Vcedump 100% Guareented AZ-104 Questions and Answers. 100% Pass Guarantee. Latest Questions with Accurate Answers.

Exam Details

Exam Code
:AZ-104
Exam Name
:Microsoft Azure Administrator
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:361 Q&As
Last Updated
:Apr 16, 2025

Microsoft Microsoft Certifications AZ-104 Questions & Answers

Question 551:

HOTSPOT
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
1.
Can be assigned only to the resource groups in Subscription1
2.
Prevents the management of the access permissions for the resource groups
3.
Allows the viewing, creating, modifying, and deleting of resources within the resource groups
What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

Box 1: "/subscription/c276fc76-9cd4-44c9-99a7-4fd71546436e" In the assignableScopes you need to mention the subscription ID where you want to implement the RBAC
Box 2: "Microsoft.Authorization/*" Microsoft.Authorization/* is used to Manage authorization
References: https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider- operations#microsoftauthorization https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 552:

HOTSPOT
You have Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Box 1: storageaccount1 and storageaccount2 only Box 2: All the storage accounts Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
1.
General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
2.
Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
3.
General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
Question 553:

HOTSPOT
You have an Azure subscription that contains the resources in the following table.
You install the Web Server server role (IIS) on VM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown in the LB1 exhibit. (Click the LB1 tab.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Rule1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Box 1: Yes
A Basic Load Balancer supports virtual machines in a single availability set or virtual machine scale set.
Box 2: Yes
When using load-balancing rules with Azure Load Balancer, you need to specify health probes to allow Load Balancer to detect the backend endpoint status. The configuration of the health probe and probe responses determine which
backend pool instances will receive new flows. You can use health probes to detect the failure of an application on a backend endpoint. You can also generate a custom response to a health probe and use the health probe for flow control to
manage load or planned downtime. When a health probe fails, Load Balancer will stop sending new flows to the respective unhealthy instance. Outbound connectivity is not impacted, only inbound connectivity is impacted.
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview
Question 554:

HOTSPOT
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
1.
Subnet: 10.0.0.0/24
2.
Availability set: AVSet
3.
Network security group (NSG): None
4.
Private IP address: 10.0.0.4 (dynamic)
5.
Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1.
You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Box 1: Remove the public IP address from VM1 If the Public IP on VM1 is set to Dynamic, that means it is a Public IP with Basic SKU because Public IPs with Standard SKU have Static assignments by default, that cannot be changed. We cannot associate Basic SKUs IPs with Standard SKUs LBs. One cannot create a backend SLB pool if the VM to be associated has a Public IP. For Private IP it doesn't matter weather it is dynamic or static, still we can add the such VM into the SLB backend pool.
Box 2: Create and configure an NSG Standard Load Balancer is built on the zero trust network security model at its core. Standard Load Balancer secure by default and is part of your virtual network. The virtual network is a private and isolated network. This means Standard Load Balancers and Standard Public IP addresses are closed to inbound flows unless opened by Network Security Groups. NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a subnet or NIC of your virtual machine resource, traffic is not allowed to reach this resource. To learn more about NSGs and how to apply them for your scenario, see Network Security Groups. Basic Load Balancer is open to the internet by default.
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portal https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Question 555:

HOTSPOT
You plan to use Azure Network Watcher to perform the following tasks:
1.
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
2.
Task2: Validate outbound connectivity from an Azure virtual machine to an external host.
Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Task 1: IP flow verify The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.
Task 2: Connection troubleshoot The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview
Question 556:

HOTSPOT
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
You configure the network interfaces of the virtual machines to use the settings shown in the following table.
From the settings of VNET1 you configure the DNS servers shown in the following exhibit.
The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Box 1: Yes
You can specify DNS server IP addresses in the VNet settings. The setting is applied as the default DNS server(s) for all VMs in the VNet.
Box 2: No
You can set DNS servers per VM or cloud service to override the default network settings.
Box 3: Yes
You can set DNS servers per VM or cloud service to override the default network settings.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#name-resolution-dns
Question 557:

HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Exhibit tab.)
You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
They are all Global admins so they can all modify user permission. i.e add self as owner etc. You can be GA in one of the subscription, it doesn't mean that you can create the resources in all subscription. As a Global Administrator in Azure Active Directory (Azure AD), you might not have access to all subscriptions and management groups in your directory. Azure AD and Azure resources are secured independently from one another. That is, Azure AD role assignments do not grant access to Azure resources, and Azure role assignments do not grant access to Azure AD. However, if you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory
Reference: https://docs.microsoft.com/en-gb/azure/role-based-access-control/elevate-access-global-admin
Question 558:

HOTSPOT
You have an Azure subscription that contains a virtual network named VNET1 in the East US 2 region.
You have the following resources in an Azure Resource Manager template.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Box 1: Yes
Box 2: Yes
VM1 is in Zone1, while VM2 is on Zone2.
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/architecture/resiliency/recovery-loss-azure-region
Question 559:

HOTSPOT
You have the App Service plan shown in the following exhibit.
The scale-in settings for the App Service plan are configured as shown in the following exhibit.
The scale out rule is configured with the same duration and cool down tile as the scale in rule.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Question 560:

HOTSPOT
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:
Box 1: A Recovery Services vault
You can set up a Recovery Services vault and configure backup for multiple Azure VMs.
Box 2: A backup policy
In Choose backup policy, do one of the following:
1.
Leave the default policy. This backs up the VM once a day at the time specified, and retains backups in the vault for 30 days.
2.
Select an existing backup policy if you have one.
3.
Create a new policy, and define the policy settings.
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed.
References: https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-104 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.

Exam Details

Exam Code

Exam Name

Certification

Vendor

Total Questions

Last Updated

Microsoft Microsoft Certifications AZ-104 Questions & Answers

Question 551:

Question 552:

Question 553:

Question 554:

Question 555:

Question 556:

Question 557:

Question 558:

Question 559:

Question 560:

Related Exams:

62-193

70-243

70-355

77-420

77-427

77-725

77-726

77-727

77-728

77-731

Tips on How to Prepare for the Exams

Microsoft Azure Administrator

Exam Details

Exam Code

Exam Name

Certification

Vendor

Total Questions

Last Updated

Microsoft Microsoft Certifications AZ-104 Questions & Answers

Question 551:

Question 552:

Question 553:

Question 554:

Question 555:

Question 556:

Question 557:

Question 558:

Question 559:

Question 560:

Related Exams:

Tips on How to Prepare for the Exams