Valid AZ-104 Dumps shared by PassLeader for Helping Passing AZ-104 Exam! PassLeader now offer the newest AZ-104 VCE dumps and AZ-104 PDF dumps, the PassLeader AZ-104 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-104 dumps with VCE and PDF here: https://www.passleader.com/az-104.html (820 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-104 dumps from Cloud Storage: https://drive.google.com/open?id=1ms1PBdUaeBViEHIq26Ry2_bjnBBmO9PL
NEW QUESTION 791
You have a Microsoft Entra tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
NEW QUESTION 792
You have an Azure Storage account named storage1. You need to enable a user named User1 to list and regenerate storage account keys for storage1.
Solution: You assign the Storage Account Encryption Scope Contributor Role to User1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
To rotate an account’s access keys, the user must either be a Service Administrator, or must be assigned an Azure role that includes the Microsoft.Storage/storageAccounts/regeneratekey/action. Some Azure built-in roles that include this action are the Owner, Contributor, and Storage Account Key Operator Service Role roles.
https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage
NEW QUESTION 793
You have an Azure container registry named Registry1 that contains an image named image1. You receive an error message when you attempt to deploy a container instance by using image1. You need to be able to deploy a container instance by using image1.
Solution: You set Admin user to Enable for Registry1.
Does this meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 794
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the resource group blade, move VM1 to another subscription.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
NEW QUESTION 795
You have a Microsoft Entra tenant. You plan to create a group for each department at your company. You need to ensure that user and group permissions meet the following requirements:
– When a new user is added to the tenant, the user is automatically added to their department’s group.
– If a user transfers to a different department, their user permissions to department resources must be updated automatically.
– The solution must minimize administrative effort.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a security group that has the Assigned membership type.
B. Create a Conditional Access policy.
C. Create an Azure Resource Manager (ARM) template.
D. Create a security group that has the Dynamic User membership type.
E. Update the user properties.
F. Create a CSV file and import the file.
Answer: DE
Explanation:
– For option D: Create a security group that has the Dynamic User membership type. A dynamic user membership type allows users to be automatically added to or removed from the group based on specific criteria, such as department attributes. This ensures that when a new user is added or transferred to a different department, their group membership is updated automatically.
– For option E: Update the user properties. User properties, like department attributes, need to be kept up to date for dynamic groups to work correctly. By ensuring that the user’s department field is correctly populated and maintained, the system will automatically place the user in the appropriate department group.
NEW QUESTION 796
You have an Azure subscription that contains two users named User1 and User2. You need to enable self-service password reset (SSPR) for User1. The solution must ensure that SSPR is disabled for User2. What should you do first?
A. Disable security defaults.
B. Create a group.
C. Create an authentication context.
D. Configure an Authentication methods policy.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods-manage
NEW QUESTION 797
You have an Azure subscription that contains a virtual machine named VM1 and two users named User1 and User2. You assign User1 the Contributor role for VM1. Which two actions can User1 perform on VM1? (Each correct answer presents a complete solution. Choose two.)
A. Configure a daily backup.
B. Assign User2 the Contributor role for VM1.
C. Assign User2 the Reader role for VM1.
D. Add a data disk.
E. Upload an image of VM1 to an Azure compute gallery.
Answer: AD
Explanation:
Contributor: Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC [Not B, Not C], manage assignments in Azure Blueprints, or share image galleries [Not E].
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged
NEW QUESTION 798
You have an Azure subscription. Your company has three external partners. You plan to deploy 10 virtual machines that will be used by the partners. You need to ensure that you can track the partners’ use of the virtual machines by using Microsoft Cost Management. The solution must minimize administrative effort. What should you do first?
A. Create a tag for each partner.
B. Define a virtual machine naming strategy.
C. Enable VM insights.
D. Create three host groups.
Answer: A
Explanation:
Microsoft Cost Management allows you to track external partners’ usage by utilizing tags on Azure resources. By applying tags related to partners, you can categorize and analyze costs associated with those partners.
https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/overview-cost-management
NEW QUESTION 799
You have an Azure subscription. You plan to create a storage account named storage1. You need to configure a deny assignment for storage1. What should you use?
A. Azure Policy
B. a landing zone
C. a deployment stack
D. an Azure Resource Manager (ARM) template
Answer: D
Explanation:
The only way to create a deny assignment is through Azure blueprints, and this can only be done when the resource is created. The resource locks protecting against other subscription Owners cannot be applied to existing resources, only new ones. Deny assignments block users from performing specific Azure resource actions even if a role assignment grants them access. But you need add this protection in the blueprint definitions of resources created by an Azure Resource Manager template artifact, and the Blueprint resource lock is set during blueprint assignment.
https://learn.microsoft.com/en-us/answers/questions/1108981/deny-assignment
NEW QUESTION 800
You have an Azure subscription that contains three virtual machines named VM1, VM2, and VM3. All the virtual machines are in an availability set named AVSet1. You need to scale up VM1 to a new virtual machine size, but the intended size is unavailable. What should you do first?
A. Create a proximity placement group.
B. Deallocate VM1.
C. Convert AvSet1 into a managed availability set.
D. Shut down VM3 and VM3.
Answer: B
Explanation:
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-machines/sizes/resize-vm.md
NEW QUESTION 801
You have a Standard Azure App Service plan named Plan1. You need to ensure that Plan1 will scale automatically when the CPU usage of the web app exceeds 80 percent. What should you select for Plan1?
A. Automatic in the Scale out method settings.
B. Automatic in the Scale out method settings.
C. Premium P1 in the Scale up (App Service plan) settings.
D. Standard S1 in the Scale up (App Service plan) settings.
E. Manual in the Scale out method settings.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling
https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started
NEW QUESTION 802
You have an Azure subscription. You need to create an Azure container instance named cont1. The solution must meet the following requirements:
– Ensure that specific configuration parameters are applied to cont1 during the container startup.
– Provide secure values to cont1 during the container startup.
What should you configure for cont1?
A. environment variables
B. a command override
C. tags
D. customer-managed keys
Answer: A
Explanation:
Environment variables allow you to pass configuration parameters and secure values (like secrets or connection strings) to the container during startup. These variables can be used by the application running inside the container to configure its behavior. This method is secure and allows you to ensure the container has the required parameters and sensitive information without hard-coding them.
NEW QUESTION 803
You plan to move a distributed on-premises app named App1 to an Azure subscription. After the planned move, App1 will be hosted on nine Azure virtual machines. You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance. What should you create?
A. one Availability Set that has 10 update domains and one fault domain
B. one virtual machine scale set that has 12 virtual machines instances
C. one virtual machine scale set that has 10 virtual machines instances
D. one Availability Set that has three fault domains and one update domain
Answer: C
Explanation:
Azure will automatically distribute 10 VMs into five update zones evenly. So during planned maintenance of one update zone only two VMs will be affected.
https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview
NEW QUESTION 804
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a new virtual machine scale set in the Azure portal.
B. Upload a configuration script.
C. Modify the extensionProfile section of the Azure Resource Manager template.
D. Create an Azure policy.
E. Create an automation account.
Answer: BC
Explanation:
– For option B: The Custom Script Extension downloads and executes scripts on Azure VMs. This extension is useful for post deployment configuration, software installation, or any other configuration/management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run-time.
– For option C: Install an app with the Custom Script Extension. The Custom Script Extension downloads and executes scripts on Azure VMs. This extension is useful for post deployment configuration, software installation, or any other configuration/management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run-time.
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app
https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-cli
NEW QUESTION 805
You have an Azure subscription. You create an Azure container registry and a container image. You need to push the container image to the container registry by using the Azure Command-Line Interface (CLI). You sign in to the container registry. Which action should you perform next?
A. Tag a container image with the name of the container registry’s login server.
B. List the images in the container registry.
C. Deploy a container group.
D. Configure a YAML file.
Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
NEW QUESTION 806
You have an Azure subscription that contains a storage account named storage1. You need to allow access to storage1 from selected networks and your home office. The solution must minimize administrative effort. What should you do first for storage1?
A. Add a private endpoint.
B. Modify the Public network access settings.
C. Select Internet routing.
D. Modify the Access Control (IAM) settings.
Answer: B
NEW QUESTION 807
You have an Azure subscription that contains two peered virtual networks named VNet1 and VNet2. VNet1 has a VPN gateway that uses static routing. The on-premises network has a VPN connection that uses the VPN gateway of VNet1. You need to configure access for users on the on-premises network to connect to a virtual machine on VNet2. The solution must minimize costs. Which type of connectivity should you use?
A. Azure Firewall with a private IP address.
B. Service chaining and user-defined routes (UDRs).
C. Azure Application Gateway.
D. ExpressRoute circuits to VNet2.
Answer: B
Explanation:
Service chaining enables you to direct traffic from one virtual network to a virtual appliance or gateway in a peered network through user-defined routes. To enable service chaining, configure user-defined routes that point to virtual machines in peered virtual networks as the next hop IP address. User-defined routes could also point to virtual network gateways to enable service chaining. You can deploy hub-and-spoke networks, where the hub virtual network hosts infrastructure components such as a network virtual appliance or VPN gateway. All the spoke virtual networks can then peer with the hub virtual network. Traffic flows through network virtual appliances or VPN gateways in the hub virtual network.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#service-chaining
NEW QUESTION 808
You have an Azure subscription that contains two peered virtual networks named VNet1 and VNet2. You have a Network Virtual Appliance (NVA) named NetVA1. You need to ensure that the traffic from VNet1 to VNet2 is inspected by using NetVA1. What should you use?
A. a local network gateway
B. a route table that has custom routes
C. a service endpoint
D. IP address reservations
Answer: B
NEW QUESTION 809
You deploy Azure virtual machines to three Azure regions. Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology. Each subnet contains a network security group (NSG) that has defined rules. A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region. Which two options can you use to diagnose the issue? (Each correct answer presents a complete solution. Choose two.)
A. Effective security rules.
B. Azure Monitor Network Insights.
C. IP flow verify.
D. Azure Virtual Network Manager.
E. Connection troubleshoot.
Answer: CE
Explanation:
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues
NEW QUESTION 810
You have an Azure web app named webapp1. You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to VNET1. You need to ensure that webapp1 can access the data hosted on VM1. What should you do?
A. Deploy an internal load balancer.
B. Peer VNET1 to another virtual network.
C. Deploy an Azure Application Gateway.
D. Connect webapp1 to VNET1.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-webapp-server-vnet
NEW QUESTION 811
You have an Azure subscription that contains a virtual machine named VM1. You plan to deploy an Azure Monitor alert rule that will trigger an alert when CPU usage on VM1 exceeds 80 percent. You need to ensure that the alert rule sends an email message to two users named User1 and User2. What should you create for Azure Monitor?
A. an action group
B. a mail-enabled security group
C. a distribution group
D. a Microsoft 365 group
Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview
NEW QUESTION 812
HotSpot
You have an Azure subscription that contains a resource group named RG1. You need to prevent administrators from inadvertently modifying the resources in RG1. How should you complete the PowerShell command? (To answer, select the options in the answer area.)
Answer:
Explanation:
Box 1: New-AzResourceLock. As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions. Use Azure PowerShell to lock deployed resources with the New-AzResourceLock command. To lock a resource, provide the resource’s name, resource type, and resource group name.
Box 2: ReadOnly. You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.
CanNotDelete means authorized users can read and modify a resource, but they can’t delete it. ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
NEW QUESTION 813
HotSpot
You have an Azure subscription and a Microsoft Entra ID P1 license. You need to perform the following actions:
– Enable self-service password reset (SSPR) for all users.
– Require the users to answer four questions when registering for SSPR.
Which two settings should you use? (To answer, select the appropriate settings in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr
NEW QUESTION 814
HotSpot
You have an Azure subscription that contains a virtual machine named VM1 and an Azure Blob Storage account named account1. Account1 contains a container named blob1. VM1 hosts an app that accesses blob1. You need to recommend a backup solution for VM1 and blob1. The solution must minimize costs. What should you include in the recommendation? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
Box 1: Microsoft System Center Data Protection Manager (DPM). Microsoft System Center Data Protection Manager (DPM) is a software product that provides centralized backup and recovery for enterprise-class workloads in a Microsoft Windows environment. It helps businesses with their BCDR (Business Continuity and Disaster Recovery) strategy by backing up and restoring data, and ensuring application consistency.
Box 2: An Azure Backup vault. To backup an Azure Blob Storage container, you can use Azure Backup to perform operational or vaulted backups. For operational backups, you can enable the backup within the storage account’s data protection settings, associating a backup vault and policy. For vaulted backups, you can retain data for up to 10 years and restore it to a different storage account.
https://learn.microsoft.com/en-us/system-center/dpm/dpm-overview
NEW QUESTION 815
Drag and Drop
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains virtual machines that have Remote Desktop enabled. Several users plan to work remotely and connect to the virtual machines from a home office. You need to configure connectivity to the virtual machines to support a Point-to-Site (P2S) VPN connection for each user. Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq
https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
NEW QUESTION 816
……
Get the newest PassLeader AZ-104 VCE dumps here: https://www.passleader.com/az-104.html (820 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-104 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=1ms1PBdUaeBViEHIq26Ry2_bjnBBmO9PL