Microsoft AZ-104 Microsoft Azure Administrator Online Training
Microsoft AZ-104 Online Training
The questions for AZ-104 were last updated at Dec 22,2024.
- Exam Code: AZ-104
- Exam Name: Microsoft Azure Administrator
- Certification Provider: Microsoft
- Latest update: Dec 22,2024
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Monitor, you create a metric on Network in and Network Out.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
- A . Yes
- B . No
HOTSPOT
You have an Azure subscription that contains the container images shown in the following table.
You plan to use the following services:
• Azure Container Instances
• Azure Container Apps
• Azure App Service
In which services can you run the images? To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.
What should you create first?
- A . an Azure Monitor Private Link Scope (AMPIS)
- B . a private endpoint
- C . a Log Analytics workspace
- D . a data collection rule (DCR)
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
You plan to create a data collection rule named DCRI in Azure Monitor.
Which resources can you set as data sources in DCRI, and which resources can you set as destinations in DCRI? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2.
Server2 has the following tools installed:
– The DNS Manager console
– Azure PowerShell
– Azure CLI 2.0
You need to move the adatum.com zone to an Azure DNS zone in Subscription 1. The solution must minimize administrative effort.
What should you use?
- A . Azure PowerShell
- B . Azure CLI
- C . the Azure portal
- D . the DNS Manager console
You have an Azure subscription that hat Traffic Analytics configured.
You deploy a new virtual machine named VM1 that has the following settings:
• Region- East US
• Virtual network: VNet1
• NIC network security group: NSG1
You need to monitor VM1 traffic by using Traffic Analytics.
Which settings should you configure?
- A . Diagnostic settings for VM1
- B . Insights for VM1
- C . NSG flow logs for NSG1
- D . Diagnostic settings for NSG1
You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1. You need to
prevent VM1 from accessing VM2 on port 3389.
What should you do?
- A . Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
- B . Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.
- C . Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1.
- D . Configure Azure Bastion in VNet1.