AZ-104 Part 1

No- you should go to Resource Group then --> Deployments blade

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share.A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.You want to review the ARM template that was used by Jon Ross.Solution: You access the Container blade.Does the solution meet the goal?

Azure Monitor ----Azure Monitor is collecting Logs and Metrics.

You administer a solution in Azure that is currently having performance issues.You need to find the cause of the performance issues pertaining to metrics on the Azure infrastructure.Which of the following is the tool you should use?

Max Value

Your company has an Azure subscription.You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set.You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance.Which of the following is the value that you should configure for the platformFaultDomainCount property?

The az vm create command.

You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription. You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA).Which of the following should you use to create the virtual machine?

No ---Health probe require TCP port 1433 is port used by SQL Server

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group.Solution: You create an HTTP health probe on port 1433.Does the solution meet the goal?

Yes- If you want to use the backend port across multiple rules, you must enable Floating IP in the rule definition.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group.Solution: You enable Floating IP.Does the solution meet the goal?

No- Session persistence should be set to "None"

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group.Solution: You set Session persistence to Client IP.Does the solution meet the goal?

B Netlogon will not help

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain.You have a server named DirSync1 that is configured as a DirSync server.You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.Solution: You restart the NetLogon service on a domain controller.Does the solution meet the goal?

NO- AD Connect > Sychronization service > Connectors >Run on the actions pane

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain.You have a server named DirSync1 that is configured as a DirSync server.You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.Solution: You use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller.Does the solution meet the goal?

Yes- from Resource Group choose ----> Deployments blade

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share.A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.You want to review the ARM template that was used by Jon Ross.Solution: You access the Resource Group blade.Does the solution meet the goal?

No- should be RG blade

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share.A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.You want to review the ARM template that was used by Jon Ross.Solution: You access the Virtual Machine blade.Does the solution meet the goal?

No -----Download and re-install the VPN client configuration package workstation.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering betweenVirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.Solution: You choose the Allow gateway transit setting on VirtualNetworkA.Does the solution meet the goal?

No- After changing topology the azure vpn client must be reinstalled to include the new topology information.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering betweenVirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.Solution: You choose the Allow gateway transit setting on VirtualNetworkB.Does the solution meet the goal?

Yes--If you make a change to the P2S topology the VPN client package for Windows clients must be downloaded and reinstalled

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering betweenVirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.Solution: You download and re-install the VPN client configuration package on the Windows 10 workstation.Does the solution meet the goal?

No You cannot change the usage model after an MFA provider is created

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You reconfigure the existing usage model via the Azure portal. Does the solution meet the goal?

Yes Access policy>Grant control

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Azure Active Directory (Azure AD) subscription.You want to implement an Azure AD conditional access policy.The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.Does the solution meet the goal?

No To enforce MFA from an untrusted location, you need to create a conditional access rule that requires MFA with Grant control.

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Azure Active Directory (Azure AD) subscription.You want to implement an Azure AD conditional access policy.The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.Does the solution meet the goal?

No 1- the best way to enforce MFA is by Conditional Access 2- the device has to be identified by azure AD as A AD joined Device. 3- the trusted ip must be configured.

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Azure Active Directory (Azure AD) subscription.You want to implement an Azure AD conditional access policy.The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the multi-factor authentication page to alter the user settings.Does the solution meet the goal?

NO- ADSyncSyncCycle -PolicyType Delta - for immidiate ADSyncSyncCycle -PolicyType Initial - for full synchronization

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain.You have a server named DirSync1 that is configured as a DirSync server.You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.Does the solution meet the goal?

Yes You cannot change the usage model (per enabled user or per authentication) after an MFA provider is created.

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.To achieve this, the Per Enabled User setting must be set for the usage model.Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data.Does the solution meet the goal?

No You can't change the usage model after an MFA provider is created.

The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.To achieve this, the Per Enabled User setting must be set for the usage model.Solution: You reconfigure the existing usage model via the Azure CLI.Does the solution meet the goal?

a Microsoft 365 group that uses the Assigned membership type a Microsoft 365 group that uses the Dynamic User membership type

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.Which two groups should you create? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

From the Licenses blade of Azure AD, assign a license----Active Directory-> Manage Section > Choose Licenses -> All Products -> Select Azure Active Directory Premium P2 -> Then assign a user to it.

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.You purchase 10 Azure AD Premium P2 licenses for the tenant.You need to ensure that 10 users can use all the Azure AD Premium features.What should you do?

From the Directory role blade, modify the directory role---Active Directory -> Manage Section -> Roles and administrators-> Search for Admin and assign a user to it.

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.You create a new user account named AdminUser1.You need to assign the User administrator administrative role to AdminUser1.What should you do from the user account properties?

From contoso.com, create an OAuth 2.0 authorization endpoint.-- The Azure AD client application is used by kubectl to sign in users with OAuth 2.0 device authorization grant flow.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.You need to ensure that access to AKS1 can be granted to the contoso.com users.What should you do first?

Detach the data disk.---You can simply detach a data disk from one VM and attach it to the other VM without stopping either of the VMs

You have an Azure virtual machine (VM) that has a single data disk. You have been tasked with attaching this data disk to another Azure VM.You need to make sure that your strategy allows for the virtual machines to be offline for the least amount of time possible.Which of the following is the action you should take FIRST?

From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet----Set-AzMarketplaceTerms -Publisher <String> -Product <String> -Name <String> [-Accept] [-Terms <PSAgreementTerms>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]

You recently created a new Azure subscription that contains a user named Admin1.Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using AzurePowerShell and receives the following error message: `User failed validation to purchase resources. Error message: `Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time.`You need to ensure that Admin1 can deploy the Marketplace resource successfully.What should you do?

Read-access geo-redundant storage (RA-GRS)

Your company has a Microsoft Azure subscription.The company has datacenters in Los Angeles and New York.You are configuring the two datacenters as geo-clustered sites for site resiliency.You need to recommend an Azure storage redundancy option.You have the following data storage requirements:✑ Data must be stored on multiple nodes.✑ Data must be stored on nodes in separate geographic locations.✑ Data can be read from the secondary location as well as from the primary location.Which of the following Azure stored redundancy options should you recommend?

5----5 VM so 5 NIC Cards .we have public and private ip address set to them .however they needs same inbound and outbound rule so create NSG and attach to NIC and this req can be fulfilled 5 NIC hence 5 is right ans

Your company has an Azure Active Directory (Azure AD) subscription.You need to deploy five virtual machines (VMs) to your company's virtual network subnet.The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical.Which of the following is the least amount of network interfaces needed for this configuration?

1

Your company has an Azure Active Directory (Azure AD) subscription.You need to deploy five virtual machines (VMs) to your company's virtual network subnet.The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical.Which of the following is the least amount of security groups needed for this configuration?

Configure a SetupComplete.cmd batch file in the %windir%\setup\scripts directory.

Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.The on-premise virtual environment consists of virtual machines (VMs) running on Windows Server 2012 R2 Hyper-V host servers.You have created some PowerShell scripts to automate the configuration of newly created VMs. You plan to create several new VMs.You need a solution that ensures the scripts are run on the new VMs.Which of the following is the best solution?

Add-AzVhd---- VHD stands for 'Virtual Hard Disk' - when you get asked to deploy and image to a VM think: Add-AzVhd

Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.You plan to deploy several new virtual machines (VMs) in Azure. The VMs will have the same operating system and custom software requirements.You configure a reference VM in the on-premise virtual environment. You then generalize the VM to create an image.You need to upload the image to Azure to ensure that it is available for selection when you create the new Azure VMs.Which PowerShell cmdlets should you use?

A. VMs that run Windows 10. B. VMs that run Windows Server 2012 or higher. C. VMs that have NOT been shut down. D. VMs that run Debian 8.2+. E. VMs that have been shut down. ALL are correct

Your company has an Azure subscription that includes a Recovery Services vault.You want to use Azure Backup to schedule a backup of your company's virtual machines (VMs) to the Recovery Services vault.Which of the following VMs can you back up? Choose all that apply.

20 is the max value available to choose

Your company has an Azure subscription.You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set.You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance.Which of the following is the value that you should configure for the platformUpdateDomainCount property?

Assign tags to the virtual machines.

Your company has serval departments. Each department has a number of virtual machines (VMs). The company has an Azure subscription that contains a resource group named RG1.All VMs are located in RG1.You want to associate each VM with its respective department. What should you do?

You should stop all three VMs. ---Stop all the VM's for deallocation then increase the size

Your company has three virtual machines (VMs) that are included in an availability set.You try to resize one of the VMs, which returns an allocation failure message.It is imperative that the VM is resized.Which of the following actions should you take?

Run the Set-AzureStaticVNetIP PowerShell cmdlet.--- For the new PowerShell cmdlets you would use: Set-AzNetworkInterface

Your company has two on-premises servers named SRV01 and SRV02. Developers have created an application that runs on SRV01. The application calls a service on SRV02 by IP address.You plan to migrate the application on Azure virtual machines (VMs). You have configured two VMs on a single subnet in an Azure virtual network.You need to configure the two VMs with static internal IP addresses.What should you do?

Configure a Point-to-Site (P2S) VPN ---.Point to Site (P2S) VPN is intended to be used by remote workers.

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.The company has users that work remotely. The remote workers require access to the VMs on VNet1.You need to provide access for the remote workers.What should you do?

You should restore the VM to a new Azure VM.

Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.One of the VMs is backed up every day using Azure Backup Instant Restore.When the VM becomes infected with data encrypting ransomware, you are required to restore the VM.Which of the following actions should you take?

You can recover the files to any VM within the companyג€™s subscription---Any VM's inside the subscription can be recovered

Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.One of the VMs is backed up every day using Azure Backup Instant Restore.When the VM becomes infected with data encrypting ransomware, you decide to recover the VM's files.Which of the following is TRUE in this scenario?