Az-104 0
Uploaded by
569gkarthiAz-104 0
Uploaded by
569gkarthiWelcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Exam Questions AZ-104
Microsoft Azure Administrator
https://www.2passeasy.com/dumps/AZ-104/
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
NEW QUESTION 1
HOTSPOT - (Topic 5)
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
? Subnet: 10.0.0.0/24
? Availability set: AVSet
? Network security group (NSG): None
? Private IP address: 10.0.0.4 (dynamic)
? Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1. You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Remove the public IP address from VM1
If the Public IP on VM1 is set to Dynamic, that means it is a Public IP with Basic SKU because Public IPs with Standard SKU have Static assignments by default,
that cannot be changed. We cannot associate Basic SKUs IPs with Standard SKUs LBs. One cannot create a backend SLB pool if the VM to be associated has a
Public IP. For Private IP it doesn't matter weather it is dynamic or static, still we can add the such VM into the SLB backend pool.
Box 2: Create and configure an NSG
Standard Load Balancer is built on the zero trust network security model at its core. Standard Load Balancer secure by default and is part of your virtual network.
The virtual network is a private and isolated network. This means Standard Load Balancers and Standard Public IP addresses are closed to inbound flows unless
opened by Network Security Groups. NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a subnet or NIC of your virtual machine
resource, traffic is not allowed to reach this resource. To learn more about NSGs and how to apply them for your scenario, see Network Security Groups. Basic
Load Balancer is open to the internet by default.
NEW QUESTION 2
- (Topic 5)
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.
What should you create first?
A. an Azure Monitor Private Link Scope (AMPIS)
B. a private endpoint
C. a Log Analytics workspace
D. a data collection rule (DCR)
Answer: A
Explanation:
Azure Monitor for VM Insights is a feature of Azure Monitor that provides comprehensive monitoring and diagnostics for your Azure virtual machines and virtual
machine scale sets. It collects performance data, process information, and network dependencies from your virtual machines and displays them in interactive
charts and maps. You can use Azure Monitor for VM Insights to troubleshoot performance issues, optimize resource utilization, and identify network bottlenecks1.
To enable Azure Monitor for VM Insights, you need to install two agents on your virtual machines: the Azure Monitor agent (preview) and the Dependency agent.
The Azure Monitor agent collects performance metrics and sends them to a Log Analytics workspace. The Dependency agent collects process information and
network dependencies and sends them to the InsightsMetrics table in the same workspace2.
By default, the agents communicate with Azure Monitor over the public internet. However, if you want to ensure that all the virtual machines only communicate with
Azure Monitor through a virtual network named VNet1, you need to configure private network access for the agents.
Private network access allows the agents to communicate with Azure Monitor using a
private endpoint, which is a special network interface that connects your virtual network to
an Azure service without exposing it to the public internet. A private endpoint uses a private IP address from your virtual network address space, so you can
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
secure and control the network traffic between your virtual machines and Azure Monitor3.
To configure private network access for the agents, you need to create an Azure Monitor Private Link Scope (AMPIS) first. An AMPIS is a resource that groups
one or more Log Analytics workspaces together and associates them with a private endpoint. An AMPIS allows you to manage the private connectivity settings for
multiple workspaces in one place4.
After creating an AMPIS, you need to create a private endpoint in VNet1 and link it to the AMPIS. This will enable the agents on your virtual machines to send data
to the Log Analytics workspaces in the AMPIS using the private IP address of the private endpoint5.
NEW QUESTION 3
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the vaults shown in the following table.
You create a storage account that contains the resources shown in the following table.
To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 4
HOTSPOT - (Topic 5)
You have an Azure Storage account named storage1 that contains two containers named container 1 and container2. Blob versioning is enabled for both
containers.
You periodically take blob snapshots of critical blobs. You create the following lifecycle management policy:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
For each of the following statements, select Yes If the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Based on the lifecycle management policy you created and the information from the web search results, here are the answers to your statements:
? A blob snapshot automatically moves to the Cool access tier after 15 days. = Yes
? A blob version in container2 automatically moves to the Archive access tier after 30 days. = No
? A rehydrated version automatically moves to the Archive access tier after 30 days.
= No
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
? The lifecycle management policy you created has two rules: one for container1 and one for container2. The rule for container1 has an action that moves blob
snapshots to the Cool access tier if they are older than 15 days. Therefore, a blob snapshot in container1 will automatically move to the Cool access tier after 15
days, regardless of the access tier of the base blob.
? The rule for container2 has an action that moves blob versions to the Archive
access tier if they are older than 30 days and have a prefix match of “archive/”. Therefore, a blob version in container2 will only automatically move to the Archive
access tier after 30 days if its name starts with “archive/”. Otherwise, it will remain in its current access tier.
? A rehydrated version is a blob version that was previously in the Archive access
tier and was restored to an online access tier (Hot or Cool) by using the rehydrate priority option1. A rehydrated version does not automatically move to the Archive
access tier after 30 days, unless there is a lifecycle management policy rule that explicitly specifies this action. In your case, neither of the rules applies to
rehydrated versions, so they will stay in their online access tiers until you manually change them or delete them.
NEW QUESTION 5
- (Topic 5)
You have an Azure subscription that contains two Log Analytics workspaces named Workspace 1 and Workspace? and 100 virtual machines that run Windows
Server.
You need to collect performance data and events from the virtual machines. The solution must meet the following requirements:
• Logs must be sent to Workspace! and Workspace?
• All Windows events must be captured
• All security events must be captured.
What should you install and configure on each virtual machine?
A. the Azure Monitor agent
B. the Windows Azure diagnostics extension (WAD)
C. the Windows VM agent
Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview Azure Monitor Agent (AMA) collects monitoring data from the guest operating
system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and
Microsoft Defender for Cloud. Azure Monitor Agent replaces all of Azure Monitor's legacy monitoring agents.
NEW QUESTION 6
HOTSPOT - (Topic 5)
You have an Azure Load Balancer named LB1.
You assign a user named User1 the roles shown in the following exhibit.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
User Access Administrator can only assign access to other users
https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory- admin-roles
Virtual Machine Contributor can Manage VMs, which includes deleting VMs too. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-
roles#virtual-machine-contributor
https://docs.microsoft.com/en-us/answers/questions/350635/can-virtual-machine-contributor-create-vm.html
NEW QUESTION 7
- (Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer: B
Explanation:
The Logic App Operator role only grants the ability to read, enable, disable, and run logic apps. It does not grant the ability to create logic apps. To create logic
apps, you need to assign the Logic App Contributor role or a higher-level role such as Owner or Contributor. Then, References: [Built-in roles for Azure resources]
[Azure Logic Apps permissions and access control]
NEW QUESTION 8
HOTSPOT - (Topic 5)
You have an Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: storageaccount1 and storageaccount2 only Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
? General-purpose v2 (GPv2) accounts are storage accounts that support all of the
latest features for blobs, files, queues, and tables.
? Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
? General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-account- options
NEW QUESTION 9
- (Topic 5)
You have an Azure subscription that contains two virtual machines named VM1 and VM2 You create an Azure load balancer.
You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2.
Which two additional load balance resources should you create before you can create the load balancing rule? Each correct answer presents part of the solution
MOTL Each correct selection 5 worth one point.
A. a frontend IP address
B. a backend pool
C. a health probe
D. an inbound NAT rule
E. a virtual network
Answer: AC
Explanation:
To create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2, you need to create two additional load balance resources: a frontend
IP address and a health probe.
A frontend IP address is the IP address that the clients use to access the load balancer. It can be either public or private, depending on the type of load balancer. A
address is required for any load balancing rule1.
frontend
A health IP
probe is used to monitor the health and availability of the backend instances. It can be either TCP, HTTP, or HTTPS, depending on the protocol of the
load balancing rule. A health probe is required for any load balancing rule1.
A backend pool is a group of backend instances that receive the traffic from the load balancer. You already have a backend pool that contains VM1 and VM2, so
you don’t need to create another one.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
An inbound NAT rule is used to forward traffic from a specific port on the frontend IP address to a specific port on a backend instance. It’s not required for a load
balancing rule, but it can be used to access individual instances for troubleshooting or maintenance purposes1.
A virtual network is a logical isolation of Azure resources within a region. It’s not a load balance resource, but it’s required for creating an internal load balancer or
connecting virtual machines to a load balancer2.
NEW QUESTION 10
- (Topic 5)
You have an Azure subscription that uses the public IP addresses shown in the following table.
You need to create a public Azure Standard Load Balancer. Which public IP addresses can you use?
A. IP1 and IP3 only
B. IP1, IP2, and IP3
C. IP2 only
D. IP3 only
Answer: D
Explanation:
A Basic Load Balancer can use the Basic SKU Public IP address's, but a Standard load balancer requires a Standard SKU Public IP address.
Excerpt from link below:
The standard SKU is required if you associate the address to a standard load balancer. For more information about standard load balancers, see Azure load
balancer standard SKU.
https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/virtual-network-public-ip- address
Excerpt from link below:
Key scenarios that you can accomplish using Azure Standard Load Balancer include:
-Enable support for load-balancing of IPv6.
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#why-use-azure-load-balancer
NEW QUESTION 10
- (Topic 5)
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the
500 external users.
Solution: You create a Power Shell script that runs the New-MgUser cmdlet for each user. Does this meet the goal?
A. Yes
B. NO
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite?source=recommendations
NEW QUESTION 15
HOTSPOT - (Topic 5)
You manage two Azure subscriptions named Subscription 1 and Subscription2. Subscription! has following virtual networks:
The virtual networks contain the following subnets:
Subscnption2 contains the following virtual network:
- Name: VNETA
• Address space: 10.10.128.0/17
• Region: Canada Central
VNETA contains the following subnets:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
A. Mastered
B. Not Mastered
Answer: A
NEW QUESTION 19
HOTSPOT - (Topic 5)
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Group 1 only First rule applies
Box 2: Group1 and Group2 only Both membership rules apply.
References: https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create- collections
NEW QUESTION 21
HOTSPOT - (Topic 5)
You need to configure a new Azure App Service app named WebApp1. The solution must meet the following requirements:
• WebApp1 must be able to verify a custom domain name of app.contoso.com.
• WebApp1 must be able to automatically scale up to eight instances.
• Costs and administrative effort must be minimized.
Which pricing plan should you choose, and which type of record should you use to verify the domain? To answer, select the appropriate options in the answer
area.
NOTE: Each correct answer is worth one point.
Answer:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
NEW QUESTION 24
HOTSPOT - (Topic 5)
You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.
You assign an Azure policy that has the following settings:
? Scope: Sub1
? Exclusions: Sub1/RG1/VNET1
? Policy definition: Append a tag and its value to resources
? Policy enforcement: Enabled
? Tag name: Tag4
? Tag value: value4
You assign tags to the resources as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
? RG1 has the Tag2: IT tag assigned only. No, this is not correct. According to the tables, RG1 has two tags assigned: Tag2: IT and Tag3: value2. The Azure
policy does not affect RG1, because it is excluded from the scope of the policy. Therefore, RG1 does not have the Tag4: value4 tag appended by the policy.
? Storage1 has the Tag1: subscription, Tag2: IT, Tag3: value1, and Tag4: value4 tags assigned. Yes, this is correct. According to the tables, Storage1 has three
tags assigned: Tag1: subscription, Tag2: IT, and Tag3: value1. The Azure policy affects Storage1, because it is within the scope of the policy and not excluded.
Therefore, Storage1 has the Tag4: value4 tag appended by the policy.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
? VNET1 has the Tag2: IT and Tag3: value2 tags assigned only. Yes, this is correct.
According to the tables, VNET1 has two tags assigned: Tag2: IT and Tag3: value2. The Azure policy does not affect VNET1, because it
is excluded from the scope of the policy. Therefore, VNET1 does not have the Tag4: value4 tag appended by the policy.
NEW QUESTION 25
- (Topic 5)
You have an Azure App Services web app named App1. You plan to deploy App1 by using Web Deploy.
You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the
principle of least privilege.
What should you do?
A. Configure app-level credentials for FTPS.
B. Assign The Website Contributor role to the developers.
C. Assign the Owner role to the developers.
D. Configure user-level credentials for FTPS.
Answer: B
Explanation:
"To secure app deployment from a local computer, Azure App Service supports two types of credentials for local Git deployment and FTP/S deployment. These
credentials are not the same as your Azure subscription credentials." https://learn.microsoft.com/en- us/azure/app-service/deploy-configure-credentials?tabs=cli
NEW QUESTION 28
- (Topic 5)
You create an Azure Storage account.
You plan to add 10 blob containers to the storage account.
For one of the containers, you need to use a different key to encrypt data at rest. What should you do before you create the container?
A. Modify the minimum TLS version.
B. Create an encryption scope.
C. Generate a shared access signature (SAS).
D. Rotate the access keys.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview#how-encryption-scopes-work
NEW QUESTION 29
- (Topic 5)
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?
A. Metrics
B. Customer insights
C. Monitor
D. Advisor
Answer: D
Explanation:
The Advisor dashboard displays personalized recommendations for all your subscriptions. You can apply filters to display recommendations for specific
subscriptions and resource types. The recommendations are divided into five categories:
Reliability (formerly called High Availability): To ensure and improve the continuity of your business-critical applications. For more information, see Advisor
Reliability recommendations.
Security: To detect threats and vulnerabilities that might lead to security breaches. For more information, see Advisor Security recommendations.
Performance: To improve the speed of your applications. For more information, see Advisor Performance recommendations.
Cost: To optimize and reduce your overall Azure spending. For more information, see Advisor Cost recommendations.
Operational Excellence: To help you achieve process and workflow efficiency, resource manageability and deployment best practices. . For more information, see
Advisor Operational Excellence recommendations.
NEW QUESTION 33
HOTSPOT - (Topic 5)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure
Backup reports of Vault1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one
point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe. Box 2: Analytics1, Analytics2, Analytics3
https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault https://docs.microsoft.com/de-de/azure/backup/configure-reports
NEW QUESTION 35
HOTSPOT - (Topic 4)
You need to create storage5. The solution must support the planned changes.
Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer:
A. Mastered
B. Not Mastered
Answer: A
NEW QUESTION 36
HOTSPOT - (Topic 4)
You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer: A
Explanation:
NEW QUESTION 38
DRAG DROP - (Topic 4)
You need to configure the alerts for VM1 and VM2 to meet the technical requirements.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct
order.
Answer:
A. Mastered
B. Not Mastered
Answer: A
NEW QUESTION 40
- (Topic 3)
You need to implement a backup solution for App1 after the application is moved. What should you create first?
A. a recovery plan
B. an Azure Backup Server
C. a backup policy
D. a Recovery Services vault
Answer: D
Explanation:
A Recovery Services vault is a logical container that stores the backup data for each
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the
Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines. Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups. References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
NEW QUESTION 43
HOTSPOT - (Topic 3)
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Statement 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.
Statement 2: No
Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the
Azure cloud. Azure tables are ideal for storing structured, non-relational data. Common uses of Table storage include:
* 1. Storing TBs of structured data capable of serving web scale applications
* 2. Storing datasets that don't require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
* 3. Quickly querying data using a clustered index
* 4. Accessing data using the OData protocol and LINQ queries with WCF Data Service.NET Libraries Statement 3: No
File Storage can be used if your business use case needs to deal mostly with standard File extensions like *.docx, *.png and *.bak then you should probably go
with this storage option.
NEW QUESTION 45
HOTSPOT - (Topic 3)
You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer,
select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Description automatically generated with medium confidence
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
? A SQL database
? A web front end
? A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
? Technical requirements include:
? Move all the virtual machines for App1 to Azure.
? Minimize the number of open ports between the App1 tiers.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n- tier/n-tier-sql-server
NEW QUESTION 50
- (Topic 2)
You need to resolve the Active Directory issue. What should you do?
A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
B. Run idfix.exe, and then use the Edit action.
C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
D. From Azure AD Connect, modify the outbound synchronization rule.
Answer: B
Explanation:
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for
migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
synchronization
with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD.
References: https://www.microsoft.com/en-us/download/details.aspx?id=36832
NEW QUESTION 55
- (Topic 2)
Which blade should you instruct the finance department auditors to use?
A. invoices
B. partner information
C. cost analysis
D. External services
Answer: C
Explanation:
Cost analysis: Correct Option
In cost analysis blade of Azure, you can see all the detail for custom time span. You can use this to determine expenditure of last few day, weeks, and month.
Below options are available in Cost analysis blade for filtering information by time span: last 7 days, last 30 days, and custom date range. Choosing the first option
(last 7 days) auditors can view the costs by time span.
Cost analysis shows data for the current month by default. Use the date selector to switch to common date ranges quickly. Examples include the last seven days,
the last month, the current year, or a custom date range. Pay-as-you-go subscriptions also include date ranges based on your billing period, which isn't bound to
the calendar month, like the
current billing period or last invoice. Use the <PREVIOUS andNEXT> links at the top of the menu to jump to the previous or next period, respectively. For example,
<PREVIOUS will switch from the Last 7 days to8-14 days ago o1r 5-21 days ago.
Invoice: Incorrect Option
Invoices can only be used for past billing periods not for current billing period, i.e. if your requirement is to know the last week's cost then that also not filled by
invoices because Azure generates invoice at the end of the month. Even though Invoices have custom timespan, but when you put in dates for a week, the pane
would be empty. Below is from Microsoft document:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Resource Provider: Incorrect Option
When deploying resources, you frequently need to retrieve information about the resource providers and types. For example, if you want to store keys and secrets,
you work with the Microsoft.KeyVault resource provider. This resource provider offers a resource type called vaults for creating the key vault. This is not useful for
reviewing all Azure costs from the past week which is required for audit.
Payment method: Incorrect Option
Payment methods is not useful for reviewing all Azure costs from the past week which is required for audit.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost- analysis
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/download-azure-invoice-daily-usage-date
NEW QUESTION 57
- (Topic 2)
Which blade should you instruct the finance department auditors to use?
A. Partner information
B. Overview
C. Payment methods
D. Invoices
Answer: D
Explanation:
You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as
support offers, Enterprise Agreements, or Azure in Open.
? Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click Invoices then Email my invoice.A screenshot of a computer
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Description automatically generated
? Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date
NEW QUESTION 58
- (Topic 2)
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Answer: D
Explanation:
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization
probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD
allows you to assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
NEW QUESTION 60
HOTSPOT - (Topic 2)
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking
infrastructure.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-
VNet and AllOffices- VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each
other.
All Azure resources connected to a VNet have outbound connectivity to the Internet by default. Therefore VMs on ClientSubnet, which is on ClientResources-VNet
will have
access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.
NEW QUESTION 61
HOTSPOT - (Topic 1)
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
NEW QUESTION 64
- (Topic 1)
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommended?
A. Azure AP B2C
B. Azure AD Identity Protection
C. an Azure logic app and the Microsoft Identity Management (MIM) client
D. dynamic groups and conditional access policies
Answer: D
Explanation:
Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is
conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user's OU attribute will change when the
admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate
dynamic group on next AADC delta sync.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic- membership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-
mfa- userstates
NEW QUESTION 65
- (Topic 1)
You need to meet the technical requirement for VM4. What should you create and configure?
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those
events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a
subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event- grid-logic-app
NEW QUESTION 68
HOTSPOT - (Topic 5)
You have an Azure subscription.
You plan to create a role definition to meet the following requirements:
• Users must be able to view the configuration data of a storage account.
• Users must be able to perform all actions on a virtual network.
• The solution must use the principle of least privilege.
What should you include in the role definition for each requirement? To answer, select the appropriate options in the answer area.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Perform all actions on a virtual network: “Microsoft.Network/virtualNetworks/*”
View the configuration data of a storage account: “Microsoft.Storage/StorageAccounts/read”
To perform all actions on a virtual network, you need to use the wildcard () character in the action string, which grants access to all actions that match the string.
The action string for virtual networks is "Microsoft.Network/virtualNetworks/". To view the configuration data of a storage account, you need to use the read action
substring in the action string, which enables read actions (GET). The action string for storage accounts is “Microsoft.Storage/StorageAccounts/read”. References:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
? https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions
? https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
NEW QUESTION 70
DRAG DROP - (Topic 5)
You need to create container1 and share1.
Which storage accounts should you use for each resource? To answer, select the appropriate options in t he answer area.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers https://docs.microsoft.com/en-us/azure/storage/common/storage-account-
overview
NEW QUESTION 72
- (Topic 5)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You create virtual machines in Subscription1 as shown in the following table.
You plan to use Vault1 for the backup of as many virtual machines as possible. Which virtual machines can be backed up to Vault1?
A. VM1, VM3, VMA, and VMC only
B. VM1 and VM3 only
C. VM1, VM2, VM3, VMA, VMB, and VMC
D. VM1 only
E. VM3 and VMC only
Answer: A
Explanation:
To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines. If you have virtual machines
in several regions, create a Recovery Services vault in each region.
References:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
NEW QUESTION 76
HOTSPOT - (Topic 5)
You have an Azure Active Directory tenant named Contoso.com that includes following users:
Contoso.com includes following Windows 10 devices:
You create following security groups in Contoso.com:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Yes
User1 is a Cloud Device Administrator. Device2 is Azure AD joined.
Group1 has the groups
Note: Assigned assigned to join type.
- Manually addUser1
users is
orthe ownerinto
devices of Group1.
a static group.
Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD
Box 2: No
User2 is a User Administrator. Device1 is Azure AD registered.
Group1 has the assigned join type, and the owner is User1.
Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential.
Box 3: Yes
User2 is a User Administrator. Device2 is Azure AD joined.
Group2 has the Dynamic Device join type, and the owner is User2.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
NEW QUESTION 77
- (Topic 5)
You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution, NOTE: Each correct selection is worth one point
A. the set-AzAKs cmdlet
B. the Azure portal
C. The az aks command
D. the kubect1 command
E. the set Azure cmdlet
Answer: BC
Explanation:
AKS clusters can scale in one of two ways: - The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
cluster then automatically increases the number of nodes. - The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource
demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand. Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
NEW QUESTION 80
HOTSPOT - (Topic 5)
You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.
The subscription contains the virtual machines shown in the following table.
VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)
The Microsoft. Storage service endpoint has the service endpoint policy shown in the Microsoft. Storage exhibit. (Click the Microsoft.
Storage tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
NEW QUESTION 81
- (Topic 5)
You plan to create the Azure web apps shown in the following Table.
What is the minimum number of App Service plans you should create for the web apps?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation:
NET Core 3.0: Windows and Linux ASP .NET V4.7: Windows only PHP 7.3: Windows and Linux Ruby 2.6: Linux only Also, you can’t use Windows and Linux
Apps in the same App Service Plan, because when you create a new App Service plan you have to choose the OS type. You can't mix Windows and Linux apps in
the same App Service plan. So, you need 2 ASPs. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview
NEW QUESTION 83
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a service endpoint policy named policy1 in the South Central US Azure region to allow connectivity to all the storage accounts in the subscription.
Fow each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
? Policy1 can be applied to Subnet3. = YES
? Only storage1 and storage2 can be accessed from VNet2. = NO
? Only storage2 can be accessed from VNet3. = Yes
? According to the Microsoft documentation, a service endpoint policy can be applied to any subnet in a virtual network that has a service endpoint enabled for the
same service as the policy. In your scenario, Subnet3 has a service endpoint enabled for Microsoft.Storage, which is the same service as policy1. Therefore,
policy1 can be applied to Subnet3.
? According to the Microsoft documentation, when you configure network rules for a
storage account, you can limit access to your storage account to requests that come from specified IP addresses, IP ranges, subnets in an Azure virtual network,
or resource instances of some Azure services. In your scenario, storage1 and storage2 have network rules that allow access from Subnet1 and Subnet2
respectively. However, this does not mean that only these subnets can access the storage accounts. Other subnets or resources that have the same IP range or
resource ID as Subnet1 or Subnet2 can also access the storage accounts. For example, Subnet4 in VNet2 has the same IP range as Subnet1 in VNet1, so it can
also access storage1. Similarly, Subnet5 in VNet3 has the same IP range as Subnet2 in VNet1, so it can also access storage2. Therefore, only storage1 and
storage2 cannot be accessed from VNet2.
? According to the Microsoft documentation, when you create a private endpoint for
a storage account, you assign a private IP address from your virtual network to the storage account. This enables secure traffic between your virtual network and
the storage account over a private link. In your scenario, you have created a private endpoint for storage2 in Subnet6 of VNet3. This means that only Subnet6 can
access storage2 over the private link. However, this does not mean that only Subnet6 can access storage2 at all. Other subnets or resources that have the same
IP range or resource ID as Subnet6 can also access storage2 over the public endpoint of the storage account. For example, Subnet7 in VNet4 has the same IP
range as Subnet6 in VNet3, so it can also access storage2 over the public endpoint. Therefore, only storage2 cannot be accessed from VNet3.
NEW QUESTION 86
- (Topic 5)
Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: A web app named
webapp1
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1. What should you deploy?
A. an Azure Application Gateway
B. an Azure Active Directory (Azure AD) Application Proxy
C. an Azure Virtual Network Gateway
Answer: C
Explanation:
A Site-to-Site VPN gateway connection can be used to connect your on- premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN
tunnel. This type of connection requires a VPN device, a VPN gateway, located on- premises that has an externally facing public IP address assigned to it.
A: Application Gateway is for http, https and Websocket - Not SMB
B: Application Proxy is also for accessing web applications on-prem - Not SMB. Application Proxy is a feature of Azure AD that enables users to access on-
from a remote client.
premises
Reference: web applications
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
NEW QUESTION 90
- (Topic 5)
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. a Data Collection Rule (OCR) in Azure Monitor
B. a Log Analytics workspace
C. an Azure Monitor workbook
D. a storage account
E. a Microsoft Sentinel workspace
Answer: BD
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Explanation:
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-
based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to
store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and
the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud. References:
? Traffic analytics - Azure Network Watcher | Microsoft Learn
? Traffic analytics FAQ - Azure Network Watcher | Microsoft Learn
NEW QUESTION 92
- (Topic 5)
You have an Azure subscription that contains an Azure Stream Analytics job named Job1.
You need to monitor input events for Job1 to identify the number of events that were NOT processed.
Which metric should you use?
A. Output Events
B. Backlogged Input Events
C. Out-of-Order Events
D. Late Input Events
Answer: B
Explanation:
Backlogged Input Events is a metric that shows the number of input events that are waiting to be processed by the Stream Analytics job1. This metric indicates the
performance and health of the job, as well as the input data rate and latency. If the Backlogged Input Events metric is high or increasing, it means that the job is
not able to keep up with the incoming events and some events are not processed in a timely manner2.
Output Events is a metric that shows the number of output events that are emitted by the Stream Analytics job1. This metric indicates the output data rate and
throughput of the job. It does not show how many input events were not processed by the job.
Out-of-Order Events is a metric that shows the number of input events that arrive out of order based on their timestamp1. This metric indicates the quality and
consistency of the input data source. It does not show how many input events were not processed by the job. Late Input Events is a metric that shows the number
of input events that arrive after the late arrival window has expired1. This metric indicates the timeliness and reliability of the input data source. It does not show
how many input events were not processed by the job.
NEW QUESTION 95
HOTSPOT - (Topic 5)
You have the App Service plan shown in the following exhibit.
The scale-in settings for the App Service plan are configured as shown in the following exhibit.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
The scale out rule is configured with the same duration and cool down tile as the scale in rule.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the
graphic.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 97
- (Topic 5)
You have an Azure subscription that contains a storage account. The account stores website data.
You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location.
What should you configure?
A. load balancing
B. private endpoints
C. Azure Firewall rules
D. Routing preference
Answer: D
Explanation:
Routing preference is a feature that allows you to configure how network traffic is routed to your storage account from clients over the internet. By default, traffic
from the internet is routed to the public endpoint of your storage account over the Microsoft global network, which is optimized for low-latency path selection and
high reliability. Both inbound and outbound traffic are routed through the point of presence (POP) that is closest to the client. This ensures that traffic to and from
your storage account traverses over the Microsoft global network for the bulk of its path, maximizing network performance. You can also change the routing
preference to use internet routing, which minimizes the traversal of your traffic over the Microsoft global network, handing it off to the transit ISP at the earliest
opportunity. This lowers networking costs, but may compromise network performance. Therefore, to ensure that inbound user traffic uses the Microsoft POP
closest to the user’s location, you should configure routing preference to use the Microsoft global network as the default routing option for your storage account.
References:
? Network routing preference for Azure Storage
? Configure network routing preference for Azure Storage
NEW QUESTION 100
- (Topic 5)
You have an Azure subscription that contains the resources shown in the following table.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
LB1 is configured as shown in the following table.
You plan to create new inbound NAT rules that meet the following requirements: Provide Remote Desktop access to VM2 from the internet by using port 3389.
A. A frontend IP address
B. A health probe
C. A load balancing rule
D. A backend pool
Answer: A
Explanation:
To create an inbound NAT rule, you need to specify a frontend IP address and a frontend port for the load balancer to receive the traffic, and a backend IP address
and a backend port for the load balancer to forward the traffic to1. According to the first table, LB1 has only one frontend IP address, which is 40.121.183.105.
However, this frontend IP address is already used by the existing inbound NAT rule named rule1, which forwards port 80 to VM1 on port 802. Therefore, you
cannot use the same frontend IP address and port for another inbound NAT rule.
To solve this problem, you need to create a new frontend IP address for LB1 before you can create the new inbound NAT rules. You can do this by using the
Azure portal, PowerShell, or CLI3. After you create a new frontend IP address, you can use it to create the new inbound NAT rules that meet your requirements.
NEW QUESTION 104
HOTSPOT - (Topic 5)
You have an Azure Storage account named storage1.
You have an Azure App Service app named app1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1 for the next 30 days.
What should you configure in storage1 for each app?
Answer:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Access Control (IAM)
Since the App1 uses Managed Identity, App1 can access the Storage Account via IAM. As per requirement, we need to minimize the number of secrets used, so
Access keys is not ideal.
Box 2: Shared access signatures (SAS)
We need temp access for App2, so we need to use SAS.
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a
SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on
SAS is valid, among other parameters.
those resources, and how long the
NEW QUESTION 108
HOTSPOT - (Topic 5)
You have an Azure subscription that contains an Azure Availability Set named WEBPROD- AS-USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: 2
There are 10 update domains. The 14 VMs are shared across the 10 update domains so four update domains will have two VMs and six update domains will have
one VM. Only one update domain is rebooted at a time.
Therefore, a maximum of two VMs will be offline. Box 2: 7
There are 2 fault domains. The 14 VMs are shared across the 2 fault domains, so 7 VMs in each fault domain.
A rack failure will affect one fault domain so 7 VMs will be offline.
NEW QUESTION 113
- (Topic 5)
You have an Azure subscription that contains The storage accounts shown in the following table.
You deploy a web app named Appl to the West US Azure region. You need to back up Appl. The solution must minimize costs.
Which storage account should you use as the target for the backup?
A. Mastered
B. Not Mastered
Answer: A
Explanation:
To back up a web app, you need to configure a custom backup that specifies a storage account and a container as the target for the backup1. The storage account
must be in the same subscription as the web app, and the container must be accessible by the web app2. The backup size is limited to 10 GB, and the backup
frequency can be configured to minimize costs.
According to the table, storage1 is the only storage account that meets these requirements. Storage1 is in the same subscription and region as the web app, and it
is a general- purpose v2 account that supports custom backups. Storage2 and storage3 are in a different region than the web app, which may incur additional
costs for data transfer. Storage4 is a FilesStorage account, which does not support custom backups.
Therefore, you should use storage1 as the target for the backup of your web app. To configure a custom backup, you can follow these steps:
? In your app management page in the Azure portal, in the left menu, select
Backups.
? At the top of the Backups page, select Configure custom backups.
? In Storage account, select storage1. Do the same with Container.
? Specify the backup frequency, retention period, and database settings as needed.
? Click Configure.
? At the top of the Backups page, select Backup Now.
NEW QUESTION 116
- (Topic 5)
You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RABC) roles to storage1
Which storage1 services support conditions when assigning roles?
A. containers only
B. file shares only
C. tables only
D. queues only
E. containers and queues only
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
F. files shares and tables only
Answer: A
Explanation:
"Currently, conditions can be added to built-in or custom role assignments that have blob storage or queue storage data actions. " https://learn.microsoft.com/en-
us/azure/role- based-access-control/conditions-overview#where-can-conditions-be-added
NEW QUESTION 118
HOTSPOT - (Topic 5)
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have two external partner organizations named fabrilcam.com and litwareinc.com. FabtAam.com is configured as a connected organization.
You create an access package as shown in the Access package exhibit. (Click the Access package lab.)
You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the lifecycle tab)
For each of the following statements, select Yes if the statement is true Otherwise, select No
Note: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
? Litwareinc.com users can be assigned to package1. = No
? After 365 days, fabrikam.com users will be removed from Group1. = Yes
? After 395 days, fabrikam.com users will be removed from the contoso.com tenant
= No
? Litwareinc.com users cannot be assigned to package1 because they are not a connected organization in the contoso.com tenant. Only users from connected
organizations can request access packages that are configured for external users1
? Fabrikam.com users will be removed from Group1 after 365 days because the
access package has an expiration policy of 365 days for external users. This means that the access assignments for external users will end after 365 days, unless
they are renewed or extended2
? Fabrikam.com users will not be removed from the contoso.com tenant after 395
days because the external user lifecycle settings have a deletion policy of 30 days after blocking. This means that external users will be blocked from signing in
after 365 days of inactivity, and then deleted after another 30 days. Therefore, the total time before deletion is 395 days of inactivity, not 395 days from the date of
assignment3
NEW QUESTION 121
- (Topic 5)
You have an Azure subscription That contains a Recovery Services vault named Vault1. You need to enable multi-user authorization
(MAU) for Vaultl.
Which resource should you create first?
A. a managed identity
B. a resource guard
C. an administrative unit
D. a custom Azure role
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/backup/multi-user-authorization?tabs=azure-portal&pivots=vaults-recovery-services-vault#before-you-start
Before you start
Ensure the Resource Guard and the Recovery Services vault are in the same Azure region.
Ensure the Backup admin does not have Contributor permissions on the Resource Guard. You can choose to have the Resource Guard in another subscription of
the same directory or in another directory to ensure maximum isolation.
Ensure that your subscriptions containing the Recovery Services vault as well as the Resource Guard (in different subscriptions or tenants) are registered to use
the providers - Microsoft.RecoveryServices and Microsoft.DataProtection . For more information, see Azure
NEW QUESTION 125
HOTSPOT - (Topic 5)
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory
domain. The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
? Number of methods required to reset: 2
? Methods available to users: Mobile phone, Security questions
? Number of questions required to register: 3
? Number of questions required to reset: 3
You select the following security questions:
? What is your favorite food?
? In what city was your first job?
? What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
No, No, Yes
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept- authentication-security-questions
NEW QUESTION 128
- (Topic 5)
You have an Azure subscription that contains a storage account named storage. You have the devices shown in the following table.
From which devices can you use AzCopy to copy data to storage1?
A. Device1 and Device2 only
B. Device1, Device2 and Device3
C. Device’ only
Device and Device3 only
D.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy- v10#download-azcopy
NEW QUESTION 132
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balance requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/load-balancer/skus>
NEW QUESTION 135
- (Topic 5)
You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.
Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
? Allow web requests from the internet to VM3, VM4, VM5, and VM6.
? Allow all connections between VM1 and VM2.
? Allow Remote Desktop connections to VM1.
? Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
A. 1
B. 3
4
C.
D. 12
Answer: C
Explanation:
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet).
NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).
Each network security group also contains default security rules.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security- rules
NEW QUESTION 136
- (Topic 5)
You have an Azure subscription that has the public IP addresses shown in the following table.
You plan to deploy an instance of Azure Firewall Premium named FW1. Which IP addresses can you use?
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. IP2 Only
B. IP1 and lP2 only
C. IP1, IP2, and IP5 only
D. IP1, IP2, IP4, and IP5 only
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#at- a-glance
Azure Firewall
- Dynamic IPv4: No
- Static IPv4: Yes
Dynamic IPv6: No
-- Static IPv6: No
https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip- firewall
Azure Firewall is a cloud-based network security service that protects your Azure Virtual Network resources. Azure Firewall requires at least one public static IP
address to be configured. This IP or set of IPs are used as the external connection point to the firewall. Azure Firewall supports standard SKU public IP addresses.
Basic SKU public IP address and public IP prefixes aren't supported.
NEW QUESTION 139
- (Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?
Yes
A.
B. No
Answer: A
Explanation:
Redeploying the virtual machine moves it to a new host within the same region and availability set. This can help resolve any underlying issues with the current
host. Redeploying the virtual machine does not affect the configuration or data on the virtual machine. Then, References: [Redeploy Windows VM to new Azure
node]
NEW QUESTION 142
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the resources shown in the following table
In Azure Cloud Shell, you need to create a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the command? To answer, select the appropriate options in the answer area,
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 143
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the resources shown in the following table.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
NSG1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Yes - VM1 can access the Storage account because there is nothing blocking it the on the virtual network. There is a rule that actually allows outbound access to
storage.
Yes- VM2 is on the Same VNET there is nothing blocking access to it from VM1 on the Virtual network. The Deny rule for HTTPS_VM1_Deny is for inbound
internet.
connections
No- You havefrom the
a Inbound deny rule for VM1 from the the internet with a destination of the 10.3.0.15 which is in Subnet1. This proves the NSG is associated to
Subnet1 and only subnet one because the image shows it is connected to only 1 subnet. VM2 is on Subnet2 which you can determined by its IP address. This
means that NSG1 does not apply to VM2.
NEW QUESTION 144
HOTSPOT - (Topic 5)
You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements:
? Replicates synchronously
? Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
NEW QUESTION 147
HOTSPOT - (Topic 5)
You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.
Subscripton1 contains the virtual machines in the following table.
In Subscription1, you create a load balancer that has the following configurations:
? Name: LB1
? SKU: Basic
? Type: Internal
? Subnet: Subnet12
? Virtual network: VNET1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 151
DRAG DROP - (Topic 5)
You have an Azure subscription named Sub1 that contains two users named User1 and User2.
You need to assign role-based access control (RBAC) roles to User1 and User2. The users must be able to perform the following tasks in Sub1:
• User1 must view the data in any storage account.
• User2 must assign users the Contributor role for storage accounts. The solution must use the principle of least privilege.
Which RBAC role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not
at all.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
? User1: You should assign the Reader and Data Access role to User1. This role grants read access to Azure resources and data,
including the data in any storage account1. This role is suitable for User1’s task of viewing the data in any storage account, and it follows the principle of least
privilege by not granting any write or delete permissions.
? User2: You should assign the Storage Account Contributor role to User2. This role
grants full access to manage storage accounts and their data, including the ability to assign roles in Azure RBAC2. This role is suitable for User2’s task of
assigning users the Contributor role for storage accounts, and it follows the principle of least privilege by not granting access to other types of resources.
NEW QUESTION 152
- (Topic 5)
You have an Azure subscription.
You plan to deploy the Azure container instances shown in the following table.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Which instances can you deploy to a container group?
A. Instance1 only
B. Instance2only
C. Instance1 and lnstance2 only
D. Instance3 and Instance4 only
Answer: D
Explanation:
instances-container-groups Multi-container groups currently
https://learn.microsoft.com/en-us/azure/container-instances/container-
support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single container instance. While we are working
to bring all features to Windows containers, you can find current platform differences in the service
NEW QUESTION 153
- (Topic 5)
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial
reporting app named App1 that does not support multiple active instances. At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?
A. Add the Azure Performance Diagnostics agent to VM1.
B. Modify the VM size property of VM1.
C. Add VM1 to a scale set.
D. Increase the vCPU quota for the subscription.
E. Add a Desired State Configuration (DSC) extension to VM1.
Answer: B
Explanation:
To create a scheduled runbook to increase the processor performance of VM1 at the end of each month, you need to modify the VM size property of VM1. This will
allow you to scale up the VM to a larger size that has more CPU cores and memory. You can use Azure Automation to create a PowerShell runbook that changes
the VM size using the Set-AzVM cmdlet. You can then schedule the runbook to run at the end of each month using the Azure portal or Azure PowerShell. For more
information, see How to resize a virtual machine in Azure using Azure Automation1.
NEW QUESTION 154
HOTSPOT - (Topic 5)
You have an Azure AD tenant that is linked to the subscriptions shown in the following table.
You have the resource groups shown In the following table.
You assign roles to users as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Explanation:
? User1 can resize VM1. Yes, this is correct. According to the tables, User1 is assigned the Contributor role at the subscription level for Sub1. The Contributor role
grants full access to manage all resources in the subscription, including the ability to resize virtual machines1. Therefore, User1 can resize VM1, which is a
resource in RG1 under Sub1.
? User2 can create a new storage account in RG1. No, this is not correct. According to the tables, User2 is assigned the Reader role at the resource group level for
RG1. The Reader role grants read-only access to view existing resources in the resource group, but not to create, update, or delete any resources2. Therefore,
User2 cannot create a new storage account in RG1.
? User3 can assign User1 the Owner role for RG3. No, this is not correct. According to the tables, User3 is assigned the Storage Account Contributor role at the
resource group level for RG3. The Storage Account Contributor role grants full access to manage storage accounts and their data in the resource group, but not
to assign roles to other users3. To assign roles to other users, User3 would need a role that has Microsoft.Authorization/roleAssignments/write permissions, such
as User Access Administrator or Owner4. Therefore, User3 cannot assign User1 the Owner role for RG3.
NEW QUESTION 157
- (Topic 5)
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
A. Device settings from the Devices blade.
B. General settings from the Groups blade.
C. User settings from the Users blade.
D. Providers from the MFA Server blade.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
NEW QUESTION 158
- (Topic 5)
You have an Azure subscription that contains an Azure Storage account.
You plan to create an Azure container instance named container1 that will use a Docker image namedImage1. Image1 contains a Microsoft SQL Server instance
that requires persistent storage.
You need to configure a storage service for Container1. What should you use?
A. Azure Files
B. Azure Blob storage
C. Azure Queue storage
D. Azure Table storage
Answer: A
Explanation:
https://azure.microsoft.com/en-us/blog/persistent-docker-volumes-with- azure-file-storage/
NEW QUESTION 160
- (Topic 5)
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault. What should you do first?
A. From the Recovery Service vault, stop the backup of each backup item.
B. From the Recovery Service vault, delete the backup data.
C. Modify the disaster recovery properties of each virtual machine.
D. Modify the locks of each virtual machine.
Answer: A
Explanation:
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to
receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL
Servers in Azure VM, and Azure virtual machines.
References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
NEW QUESTION 162
- (Topic 5)
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key
encryption key (KEK) You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a new key.
B. Select Azure Virtual machines for deployment
C. Configure a key rotation policy.
D. Create a new secret.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
E. Select Azure Disk Encryption for volume encryption
Answer: AC
Explanation:
To prepare Vault1 for Azure Disk Encryption, you need to perform the following actions on Vault1:
? Create a new key. A key encryption key (KEK) is an encryption key that is used to
encrypt the encryption secrets before they are stored in the key vault. You can create a new KEK by using the Azure CLI, the Azure PowerShell, or the Azure
portal1. You can also import an existing KEK from another source, such as a hardware security module (HSM)2. The KEK must be a 2048-bit RSA key or a 256-bit
AES key3.
? Select Azure Disk Encryption for volume encryption. This is an advanced access
policy setting that enables Azure Disk Encryption to access the keys and secrets in the key vault. You can select this setting by using the Azure CLI, the Azure
PowerShell, or the Azure portal4. You must also enable access to Microsoft Trusted Services if you have enabled the firewall on the key vault.
NEW QUESTION 164
- (Topic 5)
You deploy Azure virtual machines to three Azure regions.
Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.
Each subnet contains a network security group (NSG) that has defined rules.
A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.
Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure Virtual Network Manager
B. IP flow verify
C. Azure Monitor Network Insights
D. Connection troubleshoot
E. elective security rules
Answer: BD
Explanation:
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip- flow-verify-overview
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and
a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be
chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
NEW QUESTION 166
HOTSPOT - (Topic 5)
You have two Azure App Service apps named App1 and App2. Each app has a production deployment slot and a test deployment slot. The Backup Configuration
settings for the production slots are shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
? On January 15, 2021, App1 will have only one backup in storage. Yes, this is correct. According to the table, App1 has a backup every 1 day, starting from
January 6, 2021, with a retention of 0 days. This means that each backup will be deleted after 0 days, or as soon as the next backup is created. Therefore, on
January 15, 2021, App1 will have only one backup in storage, which is the one created on that day1.
? On February 6, 2021, you can access the backup of the App2 test slot from
January 15, 2021. No, this is not correct. According to the table, App2 has a backup every 1 day, starting from January 6, 2021, with a retention of 30 days. This
means that each backup will be deleted after 30 days, or when the storage limit is reached. However, the table also shows that App2 has a setting of “Keep at
least one backup” set to Yes. This means that the oldest backup will be retained even if it exceeds the retention period or the storage limit2. Therefore, on
February 6, 2021, you can access the backup of the App2 test slot from January 6, 2021, but not from January 15, 2021.
? On January 15, 2021, you can restore the App2 production slot backup from January 6 to the App2 test slot. Yes, this is correct. According to the web search
results, you can restore a backup by overwriting an existing app or by restoring to a new app or slot3. You can also restore a backup from a different slot or app as
long as they are in the same subscription and region4. Therefore, on January 15, 2021, you can restore the App2 production slot backup from January 6 to the
App2 test slot.
NEW QUESTION 167
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
- (Topic 5)
You plan to move a distributed on-premises app named App1 to an Azure subscription. After the planned move, App1 will be hosted on several Azure virtual
machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create?
one virtual machine scale set that has 10 virtual machines instances
A.
B. one Availability Set that has three fault domains and one update domain
C. one Availability Set that has 10 update domains and one fault domain
D. one virtual machine scale set that has 12 virtual machines instances
Answer: A
Explanation:
A virtual machine scale set is a group of identical virtual machines that are centrally managed, configured, and updated1. A virtual machine scale set can
automatically increase or decrease the number of virtual machine instances in response to demand or a defined schedule2. A virtual machine scale set also
provides high availability and fault tolerance by distributing the virtual machine instances across multiple fault domains and update domains3.
A fault domain is a logical group of underlying hardware that share a common power source and network switch. A fault domain can fail due to hardware or
software failures, power outages, or network interruptions4. A virtual machine scale set can have up to five fault domains in a region.
An update domain is a logical group of underlying hardware that can undergo maintenance or be rebooted at the same time. An update domain can be affected by
planned events, such as OS updates, application updates, or configuration changes4. A virtual machine scale set can have up to 20 update domains in a region.
By creating a virtual machine scale set that has 10 virtual machine instances, you can ensure that App1 always runs on at least eight virtual machines during
planned Azure maintenance. This is because the default configuration of a virtual machine scale set is to have five fault domains and five update domains. This
means that at any given time, only one fault domain or one update domain can be unavailable due to maintenance or failure. Therefore, at least eight out of 10
virtual machine instances will be available to run App1. An availability set is another option for providing high availability and fault tolerance for your virtual
machines. An availability set is a logical grouping of two or more virtual machines that are deployed across multiple fault domains and update domains. However,
an availability set does not provide automatic scaling of resources or load balancing of traffic. You need to manually create and manage the number of virtual
machine instances in an availability set.
Therefore, a virtual machine scale set is a better option than an availability set for your scenario. To create a virtual machine scale set, you can follow these steps:
? Sign in to the Azure portal.
? Select Create a resource > Compute > Virtual machine scale set.
? On the Basics tab, enter a name for your scale set, select your subscription and resource group, select Windows Server 2019 as the image type, and enter a
username and password for the administrator account.
? On the Instance details tab, select the region where you want to deploy your scale set, select the size of the virtual machine instances, and enter 10 as the initial
instance count.
? On the Scaling tab, configure the scaling policy for your scale set based on metrics or schedule.
? On the Load balancing tab, configure the load balancer for your scale set to
distribute traffic across the instances.
? On the Management tab, configure the diagnostics settings, automatic OS upgrades, extensions, and backup options for your scale set.
? On the Advanced tab, configure the availability zone, proximity placement group, accelerated networking, host group, and custom script extension options for
your scale set.
? On the Tags tab, optionally add tags to your scale set resources.
? On the Review + create tab, review your settings and select Create.
NEW QUESTION 168
HOTSPOT - (Topic 5)
You have an Azure subscription.
You create the following file named Deploy.json.
You connect to the subscription and run the following commands.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 171
- (Topic 5)
You have an Azure AD tenant that is linked to 10 Azure subscriptions. You need to centrally monitor user activity across all the subscriptions. What should you
use?
A. Activity log filters
B. Log Analytics workspace
C. access reviews
D. Azure Application Insights Profiler
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#send-to-log-analytics-workspace Send the activity log to a Log
Analytics workspace to enable the Azure Monitor Logs feature, where you: - Consolidate log entries from multiple Azure subscriptions and tenants into one location
for analysis together.
NEW QUESTION 172
- (Topic 5)
You have an Azure App Service app named App1 that contains two running instances. You have an autoscale rule configured as shown in the following exhibit.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
For the Instance limits scale condition setting, you set Maximum to 5. During a 30-minute period, App1 uses 80 percent of the available memory.
What is the maximum number of instances for App1 during the 30-minute period?
A. Mastered
B. Not Mastered
Answer: A
NEW QUESTION 173
- (Topic 5)
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.
A. Modify the extensionProfile section of the Azure Resource Manager template.
B. Create a new virtual machine scale set in the Azure portal.
C. Create an Azure policy.
D. Create an automation account.
E. Upload a configuration script.
Answer: AB
Explanation:
To automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image and has web server components installed, you
need to perform the following actions:
? Modify the extensionProfile section of the Azure Resource Manager template. This section defines the extensions that are applied to the scale set virtual
machines after they are provisioned. You can use the Custom Script Extension to run PowerShell scripts that install and configure the web server components. For
more information, see Deploy an application to an Azure Virtual Machine Scale Set1.
commands to install and configure the web server
? Upload a configuration script. This is the PowerShell script that contains the
components. You can upload the script to a storage account or a GitHub repository, and then reference it in the extensionProfile section of the template. For an
example of a configuration script, see Tutorial: Install applications in Virtual Machine Scale Sets with Azure PowerShell2.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
NEW QUESTION 177
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule;
• Priority: 100
• Name: Rule1
• Port: 3389
• Protocol: TCP
• Source: Any
• Destination: Any
• Action: Allow
NSG1 is associated to Subnet! NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
No: VM1 has default rules which denies any port open for inbound rules Yes: VM2 has custom rule allowing RDP port
Yes: VM1 and VM2 are in the same Vnet. by default, communication are allowed
NEW QUESTION 181
- (Topic 5)
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. a Security group that uses the Assigned membership type
B. an Office 365 group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type
Answer: BC
Explanation:
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove
inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.
NEW QUESTION 185
HOTSPOT - (Topic 5)
You have an Azure subscription that contains a storage account named storage1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
contoso.com that syncs to an on-premises Active Directory domain.
The domain contains the security principals shown in the following table.
In Azure AD, you create a user named User2.
The storage1 account contains a file share named share1 and has the following configurations.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 186
- (Topic 5)
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB. Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
NEW QUESTION 187
HOTSPOT - (Topic 5)
You have the Azure resources shown on the following exhibit.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
You plan to track resource usage and prevent the deletion of resources.
To which resources can you apply locks and tags? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: Sub1, RG1, and VM1 only
You can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
Box 2: Sub1, RG1, and VM1 only
You apply tags to your Azure resources, resource groups, and subscriptions.
NEW QUESTION 191
HOTSPOT - (Topic 5)
You have the App Service plans shown in the following table.
You plan to create the Azure web apps shown in the following table.
You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Box 1: ASP1 ASP3
Asp1, ASP3: ASP.NET Core apps can be hosted both on Windows or Linux.
Not ASP2: The region in which your app runs is the region of the App Service plan it's in. Box 2: ASP1
ASP.NET apps can be hosted on Windows only.
NEW QUESTION 196
- (Topic 5)
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage! travels across the Microsoft backbone network.
What should you configure?
A. private endpoints
Azure Firewall
B. Azure AD Application Proxy
C.
D. Azure Peering Service
Answer: B
Explanation:
Per the MS documentation, private endpoint seems to be the proper choice: "You can use private endpoints for your Azure Storage accounts to allow clients on a
virtual network (VNet) to securely access data over a Private Link. The private endpoint uses a separate IP address from the VNet address space for each storage
account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone
network, eliminating exposure from the public internet." Link: https://learn.microsoft.com/en-us/azure/storage/common/storage-private- endpoints
NEW QUESTION 201
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the virtual networks shown in the following table.
You have the virtual machines shown in the following table.
You have the virtual network interfaces shown in the following table.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
Server1 is a DNS server that contains the resources shown in the following table.
You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 203
- (Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique
solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure
subscription.
Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The Owner role is a very high-level role that grants full access to manage all resources in the scope, including the ability to assign roles to other users. This role
does not follow the principle of least privilege, which means that you should only grant the minimum level of access required to accomplish the goal.
To enable Traffic Analytics for an Azure subscription, you need to have a role that grants you the following permissions at the subscription level:
? Microsoft.Network/applicationGateways/read
? Microsoft.Network/connections/read
? Microsoft.Network/loadBalancers/read
? Microsoft.Network/localNetworkGateways/read
? Microsoft.Network/networkInterfaces/read
? Microsoft.Network/networkSecurityGroups/read
? Microsoft.Network/publicIPAddresses/read
? Microsoft.Network/routeTables/read
? Microsoft.Network/virtualNetworkGateways/read
? Microsoft.Network/virtualNetworks/read
? Microsoft.OperationalInsights/workspaces/*
Some of the built-in roles that have these permissions are Owner, Contributor, or Network Contributor1. However, these roles also grant other permissions that
may not be necessary or desirable for enabling Traffic Analytics. Therefore, the best practice is to use the principle of least privilege and create a custom role that
only has the required permissions for enabling Traffic Analytics2.
Therefore, to meet the goal of ensuring that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription,
you should create a custom role with the required permissions and assign it to Admin1 at the subscription level.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
NEW QUESTION 205
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the virtual networks shown in the following table.
The subnets have the IP address spaces shown in the following table.
You plan to create a container app named contapp1 in the East US Azure region.
You need to create a container app environment named con-env1 that meets the following requirements:
• Uses its own virtual network.
• Uses its own subnet.
• Is connected to the smallest possible subnet.
To which virtual networks can you connect con-env1, and which subnet mask should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
A. Mastered
B. Not Mastered
Answer: A
Explanation:
? Virtual Network: You can connect con-env1 to VNet2 and VNet3 only. This is because VNet1 is in a different region than the container app, which is East
US. According to the web search results, you can only connect a container app environment to a virtual network that is in the same region as the container app1.
Therefore, VNet1 is not a valid option. VNet2 and VNet3 are both in the same region as the container app, and they have enough available IP addresses to
support a container app environment.
? Subnet mask: You should use /28 as the subnet mask for con-env1. This is
because /28 is the smallest possible subnet mask that can accommodate a container app environment. According to the web search results, a container app
environment requires a minimum of 16 IP addresses in a subnet2. A /28 subnet mask provides 16 IP addresses, while a /26 subnet mask provides 64 IP
addresses, a /24 subnet mask provides 256 IP addresses, a /23 subnet mask provides 512 IP addresses, and a /16 subnet mask provides 65,536 IP addresses.
Therefore, /28 is the most efficient choice for minimizing the subnet size.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
NEW QUESTION 206
- (Topic 5)
You have a Recovery Services vault named RSV1. RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14 days.
RSV1 performs daily backups of VM1. VM1 hosts a static website that was updated eight days ago.
You need to recover VM1 to a point eight days ago. The solution must minimize downtime. What should you do first?
A. Deallocate VM1.
B. Restore VM1 by using the Replace existing restore configuration option.
C. Delete VM1.
D. Restore VM1 by using the Create new restore configuration option.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#restore-options
To recover VM1 to a point eight days ago, you need to use the Azure Backup service to restore the VM from a recovery point. A recovery point is a snapshot of the
VM data at a specific point in time. Azure Backup creates recovery points according to the backup policy that you configure for the Recovery Services vault1.
In this case, the Recovery Services vault named RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14 days. This means
that you can restore the VM from any point in the last 14 days, as long as there is a recovery point available. Since you need to recover VM1 to a point eight days
ago, you can use the daily backup recovery point that was created on that day2.
To restore the VM from a recovery point, you have two options: Replace existing or Create new. The Replace existing option overwrites the existing VM with the
restored data, while the Create new option creates a new VM with the restored data. The Replace existing option requires you to deallocate or delete the existing
without affecting
VM before restoring
the existing it, which
VM, which can cause
minimizes downtime
downtime andloss3.
and data data loss. The Create new option allows you to restore the VM
Therefore, the best option is to restore VM1 by using the Create new restore configuration option. This will create a new VM with the same name as VM1 and
append a suffix to it, such as -Restored. You can then verify that the new VM has the correct data and configuration, and switch over to it when you are ready. You
can also delete the original VM if you don’t need it anymore3.
NEW QUESTION 209
......
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy AZ-104 dumps
https://www.2passeasy.com/dumps/AZ-104/ (232 New Questions)
THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual AZ-104 Exam Questions With Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
AZ-104 Product From:
https://www.2passeasy.com/dumps/AZ-104/
Money Back Guarantee
AZ-104 Practice Exam Features:
* AZ-104 Questions and Answers Updated Frequently
* AZ-104 Practice Questions Verified by Expert Senior Certified Staff
* AZ-104 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* AZ-104 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Powered by TCPDF (www.tcpdf.org)
You might also like
- 11.TBL Training Participant Manual 2021No ratings yet11.TBL Training Participant Manual 2021253 pages
- In The High Court of Punjab and Haryana at ChandigarhNo ratings yetIn The High Court of Punjab and Haryana at Chandigarh25 pages
- Microsoft Azure Administrator AZ-104 Exam Guide100% (6)Microsoft Azure Administrator AZ-104 Exam Guide10 pages
- Sample Questions For Microsoft Azure Administrator AZ-104 Certification ExamNo ratings yetSample Questions For Microsoft Azure Administrator AZ-104 Certification Exam7 pages
- TheTechBlackBoard-AZ-104 - 190questions - SampleNo ratings yetTheTechBlackBoard-AZ-104 - 190questions - Sample9 pages
- Microsoft - Selftestengine.az 104.practice - Test.2024 Apr 25.by - Kim.124q.vceNo ratings yetMicrosoft - Selftestengine.az 104.practice - Test.2024 Apr 25.by - Kim.124q.vce16 pages
- Pass Microsoft AZ-104 Exam With 100% GuaranteeNo ratings yetPass Microsoft AZ-104 Exam With 100% Guarantee8 pages
- Microsoft Az 104 Dumps by Potts 09-08-2024 6qa DumpshqNo ratings yetMicrosoft Az 104 Dumps by Potts 09-08-2024 6qa Dumpshq12 pages
- Exam Questions AZ-104: Microsoft Azure Administrator (Beta)No ratings yetExam Questions AZ-104: Microsoft Azure Administrator (Beta)23 pages
- Introducing LCC ISO UK Standards - Andy Green 271109No ratings yetIntroducing LCC ISO UK Standards - Andy Green 27110931 pages
- The Modern World System As A Capitalist World Economy IWNo ratings yetThe Modern World System As A Capitalist World Economy IW8 pages
- Aindump2go Az-104 Study Guide 2023-May-12 by Avery 180q VceNo ratings yetAindump2go Az-104 Study Guide 2023-May-12 by Avery 180q Vce47 pages
- Microsoft Certshared Az-104 PDF Download 2022-May-07 by Nathaniel 290q VceNo ratings yetMicrosoft Certshared Az-104 PDF Download 2022-May-07 by Nathaniel 290q Vce16 pages
- AZ-104 Microsoft Azure Administrator Exam Dumps 1No ratings yetAZ-104 Microsoft Azure Administrator Exam Dumps 114 pages
- Republic Act No. 10368 - Official Gazette of The Republic of The PhilippinesNo ratings yetRepublic Act No. 10368 - Official Gazette of The Republic of The Philippines14 pages
- Compilation of Cases in Human Rights LawNo ratings yetCompilation of Cases in Human Rights Law12 pages
- Vendor: Microsoft Exam Code: AZ-104 Exam Name: Microsoft Azure Administrator Version: DEMONo ratings yetVendor: Microsoft Exam Code: AZ-104 Exam Name: Microsoft Azure Administrator Version: DEMO7 pages
- Environmental Impact of Energy Utilisation in IndiaNo ratings yetEnvironmental Impact of Energy Utilisation in India11 pages
- (Aug-2020) New PassLeader AZ-104 Exam DumpsNo ratings yet(Aug-2020) New PassLeader AZ-104 Exam Dumps7 pages
- Planos Molde para Vulcanizado de LlantasNo ratings yetPlanos Molde para Vulcanizado de Llantas10 pages
- Apuntes Literatura Norteamericana Siglo XXNo ratings yetApuntes Literatura Norteamericana Siglo XX8 pages
- Programa The Anthropology and Archaeology of DeathNo ratings yetPrograma The Anthropology and Archaeology of Death9 pages
- Microsoft Azure Administrator Associate AZ 104 Practice Exam Test Set 3 PkriefNo ratings yetMicrosoft Azure Administrator Associate AZ 104 Practice Exam Test Set 3 Pkrief8 pages
- Vendor: Microsoft Exam Code: AZ-104 Exam Name: Microsoft Azure Administrator Version: DEMONo ratings yetVendor: Microsoft Exam Code: AZ-104 Exam Name: Microsoft Azure Administrator Version: DEMO7 pages
- Santiago V CF Sharp Crew Management DigestNo ratings yetSantiago V CF Sharp Crew Management Digest3 pages
- Linux DevOps Tools Engineer (701) Practice Tests: 400 Questions to Ace Your CertificationFrom EverandLinux DevOps Tools Engineer (701) Practice Tests: 400 Questions to Ace Your CertificationNo ratings yet
- AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023From EverandAWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023No ratings yet
- AWS Certified Advanced Networking - Specialty ANS-C01 Exam PreparationFrom EverandAWS Certified Advanced Networking - Specialty ANS-C01 Exam PreparationNo ratings yet
- Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed AnswersFrom EverandGoogle Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed AnswersNo ratings yet
- AZ-104 Azure Administrator Practice Paper 2: AZ-104 Azure Administrator, #2From EverandAZ-104 Azure Administrator Practice Paper 2: AZ-104 Azure Administrator, #2No ratings yet
- Microsoft AZ-400: Designing and Implementing Microsoft DevOps Solutions - Certification Exam PrepFrom EverandMicrosoft AZ-400: Designing and Implementing Microsoft DevOps Solutions - Certification Exam PrepNo ratings yet
- Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed AnswersFrom EverandGoogle Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed AnswersNo ratings yet
- AZ-900 Azure Fundamentals Practice Paper 6: AZ-900 Azure Fundamentals, #6From EverandAZ-900 Azure Fundamentals Practice Paper 6: AZ-900 Azure Fundamentals, #6No ratings yet
- AZ-104 Azure Administrator Practice Paper 1: AZ-104 Azure Administrator, #1From EverandAZ-104 Azure Administrator Practice Paper 1: AZ-104 Azure Administrator, #1No ratings yet
- AZ-900 Azure Fundamentals Practice Paper 2: AZ-900 Azure Fundamentals, #2From EverandAZ-900 Azure Fundamentals Practice Paper 2: AZ-900 Azure Fundamentals, #2No ratings yet
- AZ-900 Azure Fundamentals Practice Paper 1: AZ-900 Azure Fundamentals, #1From EverandAZ-900 Azure Fundamentals Practice Paper 1: AZ-900 Azure Fundamentals, #1No ratings yet
- Google Associate Cloud Engineer Exam Companion: Q&A with ExplanationsFrom EverandGoogle Associate Cloud Engineer Exam Companion: Q&A with ExplanationsNo ratings yet
- AWS Certified Cloud Practitioner - Practice Paper 2: AWS Certified Cloud Practitioner, #2From EverandAWS Certified Cloud Practitioner - Practice Paper 2: AWS Certified Cloud Practitioner, #25/5 (2)
- SQL Server Interview Questions You'll Most Likely Be AskedFrom EverandSQL Server Interview Questions You'll Most Likely Be AskedNo ratings yet
- IBM WebSphere Application Server Interview Questions You'll Most Likely Be AskedFrom EverandIBM WebSphere Application Server Interview Questions You'll Most Likely Be AskedNo ratings yet
