AZ-104 Microsoft Azure Administrator Real Dumps

dumps2025-10-21T11:48:57+08:00

Microsoft Azure Administrator AZ-104 exam real dumps are valid for you to pass the test. To take Microsoft certification AZ-104 exam, you should have at least 6 months of hands-on experience administering Azure. The required passing score of Microsoft AZ-204 exam is 700. The available languages are English, Japanese, French, and so on. Free Microsoft Azure AZ-104 real dumps are available below.

Page 1 of 12

1. You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

Create a user-defined route from VNET1 to VNET3.

Assign VM4 an IP address of 10.0.1.5/24.

Establish peering between VNET1 and VNET3.

Create an NSG and associate the NSG to VMI and VM4.

2. You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.

What should you use?

Diagram in VNet1

the security recommendations in Azure Advisor

Diagnostic settings in Azure Monitor

Diagnose and solve problems in Traffic Manager Profiles

IP flow verify in Azure Network Watcher

3. HOTSPOT

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. HOTSPOT

You need to the appropriate sizes for the Azure virtual for Server2.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

5. HOTSPOT

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

6. You need to meet the technical requirement for VM4.

What should you create and configure?

an Azure Notification Hub

an Azure Event Hub

an Azure Logic App

an Azure services Bus

7. You need to recommend a solution to automate the configuration for the finance department users.

The solution must meet the technical requirements.

What should you include in the recommended?

Azure AP B2C

Azure AD Identity Protection

an Azure logic app and the Microsoft Identity Management (MIM) client

dynamic groups and conditional access policies

8. Topic 4, Humongous Insurance

Overview

Existing Environment

Humongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok.

Each has 5000 users.

Active Directory Environment

Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com.

The functional level of the forest is Windows Server 2012.

You recently provisioned an Azure Active Directory (Azure AD) tenant.

Network Infrastructure

Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.

Each office has several link load balancers that provide access to the servers.

Active Directory Issue

Several users in humongousinsurance.com have UPNs that contain special characters.

You suspect that some of the characters are unsupported in Azure AD.

Licensing Issue

You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.

Requirements

Planned Changes

Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.

Planned Azure AD Infrastructure

The on-premises Active Directory domain will be synchronized to Azure AD.

All client computers in the Paris office will be joined to an Azure AD domain.

Planned Azure Networking Infrastructure

You plan to create the following networking resources in a resource group named All_Resources:

✑ Default Azure system routes that will be the only routes used to route traffic

✑ A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2

✑ A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet

✑ A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4

You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.

You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.

Planned Azure Computer Infrastructure

Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.

Department Requirements

Humongous Insurance identifies the following requirements for the company's departments:

✑ Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups.

✑ During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.

Authentication Requirements

Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.

You need to resolve the Active Directory issue.

What should you do?

From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.

Run idfix.exe, and then use the Edit action.

From Active Directory Domains and Trusts, modify the list of UPN suffixes.

From Azure AD Connect, modify the outbound synchronization rule.

9. Which blade should you instruct the finance department auditors to use?

Partner information

Overview

Payment methods

Invoices

10. You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

ad.humongousinsurance.com

humongousinsurance.onmicrosoft.com

humongousinsurance.local

humongousinsurance.com

Page 2 of 12

11. You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.

Azure Active Directory (AD) Identity Protection and an Azure policy

a Recovery Services vault and a backup policy

an Azure Key Vault and an access policy

an Azure Storage account and an access policy

12. HOTSPOT

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

13. You need to prepare the environment to meet the authentication requirements.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miamioffice.

Join the client computers in the Miami office to Azure A

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.

14. You need to resolve the licensing issue before you attempt to assign the license again.

What should you do?

From the Groups blade, invite the user accounts to a new group.

From the Profile blade, modify the usage location.

From the Directory role blade, modify the directory role.

15. HOTSPOT

You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

16. You need to define a custom domain name for Azure AD to support the planned infrastructure.

Which domain name should you use?

Join the client computers in the Miami office to Azure A

Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.

Allow inbound TCP port 8080 to the domain controllers in the Miami office.

Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication

Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.

17. DRAG DROP

You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

18. Which blade should you instruct the finance department auditors to use?

invoices

partner information

cost analysis

External services

19. Topic 2, Contoso Ltd

Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

✑ File servers

✑ Domain controllers

✑ Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.

You have a public-facing application named App1.

App1 is comprised of the following three tiers:

✑ A SQL database

✑ A web front end

✑ A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

✑ Move all the tiers of App1 to Azure.

✑ Move the existing product blueprint files to Azure Blob storage.

✑ Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

✑ Move all the virtual machines for App1 to Azure.

✑ Minimize the number of open ports between the App1 tiers.

✑ Ensure that all the virtual machines for App1 are protected by backups.

✑ Copy the blueprint files to Azure over the Internet.

✑ Ensure that the blueprint files are stored in the archive storage tier.

✑ Ensure that partner access to the blueprint files is secured and temporary.

✑ Prevent user passwords or hashes of passwords from being stored in Azure.

✑ Use unmanaged standard storage for the hard disks of the virtual machines.

✑ Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

✑ Minimize administrative effort whenever possible.

User Requirements

Contoso identifies the following requirements for users:

✑ Ensure that only users who are part of a group named Pilot can join devices to Azure AD.

✑ Designate a new user named Admin1 as the service administrator of the Azure subscription.

✑ Ensure that a new user named User3 can create network objects for the Azure subscription.

You need to meet the user requirement for Admin1.

What should you do?

From the Subscriptions blade, select the subscription, and then modify the Properties.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

From the Azure Active Directory blade, modify the Properties.

From the Azure Active Directory blade, modify the Groups.

20. You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

federated single-on (SSO) and Active Directory Federation Services (AD FS)

password hash synchronization and single sign-on (SSO)

cloud-only user accounts

Pass-through Authentication and single sign-on (SSO)

Page 3 of 12

21. You need to implement a backup solution for App1 after the application is moved.

What should you create first?

a recovery plan

an Azure Backup Server

a backup policy

a Recovery Services vault

22. HOTSPOT

You need to recommend a solution for App1. The solution must meet the technical requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. You need to move the blueprint files to Azure.

What should you do?

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

Use the Azure Import/Export service.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

Use Azure Storage Explorer to copy the files.

24. You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

25. HOTSPOT

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

26. HOTSPOT

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

27. Topic 3, Contoso Ltd (Consulting Company)

Case study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

General Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment

Existing Environment

Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant.

The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.

Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.

Sub1 contains the storage accounts shown in the following table.

Requirements

Planned Changes

Contoso plans to implement the following changes:

✑ Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.

✑ Create a storage account named storage5 and configure storage replication for the Blob service.

✑ Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

✑ Associate NSG1 to the network interface of VM1.

✑ Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

✑ Associate NSG2 to VNET1/Subnet2.

Technical Requirements

Contoso must meet the following technical requirements:

✑ Create container1 and share1.

✑ Use the principle of least privilege.

✑ Create an Azure AD security group named Group4.

✑ Back up the Azure file shares and virtual machines by using Azure Backup.

✑ Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.

✑ Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.

✑ Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1

✑ Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.

✑ Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

HOTSPOT

You need to create container1 and share1.

Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

28. You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares.

What should you do?

On storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).

Recreate storage2 and set Hierarchical namespace to Enabled.

On storage2, enable identity-based access for the file shares.

Create a shared access signature (SAS) for storage1, storage2, and storage4.

29. You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements.

Which storage account should you identify?

storage4

storage1

storage2

storage3

30. HOTSPOT

You need to configure Azure Backup to back up the file shares and virtual machines.

What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 4 of 12

31. HOTSPOT

You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.

Which role should you assign to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

32. HOTSPOT

You need to create storage5. The solution must support the planned changes.

Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

33. You need to add VM1 and VM2 to the backend poo! of LB1.

What should you do first?

Create a new NSG and associate the NSG to VNET1/Subnet1.

Connect VM2 to VNET1/Subnet1.

Redeploy VM1 and VM2 to the same availability zone.

Redeploy VM1 and VM2 to the same availability set.

34. DRAG DROP

You need to configure the alerts for VM1 and VM2 to meet the technical requirements.

Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

35. HOTSPOT

You implement the planned changes for NSG1 and NSG2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

36. Topic 5, A. Datum Corporation

Overview

A. Datum Corporation is a consulting firm that has a main office in Montreal and branch offices in Seattle and New York.

Azure Environment

A. Datum has an Azure subscription that contains three resource groups named RG1. RG2, and RG3.

The subscription contains the storage accounts shown in the following table.

The subscription .contains the virtual machines shown in the following table.

The subscription has an Azure container registry that contains the images shown in the following table.

The subscription contains the resources shown in the following table.

The subscription contains an Azure key vault named Vaultl.

Vault! contains the certificates shown in the following table.

Vaultl contains the keys shown in the following table.

Microsoft Entra Environment

A. Datum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.

The lenant contains the groups shown in the following table.

The adatum.com tenant has a custom security attribute named Attribute1.

Planned Changes

A. Datum plans to implement the following changes:

• Configure a data collection rule {DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.

• In storage1, create a new container named cont2 that has the following access policies:

o Three stored access policies named Stored 1, Stored2, and Stored3

o A legal hold for immutable blob storage

• Whenever possible, use directories to organize storage account content.

• Grant User1 the permissions required to link Zone1 to VNet1.

• Assign Attribute1 to supported adatum.com resources.

• In storage2, create an encryption scope named Scope"1.

• Deploy new containers by using Image1 or Image2.

Technical Requirements

A. Datum must meet the following technical requirements:

• UseTLSforWebApp1.

• Follow the principle of least privilege.

• Grant permissions at the required scope only.

• Ensure that Scope1 is used to encrypt storage services.

• Use Azure Backup to back up cont1 and share1 as frequently as possible.

• Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.

You implement the planned changes for Scope1.

You need to ensure that Scope1 meets the technical requirements.

What can you encrypt by using Scope1?

A. containers and blobs in storage2 only

B. containers and blobs in storage1 and storage2

C. containers, blobs, and file shares in storage2 only

D. containers, blobs, and file shares in storage1 and storage2

E. containers, blobs, file shares, queues, and tables in storage2 only

37. HOTSPOT

You need to implement the planned changes for User1.

Which roles should you assign to User1, and for which resources? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

38. You need to implement the planned changes for the storage account content.

Which containers and file shares can you use to organize the content?

share1 only

cont1 and share1 only

share1 and share2 only

cont1, share1, and share2 only

cont1, cont2, share1, and share2

39. You need to implement the planned changes for DCR1.

Which type of query should you use?

WQL

T-SQL

XPath

KQL

40. HOTSPOT

You need to implement the planned changes for the new containers.

Which Azure services can you use for each image? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 5 of 12

41. You need to configure encryption for the virtual machines. The solution must meet the technical requirements.

Which virtual machines can you encrypt?

VM1 and VM3

VM2 and VM3

VM2 and VM4

VM4 and VM5

42. HOTSPOT

You need to configure Azure Backup to meet the technical requirements for cont1 and share1.

To what should you set the backup frequency for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

43. You need to configure WebApp1 to meet the technical requirements.

Which certificate can you use from Vault1?

Cert1 only

Cert1 or Cert2 only

Cert1 or Cert3 only

Cert3 or Cert4 only

Cert1, Cert2, Cert3, or Cert4

44. HOTSPOT

You implement the planned changes for cont2.

What is the maximum number of additional access policies you can create for cont2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. Topic 6, Misc. Questions

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a quest user account in contoso.com for each of the 500 external users.

Solution: from Azure AD in the Azure portal, you use the Bulk create user operation.

Does this meet the goal?

Yes

46. You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

Azure Application Insights

Azure Custom Script Extension

the Publish-ArVMDscConfiguration cmdlet

the New-AzConfigurationAssignment Cmdlet

47. HOTSPOT

You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.

The subscription contains the virtual machines shown in the following table.

VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)

The Microsoft. Storage service endpoint has the service endpoint policy shown in the Microsoft. Storage exhibit. (Click the Microsoft. Storage tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

48. You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

A Microsoft intune device configuration profile

Microsoft entra Application proxy

Azure Custom Script Extension

Department Center in Azure App service

49. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure container registry named Registry1 that contains an image named image1.

You receive an error message when you attempt to deploy a container instance by using image1.

You need to be able to deploy a container instance by using image1.

Solution: You set Admin user to Enable for Registry1.

Does this meet the goal?

Yes

50. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft Entra tenant named Adatum.com and an Azure Subscription named Subscription1. Adatum.com contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Dev, you assign the Logic App Contributor role to the Developers group.

Does this meet the goal?

Yes

Page 6 of 12

51. You have an Azure subscription that contains multiple virtual machines in the West US Azure region.

You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.

Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

a Data Collection Rule (OCR) in Azure Monitor

a Log Analytics workspace

an Azure Monitor workbook

a storage account

a Microsoft Sentinel workspace

52. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Owner role at the subscription level to Admin1.

Does this meet the goal?

Yes

53. You deploy Azure virtual machines to three Azure regions.

Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.

Each subnet contains a network security group (NSG) that has defined rules.

A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.

Which two options can you use to diagnose the issue? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Azure Virtual Network Manager

IP flow verify

Azure Monitor Network Insights

Connection troubleshoot

elective security rules

54. HOTSPOT

You have the App Service plan shown in the following exhibit.

The scale-in settings for the App Service plan are configured as shown in the following exhibit.

The scale out rule is configured with the same duration and cool down tile as the scale in rule.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

55. You have an Azure subscription that contains the resources in the following table.

To which subnets can you apply NSG1?

the subnets on VNet1 only

the subnets on VNet2 only

the subnets on VNet3 only

the subnets on VNet2 and VNet3 only

the subnets on VNet1 VNet2, and VNet3

56. You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

All The virtual machines have only private IP addresses. You deploy an Azure Bastion host named Bastion1 to VNet1.

To which virtual machines can you connect through Bastion1?

VM1 only

VM1 and VM2 only

VM1 and VM3 only

VM1, VM2, and VM3

57. HOTSPOT

You have a Microsoft Entra tenant that contains the groups shown in the following table.

The tenant contains the users shown in the following table.

Which users and groups can you delete? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

58. Your on-premises network contains a VPN gateway.

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that all the traffic from VM1 to storage! travels across the Microsoft backbone network.

What should you configure?

private endpoints

Azure Firewall

Azure AD Application Proxy

Azure Peering Service

59. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the Overview blade, you move the virtual machine to a different resource group.

Does this meet the goal?

Yes

60. You have an Azure subscription that contains the resources shown in the following table.

You need to create a network interface named NIC1.

In which location can you create NIC1?

East US and North Europe only.

East US and West Europe only.

East US, West Europe, and North Europe.

East US only.

Page 7 of 12

61. HOTSPOT

You have an Azure subscription.

You plan to use an Azure Resource Manager template to deploy a virtual network named VNET1 that will use Azure Bastion.

How should you complete the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

62. HOTSPOT

You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD tenant.

The tenant contains a user named User1, a security group named Group1, and a management group named MG1. User1 is a member of Group1.

Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five Azure functions.

You create the following role assignments for MG1:

• Group1: Reader

• User1: User Access Administrator

You assign User1 the Virtual Machine Contributor role for Sub1 and Sub2.

You assign User1 the Contributor role for RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

63. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

You have the virtual machines shown in the following table.

You have the virtual network interfaces shown in the following table.

Server1 is a DNS server that contains the resources shown in the following table.

You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

64. HOTSPOT

You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2.

You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup.

What should you create first and what should you use to exclude Fokier2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

65. You have an Azure subscription that has the public IP addresses shown in the following table.

You plan to deploy an instance of Azure Firewall Premium named FW1.

Which IP addresses can you use?

IP2 Only

IP1 and lP2 only

IP1, IP2, and IP5 only

IP1, IP2, IP4, and IP5 only

66. Your on-premises network contains an SMB share named Share1.

You have an Azure subscription that contains the following resources:

A web app named webapp1

A virtual network named VNET1

You need to ensure that webapp1 can connect to Share1.

What should you deploy?

an Azure Application Gateway

an Azure Active Directory (Azure AD) Application Proxy

an Azure Virtual Network Gateway

67. You have an Azure subscription that contains a virtual machine named VM1.

You plan to deploy an Azure Monitor alert rule that will trigger an alert when CPU usage on VM1 exceeds 80 percent.

You need to ensure that the alert rule sends an email message to two users named User1 and User2.

What should you create for Azure Monitor?

an action group

a mail-enabled security group

a distribution group

a Microsoft 365 group

68. HOTSPOT

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You configure the network interfaces of the virtual machines to use the settings shown in the following table

From the settings of VNET1, you configure the DNS servers shown in the following exhibit.

The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

69. You have an Azure subscription that contains a virtual network named VNET1.

VNET1 contains the subnets shown in the following table.

Each virtual machine uses a static IP address.

You need to create network security groups (NSGs) to meet following requirements:

- Allow web requests from the internet to VM3, VM4, VM5, and VM6.

- Allow all connections between VM1 and VM2.

- Allow Remote Desktop connections to VM1.

- Prevent all other network traffic to VNET1.

What is the minimum number of NSGs you should create?

70. You have an Azure subscription that contains a storage account named storage1.

You plan to use conditions when assigning role-based access control (RABC) roles to storage1.

Which storage1 services support conditions when assigning roles?

containers only

file shares only

tables only

queues only

containers and queues only

files shares and tables only

Page 8 of 12

71. You need to create an Azure Storage account named storage1.

The solution must meet the following requirements:

• Support Azure Data Lake Storage.

• Minimize costs for infrequently accessed data.

• Automatically replicate data to a secondary Azure region.

Which three options should you configure for storage1? Each correct answer presents part of the solution. NOTE: Each correct answer is worth one point.

the Cool access tier

the Hot access tier

hierarchical namespace

zone-redundant storage (ZRS)

geo-redundant storage (GRS)

72. HOTSPOT

You have the App Service plans shown in the following table.

You plan to create the Azure web apps shown in the following table.

You need to identify which App Service plans can be used for the web apps.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

73. HOTSPOT

You have an Azure subscription that contains the container images shown in the following table.

You plan to use the following services:

• Azure Container Instances

• Azure Container Apps

• Azure App Service

In which services can you run the images? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.

74. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Azure Monitor, you create a metric on Network in and Network Out.

Does this meet the goal?

Yes

75. You have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named www.contoso.com to webapp1.

What should you do first?

Upload a certificate.

Add a connection string.

Stop webapp1.

Create a DNS record.

76. HOTSPOT

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.

You deploy virtual machines to Subscription1 as shown in the following table.

You plan to deploy the virtual machines shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

77. You have an Azure AD tenant that contains the groups shown In the following table.

You purchase Azure Active Directory Premium P2 licenses. To which groups can you assign a license?

Group 1 only

Group1 and Group3 only

Group3 and Group4 only

Group1, Group2, and Group3 only

Group1, Group2, Group3, and Group4

78. HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.

VM1 is backed up daily by Azure Backup without using the Azure Backup agent.

VM1 is affected by ransomware that encrypts data.

You need to restore the latest backup of VM1.

To which location can you restore the backup? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

79. You sign up for Azure Active Directory (Azure AD) Premium.

You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.

What should you configure in Azure AD?

Device settings from the Devices blade.

General settings from the Groups blade.

User settings from the Users blade.

Providers from the MFA Server blade.

80. You have a Microsoft Entra tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution: You create a PowerShell script that runs the New-Mginvitation cmdlet for each external user.

Does this meet the goal?

Yes

Page 9 of 12

81. HOTSPOT

You have an Azure subscription that contains the vaults shown in the following table.

You deploy the virtual machines shown in the following table.

Each of the following statements, select Yes if the statement is true. Otherwise, select No NOTE: Each cored selection it worth one point.

82. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, those questions will not appear in the review screen.

You have a Microsoft Entra tenant named contoso.com.

You have a CSV file that contains the names and email addresses of 500 external users.

You need to create a guest user account in contoso.com for each of the 500 external users.

Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk create user operation.

Does this meet the goal?

Yes

83. You have an Azure virtual network named VNetl that contains the following settings:

• IPv4 address space: 172.16.10.0/24

• Subnet name: Subnetl

• Subnet address range: 172.16.10.0/25

What is the maximum number of virtual machines that can connect to Subnetl?

123

128

251

84. HOTSPOT

You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.

You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)

You configure the backup of VM1 to use Policy1 on Thursday, January 1.

You need to identify the number of available recovery points for VM1.

How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

85. You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2. You plan to implement an Azure Availability Set for Appl. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.

What should you include in the Availability Set?

one update domain

two update domains

one fault domain

two fault domains

86. You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:

You plan to use the Azure Import/Export service to export data from Subscription1.

Which account can be used to export the data.

What should you identify?

storage1

storage2

storage3

storage4

87. You have an Anne container registry named Registry1 that contains an image named image1.

You receive an error message when you attempt to deploy a container instance by using image1.

You need to be able to deploy a container instance by using image1.

Solution: You assign the AcrPull role to ACR-Tasks-Network for Registry1.

Does this meet the goal?

Yes

88. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Performance Monitor, you create a Data Collector Set (DCS).

Does this meet the goal?

Yes

89. HOTSPOT

You have the following custom role-based access control (RBAC) role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

90. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

You have the peering options shown in the following exhibit.

You need to design a communication strategy for the resources on the virtual networks.

For each of the following statements, select Yes if the statement is true. Otherwise, select No

Page 10 of 12

91. Yon have an Azure Storage account named storage1 that contains a blob container named comainer1. You need to prevent new content added to contalner1 from being modified for one year.

What should you configure?

an access policy

the access level

the access tier

the Access control (JAM) settings

92. You have an Azure subscription that contains an Azure Storage account.

You plan to create an Azure container instance named container1 that will use a Docker image namedImage1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.

You need to configure a storage service for Container1.

What should you use?

Azure Files

Azure Blob storage

Azure Queue storage

Azure Table storage

93. You create an Azure Storage account.

You plan to add 10 blob containers to the storage account.

For one of the containers, you need to use a different key to encrypt data at rest.

What should you do before you create the container?

Modify the minimum TLS version.

Create an encryption scope.

Generate a shared access signature (SAS).

Rotate the access keys.

94. HOTSPOT

You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit.

95. You have an Azure subscription named Subscription1.

Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe.

You move WebApp1 to RG2.

What is the effect of the move?

The App Service plan for WebApp1 moves to North Europe. Po1icy2 applies to WebApp1.

The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.

The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.

96. You have an on-premises network.

You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3. The virtual networks are peered and connected to the on-premises network.

The subscription contains the virtual machines shown in the following table.

You need to monitor connectivity between the virtual machines and the on-premises network by using Connection Monitor.

What is the minimum number of connection monitors you should deploy?

97. You have an Azure Storage account named storage1.

You need to enable a user named User1 to list and regenerate storage account keys for storage1.

Solution: You assign the Storage Account Contributor role to User1.

Does this meet the goal?

Yes

98. You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected] sign in.

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user [email protected] C Generic authorization exception.”

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?

From the Roles and administrators blade, assign the Security administrator role to Admin1.

From the Organizational relationships blade, add an identity provider.

From the Custom domain names blade, add a custom domain.

From the Users settings blade, modify the External collaboration settings.

99. HOTSPOT

You have an Azure AD tenant that is linked to the subscriptions shown in the following table.

You have the resource groups shown In the following table.

You assign roles to users as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

100. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

The subnets have the IP address spaces sho wn in the following table.

You plan to create a container app named contapp1 in the East US Azure region.

You need to create a container app environment named con-env1 that meets the following requirements:

• Uses its own virtual network.

• Uses its own subnet.

• Is connected to the smallest possible subnet.

To which virtual networks can you connect con-env1, and which subnet mask should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 11 of 12

101. You have an Azure Storage account named storage1.

You need to enable a user named User1 to list and regenerate storage account keys for storage1.

Solution: You assign the Storage Account Encryption Scope Contributor Role to User1.

Does this meet the goal?

Yes

102. You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.

Which cmdlet should you run to deploy the template?

New-AzTenantDeployment

New-AzResourceGroupDeploy»ent

New-AzResource

New-AzOeployment

103. HOTSPOT

You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

104. HOTSPOT

You have an Azure subscription that contains a storage account named storage1. The storage 1 account contains a container named containet1. You create a blob lifecycle rule named rule1.

You need to configure rule1 to automatically move blobs that were NOT updated for 45 days Irom container! to the Cool access tier.

How should you complete the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.

105. HOTSPOT

You have an Azure subscription that contains the hierarchy shown in the following exhibit.

You create an Azure Policy definition named Policy1.

To which Azure resources can you assign Policy and which Azure resources can you specify as exclusions from Policy1? To answer, select the appropriate options in the answer NOTE Each correct selection is worth one point.

106. You have an Azure subscription.

You need to receive an email alert when a resource lock is removed from any resource in the subscription What should you use to create an activity log alert in Azure Monitor?

a resource, a condition, and an action group

a resource, a condition, and a Microsoft 365 group

a Log Analytics workspace, a resource, and an action group

a data collection endpoint, an application security group, and a resource group

107. You have an Azure subscription that has a Recovery Services vault named Vault 1.

The subscription contains the virtual machines shown in the following table.

You plan to schedule backups to occur every night at 23:00.

Which virtual machines can you back up by using Azure Backup?

VM1 only

VM1 and VM2 only

VM1 and VM3 only

VM1, VM2, VM3 and VM4

108. HOTSPOT

You have an Azure subscription that contains a virtual machine named VM1.

To VM1, you plan to add a 1-TB data disk that meets the following requirements:

• Provides data resiliency in the event of a datacenter outage.

• Provides the lowest latency and the highest performance.

• Ensures that no data loss occurs if a host fails.

You need to recommend which type of storage and host caching to configure for the new data disk.

109. You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.

You need to configure access for VNEI1. The solution must meet the following requirements:

• The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone.

• The virtual machines connected to VNETl must be able to access storage1. Storage2, and Microsoft Entra ID by using the Microsoft backbone.

What is the minimum number of service endpoints you should add to VNET1?

110. You have an Azure virtual machine named VM1.

You use Azure Backup to create a backup of VM1 named Backup1.

After creating Backup1, you perform the following changes to VM1:

Modify the size of VM1.

- Copy a file named Budget.xls to a folder named Data.

- Reset the password for the built-in administrator account.

- Add a data disk to VM1.

An administrator uses the Replace existing option to restore VM1 from Backup1.

You need to ensure that all the changes to VM1 are restored.

Which change should you perform again?

Modify the size of VM1.

Add a data disk.

Reset the password for the built-in administrator account.

Copy Budget.xls to Data.

Page 12 of 12

111. You have an Azure App Services web app named App1.

You plan to deploy App1 by using Web Deploy.

You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the principle of least privilege.

What should you do?

Configure app-level credentials for FTP

Assign The Website Contributor role to the developers.

Assign the Owner role to the developers.

Configure user-level credentials for FTP

112. You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARMIjson.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the VM1 Redeploy + reapply blade, you select Redeploy.

Does this meet the goal?

Yes

113. You have an Azure Storage account named storage1.

You need to enable a user named User1 to list and regenerate storage account keys for storage1.

Solution: You assign the Storage Account Key Operator Service Role to User1.

Does this meet the goal?

Yes

114. You have a Recovery Services vault named RSV1. RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14 days.

RSV1 performs daily backups of VM1. VM1 hosts a static website that was updated eight days ago.

You need to recover VM1 to a point eight days ago. The solution must minimize downtime.

What should you do first?

Deallocate VM1.

Restore VM1 by using the Replace existing restore configuration option.

Delete VM1.

Restore VM1 by using the Create new restore configuration option.

115. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.

Connections to Appl are managed by using an Azure Load Balancer.

The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections 10 Appl from 131.107.100.50 over TCP port 443 fail.

You verity that the Load Balancer rules are configured correctly.

You need to ensure that connections to Appl can be established successfully from 131.107.100.50 over TCP port 443.

Solution: You create an inbound security rule that allows any traffic from the Azureload Balancer source and has a priority of 150.

Does this meet the goal?

Yes

116. HOTSPOT

You have an Azure Storage account named storage1 that stores images.

You need to create a new storage account and replicate the images in storage1 to the new account by using object replication.

How should you configure the new account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

117. HOTSPOT

You have an Azure subscription that contains the storage accounts shown in the following table.

You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier.

What should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.

118. You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.

Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2.

What should you do first?

Move VM1 to Subscription2.

Modify the IP address space of VNet2.

Provision virtual network gateways.

Move VNet1 to Subscription2.

119. You have the Azure virtual machines shown in the following table.

A DNS service is installed on VM1.

You configure the DNS server’s settings for each virtual network as shown in the following exhibit

You need to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM 1.

What should you do?

Add service endpoints on VNET2 and VNET3.

Add service endpoints on VNET1.

Configure a conditional forwarder on VM1.

Configure peering between VNET1, VNET2, and VNET3.

120. Topic 1, Litware, inc.

Overview

Litware, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.

All the resources used by Litware are hosted on-premises.

Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named Litware.onmicrosoft.com. The tenant uses the P1 pricing tier.

Existing Environment

The network contains an Active Directory forest named Litware.com. All domain controllers are configured as DNS servers and host the Litware.com DNS zone.

Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.

Litware.com contains a user named User1.

All the offices connect by using private links.

Litware has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.

All infrastructure servers are virtualized.

The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.

The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).

Planned Changes

Litware plans to implement the following changes:

• Deploy Azure ExpressRoute to the Montreal office.

• Migrate the virtual machines hosted on Server1 and Server2 to Azure.

• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).

• Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.

Technical requirements

Litware must meet the following technical requirements:

• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.

• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.

• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.

• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.

• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com.

• Connect the New Your office to VNet1 over the Internet by using an encrypted connection.

• Create a workflow to send an email message when the settings of VM4 are modified.

• Create a custom Azure role named Role1 that is based on the Reader role.

• Minimize costs whenever possible.

HOTSPOT

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

AZ-104 Microsoft Azure Administrator Real Dumps

AZ-104 Microsoft Azure Administrator Real Dumps

Share this post

Leave a Reply Cancel reply

Related Posts