This dump is 100% valid to pass Microsoft Role-based Jan 15,2022 Newest AZ-104 vce dumps exam. The only tips is please do not just memorize the questions and answers, you need to get through understanding of it because the question changed a little in the real exam. Follow the instructions in the Geekcert Role-based Latest AZ-104 vce Microsoft Azure Administrator PDF and VCEs. All Geekcert materials will help you pass your Microsoft Role-based exam successfully.
AZ-104 exam academy – free online AZ-104 exam study guide resource for AZ-104 associate specialty exams. real AZ-104 braindumps with 100% exam passing guarantee. Geekcert expert team is will help you to get all AZ-104 certifications easily. Geekcert provides you the easiest way to pass your AZ-104 certification exam.
We Geekcert has our own expert team. They selected and published the latest AZ-104 preparation materials from Microsoft Official Exam-Center: https://www.geekcert.com/az-104.html
The following are the AZ-104 free dumps. Go through and check the validity and accuracy of our AZ-104 dumps.Real questions from AZ-104 free dumps. Download demo of AZ-104 dumps to check the validity.
Question 1:
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommended?
A. Azure AP B2C
B. Azure AD Identity Protection
C. an Azure logic app and the Microsoft Identity Management (MIM) client
D. dynamic groups and conditional access policies
Correct Answer: D
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Question 2:
Which blade should you instruct the finance department auditors to use?
A. Partner information
B. Overview
C. Payment methods
D. Invoices
Correct Answer: D
You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.
Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily- usage-date
Question 3:
You need to prepare the environment to meet the authentication requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Correct Answer: BD
D: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users\’ Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com Incorrect Answers:
A: Seamless SSO needs the user\’s device to be domain-joined, but doesn\’t need for the device to be Azure AD Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS). Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in
Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory- aadconnect-sso-quick-start
Question 4:
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?
A. Join the client computers in the Miami office to Azure AD.
B. Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
D. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication
E. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
Correct Answer: BD
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as \’[email protected].\’ instead of \’[email protected] name.onmicrosoft.com\’. Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom- domain
Question 5:
You need to resolve the Active Directory issue. What should you do?
A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
B. Run idfix.exe, and then use the Edit action.
C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
D. From Azure AD Connect, modify the outbound synchronization rule.
Correct Answer: B
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on- premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory
administrators responsible for directory synchronization with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
References: https://www.microsoft.com/en-us/download/details.aspx?id=36832
Question 6:
You need to prepare the environment to meet the authentication requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Join the client computers in the Miami office to Azure AD.
D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Correct Answer: BE
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users\’ Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com E: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Question 7:
You need to resolve the licensing issue before you attempt to assign the license again. What should you do?
A. From the Groups blade, invite the user accounts to a new group.
B. From the Profile blade, modify the usage location.
C. From the Directory role blade, modify the directory role.
Correct Answer: B
Scenario: Licensing Issue
1.
You attempt to assign a license in Azure to several users and receive the following error message: “Licenses not assigned. License agreement failed for one user.”
2.
You verify that the Azure subscription has the available licenses.
Solution:
License cannot be assigned to a user without a usage location specified.
Explanation:
Some Microsoft services aren\’t available in all locations because of local laws and regulations. Before you can assign a license to a user, you must specify the Usage location property for the user. You can specify the location under the User
> Profile > Settings section in the Azure portal.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groupsresolve-problems
Question 8:
You need to meet the user requirement for Admin1. What should you do?
A. From the Subscriptions blade, select the subscription, and then modify the Properties.
B. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
C. From the Azure Active Directory blade, modify the Properties.
D. From the Azure Active Directory blade, modify the Groups.
Correct Answer: A
Change the Service administrator for an Azure subscription Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription .
References: https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription- administrator
Question 9:
You need to move the blueprint files to Azure. What should you do?
A. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
B. Use the Azure Import/Export service.
C. Generate an access key. Map a drive, and then copy the files by using File Explorer.
D. Use Azure Storage Explorer to copy the files.
Correct Answer: D
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet.
References: https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science- process/move-data-to-azure-blob-using-azure-storage-explorer
Question 10:
You need to implement a backup solution for App1 after the application is moved. What should you create first?
A. a recovery plan
B. an Azure Backup Server
C. a backup policy
D. a Recovery Services vault
Correct Answer: D
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups. References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
Question 11:
You need to recommend an identify solution that meets the technical requirements. What should you recommend?
A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
B. password hash synchronization and single sign-on (SSO)
C. cloud-only user accounts
D. Pass-through Authentication and single sign-on (SSO)
Correct Answer: A
Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company\’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure. References: https://www.sherweb.com/blog/active-directory-federation-services/
Question 12:
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
A. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
B. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
Correct Answer: C
As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Question 13:
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommendation?
A. Azure AD B2C
B. dynamic groups and conditional access policies
C. Azure AD Identity Protection
D. an Azure logic app and the Microsoft Identity Management (MIM) client
Correct Answer: B
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Question 14:
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
A. Diagram in VNet1
B. Diagnostic settings in Azure Monitor
C. Diagnose and solve problems in Traffic Manager profiles
D. The security recommendations in Azure Advisor
E. IP flow verify in Azure Network Watcher
Correct Answer: E
Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule
that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Question 15:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant
named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The Contributor role can manage all resources (and add resources) in a Resource Group.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
