services vault.
What should you do first?
A. From the Recovery Service vault, stop the backup of each backup item.
B. From the Recovery Service vault, delete the backup data.
C. Modify the disaster recovery properties of each virtual machine.
D. Modify the locks of each virtual machine.
Answer: A
Explanation:
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a
vault, but can’t, the vault is still configured to receive backup data. Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you
can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a
vault, but can’t, the vault is still configured to receive backup data. Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items.
In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.
Question: 86
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. From the Licenses blade, assign a new license
B. From the Directory role blade, modify the directory role
C. From the Groups blade, invite the user account to a new group
Answer: B
Explanation:
Assign a role to a user
Question: 87
You have an Azure subscription that contains the resources in the following table.
To which subnets can you apply NSG1?
A. the subnets on VNet2 only
B. the subnets on VNet1 only
C. the subnets on VNet2 and VNet3 only
D. the subnets on VNet1, VNet2, and VNet3
E. the subnets on VNet3 only
Answer: E
Explanation:
All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual
network that exists in the same region and subscription as the resource.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
Question: 88
You have several Windows Server and Ubuntu Linux virtual machines (VMs) distributed across two virtual networks
(VNets):
– prod-vnet-west (West US region)
– prod-vnet-east (East US region)
You need to allow VMs in either VNet to connect and to share resources by using only the Azure backbone network.
Your solution must minimize cost, complexity, and deployment time.
What should you do?
A. Add a service endpoint to each VNet.
B. Configure peering between prod-vnet-west and prod-vnet-west.
C. Create a private zone in Azure DNS.
D. Deploy a VNet-to-VNet virtual private network (VPN).
Answer: B
Explanation:
You should configure peering between prod-vnet-west and prod-vnet-west. Peering enables VMs located on two
different Azure VNets to be grouped logically together and thereby connect and share resources. Traditional VNet
peering involves two VNets located in the same region. However, global VNet peering, generally available in summer
2018, supports VNets distributed across any Azure public region.
You should not deploy a VNet-to-VNet VPN. First, global VNet peering means that you are no longer required to use
a VPN gateway to link VNets located in different Azure regions. Second, the scenario requires that you minimize cost
and complexity.
You should not create a private zone in Azure DNS. This action would be necessary for resources in peered VNets to
resolve each other’s DNS host names. However, the scenario makes no requirement for private host name resolution.
You should not add a service endpoint to each VNet. Service endpoints allow you to limit access to certain Azure
resources, such as storage accounts and Azure SQL databases, to resources located on a single VNet. Thus, this feature
cannot be used to link two VNets as the scenario mandates.
Question: 89
You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. From the Directory role blade, modify the directory role.
B. From the Groups blade, invite the user account to a new group.
C. From the Licenses blade, assign a new license.
Answer: A
Explanation:
Assign a role to a user
Sign in to the Azure portal with an account that’s a global admin or privileged role admin for the directory.
Select Azure Active Directory, select Users, and then select a specific user from the list. For the selected user, select
Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as
Conditional access administrator. Press Select to save.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-
azure-portal
Question: 90
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting
app named App1 that does not support multiple active instances.
At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?
A. Add the Azure Performance Diagnostics agent to VM1.
B. Modify the VM size property of VM1.
C. Add VM1 to a scale set.
D. Increase the vCPU quota for the subscription.
E. Add a Desired State Configuration (DSC) extension to VM1.
Answer: E
Explanation:
https://docs.microsoft.com/en-us/azure/automation/automation-quickstart-dsc-configuration
Question: 91
You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unused disks that can be deleted.
What should you do?
A. From Microsoft Azure Storage Explorer, view the Account Management properties.
B. From the Azure portal, configure the Advisor recommendations.
C. From Cloudyn, open the Optimizer tab and create a report.
D. From Cloudyn, create a Cost Management report.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/find-unattached-disks
Question: 92
Drag and Drop
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Window Server 2016.
Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area
and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive
credit for any of the correct orders you select.

Answer:

Explanation:
At a high level, an import job involves the following steps:
Step 1: Attach an external disk to Server1 and then run waimportexport.exe
Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage.
Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker.
Step 2: From the Azure portal, create an import job.
Create an import job in your target storage account in Azure portal. Upload the drive journal files.
Step 3: Detach the external disks from Server1 and ship the disks to an Azure data center.
Provide the return address and carrier account number for shipping the drives back to you.
Ship the disk drives to the shipping address provided during job creation.
Step 4: From the Azure portal, update the import job
Update the delivery tracking number in the import job details and submit the import job.
The drives are received and processed at the Azure data center.
The drives are shipped using your carrier account to the return address provided in the importjob.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
Question: 93
You have an Azure web app named App1.
App1 has the deployment slots shown in the following table:
In webapp1-test, you test several changes to App1.
You back up App1.
You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues. You need to
revert to the previous version of App1 as quickly as possible.
What should you do?
A. Redeploy App1
B. Swap the slots
C. Clone App1
D. Restore the backup of App1
Answer: B
Explanation:
When you swap deployment slots, Azure swaps the Virtual IP addresses of the source anddestination slots, thereby
swapping the URLs of the slots. We can easily revert the deployment byswapping back.
Reference: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots
Question: 94
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named
contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
Does that meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Only a global administrator can add users to this tenant.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

User: Yuliya***** The az-104 practice tests provided by Killexams.com are updated and valid, and I answered each question correctly in the real exam. I practiced with their VCE exam simulator, which prepared me for the actual exam. I got a score of 98%, which is a remarkable achievement, and I owe it to Killexams.com.

User: Jim***** killexams.com provided me with excellent az-104 material, including valid questions and correct answers. Their professional exam simulator was also great. I was relieved to find that this preparation pack had all the necessary information I needed to pass the az-104 exam, and nothing unnecessary was included. As a result, I passed the az-104 exam with a nearly perfect score. killexams.com has earned my trust for years to come.

User: Pablo***** The az-104 exam was particularly difficult for me, but killexams.com exam material proved to be an excellent resource. I was able to score 85% by using the guidebook to prepare for the exam.

User: Emiliano***** I initially thought that I wasted money on the MICROSOFT AZURE ADMINISTRATOR 2024 brain dump test because I was not aware of the exam update. However, after contacting the killexams.com support team, I was reassured that the exam was updated and that their material was up to date. I was impressed by their performance and customer support, and I am looking forward to taking my MICROSOFT AZURE ADMINISTRATOR 2024 exam in two weeks.

User: Harold***** I am delighted because I scored very high in my az-104 exam thanks to Killexams.com. I could not believe I would be able to do it, but Killexams.com made me believe otherwise. The internet educators are doing an excellent job, and I salute them for their determination and devotion to their work.

---