[November-2020]Instant Download Braindump2go AZ-104 Exam VCE and PDF Dumps AZ-104 310Q[Q265-Q276]
2020/November Latest Braindump2go AZ-104 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-104 Real Exam Questions! QUESTION 265 Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment Currently, Contoso uses multiple types of servers for business operations, including the following: - File servers - Domain controllers - Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: - A SQL database - A web front end - A processing middle tier Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements Planned Changes Contoso plans to implement the following changes to the infrastructure: - Move all the tiers of App1 to Azure. - Move the existing product blueprint files to Azure Blob storage. - Create a hybrid directory to support an upcoming Microsoft Office 365 migration project. Technical Requirements Contoso must meet the following technical requirements: - Move all the virtual machines for App1 to Azure. - Minimize the number of open ports between the App1 tiers. - Ensure that all the virtual machines for App1 are protected by backups. - Copy the blueprint files to Azure over the Internet. - Ensure that the blueprint files are stored in the archive storage tier. - Ensure that partner access to the blueprint files is secured and temporary. - Prevent user passwords or hashes of passwords from being stored in Azure. - Use unmanaged standard storage for the hard disks of the virtualmachines. - Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. - Minimize administrative effort whenever possible. User Requirements Contoso identifies the following requirements for users: - Ensure that only users who are part of a group named Pilot can join devices to Azure AD. - Designate a new user named Admin1 as the service administrator of the Azure subscription. - Ensure that a new user named User3 can create network objects for the Azure subscription. Hotspot Question You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Explanation: This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database A web front end A processing middle tier Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Technical requirements include: Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers. Reference: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server 1 QUESTION 266 Case Study 3 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Contoso are hosted on-premises. Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses adomain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone. Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Contoso.com contains a user named User1. All the offices connect by using private links. Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table. Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory. The Azure subscription contains the resources in the following table. The network security team implements several network security groups (NSGs). Planned Changes Contoso plans to implement the following changes: - Deploy Azure ExpressRoute to the Montreal office. - Migrate the virtual machines hosted on Server1 and Server2 to Azure. - Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). - Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical requirements Contoso must meet the following technical requirements: - Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances. - Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. - Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. - Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only. - Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com - Connect the New York office to VNet1 over the Internet by using an encrypted connection. - Create a workflow to send an email message when the settings of VM4 are modified. - Create a custom Azure role named Role1 that is based on the Reader role. - Minimize costs whenever possible. You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommendation? A. Azure AD B2C B. dynamic groups and conditional access policies C. Azure AD Identity Protection D. an Azure logic app and the Microsoft Identity Management (MIM) client Answer: B Explanation: Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only. The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions. Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates 2 QUESTION 267 Case Study 3 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Contoso are hosted on-premises. Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses adomain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone. Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Contoso.com contains a user named User1. All the offices connect by using private links. Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table. Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory. The Azure subscription contains the resources in the following table. The network security team implements several network security groups (NSGs). Planned Changes Contoso plans to implement the following changes: - Deploy Azure ExpressRoute to the Montreal office. - Migrate the virtual machines hosted on Server1 and Server2 to Azure. - Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). - Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical requirements Contoso must meet the following technical requirements: - Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances. - Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. - Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. - Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only. - Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com - Connect the New York office to VNet1 over the Internet by using an encrypted connection. - Create a workflow to send an email message when the settings of VM4 are modified. - Create a custom Azure role named Role1 that is based on the Reader role. - Minimize costs whenever possible. Hotspot Question You need to meet the connection requirements for the New York office. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Explanation: Box 1: Create a virtual network gateway and a local network gateway. Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements: Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet. Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway. Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic. Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below. Box 2: Configure a site-to-site VPN connection On premises create a site-to-site connection for the virtual network gateway and the local network gateway. Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection. Incorrect Answers: Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet. Reference: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn 3 QUESTION 268 Case Study 3 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Contoso are hosted on-premises. Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses adomain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone. Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Contoso.com contains a user named User1. All the offices connect by using private links. Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table. Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory. The Azure subscription contains the resources in the following table. The network security team implements several network security groups (NSGs). Planned Changes Contoso plans to implement the following changes: - Deploy Azure ExpressRoute to the Montreal office. - Migrate the virtual machines hosted on Server1 and Server2 to Azure. - Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). - Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical requirements Contoso must meet the following technical requirements: - Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances. - Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. - Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. - Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only. - Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com - Connect the New York office to VNet1 over the Internet by using an encrypted connection. - Create a workflow to send an email message when the settings of VM4 are modified. - Create a custom Azure role named Role1 that is based on the Reader role. - Minimize costs whenever possible. Hotspot Question You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: QUESTION 269 You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error from a table named Event. Which query should you run in Workspace1? A. Get-Event Event | where {$_. EventType == "error"} B. Event | search "error" C. select * from Event where EnventType == "error" D. Event | where EventType is "error" Answer: B Explanation: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries 4 https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal 5 QUESTION 270 You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table. RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move? A. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1. B. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1. C. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1. D. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1. Answer: A Explanation: You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region. The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region. Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage 6 QUESTION 271 You have an Azure subscription. Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. an internal load balancer B. a public load balancer C. an Azure Content Delivery Network (CDN) D. Traffic Manager E. an Azure Application Gateway Answer: A Explanation: Line-of-business apps are custom apps that are used by internal staff members. QUESTION 272 You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use? A. Monitor B. Advisor C. Metrics D. Customer insights Answer: B Explanation: Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard. Reference: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations 7 QUESTION 273 You have Azure subscription that includes data in following locations: You plan to export data by using Azure import/export job named Export1. You need to identify the data that can be exported by using Export1. Which data should you identify? A. DB1 B. container1 C. Share1 D. Table1 Answer: C Explanation: Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service 8 QUESTION 274 You have an Azure subscription that contains the resources in the following table. Store1 contains a file share named data. Data contains 5,000 files. You need to synchronize the files in the file share named data to an on-premises server named Server1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create a container instance B. Register Server1 C. Install the Azure File Sync agent on Server1 D. Download an automation script E. Create a sync group Answer: BCE Explanation: Step 1 (C): Install the Azure File Sync agent on Server1 The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share Step 2 (B): Register Server1. Register Windows Server with Storage Sync Service Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. Step 3 (E): Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server. Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide 9 QUESTION 275 You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What should you create to store the password? A. an Azure Key Vault and an access policy B. an Azure Storage account and an access policy C. a Recovery Services vault and a backup policy D. Azure Active Directory (AD) Identity Protection and an Azure policy Answer: A Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file. Reference: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/ 10 QUESTION 276 You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Upload a configuration script B. Create an automation account C. Create an Azure policy D. Modify the extensionProfile section of the Azure Resource Manager template E. Create a new virtual scale set in the Azure portal Answer: DE Explanation: Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software. Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc 11
Resources From:1.2020 Latest Braindump2go AZ-104 Exam Dumps (PDF & VCE) Free Share: https://www.braindump2go.com/az-104.html 2.2020 Latest Braindump2go AZ-104 PDF and VCE Dumps Free Share: https://drive.google.com/drive/folders/1UgWYSJj0uEU0eN4Uz8jnKDmXdqJJkSzZ?usp=sharing 3.2020 Free Braindump2go AZ-104 PDF Download: https://www.braindump2go.com/free-online-pdf/AZ-104-PDF(276-286).pdf https://www.braindump2go.com/free-online-pdf/AZ-104-PDF(298-308).pdf https://www.braindump2go.com/free-online-pdf/AZ-104-PDF-Dumps(265-275).pdf https://www.braindump2go.com/free-online-pdf/AZ-104-VCE-Dumps(287-297).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|