2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

- Expert Verified, Online, Free.

 Custom View Settings

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 1/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #13 Topic 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
Does that meet the goal?

A. Yes

B. No

Correct Answer: A
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

Community vote distribution

A (77%) B (23%)

  awssecuritynewbie Highly Voted  4 months, 2 weeks ago

Selected Answer: A
ARE YOU GUYS HIGH?? IT SAYS
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com."

SO IF USER 1 has created the new tenant then obv it can create users within it as well and it is GA.
upvoted 39 times

  RougePotatoe 5 days, 14 hours ago

Man that was a chuckle
upvoted 1 times

  Kem81 4 months, 2 weeks ago

I was literally thinking the same thing. User1 has created the new tenant so he is also the owner of that tenant. User1 can do anything in the
new tenant.
upvoted 3 times

  Harivignesh_16 2 months, 3 weeks ago

I about to ask are you guys had weed ? hahah thanks man
upvoted 2 times

  ltkiller Highly Voted  8 months, 3 weeks ago

Selected Answer: B
B:No, when you create a new tenant, the creator is the only global admin and owner, he must first give access to others to allow anything.
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-tenant#your-user-account-in-the-new-
tenant
upvoted 14 times

  LiamAzure 3 months, 2 weeks ago

Yes, but User 1 created the Tenant..
upvoted 11 times

  Manual_Override 2 months, 2 weeks ago

Damn I didn't notice that detail....
upvoted 3 times

  Lexxsuse 1 month, 4 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 2/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

There's a different flavor of this question, where it's being asked whether User2-3-4 can create new users in the new tenant
upvoted 1 times

  Citmerian 3 months, 3 weeks ago

User1 create a New Tenant. When you create a new Azure AD tenant, you become the first user of that tenant ad the Owner. As the first user,
you're automatically assigned the Global Admin role.
ANSWER: Yes
upvoted 12 times

  klexams 3 months, 3 weeks ago

your explanation means the answer is A. User1 is the tenant creator who is then the global admin and owner. So User1 can create user accounts.
upvoted 3 times

  Magis 4 months, 2 weeks ago

So why Solution: You instruct User1 to create the user accounts if User1 is mentioned tenant creator ?
upvoted 2 times

  klexams 3 months, 2 weeks ago

the same reason why we have to sit this exam at all.
upvoted 4 times

  zellck Most Recent  4 days, 23 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator
upvoted 1 times

  omgMerrick 1 week, 2 days ago

Selected Answer: A
Absolutely 100% A. User 1 created the tenant therefore that user has super ultra mega admin.
upvoted 2 times

  DeBoer 1 week, 3 days ago

Selected Answer: A
User 1 CREATES the tenant.
Hence User1 is OWNER of that tenant.
And can (and must) create the other users
upvoted 1 times

  azhunter 1 month, 1 week ago

Has anyone took the exam yesterday did you get all the questions from here ?
upvoted 1 times

  Babushka 3 months, 1 week ago

Selected Answer: A
GA and Owner
upvoted 2 times

  LiamAzure 3 months, 2 weeks ago

Selected Answer: A
Y: User 1 created the Tenant
upvoted 3 times

  klexams 3 months, 2 weeks ago

Y. user1 is the creator which automatically becomes the GA of that tenant. GA is the FULL admin who can do everything.
upvoted 1 times

  flurgen248 4 months ago

Selected Answer: A
A is correct.

User1 Is a Global Admin in the new tenant, so they can obviously make accounts there. I misread the question as User 4 at first, the others that said
B probably misread it as well.

I think there was another version of this question on this site that had other users.
upvoted 3 times

  adrianspa 4 months, 1 week ago

Selected Answer: A
USER1 becomes Global Admin for the newly created domain
upvoted 2 times

  examtopics_miky28 4 months, 1 week ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 3/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Selected Answer: A
Yes, User1 created the tenant therefore he is GA and can do anything
upvoted 3 times

  SH_22 4 months, 2 weeks ago

Selected Answer: A
VlandanO's answer makes sense.
here is the link
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory
upvoted 3 times

  informix 5 months ago

Selected Answer: A
I v found many discuss is about user 3 and choose B. But here is talk about user 1.
upvoted 4 times

  pythonier 5 months, 1 week ago

Selected Answer: A
User 1 created the tenant, therefore, User1 is the owner and can create users
upvoted 5 times

  libran 5 months, 1 week ago

Selected Answer: A
""User1""" creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
upvoted 2 times

  kerimnl 5 months, 1 week ago

Selected Answer: A
When you create a new Azure AD tenant, you become the first user of that tenant. As the first user, you're automatically assigned the Global Admin
role. So User1 creates the new Tenant and user1 is Global Administrator. He can create new user accounts for sure. Answer is: YES

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-
tenant#:~:text=When%20you%20create%20a%20new%20Azure%20AD%20tenant%2C%20you%20become%20the%20first%20user%20of%20that
%20tenant.%20As%20the%20first%20user%2C%20you%27re%20automatically%20assigned%20the%20Global%20Admin%20role
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 4/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #14 Topic 6

You have an existing Azure subscription that contains 10 virtual machines.

You need to monitor the latency between your on-premises network and the virtual machines.
What should you use?

A. Service Map

B. Connection troubleshoot

C. Network Performance Monitor

D. Effective routes

Correct Answer: C
Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between
various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor
the performance of Azure ExpressRoute.
You can monitor network connectivity across cloud deployments and on-premises locations, multiple data centers, and branch offices and
mission-critical multitier applications or microservices. With Performance Monitor, you can detect network issues before users complain.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor

Community vote distribution

C (100%)

  NickyDee Highly Voted  2 years, 1 month ago

Network Watcher - a Suite of tools offering but not limited to the following
* Connection Monitor - latency and network issues with IaaS devices over a PERIOD OF TIME
* Connection troubleshoot - latency and network issues with IaaS devices ONE-TIME
* IP Flow - latency and network issues at the VM LEVEL
* Network Performance Monitor - latency and network issues in hybrid, ON-PREM, across environments
upvoted 146 times

  jimmyli 1 year, 10 months ago

great summary, thank you!
upvoted 4 times

  magichappens 10 months, 3 weeks ago

Should be updated to "Connection Monitor" as Network Performance Monitor is deprecated.
upvoted 6 times

  kennynelcon 9 months, 3 weeks ago

Connection Monitor in Azure Network Watcher true
upvoted 1 times

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer: C

Network Watcher is a Suite of tools offering but not limited to the following:
- Connection Monitor - latency and network issues with IaaS devices over a PERIOD OF TIME
- Connection troubleshoot - latency and network issues with IaaS devices ONE-TIME
- IP Flow - latency and network issues at the VM LEVEL
- Network Performance Monitor - latency and network issues in hybrid, ON-PREM, across environments.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
upvoted 65 times

  zellck Most Recent  4 days, 23 hours ago

Selected Answer: C
C is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor
Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 5/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the
performance of Azure ExpressRoute.
upvoted 1 times
  klexams 3 months, 2 weeks ago
Selected Answer: C
monitoring latency between on-prem and vms - NPM is your friend. But NPM has retired.
upvoted 1 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: C
Network Watcher - a Suite of tools offering but not limited to the following
* Connection Monitor - latency and network issues with IaaS devices over a PERIOD OF TIME
* Connection troubleshoot - latency and network issues with IaaS devices ONE-TIME
* IP Flow - latency and network issues at the VM LEVEL
* Network Performance Monitor - latency and network issues in hybrid, ON-PREM, across environments
upvoted 1 times

  Lazylinux 8 months ago

Selected Answer: C
Network Performance Monitor is correct however it is been replaced with Connection Monitor which is part of Network watcher tool set
upvoted 2 times

  dasEnder 9 months, 2 weeks ago

Selected Answer: C
Correct. See comments of magichappens about the deprecated name
upvoted 1 times

  josevirtual 11 months, 2 weeks ago

Selected Answer: C
Network Performance Monitor is correct
upvoted 1 times

  Adebowale 1 year, 6 months ago

@NickyDee Thank you for the Summary
upvoted 1 times

  CloudyTech 1 year, 7 months ago

Network Performance Monitor is correct
upvoted 1 times

  ZUMY 1 year, 11 months ago

C is okay
upvoted 4 times

  toniiv 1 year, 12 months ago

Answer is correct. Network Performance Monitor is the tool: https://docs.microsoft.com/fr-fr/azure/network-watcher/migrate-to-connection-
monitor-from-network-performance-monitor
upvoted 3 times

  waterzhong 2 years ago

Configure the solution
Add the Network Performance Monitor solution to your workspace from the Azure marketplace. You also can use the process described in Add
Azure Monitor solutions from the Solutions Gallery.

Open your Log Analytics workspace, and select the Overview tile.

Select the Network Performance Monitor tile with the message Solution requires additional configuration.
upvoted 2 times

  tinyflame 2 years, 1 month ago

Network monitoring is out of scope for the exam, is this still a question?
upvoted 2 times

  DodgyD 2 years ago

I believe network monitoring is included in exam per the exam guide.
upvoted 2 times

  balflearchen 2 years ago

Ha ha, funny, if this happened in your exam session, can you ignore it and say it should not be in my exam?
upvoted 3 times

  fedztedz 2 years, 1 month ago

Answer is correct. "C" Network Performance Network
upvoted 6 times
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 6/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  NickyDee 2 years, 1 month ago

Connection Troubleshoot from Network Watcher can monitor latency. you can test all 10 VMs from one place in Azure, and its minimal effort.
upvoted 1 times

  balflearchen 2 years ago

In question, you need to monitor the latency between your "ON-PREMISES" network and the virtual machines. So connection troubleshooting is
wrong.
upvoted 3 times

  waterzhong 2 years, 2 months ago

Network Performance Monitor is a cloud-based hybrid network monitoring solution
upvoted 7 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 7/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #15 Topic 6

HOTSPOT -
You have an Azure App Service plan named ASP1.
CPU usage for ASP1 is shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 8/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

Box 1: four times -

From the exhibit we see that the time granularity is 6 hours: Last 30 days (Automatic - 6 hours).
CPU Percentage Last days Automatic - hours

Box 2: scaled up -
Scale up when:
* You see that your workloads are hitting some performance limit such as CPU or I/O limits.
* You need to quickly react to fix performance issues that can't be solved with classic database optimization.
* You need a solution that allows you to change service tiers to adapt to changing latency requirements.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-troubleshoot https://azure.microsoft.com/en-us/overview/scaling-
out-vs-scaling-up

  awssecuritynewbie Highly Voted  4 months ago

so to just explain a bit better hopefully :)

look at the top right you can see it is auto updated every 6 hours so within 24hours it is checked 4 times (4*6=24h) .
It would need to scale up to have a bigger CPU to support the load that is getting as it is currently 100%
upvoted 27 times

  DeBoer 1 week, 3 days ago

Agree with the first answer, disgress on the second. Scaling up will incur the new, higher, cost at all times. You can alsow get more power into
the app by scaling OUT; if you automate with autoscaling you can get the costs much lower. The AVERAGE usage is pretty low - so this app
should scale out/in pretty well https://learn.microsoft.com/en-us/azure/architecture/best-practices/auto-scaling
upvoted 1 times

  Mohaamed Most Recent  2 months, 1 week ago

Answer is correct

Box 1 : look at the top right of the picture it says 6 hours so 24hours/6hours = 4 times
box2: this is app plan and VM so you scale up only
upvoted 2 times

  jp_mcgee 2 months, 3 weeks ago

Box2 should be Scaled Out.

The average CPU is <10%, and we see occasional and continuous spikes over 70%. This says that most of the time the hardware is barely used
(<10%), and we need to autoscale when there is a heavy load (>70%). Scaling up to a new SKU (scaling vertically) has a limit and is kind of old
school and a waste of money during inactivity (<10%). Azure gives us the ability to scale out to more infrastructure when needed and scale in when
the infrastructure is not in demand.
upvoted 2 times

  JimmyYop 2 days ago

If you scale out, you are increasing the instance count by using Custom OR Manual autoscaling. With the Scale up, you are changing the App
Tier to a higher tier with more processing power 'awssecuritynewbie' answer is correct.
upvoted 1 times

  Lexxsuse 1 month, 4 weeks ago

I would agree that scaling out seems a better idea, since the instance is already underutilized most of the time.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 9/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  mung 2 months, 3 weeks ago

Scale out = Add more CPU to the VM
Scale up = Reduce CPU from the VM

Your explanation is correct though.

upvoted 1 times

  chikorita 1 week, 1 day ago

funniest answer i've ever seen
upvoted 1 times

  PCG1 2 months, 2 weeks ago

No.
"You scale up by changing the pricing tier of the App Service plan that your app belongs to.
Scale out: Increase the number of VM instances that run your app."
upvoted 2 times

  jp_mcgee 2 months, 2 weeks ago

Scale-up by changing the pricing tier is manual unless you build something to scale-up and hopefully scale-down.

Scale-up means your employer/customer is paying for worst-case scenario all of the time.....OUCH!!! This works, technically, but is a waste
of money and resources.

Scale-out with auto-scaling means your employer/customer only pays for the additional CPU when it's needed.

https://techcommunity.microsoft.com/t5/apps-on-azure-blog/azure-app-service-automatic-scaling/ba-p/2983300
upvoted 3 times

  jp_mcgee 2 months, 2 weeks ago

Read the auto-scaling section here for why vertical/scale-up is a bad idea for this scenario: https://azure.microsoft.com/en-
us/resources/cloud-computing-dictionary/scaling-out-vs-scaling-up/#autoscaling
upvoted 1 times

  klexams 3 months, 2 weeks ago

- the chart shows 6 hrs interval. so 24/6 = 4 times.
- for CPU you need to scale UP.
upvoted 3 times

  todorov 5 months, 1 week ago

The average CPU is only around 4%
upvoted 3 times

  EmnCours 5 months, 1 week ago

Answer is correct.
upvoted 4 times

  DeltaSM 5 months, 2 weeks ago

Based on graphics I would answer:
- 4 times
- scaled out (scale up / down is for App Plans)
upvoted 3 times

  humnahibataynge 5 months, 2 weeks ago

"You have an Azure App Service plan named ASP1."

This is App service plan only so it should be scale up.

upvoted 4 times

  Magis 4 months, 2 weeks ago

Nope. App services plans support both options - Scale UP and Scale Out. Scale up will give you more powerful single instance and Scale Out
will distribute your load on multiple instances of the same size.
https://learn.microsoft.com/en-us/azure/app-service/manage-scale-up
upvoted 1 times

  F117A_Stealth 5 months, 2 weeks ago

Answer is correct.

24hrs/6hrs = 4 times...
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 10/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #16 Topic 6

DRAG DROP -
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

Correct Answer:

Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer
Generate and download script to browse and recover files:
Step 4: Copy the files using File Explorer!
After the disks are attached, use Windows File Explorer to browse the new volumes and files. The restore files functionality provides access to

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 11/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

all files in a recovery point. Manage the files via File Explorer as you would for normal files.
Step 1-3 below:
To restore files or folders from the recovery point, go to the virtual machine and perform the following steps:
1. Sign in to the Azure portal and in the left pane, select Virtual machines. From the list of virtual machines, select the virtual machine to open
that virtual machine's dashboard.
2. In the virtual machine's menu, select Backup to open the Backup dashboard.
3. In the Backup dashboard menu, select File Recovery.

The File Recovery menu opens.

4. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is
already selected.
5. Select Download Executable (for Windows Azure VMs) or Download Script (for Linux Azure VMs, a python script is generated) to download
the software used to copy files from the recovery point.
Running the script and identifying volumes:
For Linux machines, a python script is generated. Download the script and copy it to the relevant/compatible Linux server.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm https://docs.microsoft.com/en-us/azure/backup/backup-
azure-vms-automation#restore-files-from-an-azure-vm-backup

  biglebowski Highly Voted  1 year, 7 months ago

Restore of Linux VM can be only performed on compatiblie Linux client.
In my opinion correct order is:
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 12/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer (LINUX!!!)
Step 4. Copy the files by using AZCopy (yes, to blob storage and next to Windows 2016)
upvoted 50 times

  Magis 4 months, 2 weeks ago

Agree with bur88 and magichappens. Completed this procedure multiple times in practice and you can use File Explore for sure.
upvoted 4 times

  bur88 11 months, 2 weeks ago

we should restore As soon as possible. File explorer will be faster than AZCopy to blob storage and next to Windows 2016.
I would select Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer (Windows scripts can be created aswell)
Step 4. Copy the files by using File explorer
upvoted 22 times

  Lexxsuse 1 month, 4 weeks ago

It's only there's no File Explorer on Linux. And since we are required to restore Linux backup we seem to do that on Linux machine only.
So I believe we should go with some console option. Like AZCopy.
upvoted 2 times

  magichappens 10 months, 3 weeks ago

It's an on-premise Windows Server. AzCopy will take way to long. Assuming that I have access to the server anyhow I can just copy files using
File Explorer.
upvoted 9 times

  onincasimiro Highly Voted  1 year, 7 months ago

Watch out for below context:

"You need to restore the deleted files to an on-premises Windows Server 2016 computer"
Answer would be: Copy the files by using File Explorer.

"You need to restore the deleted files to an on-premises computer"

Answer would be: Copy the files by using AZ Copy.
upvoted 23 times

  Bigc0ck Most Recent  1 month, 1 week ago

On the test!
upvoted 4 times

  klexams 3 months, 2 weeks ago

this one is misleading coz "In Linux, the OS of the computer used to restore files must support the file system of the protected virtual machine" so
you cannot restore it to Windows machine.
https://learn.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm#for-linux-os
BUT for the sake of answering:
- click File recovery
- select restore point
- download and run script
- copy files using file explorer
upvoted 2 times

  Herald3883 5 months, 1 week ago

Linux VM to Windows VM restore won't work as this is what the documentation says, In Linux, the OS of the computer used to restore files must
support the file system of the protected virtual machine. Windows doesn't support Linux filesystems natively at least.
upvoted 1 times

  EmnCours 5 months, 3 weeks ago

Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer (Windows scripts can be created aswell)
Step 4. Copy the files by using File explorer
upvoted 3 times

  Lazylinux 8 months ago

Given Answer is correct as you are restoring on Windows system

Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer -Windows 2016, when you run it it will download VHD and
automatically mount it then you just need explorer to find the files
Step 4. Copy the files by using Explorer
upvoted 6 times

  justauser 10 months, 2 weeks ago

Answer is CORRECT

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 13/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm

Scroll about halfway and see red box highlighting "1 Recovery volumes attached" in screencap, immediately followed by "OPEN EXPLORER TO
BROWSE FOR FILES" - nowhere does it suggest azcopy, even for Linux.
upvoted 3 times
  Dobby25 11 months ago
Received this on my exam today 19/03/2022
upvoted 3 times

  DES123 11 months, 1 week ago

The provided answer is correct, as per the link below, azcopy was used on windows and compatible file explorer on Linux in order to copy the
backup.

https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm
upvoted 1 times

  theorut 11 months, 3 weeks ago

This is not possible must be a typo - Windows instead of Linux restore.
upvoted 1 times

  rustamsariyev94 1 year, 2 months ago

To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine’s menu, click Backup to open the Backup dashboard.
Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery
point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download
Script (for Linux
Azure VM, a python script is generated).
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands
designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy
upvoted 7 times

  MrAzureGuru 1 year, 3 months ago

The file provided to download is a Python script - it won't run on Windows?
upvoted 1 times

  theOldOne 1 year, 4 months ago

Seems many people commenting are confused as to the difference between restoring a VM and restoring some files from a backed up VM. In this
instance we are only interested in the files that were stored during the backup. The original OS requirements are handled by Azure and the script.
The OS used for recovery here is a Windows machine. The steps shown are correct
upvoted 4 times

  JirkaM 1 year, 4 months ago

And what about

restore VM (disk)
select restore point
map VHD (to existing linux)
AZcopy (twice)

Nice Microsoft adventure game. But no sense in test without question study.
upvoted 1 times

  iamLucilfer 1 year, 5 months ago

AZCOPY is for linux
File explorer is for Windows
upvoted 5 times

  YooOY 1 year, 4 months ago

no, it's also available for windows
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
upvoted 3 times

  omgsurething0 1 year, 4 months ago

You can use AZCopy on Windows via PowerShell. Just need to install it first
upvoted 5 times

  barcellos 1 year, 6 months ago

Is correct!

"You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible."
upvoted 2 times
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 14/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 15/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #17 Topic 6

HOTSPOT -
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

Box 1: A Recovery Services vault

You can set up a Recovery Services vault and configure backup for multiple Azure VMs.

Box 2: A backup policy -

In Choose backup policy, do one of the following:
✑ Leave the default policy. This backs up the VM once a day at the time specified, and retains backups in the vault for 30 days.
✑ Select an existing backup policy if you have one.
✑ Create a new policy, and define the policy settings.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer:

Box 1: A Recovery Services vault

You can set up a Recovery Services vault and configure backup for multiple Azure VMs.

Box 2: A backup policy

In Choose backup policy, do one of the following:
✑ Leave the default policy. This backs up the VM once a day at the time specified, and retains backups in the vault for 30 days.
✑ Select an existing backup policy if you have one.
✑ Create a new policy, and define the policy settings.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 16/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Reference:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm
upvoted 91 times
  denccc Highly Voted  1 year, 9 months ago
Answers are correct
upvoted 10 times

  zellck Most Recent  3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 1 times

  Bigc0ck 1 month, 1 week ago

Definitly on the test
upvoted 1 times

  destrophy 2 months, 3 weeks ago

took exam today, 24.11.2022 - this question shows up, passed with 900/1000
upvoted 3 times

  klexams 3 months, 2 weeks ago

location: vault
configure: backup policy
upvoted 1 times

  EmnCours 5 months, 3 weeks ago

Given answer is correct
Box 1: A Recovery Services vault
Box 2: A backup policy
upvoted 1 times

  Lazylinux 8 months ago

Given answer is correct
Box 1: A Recovery Services vault
Box 2: A backup policy
upvoted 3 times

  Dobby25 11 months ago

Received this on my exam today 19/03/2022
upvoted 3 times

  JimBobSquare101 1 year, 6 months ago

In 30 July 2021
upvoted 3 times

  Devgela 1 year, 9 months ago

Answers are correct to me
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 17/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #18 Topic 6

You have an Azure virtual machine named VM1.

Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
Which target resource should you monitor in the alert rule?

A. virtual machine extension

B. virtual machine

C. metric alert

D. Azure Log Analytics workspace

Correct Answer: D
For the first step to create the new alert tule, under the Create Alert section, you are going to select your Log Analytics workspace as the
resource, since this is a log based alert signal.
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/configure-azure-monitor

Community vote distribution

D (100%)

  mlantonis Highly Voted  1 year, 9 months ago

Correct Anser: D

For the first step to create the new alert tule, under the Create Alert section, you are going to select your Log Analytics workspace as the resource,
since this is a log based alert signal.

The log data goes to the analytics workspace and it is from there that the alert is triggered.

Reference:

https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/configure-azure-monitor
upvoted 58 times

  fedztedz Highly Voted  2 years ago

Answer is correct D
upvoted 37 times

  AndreaStack Most Recent  6 days, 6 hours ago

Selected Answer: D
D correct!
upvoted 1 times

  er101q 1 week, 6 days ago

B. virtual machine. You should monitor the virtual machine because it is the source of the events being collected by Azure, specifically the System
event log of VM1. By creating an alert rule on the virtual machine, you can be notified when an error is logged in the System event log, allowing
you to take appropriate action.
upvoted 1 times

  klexams 3 months, 2 weeks ago

VM's event log sends data to LA workspace. Alert is created based on LAW as the source.
D. Azure Log Analytics workspace
upvoted 3 times

  Stanly_Az 5 months ago

This question was there on 09/16/2022
upvoted 2 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: D
Correct Answer: D
upvoted 1 times

  Gino_Slim 7 months, 2 weeks ago

Selected Answer: D

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 18/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Verifying that I went with D too (that's what she said)

upvoted 3 times
  Lazylinux 8 months ago
Selected Answer: D
D is correct
upvoted 2 times

  techie_11 10 months, 1 week ago

On exam 4/12/2022. correct answer D
upvoted 3 times

  ajayasa 11 months, 1 week ago

this question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 1 times

  MMsdk 10 months, 3 weeks ago

All 341questions?🙄
upvoted 5 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 6 times

  [Removed] 1 year, 2 months ago

Was in exam dated 15/11/2021
upvoted 2 times

  fabylande 1 year, 4 months ago

in exam today! October 16, 2021
upvoted 5 times

  FrostyD 1 year, 6 months ago

I have managed directly to choose VM as target and I have created a rule to notify me with email if cpu usage is more than some %. So B (VM) is
possible answer
upvoted 1 times

  Gerd95 1 year, 4 months ago

No, because it specifies event log data.
You cannot get that directly from the VM as source
upvoted 1 times

  rdsserrao 1 year, 7 months ago

I think answer is B:
If you try to create a new alert rule to a VM, this is what shows:
"Scope
Select the target resource you wish to monitor.
Resource
Vm12"
upvoted 1 times

  rdsserrao 1 year, 7 months ago

Correction, answer should be D
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 19/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #19 Topic 6

You have an Azure subscription that contains 100 virtual machines.

You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?

A. From Azure Cost Management, view Cost Analysis

B. From Azure Advisor, modify the Advisor configuration

C. From Microsoft Azure Storage Explorer, view the Account Management properties

D. From Azure Cost Management, view Advisor Recommendations

Correct Answer: D
From Home ‫ג‬€"> Cost Management + Billing ‫ג‬€"> Cost Management, scroll down on the options and select View Recommendations:

Azure Cost Management / Advisor -

From here you will see the recommendations for your subscription, if you have orphaned disks, they will be listed.
Reference:
https://codeserendipity.com/2020/07/08/microsoft-azure-find-unattached-disks-that-can-be-deleted-and-other-recommendations/

Community vote distribution

D (90%) 10%

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer: D

From Home -> Cost Management + Billing -> Cost Management, scroll down on the options and select View Recommendations
upvoted 69 times

  raulgar Highly Voted  1 year, 9 months ago

I think the answer is correct, azure panel recommend you delete resources that are'nt in use, and if you have a lot of vm's it could be the easiest
way
upvoted 16 times

  klexams Most Recent  3 months, 2 weeks ago

this would do it for you:
D. From Azure Cost Management, view Advisor Recommendations
upvoted 2 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: D
Answer D is correct
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 20/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times
  Lazylinux 8 months ago
Selected Answer: D
D is correct
upvoted 2 times

  Neska 10 months, 3 weeks ago

Selected Answer: D
D is correct
upvoted 2 times

  InvisibleShadow 11 months, 2 weeks ago

Selected Answer: D
D is the answer
upvoted 2 times

  Ken88 11 months, 2 weeks ago

Selected Answer: D
D is correct.
upvoted 2 times

  TtotheA2021 1 year ago

if it is related to costs saving > it is C
the question is only asking what you can identify and the simple method > it is D

so it is for this question answer D

upvoted 1 times

  oskirch 1 year, 3 months ago

Selected Answer: C
I think is C
upvoted 1 times

  PRM 1 year, 4 months ago

"C"
https://docs.microsoft.com/pt-br/azure/virtual-machines/disks-find-unattached-portal
upvoted 1 times

  Bere 1 year, 2 months ago

The link you have provided doesn't even mention Storage Explorer.
By the way, the Account Management properties doesnt give the info we want in Storage Explorer:
https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows
upvoted 2 times

  chaudha4 1 year, 5 months ago

It is a trick question. Most people will know that you have to use Advisor. I picked B without reading all other options. That is obviously wrong since
there is no option to modify Advisor configuration. The correct answer would be:
1) From Azure Advisor, view the Cost Recommendations
2) From Azure Cost Management, view Advisor Recommendations
upvoted 9 times

  Vadlamua 1 year ago

The question only talks about identifying only. So option D
upvoted 2 times

  Moyuihftg 1 year, 9 months ago

Answer D is correct
upvoted 1 times

  nguyenhung1121990 1 year, 9 months ago

It should C - From Microsoft Azure Storage Explorer, view the Account Management properties
upvoted 3 times

  KhaledMaster 1 year, 3 months ago

The URL is irrelevant!!!
upvoted 1 times

  JayBee65 1 year, 7 months ago

No, it should be D, see https://feedback.azure.com/forums/919474-azure-advisor/suggestions/18963412-have-azure-advisor-show-up-unused-
disks-resources
upvoted 2 times

  SumanKumarP 1 year, 6 months ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 21/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct - Advisor for some reason doesn't give recommendations for unused disks.
Through Storage Explorer we can look for the disk state i.e. if its left unattached.
upvoted 1 times

  jantoniocesargatica 1 year, 9 months ago

Azure Storage Explorer does not provide any information about unused disks. You can test it downloading the software and connecting to your
account. Create a virtual machine and stop it. The go to Storage Explorer. You will see the the disk, but this is all. There is no information
regarding unused.
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 22/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #20 Topic 6

You have an Azure web app named webapp1.

Users report that they often experience HTTP 500 errors when they connect to webapp1.
You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error
details.
What should you do first?

A. From webapp1, enable Web server logging

B. From Azure Monitor, create a workbook

C. From Azure Monitor, create a Service Health alert

D. From webapp1, turn on Application Logging

Correct Answer: A

Community vote distribution

A (100%)

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer: A

Raw HTTP request data is provided by Web server logging and the question mentions 500 error codes.

You need to catch connection error. When the connection fails it happens on web server, not within application. You can do it opening the web
application -> Application Service logs -> Web server logging (there are multiple switches there).

You can also see the errors live going to "Log stream" pane.

Web server logging Windows App Service file system or Azure Storage blobs Raw HTTP request data in the W3C extended log file format. Each log
message includes data such as the HTTP method, resource URI, client IP, client port, user agent, response code, and so on.
upvoted 88 times

  zyta Highly Voted  2 years, 6 months ago

I think A as well. You need to catch connection error. When the connection fails it happens on web server, not within application. You can do it
openining the web application >> Application Service logs >> Web server logging (there are multiple switches there)
You can also see the errors live going to "Log stream" pane
upvoted 48 times

  er101q Most Recent  1 week, 6 days ago

D. From webapp1, turn on Application Logging.

To provide the developers with real-time access to the connection errors, you should first enable Application Logging for the web app. This will
enable the logging of detailed information about the application, including any connection errors, to the file system, which the developers can then
access to troubleshoot the issue. After Application Logging has been enabled, you may also consider additional monitoring and alerting solutions,
such as Azure Monitor or Service Health alerts, to provide ongoing visibility into the health and performance of the web app.
upvoted 1 times

  Muffay 1 month, 1 week ago

I don't like this question.

HTTP 500 is an internal server error, not really a connection error. In my world this is mostly caused by the application code, so I would look into
the application logs first. But as this question explicitly asks about connection errors, I am just confused.
upvoted 1 times

  Muffay 1 month, 1 week ago

Second thought:
Application logging here means *Windows Application Logs*. Ok, those do not contain the logging from my custom application code - thus,
WebServer logging is correct.
upvoted 1 times

  AbleApe 2 weeks, 2 days ago

Since they're using an Azure Web App those logs are stored on the Web App platform. I don't think they mean Windows application logs
here. 500 errors you can find in an IIS application log.
upvoted 1 times

  SGKN 1 month, 2 weeks ago

i think answer should be "D" 'Application Log'
How do I check my 500 error in Azure portal?
Check logs
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 23/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Open your bot in the Azure portal.

Open the App Service Settings / All App service settings page to see all service settings.
Open the Monitoring / Diagnostics Logs page for the app service. Ensure that Application Logging (Filesystem) is enabled. ...
Switch to the Monitoring / Log Stream page.
upvoted 1 times
  Aanandan 1 month, 3 weeks ago
Answer is D.. Application logging... have checked there is no option like web server logging in the application service..
upvoted 1 times

  _fvt 1 month, 2 weeks ago

Here it is: https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs
upvoted 1 times

  klexams 3 months, 2 weeks ago

out of the four options, realtime error details will be:
A. From webapp1, enable Web server logging
upvoted 2 times

  matejka 3 months, 2 weeks ago

500 error can be pretty much anything either on a webserver or within the app itself. Webserver logs are good to investigate but definitely does
not provide all error logs that are needed. There is no correct answer here, but A + D is the closest.
upvoted 1 times

  Raj70 3 months, 3 weeks ago

Think D is right. HTTP 500 is more of an application error than a web server connectivity error
upvoted 1 times

  dc2k79 3 months, 3 weeks ago

HTTP 500 is a Layer 7 (Application Layer) error. Should be checked at Web Server level.
upvoted 2 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: A
Correct Answer: A
upvoted 1 times

  Lazylinux 8 months ago

Selected Answer: A
Web server logging is correct
upvoted 1 times

  dasEnder 9 months, 2 weeks ago

Selected Answer: A
Correct
upvoted 1 times

  barcellos 1 year, 6 months ago

Correct Answer: A

Raw HTTP request data is provided by Web server logging and the question mentions 500 error codes.
the error 500 is proved form web server,
The error 500 is proved from web server. the application do not response.
Error 500 is an Internal Server Error (HTTP) status. It indicates that some type of issue is affecting the performance of the server of the site you are
trying to access.

does not mention for windows or linux. however Correct Answer A

upvoted 4 times

  ZUMY 1 year, 11 months ago

A is correct
upvoted 6 times

  Merma 1 year, 11 months ago

Final answer A is correct. For more insight on web server logging vs. application logging:
https://stackify.com/azure-app-service-log-files/
upvoted 4 times

  barry12 1 year, 11 months ago

indeed, this explanation shows that weblogging is more or less the only option to help with real-time troubleshooting
upvoted 2 times

  toniiv 1 year, 12 months ago

Answer is correct. Web server logging to see HTTP logs, App logging if it were App logs
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 24/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  waterzhong 2 years ago

Web server logging
Raw HTTP request data in the W3C extended log file format. Each log message includes data such as the HTTP method, resource URI, client IP,
client port, user agent, response code, and so on.
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 25/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #21 Topic 6

You have an Azure web app named App1.

You need to monitor the availability of App1 by using a multi-step web test.
What should you use in Azure Monitor?

A. Azure Service Health

B. Azure Application Insights

C. the Diagnostic settings

D. metrics

Correct Answer: B
Upload the web test -
1. In the Application Insights portal on the Availability pane select Add Classic test, then select Multi-step as the SKU.
2. Upload your multi-step web test.
3. Set the test locations, frequency, and alert parameters.
4. Select Create.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/availability-multistep

Community vote distribution

B (100%)

  Kem81 Highly Voted  3 months, 2 weeks ago

Selected Answer: B
this must be a new question...?
upvoted 5 times

  ZakySama 3 months, 2 weeks ago

New question
upvoted 2 times

  zellck Most Recent  4 days, 23 hours ago

Selected Answer: B
B is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/app/availability-multistep
upvoted 1 times

  er101q 1 week, 6 days ago

B. Azure Application Insights.

Azure Application Insights is a performance monitoring solution for web applications that allows you to monitor the availability of your application
by using a multi-step web test. With Application Insights, you can create a web test that specifies a series of HTTP requests to your web app and
defines the expected responses. The web test will then periodically send requests to your app and verify that the responses match the expected
results, providing you with real-time visibility into the availability of your app. Additionally, Application Insights provides a wealth of other
monitoring and diagnostic capabilities, such as performance analysis, exception tracking, and logging, making it a comprehensive solution for
monitoring the health and performance of your web app in Azure.
upvoted 2 times

  KingChuang 2 months, 3 weeks ago

Selected Answer: B
Correct answer:B
Ref:
https://learn.microsoft.com/en-us/azure/azure-monitor/app/availability-overview?source=recommendations
upvoted 1 times

  klexams 3 months, 2 weeks ago

this is only my guess:
B. Azure Application Insights
upvoted 3 times

  ddu 3 months, 3 weeks ago

Multi-step web tests are deprecated

https://learn.microsoft.com/en-us/azure/azure-monitor/app/availability-multistep
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 26/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times
  mivalsten 5 months, 2 weeks ago
Selected Answer: B
Correct, naswer is B
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 27/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #22 Topic 6

HOTSPOT -
You have an Azure subscription that has diagnostic logging enabled and is configured to send logs to a Log Analytics workspace.
You are investigating a service outage.
You need to view the event time, the event name, and the affected resources.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

Box 1: AzureActivity -
The AzureActivity table has entries from the Azure activity log, which provides insight into subscription-level or management group-level events
occuring in Azure.
Let's see only Critical entries during a specific week.
The where operator is common in the Kusto Query Language. where filters a table to rows that match specific criteria. The following example
uses multiple commands. First, the query retrieves all records for the table. Then, it filters the data for only records that are in the time range.
Finally, it filters those results for only records that have a Critical level.

AzureActivity -
| where TimeGenerated > datetime(10-01-2020) and TimeGenerated < datetime(10-07-2020)
| where Level == 'Critical'

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 28/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Incorrect:
not Perf: The Perf table has performance data that's collected from virtual machines that run the Log Analytics agent.

Box 2: | project -
Select a subset of columns: project.
Use project to include only the columns you want. Building on the preceding example, let's limit the output to certain columns:

AzureActivity -
| where TimeGenerated > datetime(10-01-2020) and TimeGenerated < datetime(10-07-2020)
| where Level == 'Critical'
| project TimeGenerated, Level, OperationNameValue, ResourceGroup, _ResourceId
Reference:
https://github.com/MicrosoftDocs/dataexplorer-docs/blob/main/data-explorer/kusto/query/tutorial.md

  ExamTopicsTST Highly Voted  5 months, 2 weeks ago

answer is correct

https://www.shudnow.io/2020/03/06/retrieving-activity-log-data-from-azure-log-analytics-part-2/
upvoted 20 times

  kukeleku 5 months ago

I agree!
upvoted 1 times

  meeko86 Highly Voted  2 months ago

Box 1: AzureActivity
The AzureActivity table has entries from the Azure activity log, which provides insight into subscription-level or management group-level events
occuring in Azure. Let's see only Critical entries during a specific week.
Box 2: | project
Use project to include only the columns you want. Building on the preceding example, let's limit the output to certain columns
upvoted 5 times

  zellck Most Recent  5 days ago

1. AzureActivity
2. project

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#send-to-log-analytics-workspace
Activity log data in a Log Analytics workspace is stored in a table called AzureActivity that you can retrieve with a log query in Log Analytics.

https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/projectoperator
Select the columns to include, rename or drop, and insert new computed columns.
upvoted 1 times

  klexams 3 months, 2 weeks ago

AzureActivity
| project
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 29/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #23 Topic 6

You have a Recovery Services vault named RSV1. RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14
days.
RSV1 performs daily backups of VM1. VM1 hosts a static website that was updated eight days ago.
You need to recover VM1 to a point eight days ago. The solution must minimize downtime.
What should you do first?

A. Deallocate VM1.

B. Restore VM1 by using the Replace existing restore configuration option.

C. Delete VM1.

D. Restore VM1 by using the Create new restore configuration option.

Correct Answer: B
Replace existing:
You can restore a disk, and use it to replace a disk on the existing VM.
The current VM must exist. If it's been deleted, this option can't be used.
Azure Backup takes a snapshot of the existing VM before replacing the disk, and stores it in the staging location you specify. Existing disks
connected to the VM are replaced with the selected restore point.
The snapshot is copied to the vault, and retained in accordance with the retention policy.
After the replace disk operation, the original disk is retained in the resource group. You can choose to manually delete the original disks if they
aren't needed.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

Community vote distribution

D (64%) B (36%)

  Marz Highly Voted  3 months, 1 week ago

I think its D. the B options needs you to shutdown the VM first, causing downtime. We must minimize downtime. Ref: https://petri.com/restore-an-
azure-virtual-machines-disks-from-backup/
upvoted 8 times

  er101q 1 week, 6 days ago

NOT Option D, "Restore VM1 by using the Create new restore configuration option," may not be the best option because it creates a new virtual
machine, which means you will have to recreate the virtual machine's configuration and re-provision resources. This can result in longer
downtime and more complex configurations.

In contrast, the Replace existing restore configuration option allows you to restore the virtual machine to a specific point in time while
preserving the existing virtual machine configuration and resources. This minimizes downtime and eliminates the need to recreate the virtual
machine's configuration, making it a more efficient solution for recovery.
upvoted 3 times

  qwerty100 Highly Voted  5 months, 2 weeks ago

Selected Answer: B
B. Restore VM1 by using the Replace existing restore configuration option.
upvoted 5 times

  FabrityDev 1 month, 1 week ago

What about "minimize downtime" requirement? D. seems better in this case as restoring the backup to a new VM would cause no downtime at
all.
upvoted 1 times

  zellck Most Recent  5 days ago

Selected Answer: D
D is the answer.

https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#restore-options
Create a new VM
- Quickly creates and gets a basic VM up and running from a restore point.
upvoted 1 times

  AndreaStack 6 days, 6 hours ago

Selected Answer: B

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 30/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Option B "Restore VM1 by using the Replace existing restore configuration" might be a better choice in this case.
This option would restore the virtual machine and replace the existing one, keeping the same IP configuration and other network settings, which
would minimize downtime. The downside of this option is that it requires you to stop the existing virtual machine before you can restore the new
one, which could cause a brief interruption in service.

So to summarize, either option B or option D could be a valid solution depending on the specific requirements and trade-offs.
Option B minimizes downtime but requires a brief interruption in service, while option D allows the original virtual machine to continue serving
visitors but requires more steps to set up the new virtual machine and transfer data.
upvoted 1 times
  LindyLou 1 week, 3 days ago
Selected Answer: D
B requires VM to be stopped during restore.
upvoted 2 times

  lkjsatlwjwwge 1 week, 4 days ago

It all comes down to whether your app is still functional or not. If it´s out of service, naturally you should replace the existing one. However, if you
need to restore it to a point in the past, it should probably be working with some problems. In this case, you might be better off keeping the
current VM up until you have restored to a new one. Another tricky and ambiguous riddle from our beloved MS friends...
upvoted 1 times

  er101q 1 week, 6 days ago

NOT Option D, "Restore VM1 by using the Create new restore configuration option," may not be the best option because it creates a new virtual
machine, which means you will have to recreate the virtual machine's configuration and re-provision resources. This can result in longer downtime
and more complex configurations.

In contrast, the Replace existing restore configuration option allows you to restore the virtual machine to a specific point in time while preserving
the existing virtual machine configuration and resources. This minimizes downtime and eliminates the need to recreate the virtual machine's
configuration, making it a more efficient solution for recovery.
upvoted 1 times

  er101q 1 week, 6 days ago

B. Restore VM1 by using the Replace existing restore configuration option.

To recover VM1 to a point eight days ago and minimize downtime, you can restore the VM by using the Replace existing restore configuration
option in the Recovery Services vault. This will allow you to restore the VM to the point in time eight days ago while keeping the existing network
configuration, disk configuration, and virtual machine properties intact. Once the restore is complete, you can start the restored VM and ensure
that it is running as expected, with minimal disruption to the static website hosted on VM1
upvoted 1 times

  LauLauLauw 3 weeks ago

Selected Answer: B
D is wrong here, if we restore to a new VM we have aftercare like fixing the ip adress and more unknown stuff what also result in downtime and
increases the complexity.

B gives the least ammount of downtime

upvoted 2 times

  mung 2 months, 3 weeks ago

Answer should be D

Restore option Details

Create a new VM Quickly creates and gets a basic VM up and running from a restore point.
https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
upvoted 3 times

  MyZ 2 months, 3 weeks ago

It's "B"
https://azure.microsoft.com/en-us/blog/an-easy-way-to-bring-back-your-azure-vm-with-in-place-restore/
upvoted 3 times

  ZakySama 3 months, 2 weeks ago

Selected Answer: D
Correct answer is D
upvoted 2 times

  AzureG0d 3 months, 2 weeks ago

Selected Answer: D
Gotta say D here

The sauce is in the first line.

https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
upvoted 3 times

  nigw 3 months, 2 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 31/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Selected Answer: D
If the solution should minimize downtime, I'm thinking that D is correct.
upvoted 1 times

  alirasouli 3 months, 3 weeks ago

Selected Answer: D
https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
upvoted 1 times

  klexams 3 months, 3 weeks ago

Selected Answer: D
I'm leaning towards D because of this statement "Create a new VM Quickly creates and gets a basic VM up and running from a restore point."
https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
upvoted 4 times

  alirasouli 3 months, 3 weeks ago

I agree with D as well. Also, I can add that it is a static website, and there is no harm in creating a new VM instead of replacing the existing one.
upvoted 1 times

  renzoku 5 months ago

Instant snapshop is retained for 5 days, but you've changed the static website 8 days ago then your snapshop has expired 3 days ago.
Anyone can explain why is correct this answer?
upvoted 1 times

  BShelat 1 month, 2 weeks ago

We should consider daily backup taken 8 days ago. Ignore Snapshot , as that is included to trick us.
upvoted 1 times

  metafaim 5 months ago

From the link, ( https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms ) it appears you can select to restore the
backup you select from the vault and don't have to create a new VM. This is the time saver IMO

Snapshots restore quicker than vault backups, but we are not using a snapshot as a restore point.
upvoted 4 times

  RichardBill 5 months ago

Not only is there a snapshot taken but a normal daily backup as well. That daily backup is kept for 14 days so this is what you use to restore
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 32/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #24 Topic 6

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.

You plan to create a data collection rule named DCR1 in Azure Monitor.
Which resources can you set as data sources in DCR1, and which resources can you set as destinations in DCR1? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 33/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

Box 1: VM1 only -

A virtual machine may have an association to multiple DCRs, and a DCR may have multiple virtual machines associated to it.
In the Resources tab, add the resources (virtual machines, virtual machine scale sets, Arc for servers) that should have the Data Collection Rule
applied.

Box 2: Workspace1 only -

On the Destination tab, add one or more destinations for the data source. You can select multiple destinations of same of different types, for
instance multiple Log
Analytics workspaces (i.e. "multi-homing").
Note: The Data Collection Rules (or DCR) improve on a few key areas of data collection from VMs including like better control and scoping of
data collection (e.g. collect from a subset of VMs for a single workspace), collect once and send to both Log Analytics and Azure Monitor
Metrics, send to multiple workspaces (multi- homing for Linux), improved Windows event filtering, and improved extension management.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent

  Mev4953 Highly Voted  5 months ago

Correct answer. Tested in Lab.
First: You can only choose VM
Second: Only Workspace
upvoted 19 times

  KingChuang 2 months, 3 weeks ago

Agree.

Ref:
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection
upvoted 1 times

  KingChuang 2 months, 3 weeks ago

In ref doc.
Source from Azure Monitor Agent(VM)、REST API and Azure Resource.

Confused about other items.

But your LAB test has only VM.
upvoted 1 times

  KingChuang 2 months, 3 weeks ago

I understand, it must be LOG-related REST API and Azure resources
upvoted 1 times

  Anarchira 4 months, 3 weeks ago

i found this reference, https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview
I think that only VM could be use too
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 34/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  zellck Most Recent  5 days ago

1. VM1 only
2. Workspace1 only

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-structure#datasources

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-structure#destinations
This section contains a declaration of all the destinations where the data will be sent. Only Log Analytics is currently supported as a destination.
Each Log Analytics destination will require the full Workspace Resource ID, as well as a friendly name that will be used elsewhere in the DCR to refer
to this workspace.
upvoted 1 times

  DeBoer 1 week, 3 days ago

Source needs to be either a VM or "something" that can send its logs to a REST API. A storage account or SQL database will not do that (AFAIK)
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview

Target needs to be a LA Workspace indeed, so that's an easy choice.

upvoted 1 times

  klexams 3 months, 2 weeks ago

1. VM only.
it uses Azure monitor agent which needs to be installed on a VM.
2. Workspace1 only.
Data then gets sent to Workspace.
upvoted 4 times

  dc2k79 3 months, 3 weeks ago

VM1 only
Workspace1 only
upvoted 1 times

  northstar88 5 months, 2 weeks ago

The destination is correct based on the following doc:
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-
structure#:~:text=Only%20Log%20Analytics%20is%20currently%20supported%20as%20a%20destination.
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 35/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #25 Topic 6

HOTSPOT -
You have the role assignment file shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 36/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

  humnahibataynge Highly Voted  5 months, 2 weeks ago

Answers are correct:

User1 - Owner of the subscription. (He can manage any resources in the subscription.)
User 2 - Owner of RG2(He can manage any resources in the RG2.)
User 3 - Owner of a single VM that is VM1.(he can manage VM1 only)
User 4 - Contributor of RG1.(He can manage everything in RG1, even he can delete VMs in RG1. But cannot change RABC)

Box1: Owner of VM1 - User1, User3

Box2 : Create VM in RG1 - User1,User4
upvoted 46 times

  noppy 1 month, 1 week ago

Box1 : User3 is
Box2 : User1 and User4
Is User1 assigned to Owner role for VM1 only? User1 is owner of all resources in the subscription. I think that User1 has rights of owner with
VM1 but it's not "assigned". It's "inherited".

So
upvoted 2 times

  FabrityDev 1 month, 1 week ago

One correction, it's RBAC (Role Based Access Control) not RABC. But I guess it's just a typo
upvoted 1 times

  Bigc0ck Most Recent  1 month, 1 week ago

very annoying ass question its on the test
upvoted 3 times

  Mohaamed 2 months, 1 week ago

user 1 : subscription owner
User 2 - Owner of RG2
User 3 - Owner of a single VM1
User 4 - Contributor of RG1

user 1 have the assigned role of subscription owner which inherrtly only owns resources under him
user 3 is the only one with assigned role as owner

Box 1 : user 3 only

box 2 : user 1 and user 4
upvoted 4 times

  MyZ 2 months, 3 weeks ago

Box 1: is User 3 - the question is asking "assigned the owner role for VM1"
there is a difference between "inherited" and "assigned". They don't ask "who is the owner"
upvoted 2 times

  awssecuritynewbie 4 months, 2 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 37/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

It is a very simple question that makes it a bit tricky is that USER 3 has a different Resource group! If you are a owner at the subscription you can be
a owner at everything within that subscription,
if you are a owner at resource group you can do whatever within that resource group.
If you are contributor then you can also create resources but you cannot modify permissions!
upvoted 1 times

  Hyrydar 4 months, 1 week ago

user`3 is in RG1 and owns VM1 only. Why isn't user3 in the given answers?
upvoted 1 times

  Tarni 4 months, 3 weeks ago

Question asked is "assigned owner role for VM1" User1 is owner at RG level, that makes him owner of VM ultimately. question is bit confusing. I
would still go with user3 only.
upvoted 1 times

  kayyaly 5 months ago

Answer is correct
Box1: user1 and user 3
Box2:user1 and user 4
upvoted 1 times

  northstar88 5 months, 2 weeks ago

I think it should be
User 1 and User 3 assigned the Owner role for VM1
User1, User3, and User4 can create virtual machine in RG1

User 4 is a contributor, and contributor is able to create and manage resources of all types but not delete.
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
upvoted 3 times

  awssecuritynewbie 4 months, 2 weeks ago

user 3 is the owner of that single VM nothing anything else
upvoted 1 times

  humnahibataynge 5 months, 2 weeks ago

But User3 is the owner of only VM1, he can not create new VMs.
upvoted 4 times

  northstar88 5 months, 2 weeks ago

My bad. You are correct. User 3 cannot create new VMs.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 38/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #26 Topic 6

HOTSPOT -
You have the following custom role-based access control (RBAC) role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 39/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

  fabio79 Highly Voted  5 months, 2 weeks ago

For Me N,Y,Y.
Microsoft.Compute/virtualMachines/* Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual
machines. Execute scripts on virtual machines.
upvoted 67 times

  Alex2022_31 1 month, 1 week ago

The "resourceGroups/read" permission means that the user with that role can't create/modify/delete resource groups BUT if you have an
existing RG, you can create a VM in it as you have the "Microsoft.Compute/VirtualMachines/*" permission that includes all the actions on VMs

Correct answer imo would be N, Y, Y

upvoted 2 times

  Dhanishetty 1 month, 4 weeks ago

How about permissions regarding resource groups. I guess user has only read permission for resource groups
upvoted 1 times

  KingChuang 2 months, 3 weeks ago

Agree!
upvoted 1 times

  Dunkelheit 3 months, 3 weeks ago

All those permissions are happening in the "actions" section though. Isn't the appropriate sections for VM permissions the "dataActions"
section?
upvoted 1 times

  Dunkelheit 3 months, 3 weeks ago

Need to correct myself, here is a JSON for Virtual Machine Contributor:
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor
upvoted 1 times

  klexams Highly Voted  3 months, 2 weeks ago

N - ms.auth/*/write is NOT allowed.
Y - ms.comp/vm/* is allowed.
Y - ms.net/netint/* is allowed.
upvoted 15 times

  Phlogiston Most Recent  3 days, 16 hours ago

A misleading question that tests your ability to parse JSON more than anything else. The JSON value "Microsoft.Compute/virtualMachines/* gives
the user with role1 the ability to perform all actions, including the ability create virtual machines. Any actions that are described by this wildcard,
including /start, /deallocate, etc are not necessary to add the role. They are simply noise that is deliberately inserted to confuse the reader.
Inserting noise in exhibits is a favourite tactic to lead people to an incorrect response.
upvoted 2 times

  er101q 1 week, 5 days ago

N,Y,N
The "permissions" property of the custom RBAC role "Role1" specifies a list of actions that the users assigned this role are allowed to perform
within the specified "assignableScopes". The actions in the "notAction" list are explicitly excluded from the allowed actions, meaning that users with
this role cannot perform these actions.

Based on this information, we can conclude that:

Users assigned Role1 cannot assign Role1 to other users because the "Microsoft.Authorization/*/Write" action is in the "notAction" list.
Users assigned Role1 can deploy new virtual machines because the "Microsoft.Resources/deployments/*" action is in the "actions" list.
Users assigned Role1 cannot set a static IP address on a virtual machine because there is no mention of the action
"Microsoft.Network/networkinterfaces/*/write" or similar in the "actions" or "notAction" list.
upvoted 1 times

  azhunter 1 month, 1 week ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 40/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Answer is NYY
upvoted 1 times

  _fvt 1 month, 2 weeks ago

N,Y,Y.
If you look at the virtual machine contributor built-in role which allows you to "Create and manage virtual machines, ..."
(https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor), you'll see that it does only have
"resourceGroups/read" permission.
upvoted 2 times

  lss83 1 month, 4 weeks ago

This question in 19/12/2022 exam, 90% of the questions coming from here. I scored 950. So happy
upvoted 7 times

  Robert69 2 months, 3 weeks ago

Microsoft.Compute/virtualMachines/* grants access to all operations of virtual machines and its child resource types. So the answer must be N,Y,Y.
upvoted 1 times

  Liriano 3 months, 2 weeks ago

In exam today, go with highly voted
upvoted 4 times

  Gilad 3 months, 2 weeks ago

Was on exam 28 Oct 2022. 90% questions from examtopics. I answer N Y Y
upvoted 6 times

  rqFamily 2 months, 2 weeks ago

Hello, did you get any lab hands-on questions where you have to setup or configure anything or just multiple choice questions
upvoted 1 times

  Sukkelaar 3 months, 3 weeks ago

What about action line 5, "Microsoft.Compute/*/read", isnt that blocking the creation of vm's altogether?
upvoted 1 times

  Sukkelaar 3 months, 3 weeks ago

found out, ignore the question..:-)
upvoted 1 times

  polred 4 months ago

Agree. N, Y, Y should be the correct answer.
Box 1: Authorization actions are explicitly prohibit in the "NotAction" section.
For Box 2 and 3. In case of wildcards:
"Azure Resource Manager determines if the action in the API call is included in the roles the user has for this resource. If the roles include Actions
that have a wildcard (*), the effective permissions are computed by subtracting the NotActions from the allowed Actions."
Since there are no actions relating to VMs or network interfaces in the "NotAction" section and the user has the wildcard(*) permission for both, it
should be possible to deploy VM and set static IP addresses.
Ref: https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
upvoted 6 times

  awssecuritynewbie 4 months, 2 weeks ago

I agree it is N, Y, Y
The Assigning of role is actually under the "NOT ACTIONS" so yeah it self explains lol
Microsoft.Compute/virtualMachines/* / you are able to perform all actions under the authorization resource provider.
upvoted 1 times

  kukeleku 5 months ago

Agree on N Y Y
upvoted 2 times

  Bobby1977 5 months, 1 week ago

for me too ... NYY
upvoted 2 times

  ZacAz104 5 months, 1 week ago

In deployments there is * which is a wildcard for all reources allowed deployment so i think second one is Yes
upvoted 9 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 41/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #27 Topic 6

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.

NSG1 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 42/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

  qwerty100 Highly Voted  5 months, 2 weeks ago

I think is :

Yes
Yes
No
upvoted 25 times

  metafaim 5 months ago

I'm assuming that the NSG is applied to Subnet1.

Y. Outbound rules have 145 priority for allow storage1 access

Y. Inbound rules has default Vnet to Vnet allow so VM2 can access VM1. The deny rule 110 is for Internet traffic coming in.

N. We can see the NSG is associated to 1 subnet from the image.

upvoted 16 times

  klexams 3 months, 3 weeks ago

yep seems incomplete. it says it applies to 1 subnet but did not say which subnet.
upvoted 4 times

  pythonier Highly Voted  5 months, 1 week ago

Question is incomplete, no way to tell if we don't know where the NSG is associated
upvoted 11 times

  littlejoe 4 months, 3 weeks ago

Check the image it is there. Assigned to 1 Subnet not assigned to network interfaces.
upvoted 4 times

  Hyrydar 4 months, 1 week ago

yea, but we do not know if the vms are in the subnets. We can assume so, but it is not explicitly stated.
upvoted 3 times

  tyohaina 3 months, 1 week ago

It is complete. Only one subnet is assigned. Vnet has two subnets. Hence, any virtual machine on one of the unassigned subnets in VM1
will not have the NSG applied. I mean if it is not applied at Vnet level the answer will be 'No'.
"Question says ANY VM in VNET1"
upvoted 1 times

  zellck Most Recent  5 days ago

YYN is the answer.

https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules
upvoted 1 times

  rpalanivel83 1 month ago

Since there is no information on subnet mapping in this question, we have to consider the IP address. IP address for VM1 is 10.3.0.15 which is
assigned to destination of Inbound rule. So, the NSG1 is assigned to subnet1.

If so, the answer would be Yes; Yes; No

upvoted 1 times

  Aanandan 1 month, 3 weeks ago

In question they didn't mentioned for which subnet NSG is associated.. We cant able to assume whether is associate to subnet 1 or subnet.. How
we find that.. please anyone suggest
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 43/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  P123123 1 month ago

- The image shows that the NSG is associated with 1 subnet.
- The NSG inbound rule "HTTPS_VM1_Deny" has a destination of 10.3.0.15, which is the IP address of VM1, which is within Subnet1

=> Combined, these imply that the NSG is associated with Subnet1 only
upvoted 3 times

  spike15_mk 2 months, 1 week ago

Correct Answer:
YES - VM1 can access to storage1 with the rule 145 from Outbound Security Rules
YES - When traffic is outbound from VMs, always we are checking Outbound Rules not Inbound Security Rules. Default rule 65000 allow that
NO- this NSG1 is associated with 1 subnet in our case Subnet 1 because there are rules for VM1
upvoted 5 times

  alirasouli 3 months, 3 weeks ago

The question is incomplete. With some assumptions, we can answer the question.
Assumptions:
* VM1 is tied with subnet1
* VM2 is tied with subnet2
* NSG1 associated with subnet1
* storage1 is associated with VNet1

VM1 can access storage1. In addition to the "Storage_Access" outbound policy, we have "AllowVnetOutBound", which means all the traffic can be
safely exchanged from VM1 to storage1.

VM2 can access VM1 over the VNet. However, VM1 is banned from getting accessed through the internet because of the "HTTPS_VM1_Deny"
Inbound Policy. Thus VM2 cannot access VM1 by using the HTTPS protocol.

Based on the exhibit figure, NSG1 is just associated with one subnet.

So the answer is Yes-No-No.

upvoted 10 times

  FabrityDev 1 month, 1 week ago

You are wrong, answer is Yes-Yes-No. Your explanation of Box 1 and Box3 is correct but for Box2 it is incorrect. You assumed that VM1 is in
Subnet1 and VM2 is in Subnet2 and you don't even have to assume that, just look at the IP addresses, they fit within subnets ranges.

So if both VMs are in the same VNET, why would you assume that "HTTPS_VM1_Deny" would block the connection, if it clearly says that it
blocks connections from Internet, not from inside the VNET?
upvoted 2 times

  awssecuritynewbie 4 months, 2 weeks ago

Yes , No , no

You can access the storage account as you can see the first outbound rule is allowing it on port 443

the traffic for inbound from vm1 to vm2 you can see vm1 inbound traffic is denying anything from the internet to the source IP of Vm1.. on port
443. we do not know if VM2 is part of the same VNET! so if anyone can tell me if vm2 is actually part of the same VNET or we just assuming?

Any VM associated with the VNET would get the same NSG is not true as it is associated with only ONE SUBNET
upvoted 5 times

  klexams 3 months, 2 weeks ago

the 2nd is YES regardless, the block is for Source: Internet, not VM2.
upvoted 1 times

  awssecuritynewbie 4 months, 2 weeks ago

so yeah the subnet 2 is part of vnet1 which it means the second option is Yes!! because the inbound rule only deny applies to internet coming
into Vm1. VM2 would access vm1 without following under the internet as source.
upvoted 2 times

  FabrityDev 1 month, 1 week ago

I don't they would go as far as giving VMs IP addresses that fit within subnets IP ranges only to trick us.
upvoted 1 times

  gonzalobd 4 months, 3 weeks ago

IMPORTANT DETAIL: destination of first inbound rule is an ip of subnet 1. So no need to specify that nsg1 applies to subnet 1
upvoted 5 times

  kayyaly 5 months ago

Yes
Yes
No
upvoted 3 times

  randy0077 5 months ago

Hi Admin, Could you please verify if this question is complete?

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 44/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times
  JN62 5 months ago
On the top of NSG's screen is written that it is associated with one subnet. It should be to Subnet1.
Answers: Y N N
upvoted 1 times

  nox2447 5 months, 1 week ago

It is not specified to which Subnet the NSG applies. What am I missing here?
upvoted 5 times

  cloudman 5 months, 1 week ago

Yeah I have been trying to find it but no luck
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 45/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #28 Topic 6

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN
gateway named
VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1
is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?

A. Select Use the remote virtual network's gateway or Route Server on VNet1 to VNet2 peering.

B. Select Use the remote virtual network s gateway or Route Server on VNet2 to VNet1 peering.

C. Download and re-install the VPN client configuration package on Client1.

D. Enable BGP on VPNGW1.

Correct Answer: C

Community vote distribution

C (100%)

  JN62 Highly Voted  5 months ago

After changes in topology it is needed to re-install the VPN client
Answer is C
upvoted 10 times

  humnahibataynge Highly Voted  5 months, 2 weeks ago

Selected Answer: C
correct answer C
upvoted 5 times

  zellck Most Recent  5 days ago

Selected Answer: C
C is the answer.

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be
downloaded and installed again in order for the changes to be applied to the client.
upvoted 1 times

  er101q 1 week, 5 days ago

B. Select Use the remote virtual network's gateway or Route Server on VNet2 to VNet1 peering.

This option allows communication between VNet1 and VNet2 through the VPN gateway in VNet1. With this configuration, Client1 can connect to
VNet2 through the VPN connection to VNet1. It's important to select this option on the VNet2 to VNet1 peering to ensure that the traffic flows
properly between the two virtual networks.
Option C (Download and re-install the VPN client configuration package on Client1) is not relevant to the issue of connecting Client1 to VNet2. The
issue is related to the virtual network peering configuration between VNet1 and VNet2, and downloading and re-installing the VPN client
configuration package on Client1 is unlikely to resolve the issue. Option B (Select Use the remote virtual network's gateway or Route Server on
VNet2 to VNet1 peering) addresses the root cause of the issue by allowing traffic to flow between the two virtual networks through the VPN
gateway in VNet1.
upvoted 1 times

  meeko86 2 months ago

Selected Answer: C
Answer C: Download and re-install the VPN client configuration package on Client1.
If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be
downloaded and installed again.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 2 times

  chostes 3 months ago

Same question as Topic5 Question9 Nov2022
upvoted 2 times

  LiamAzure 3 months, 2 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 46/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Selected Answer: C
Peering was made after the VPN client was already installed. Re-install the vpn client due to the changes
upvoted 1 times

  klexams 3 months, 2 weeks ago

C - need to reinstall vpn config again if you make changes on the vpn.
upvoted 1 times

  kayyaly 5 months, 1 week ago

Selected Answer: C
C correct
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 47/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #29 Topic 6

HOTSPOT -
You have two Azure subscriptions named Sub1 and Sub2. Sub1 is in a management group named MG1. Sub2 is in a management group named
MG2.
You have the resource groups shown in the following table.

You have the virtual machines shown in the following table.

You assign roles to users as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

  James3958904 Highly Voted  5 months, 2 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 48/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

I think the answers should be: N N N

1. User1 can sign in to VM1
No
User1 is assigned as Virtual Machine Contributor in MG1.
And Virtual Machine Contributor can't log in to VM as a regular user.

2. User2 can manage disks and disk snapshots of VM1

No
Since User2 only has Virtual Machine User in Sub1, so he can log in to VM1 but can't manage disks or snapshots

3. User2 can manage disks and disk snapshots of VM3

No
Virtual Machine Contributor only has permission to manage disks, but not disk snapshots (Disk Snapshot Contributor permission)
upvoted 37 times

  daws08322 1 week, 4 days ago

What is Virtual Machine Contributor role good for in Azure?
Experience Level: Senior
Tags: Azure CloudAzure Virtual Machines
Answer
Create and manage virtual machines,
manage disks and disk snapshots,
install and run software,
reset password of the root user of the virtual machine using VM extensions,
and manage local user accounts using VM extensions.
This role does not grant you management access to the virtual network or storage account the virtual machines are connected to.

This role does not allow you to assign roles in Azure RBAC.
upvoted 2 times

  flurgen248 4 months ago

I think you're right. Virtual Machine contributor does have some Recovery Services permissions, but none for SnapShots.

NNN

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor
upvoted 4 times

  Ravi1383 4 months, 1 week ago

User1 can sign in to VM1
No - Only for classic VM contributor!

Classic Virtual Machine Contributor Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage
account they're connected to.

Virtual Machine Contributor Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the
virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to
the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC.
upvoted 2 times

  yfontana 3 months, 3 weeks ago

Virtual Machine Contributor doesn't include the data action Microsoft.Compute/virtualMachines/login/action, which is what's required to
login to a VM.

Compare https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor and

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-user-login
upvoted 2 times

  James3958904 5 months, 2 weeks ago

refer:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 4 times

  jellybiscuit Highly Voted  4 months, 4 weeks ago

N - effective rights are virtual machine contributor. This doesn't grant login.
N - effective rights are virtual machine login. This doesn't grant disk management.
N - effective rights are virtual machine contributor. This does not grant snapshot access.
upvoted 13 times

  airmancompsci 3 months, 1 week ago

What about the Virtual Machine User Login role that User1 is granted through Sub1? Since VM1 is in Sub1, won't User1 be able to access it
since it is in the same subscription? I see everyone putting "No" for the first one, and I just want to know why the Virtual Machine User Login
doesn't work.
upvoted 1 times

  Lexxsuse 1 month, 4 weeks ago

User1 is granted login through Sub2, not Sub1
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 49/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  zellck Most Recent  5 days ago

NNN is the answer.

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor
upvoted 1 times

  Bigc0ck 1 month, 1 week ago

Very similar question on the test, make sure to remember it
upvoted 2 times

  BShelat 1 month, 2 weeks ago

N, N, N
upvoted 1 times

  spike15_mk 2 months, 1 week ago

CORRECT ANSWER

YES - User1 is Virtual Machine Contributor on MG1. That means he has this role on every VMs under MG1. In our case it is MG1/Sub1/RG1/VM1.
Virtual Machine Contributor- Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the
virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to
the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC.

NO- User2 has only Virtual Machine User Login on Sub1( Sub1/RG1/VM1).
Virtual Machine User Login- View Virtual Machines in the portal and login as a regular user. Only read the Public IP addresses ,Virtual Networks,
LoadBalancers, Network Interfaces, VMs,
Hybrid Compute/machines and list credentials for endpoints. Also can Login to Virtual Machine and Hybrid Compute Machines.

YES- User2 has Virtual Machine Contributor on MG2 (MG2/Sub2/RG2/VM2 and VM3) .
upvoted 5 times

  FabrityDev 1 month, 1 week ago

You are wrong, Contributor cannot log in to VM so the first is NO.
upvoted 1 times

  avicrj 2 weeks, 1 day ago

How can a contributor install apps and manage vms without login ?
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 1 times

  RougePotatoe 2 days, 16 hours ago

Well if you actually looked at your own link you would know.

Virtual machine contributor

"Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to."
dataActions": [],

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-user-login

Virtual machine user login

"View Virtual Machines in the portal and login as a regular user.",
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.HybridCompute/machines/login/action"
],

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-user-login
upvoted 1 times

  RougePotatoe 2 days, 16 hours ago

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-administrator-login

"View Virtual Machines in the portal and login as administrator",

"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action",
"Microsoft.HybridCompute/machines/login/action",
"Microsoft.HybridCompute/machines/loginAsAdmin/action"
],
upvoted 1 times

  klexams 3 months, 2 weeks ago

N - to sign in you need "VM user login". so.. NOT to VM1 coz VM1 is in Sub1 > RG1.
N - user2 is vm contributor on MG2 > Sub2 > VM2. Not VM1.
N - user2 is vm contributor on MG2 > Sub2 > VM3. but apparently contributor cannot do disk snapshot.
upvoted 3 times

  klexams 3 months, 2 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 50/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

N - to sign in you need "VM user login". so.. NOT to VM1 coz VM1 is in Sub1 > RG1.
N - user2 is vm contributor on MG2 > Sub2 > VM2. Not VM1.
N - user2 is vm contributor on MG2 > Sub2 > VM3. but apparently contributor cannot do disk snapshot.
upvoted 1 times

  Ravi1383 4 months, 1 week ago

Correct answer - 1. Y
2. N
3. N
upvoted 1 times

  FabrityDev 1 month, 1 week ago

Wrong, first is NO
upvoted 1 times

  randy0077 4 months, 4 weeks ago

role can manage disk but cant take snapshot of disk.
upvoted 3 times

  randy0077 4 months, 4 weeks ago

Virtual Machine Contributor Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the
virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to
the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC.
upvoted 4 times

  Bobby1977 4 months, 4 weeks ago

for the 3rd one, User2 has VM Contributor permission at MG2 and at VM level, he is VM user. So thinking like 3rd one is Yes. NNY?
upvoted 3 times

  JN62 5 months ago

The Virtual machine contributor role lets you manage virtual machines, but not access their operating system or manage the virtual network and
storage account they are connected to.

Virtual Machine User Login: Users who have this role assigned can log in to an Azure virtual machine with regular user privileges.

I think answers should be: N N N

upvoted 3 times

  Bobby1977 5 months, 1 week ago

for me also it is NNN
upvoted 2 times

  humnahibataynge 5 months, 2 weeks ago

I think Answer should be: NNY
Vm contributor can not login into VM, For login into VM it requires "Virtual Machine User Login" role.
upvoted 3 times

  pedazodani 5 months, 2 weeks ago

I think its NNY. The first question is NO, because the user1 is "VM contributor" and can not sign in.
upvoted 3 times

  JonM93 5 months, 2 weeks ago

I agree with fabio.
Don't forget that User2 is Virtual Machine Contributor on MG2 in which contrains Sub2, which itself contains RG2, which contains VM3.
Hence Virtual Machine Contributor via inheritance
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 51/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #30 Topic 6

You have an Azure Active Directory (Azure AD) tenant that is linked to 10 Azure subscriptions.
You need to centrally monitor user activity across all the subscriptions.
What should you use?

A. Azure Application Insights Profiler

B. access reviews

C. Activity log filters

D. a Log Analytics workspace

Correct Answer: D

Community vote distribution

D (100%)

  klexams Highly Voted  3 months, 2 weeks ago

Selected Answer: D
keywords are "centrally monitor" and "all subs"
upvoted 5 times

  LiamAzure 3 months, 2 weeks ago

Can you explain why those giveaway its Log Analytics Workspace?
upvoted 1 times

  mung 2 months, 3 weeks ago

Log Analytics can monitor any resources regardless of the location of the resources.
So It's the only one that can do central monitoring.
upvoted 3 times

  mung 2 months, 4 weeks ago

Because Log Analytics gathers user activity logs from your Azure Service.
upvoted 1 times

  zellck Most Recent  5 days ago

Selected Answer: D
D is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#send-to-log-analytics-workspace
Send the activity log to a Log Analytics workspace to enable the Azure Monitor Logs feature, where you:
- Consolidate log entries from multiple Azure subscriptions and tenants into one location for analysis together.
upvoted 1 times

  Mo22 3 weeks, 1 day ago

Selected Answer: D
To centrally monitor user activity across all the Azure subscriptions, you should use a Log Analytics workspace. The Azure Activity Log, which is
available in the Log Analytics workspace, allows you to view and analyze activity logs from Azure resources, including Azure AD, across all the
subscriptions linked to your Azure AD tenant.
upvoted 1 times

  Lu5ck 4 months, 3 weeks ago

Monitor user activity & Alert rules (Q18) = Log Analytics workspace
upvoted 2 times

  kayyaly 5 months ago

Selected Answer: D
D is correct
upvoted 1 times

  pythonier 5 months, 1 week ago

I think answer is C, activity log tells you what task has been done within your subscription and which user performed the action.
upvoted 2 times

  pythonier 5 months, 1 week ago

nevermind, you can send the activity logs to log analytics workspace and get the logs from there. D is correct IMO:
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell
upvoted 4 times
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 52/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  humnahibataynge 5 months, 2 weeks ago

Selected Answer: D
Correct
https://techcommunity.microsoft.com/t5/azure-observability/log-analytics-workspace-with-multiple-subscription/m-p/324805
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 53/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #31 Topic 6

DRAG DROP -
You have an Azure subscription that contains a virtual machine name VM1.
VM1 has an operating system disk named Disk1 and a data disk named Disk2.
You need to back up Disk2 by using Azure Backup.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

Correct Answer:

  metafaim Highly Voted  5 months ago

Azure Recovery Services vaults can protect the following types of datasources:

Azure Virtual machines

SQL in Azure VM
Azure Files (Azure Storage)
SAP HANA in Azure VM
Azure Backup Server
Azure Backup Agent
DPM

Azure Backup vaults can protect the following types of datasources:

Azure Database for PostgreSQL servers

Azure Blobs (Azure Storage)
Azure Disks
Kubernetes Service
AVS Virtual machines
upvoted 30 times

  Babushka 3 months, 1 week ago

Good info
upvoted 3 times

  kerimnl Highly Voted  5 months, 1 week ago

Correct Answer:
1- Create an Azure backup vault.
2- Create a backup policy and configure the backup
3- Configure a managed identity

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 54/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Link: https://docs.microsoft.com/en-us/azure/backup/backup-managed-disks#:~:text=Review%20%2B%20create.-,Configure%20backup,-
Azure%20Disk%20backup
upvoted 26 times
  zellck Most Recent  5 days ago
1. Create an Azure Backup vault.
2. Create a backup policy and configure the backup.
3. Configure a managed identity.

https://learn.microsoft.com/en-us/azure/backup/backup-managed-disks
upvoted 1 times

  zellck 3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 2 times

  klexams 3 months, 2 weeks ago

1 Create an Azure backup vault.
2 Create a backup policy and configure the backup
3 Configure a managed identity
first 2 was no brainer, the 3rd threw me a bit but confirmed below.
Azure disk backup:
Backup vault uses managed identity to access other Azure resources.
upvoted 19 times

  klexams 3 months, 2 weeks ago

https://learn.microsoft.com/en-us/azure/backup/backup-managed-disks
upvoted 1 times

  awssecuritynewbie 4 months ago

This article explains how to back up Azure Managed Disk from the Azure portal.

In this article, you'll learn how to:

Create a Backup vault

Create a backup policy

Configure a backup of an Azure Disk

Run an on-demand backup job

upvoted 3 times

  awssecuritynewbie 4 months ago

ref https://learn.microsoft.com/en-us/azure/backup/backup-managed-disks
upvoted 2 times

  adrianspa 4 months, 1 week ago

https://azurealan.ie/2022/05/31/azure-backup-recovery-services-vault-versus-backup-vault/
upvoted 1 times

  aaaabb 5 months ago

Correct Answer: 1)Azure backup vault, 2) backup policy 3) managed identity
Azure disks are only supported in Azure backup vault. Recovery service vault does not support disks as a data source.
https://docs.microsoft.com/en-us/answers/questions/405915/what-is-difference-between-recovery-services-vault.html
upvoted 4 times

  akavoor 5 months, 1 week ago

Answer is correct - https://docs.microsoft.com/en-us/azure/backup/backup-managed-
disks#:~:text=Review%20%2B%20create.-,Configure%20backup,-Azure%20Disk%20backup
upvoted 1 times

  Bobby1977 5 months, 1 week ago

The correct answer will be
1. Create Recovery Service Vault (it has Azure Backup and Azure Site Recovery)
2. Create Azure Backup Vault
3. Create backup policy and configure the backup
upvoted 7 times

  James3958904 5 months, 2 weeks ago

The answer is correct
Reference:
https://www.cloudiqtech.com/how-to-backup-and-restore-azure-managed-disks-using-azure-backup-vault/
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 55/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #32 Topic 6

You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated to Subnet1.
NSG1 only contains the default rules.
You need to create a rule in NSG1 to prevent the hosts on Subnet1 form connecting to the Azure portal. The hosts must be able to connect to
other internet hosts.
To what should you set Destination in the rule?

A. Application security group

B. IP Addresses

C. Service Tag

D. Any

Correct Answer: C

Community vote distribution

C (100%)

  bernardwk3 Highly Voted  5 months, 2 weeks ago

You can use service tags to achieve network isolation and protect your Azure resources from the general Internet while accessing Azure services
that have public endpoints. Create inbound/outbound network security group rules to deny traffic to/from Internet and allow traffic to/from
AzureCloud or other available service tags of specific Azure services.

https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
upvoted 11 times

  klexams Highly Voted  3 months, 2 weeks ago

C - "Azure portal" is in the list of Service tag.
upvoted 7 times

  OrangeSG Most Recent  2 months, 2 weeks ago

Selected Answer: C
A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the
service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security
rules.
You can use service tags to define network access controls on network security groups, Azure Firewall, and user-defined routes. Use service tags in
place of specific IP addresses when you create security rules and routes

Reference
Virtual network service tags
https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview
upvoted 3 times

  awssecuritynewbie 4 months, 2 weeks ago

Selected Answer: C
service tag enables you to be very specific on the service you are bloking.
upvoted 1 times

  kayyaly 5 months, 1 week ago

Selected Answer: C
C correct
upvoted 2 times

  HMO 5 months, 1 week ago

Selected Answer: C
You can use service tags to achieve network isolation and protect your Azure resources from the general Internet while accessing Azure services
that have public endpoints
upvoted 4 times

  HMO 5 months, 1 week ago

You can use service tags to define network access controls on network security groups, Azure Firewall, and user-defined routes
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 56/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #33 Topic 6

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?

A. search in (Event) "error"

B. Event | where EventType is "error"

C. select * from Event where EventType == "error"

D. Get-Event Event | where {$_.EventType == "error"}

Correct Answer: A

Community vote distribution

A (79%) B (21%)

  virgilpza Highly Voted  5 months, 1 week ago

In this case the answer is A
other options are:
1. Event | search "error"
2. Event | where EventType == "error"
3. search in (Event) "error"
upvoted 24 times

  meeko86 2 months, 1 week ago

The first and third option works. The second option did not work for me. EventType does not exist. However this worked for me: Event | where
EventLevelName == "Error"
upvoted 2 times

  Cowsarered Highly Voted  5 months, 2 weeks ago

Selected Answer: A
Answer is Correct
upvoted 9 times

  AnKiLa Most Recent  1 week, 1 day ago

Selected Answer: A
Correct answer is A. Answer B is wrong because the operator 'is' is not valid. Instead we have to use '=='. See https://learn.microsoft.com/en-
us/azure/data-explorer/kusto/query/datatypes-string-operators
upvoted 1 times

  er101q 1 week, 5 days ago

Option B is correct because it is written in the Log Analytics query language, which is used to query data in an Azure Log Analytics workspace. The
query uses the "Event" table and filters the results to only include events with an "EventType" of "error".

The other options are not written in the Log Analytics query language and would not work as written in a Log Analytics workspace.
upvoted 2 times

  Mo22 1 week, 6 days ago

Selected Answer: B
Option B is the correct query to use in Azure Log Analytics to view error events from a table named Event.

The syntax for Azure Log Analytics queries uses a pipeline style and typically begins with the name of the table, in this case "Event", followed by
one or more operators, in this case the "where" operator, which filters the results based on the specified criteria. The correct syntax would be:

Event | where EventType is "error"

upvoted 3 times

  vishalgu 3 weeks, 3 days ago

option B.
explanation:- In Azure Log Analytics, you use the "Kusto Query Language" (KQL) to query the data stored in a Log Analytics workspace. To view the
error events from the table named "Event" in Workspace1, you should run the following query:
Event | where EventType is "error"

This query will filter the "Event" table to only show the events where the "EventType" is "error" and you will be able to see all the events with errors.
upvoted 1 times

  ccemyilmazz 3 weeks, 6 days ago

Selected Answer: A

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 57/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

1. Event | search "error"

2. Event | where EventType = "error"
3. search in (Event) "error"
upvoted 1 times
  klexams 3 months, 2 weeks ago
A. search in (Event) "error"
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 58/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #34 Topic 6

You have an Azure App Service web app named App1.

You need to collect performance traces for App1.
What should you use?

A. Azure Application Insights Profiler

B. the Activity log

C. the Deployment center

D. the Diagnose and solve problems settings

Correct Answer: B

Community vote distribution

A (100%)

  F117A_Stealth Highly Voted  5 months, 2 weeks ago

Selected Answer: A
"With Application Insights Profiler, you can capture and view performance traces for your application in all these dynamic situations, automatically
at-scale, without negatively affecting your end users."

https://docs.microsoft.com/en-us/azure/azure-monitor/profiler/profiler-overview
upvoted 23 times

  zellck Most Recent  5 days, 3 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/profiler/profiler-overview
With Application Insights Profiler, you can capture and view performance traces for your application in all these dynamic situations, automatically
at-scale, without negatively affecting your end users.
upvoted 1 times

  Shipada 3 weeks, 1 day ago

Selected Answer: A
Should be A
upvoted 1 times

  klexams 3 months, 2 weeks ago

A. Azure Application Insights Profiler
upvoted 4 times

  klexams 3 months, 2 weeks ago

With Application Insights Profiler, you can capture and view performance traces for your application in all these dynamic situations,
automatically at-scale, without negatively affecting your end users
upvoted 1 times

  tahirMScert 4 months, 3 weeks ago

A. Azure Application Insights Profiler

https://learn.microsoft.com/en-us/azure/azure-monitor/profiler/profiler-overview
upvoted 4 times

  hatoom2006 3 months ago

In the question mentioned to collect not to view performance traces which you may find it in activity log
upvoted 3 times

  kerimnl 5 months, 1 week ago

Selected Answer: A
A. Azure Application Insights Profiler
upvoted 4 times

  DanishHassan 5 months, 2 weeks ago

Answer is A
upvoted 2 times

  humnahibataynge 5 months, 2 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 59/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Selected Answer: A
Azure Application Insights Profiler
upvoted 2 times

  Dannxx 5 months, 2 weeks ago

Should be A
upvoted 3 times

  Dannxx 5 months, 2 weeks ago

With Application Insights Profiler, you can capture and view performance traces... @https://docs.microsoft.com/en-us/azure/azure-
monitor/profiler/profiler-overview
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 60/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #35 Topic 6

You have an Azure subscription that contains the storage accounts shown in the following table.

You deploy a web app named App1 to the West US Azure region.

You need to back up App1. The solution must minimize costs.

Which storage account should you use as the target for the backup?

A. storage1

B. storage2

C. storage3

D. storage4

Correct Answer: D

Community vote distribution

B (66%) A (34%)

  khaled_razouk Highly Voted  1 month, 1 week ago

Selected Answer: B
To minimize costs, you should use the storage account that is in the same region as the web app that you are backing up. In this case, the web app
is in the West US region, so you should use storage2
upvoted 9 times

  zellck Most Recent  5 days ago

Selected Answer: B
B is the answer.

Backup to same region and non-premium BlobStorage

upvoted 1 times

  AndreaStack 6 days, 4 hours ago

Selected Answer: B
In a general scenario like this, not depending on specific requirements and trade-offs, it's best to use a storage account LOCA
TED IN THE SAME REGION AS THE WEB APP to minimize data transfer costs and reduce latency, which can result in cost savings. Therefore, in this
case, using Stor-age2, which is a Blob Storage account located in the West US region, would be the better choice to minimize costs (B).

By using a storage account in the same region as the web app, you can reduce data transfer costs as data transfers between storage accounts
within the same region are usually cheaper than transfers between different regions. Additionally, using a storage account in the same region can
reduce latency, making the backup process faster and more efficient.
upvoted 1 times

  GBAU 4 days, 11 hours ago

So what saves you more, less data transfer in the backup to get to another region, or lower cost storage?
upvoted 1 times

  er101q 1 week, 5 days ago

Option C, storage3, is the best choice for the target of the backup because it is located in the same region as the web app (West US) and is of the
"BlockBlobStorage" kind, which is well-suited for unstructured data such as backups.

By using a storage account in the same region as the web app, you minimize the latency and costs associated with transferring data across regions.
BlockBlobStorage is more cost-effective than StorageV2 (storage1) and FileStorage (storage4) and provides the functionality needed for backing up
unstructured data.

Using storage3 as the target for the backup will minimize costs while ensuring that the backup is stored in the same region as the web app for low-
latency access.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 61/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times

  er101q 1 week, 5 days ago

my bad, I'm sorry. answer is B. The target storage account for the backup should be the one that is closest to the location of the deployed web
app to minimize costs and ensure fast and efficient data transfer. Since the web app named App1 is deployed in the West US region, storage2,
which is also in the West US region, should be used as the target for the backup. This will minimize the costs associated with data transfer and
ensure the backup process is efficient.
upvoted 1 times

  GBAU 4 days, 11 hours ago

but storage3 is also in West US.
The question is really now only if it should be Blob or BlockBlob
upvoted 1 times

  RougePotatoe 2 days, 16 hours ago

Block blob is only available in premium. Unless there is a specific need for block blob, which I can't come up with any, the cheapest option
is blob storage.

https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction#storage-accounts
upvoted 1 times

  RDNEA 2 weeks ago

Selected Answer: B
I agree with khaled_razouk
upvoted 1 times

  Exilic 3 weeks ago

50/50 on this question for votes.
upvoted 1 times

  Mo22 3 weeks, 1 day ago

Selected Answer: B
Azure Blob storage is generally considered to be the more cost-effective option for storing backups of a web app.

Azure Blob storage has several different storage tiers, including Hot, Cool, and Archive, each with different pricing models. The Cool storage tier is
designed for infrequent access data and has the lowest storage costs. This makes it the most cost-effective option for storing backups of a web
app.
upvoted 2 times

  FabrityDev 1 month, 1 week ago

Selected Answer: A
I'd go with A.

In Backup Configuration tutorial it is mentioned that:

"In Storage account, select an existing storage account (in the same subscription) or select Create new. Do the same with Container."

It is not mentioned that it has to be in the same location. So general-purpose is available and cheapest.

https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal
upvoted 2 times

  vitodobra 1 month, 1 week ago

Selected Answer: B
la mas esconomica es la B porque hay que tener encuenta el trafico del backup
upvoted 1 times

  Ashfaque_9x 1 month, 1 week ago

Selected Answer: A
A. storage1
https://learn.microsoft.com/en-us/azure/storage/common/storage-account-upgrade?tabs=azure-portal
upvoted 1 times

  Bigc0ck 1 month, 1 week ago

Definitly on the test
upvoted 1 times

  Muffay 1 month, 1 week ago

Selected Answer: A
Let me correct my previous vote, I will go for A.

We can backup to any region.

https://learn.microsoft.com/en-us/azure/storage/common/storage-account-upgrade?tabs=azure-portal
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 62/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  chikorita 1 week, 1 day ago

what the about the DATA TRANSFER charges that we incur for cross-region transfer between regions
upvoted 1 times

  Muffay 1 month, 1 week ago

Selected Answer: B
We can only use storage in the same region - so it is either storage2 or storage 3.
And now I am puzzled.
BlockBlobStorage storage account type is only available in the premium tier - whereas "BlobStorage" is standard tier. As we want to save costs,
BlobStorage should be the right choice.
So it should be B - storage2
upvoted 4 times

  Muffay 1 month, 1 week ago

I need to correct myself - backup can use storage in any region.
So I will go with Storage1, because:
https://learn.microsoft.com/en-us/azure/storage/common/storage-account-upgrade?tabs=azure-portal
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage
upvoted 2 times

  sharkzor 1 month, 1 week ago

Selected Answer: A
Shouldn't A be cheaper? Genv2. Azure files is for high performance?
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 63/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #36 Topic 6

HOTSPOT
-

You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains two users named User1 and User2.

The subscription contains the resources shown in the following table.

The subscription contains the alert rules shown in the following table.

The users perform the following action:

• User1 creates a new virtual disk and attaches the disk to VM1
• User2 creates a new resource tag and assigns the tag to RG1 and VM1

Which alert rules are triggered by each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 64/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

  FabrityDev Highly Voted  1 month, 1 week ago

Please correct me if I'm linking a wrong resource but according to
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema#administrative-category

"Every action taken by a user or application using Resource Manager is modeled as an operation on a particular resource type. If the operation type
is Write, Delete, or Action, the records of both the start and success or fail of that operation are recorded in the Administrative category.
Administrative events also include any changes to Azure role-based access control in a subscription."

Therefore operations described in this question are administrative operations. So First selection should be only Alert2 as it is related only to VM,
and second selection should be Alert1 and Alert2 as operation relates to both RG and VM.
upvoted 5 times

  seeyainthecloud 2 weeks, 1 day ago

VM1 (created in RG1) is a part of the resource group. Don't you think that's an Administrative activity for both VM1 and RG1? This will ofcourse
trigger both the alerts.
upvoted 2 times

  zellck Most Recent  5 days, 1 hour ago

User1: Alert1 and Alert2 are triggered.
User2: Alert1 and Alert2 are triggered.
upvoted 1 times

  DanSuaricius 1 week, 2 days ago

It is another ambiguous question because it is not specificated in which Resource Group is created the Storage account. In my opinion (assuming
that the Storage account is not created in RG1) is the next:
- User1: Alert2 (Attaching the Disk File only affects to the VM1)
- User2: Alert1 y Alert2
upvoted 2 times

  elior19940 3 weeks, 4 days ago

im confiused. what is the correct answer?
upvoted 1 times

  HMKM 3 weeks, 5 days ago

Tested on Azure. My conclusion is User1 triggers both and User2 triggers Alert1 only.
- User1 triggers Alert1 for two operations: "Microsoft.Compute/virtualMachines/write to VM" and "Microsoft.Compute/disks/write to Disk"
- User1 also triggers Alert2 for an operation: "Microsoft.Compute/virtualMachines/write to VM"
- User2 only triggers Alert1 for one operation: "Microsoft.Resources/tags/write to both RG and VM"
upvoted 1 times

  moshos 3 weeks, 4 days ago

I tested this as well but my results differ from yours. My results:
- User1 actions triggered Alert1 and Alert2
- User2 actions triggered Alert1 and Alert2
upvoted 8 times

  khaled_razouk 1 month, 1 week ago

correct answer User1 when will create a new virtual disk and attaches the disk to VM1 it will create an alert N2 because there'is a scope contain the
VM1
https://www.examtopics.com/exams/microsoft/az-104/view/6/#
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 65/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #37 Topic 6

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource
Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

A. a Desired State Configuration (DSC) extension

B. the New-AzConfigurationAssignment cmdlet

C. Azure Application Insights

D. a Microsoft Endpoint Manager device configuration profile

Correct Answer: A

Community vote distribution

A (100%)

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 66/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  zellck 5 days, 8 hours ago

Same as Question 67.
https://www.examtopics.com/discussions/microsoft/view/67546-exam-az-104-topic-4-question-67-discussion
upvoted 1 times

  zellck 5 days, 8 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-template
upvoted 1 times

  chikorita 1 week, 1 day ago

if this exam doesnt show up in exam,i'd be really disappointed
i've seen this one like 10times now! yikes!!!
upvoted 3 times

  AStark1080 6 days, 13 hours ago

I swear studying this question 10 times in a row better pay off for my exam
upvoted 1 times

  chikorita 1 week, 1 day ago

if this exam [question]**
upvoted 1 times

  FabrityDev 1 month, 1 week ago

Selected Answer: A
Duplicate question, answer is DSC. There is another version of this question where Custom Script Extension is the right answer and there is no DSC
option to choose.
upvoted 4 times

  Ashfaque_9x 1 month, 1 week ago

Selected Answer: A
A. a Desired State Configuration (DSC) extension
upvoted 1 times

  wpestan 1 month, 1 week ago

Selected Answer: A
A. a Desired State Configuration (DSC) extension
upvoted 1 times

  khaled_razouk 1 month, 1 week ago

Selected Answer: A
A. a Desired State Configuration (DSC) extension
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 67/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #38 Topic 6

You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.

You need to configure access for VNET1. The solution must meet the following requirements:

• The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft
backbone.
• The virtual machines connected to VNET1 must be able to access storage1, storage2, and Azure AD by using the Microsoft backbone.

What is the minimum number of service endpoints you should add to VNET1?

A. 1

B. 2

C. 3

D. 5

Correct Answer: D

Community vote distribution

B (100%)

  sharkzor Highly Voted  1 month, 1 week ago

Selected Answer: B
Should be B, 2 service endpoints. VM is not a service endpoint type. So the first question is irrelevant.
Both storage accounts must have service endpoints in vnet 1, so awnser should be 2
upvoted 9 times

  moshos Highly Voted  3 weeks, 4 days ago

Selected Answer: B
My answer: 2
First service endpoint: One service endpoint for Microsoft.Storage added to VNET1.
The question asks how many to add to VNET1. When adding service endpoints on the VNET1 side you only get to choose the service (
Microsoft.Storage ) not the actual storage accounts. Once you add this service endpoint it can be then linked to on the storage side for both
accounts.

Second Service Endpoint: Microsoft.AzureActiveDirectory.

Total:2
upvoted 6 times

  zellck Most Recent  5 days, 1 hour ago

Selected Answer: B
B is the answer.

https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview#standard-endpoints
A standard service endpoint in Azure Storage includes the protocol (HTTPS is recommended), the storage account name as the subdomain, and a
fixed domain that includes the name of the service.
upvoted 1 times

  sadhou2004 1 month ago

The Minimum should be One as for Storage accounts acces is managed by Service endpoint policy where we can include all Storage accounts
under Subscription or Resource Group.
upvoted 2 times

  Ashfaque_9x 1 month, 1 week ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 68/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Selected Answer: B
B. 2

Two storage accounts will require 2 service endpoints.

upvoted 4 times

  khaled_razouk 1 month, 1 week ago

Selected Answer: B
To meet the requirements, you would need to add at least two service endpoints to VNET1.

One service endpoint would be required for VNET1 to communicate with VNET2 over the Microsoft backbone.

Another service endpoint would be required for the virtual machines connected to VNET1 to access storage1, storage2, and Azure AD over the
Microsoft backbone.

Therefore, the minimum number of service endpoints you should add to VNET1 is 2.
upvoted 2 times

  P123123 1 month ago

Answer is right, but the rationale is wrong

- It should be 1 service endpoint for each storage account (2 service endpoints total)
- You wouldn't use service endpoints to enable communication between the VNETs. Peering would be the likely solution for VNET to VNET
communication
upvoted 2 times

  Muffay 1 month, 1 week ago

Selected Answer: B
B should be correct, as Storage and KeyVault are the only one supporting service endpoints - but it is not asked for a backbone connection to the
KeyVault. So, for each storage account one endpoint.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 69/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #39 Topic 6

You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com.

What should you do first?

A. Create A records named www.contoso.com and asuid.contoso.com.

B. Create a TXT record named asuid that contains the domain verification ID.

C. Create a CNAME record named asuid that contains the domain verification ID.

D. Create a TXT record named www.contoso.com that has a value of contoso.azurewebsites.net.

Correct Answer: C

Community vote distribution

B (63%) C (23%) 13%

  sharkzor Highly Voted  1 month, 1 week ago

Selected Answer: B
should be a TXT record, B
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain?tabs=a%2Cazurecli
upvoted 14 times

  GBAU 4 days, 11 hours ago

Shouldn't that mean the correct answer is actually using the subdomain option :Create a TXT record named contoso.asuid that contains the
domain verification ID. (or www.asuid?)
upvoted 1 times

  moshos 3 weeks, 4 days ago

From that link : "To add a custom domain to your app, you need to verify your ownership of the domain by adding a verification ID as a TXT
record with your domain provider."
upvoted 1 times

  Irism Highly Voted  1 month, 1 week ago

nice to see 3 answers
upvoted 8 times

  spaceman12 Most Recent  2 days, 8 hours ago

Both cname and TXT can be used to verify domain ownership but I wonder if this question is testing in depth TXT and CNAME difference?

With TXT record you get a verification code that you need to input into your domain registrar service. So you have to copy the TXT record and the
verification code in separate fields.

With CNAME, Azure will generate the record but in the record itself contains the verification code. So you just have to copy and paste the cname
record to verify the domain.

Seems CNAME record is the answer from semantics standpoint

upvoted 1 times

  grzfidler 4 days, 3 hours ago

CNAME is required, TXT is optional "While it's not absolutely required to add the TXT record, it's highly recommended for security."
upvoted 1 times

  AndreaStack 6 days, 1 hour ago

Selected Answer: B
RECORD TYPE HOST VALUE COMMENTS
A @ The app's IP address shown in the Add custom domain dialog.
The domain mapping itself (@ typically represents the root domain).

TXT asuid The domain verification ID shown in the Add custom domain dialog. For root domain, App Service accesses asuid TXT record to verify
your ownership of the custom domain.

Reference:
https://learn.microsoft.com/en-us/azure/app-service/media/app-service-web-tutorial-custom-domain/a-record.png
upvoted 1 times

  AndreaStack 6 days, 1 hour ago

Answer correct is B!!

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 70/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

RECORD TYPE --- HOST --- VALUE ---- COMMENTS

A -- @ -- The app's IP address shown in the Add custom domain dialog. --- The domain mapping itself (@ typically represents the root
domain).

TXT --- asuid --- The domain verification ID shown in the Add custom domain dialog. --- For root domain, App Service accesses asuid TXT
record to verify your ownership of the custom domain.

Reference:
https://learn.microsoft.com/en-us/azure/app-service/media/app-service-web-tutorial-custom-domain/a-record.png
upvoted 1 times
  chikorita 1 week, 2 days ago
Cant be D cuz TXT record has no other purpose than domain verification
Also, here's my take:
we need to add new Custom domain, in order to do so you MUST verify the domain first
HENCE, B makes the most sense here :)
upvoted 1 times

  lkjsatlwjwwge 1 week, 4 days ago

Selected Answer: B
sharkzor is right
upvoted 1 times

  r3nenge 2 weeks, 2 days ago

Selected Answer: B
My vote is B
A - you dont need 2 A records, you just need one, more over A records are used to point to IP
B - seems legit
C - CNAME should point to your domain (alias), not to verification id (it is used as value for TXT records)
D - TXT record should have value of verification id, not domain address.
upvoted 2 times

  salambrosalam 3 weeks, 2 days ago

Selected Answer: C
I think that the answer is C.

A Canonical Name (CNAME) record is a type of resource record in the Domain Name System (DNS) that maps one domain name (an alias) to
another (the canonical name).
upvoted 1 times

  Stanly_Az 4 weeks, 1 day ago

I think CNAME
https://learn.microsoft.com/en-us/azure/app-service/manage-custom-dns-buy-domain
upvoted 3 times

  Georgego 1 month ago

Selected Answer: B
TXT record is always first. This step is the proof you actually own the domain and TXT record is needed to verify this.
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain?tabs=a%2Cazurecli
upvoted 1 times

  rpalanivel83 1 month ago

Answer is A

You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users
access it using either www.contoso.com or contoso.com as a fully qualified domain name (FQDN).

To do this, you have to create three records:

A root "A" record pointing to contoso.com

A root "TXT" record for verification
A "CNAME" record for the www name that points to the A record.

Ref: https://learn.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
upvoted 2 times

  Ashfaque_9x 1 month, 1 week ago

Selected Answer: A
The question is "what should you do first?", so first of all we will have to create A record
https://learn.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
upvoted 4 times

  khaled_razouk 1 month, 1 week ago

Selected Answer: C

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 71/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

To configure an Azure web app to host www.contoso.com, you should first create a CNAME record named www.contoso.com that points to
contoso.azurewebsites.net. This will allow traffic intended for www.contoso.com to be routed to your Azure web app.

Therefore, the correct answer is:

C. Create a CNAME record named www.contoso.com that points to contoso.azurewebsites.net.

upvoted 4 times
  KalSiva 1 month, 1 week ago
Selected Answer: C
Answer is C. Create a CNAME
https://support.microsoft.com/en-us/topic/associating-a-custom-domain-name-and-securing-communication-with-azure-0eeba4ff-3432-e59a-
7f7a-0ee8c7cd7c11
A Record - Configure IP address to DNS
TXT - Register the domain etc
upvoted 2 times

  KalSiva 1 month, 1 week ago

In the link above, it has the same example in this question
upvoted 1 times

  Anishkb 1 month, 1 week ago

Answer is 'A'

refer: https://learn.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 72/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #40 Topic 6

You have an Azure subscription that contains 10 network security groups (NSGs), 10 virtual machines, and a Log Analytics workspace named
Workspace1. Each NSG is connected to a virtual machine.

You need to configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected.

What should you do first?

A. Deploy Connection Monitor.

B. Configure data collection endpoints.

C. Configure a private link.

D. Configure NSG flow logs.

Correct Answer: D

Community vote distribution

D (100%)

  Muffay Highly Voted  1 month, 1 week ago

Selected Answer: D
I think D is correct.
https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview#traffic
The Traffic tab provides access to all NSGs configured for NSG flow logs and Traffic Analytics for the selected set of subscriptions, grouped by
location.
upvoted 7 times

  moshos 3 weeks, 4 days ago

Also https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
" Identify unknown or undesired traffic." in Common use cases
upvoted 1 times

  khaled_razouk Highly Voted  1 month, 1 week ago

Selected Answer: D
To configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected, you should first configure
NSG flow logs.

NSG flow logs provide information about traffic that is allowed or denied by an NSG. By configuring NSG flow logs, you will be able to monitor the
traffic passing through your NSGs and detect any suspicious activity.
upvoted 5 times

  zellck Most Recent  5 days, 9 hours ago

Selected Answer: D
D is the answer.

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#why-use-flow-logs
It is vital to monitor, manage, and know your own network for uncompromised security, compliance, and performance. Knowing your own
environment is of paramount importance to protect and optimize it. You often need to know the current state of the network, who is connecting,
where they're connecting from, which ports are open to the internet, expected network behavior, irregular network behavior, and sudden rises in
traffic.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 73/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #41 Topic 6

HOTSPOT
-

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

Sub1 contains the following alert rule:

• Name: Alert1
• Scope: All resource groups in Sub1
o Include all future resources
• Condition: All administrative operations
• Actions: Action1

Sub1 contains the following alert processing rule:

• Name: Rule1
• Scope: Sub1
• Rule type: Suppress notifications
• Apply the rule: On a specific time
o Start: August 10, 2022
o End: August 13, 2022

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

  FabrityDev Highly Voted  1 month, 1 week ago

Y - "alert is listed" does not mean a notification in my understanding therefore yes
N - The date is within suppression rule boundaries therefore email will be suppressed
Y - The date is outside suppression rule boundaries
upvoted 11 times

  zellck Most Recent  5 days, 9 hours ago

YNY is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules?tabs=portal#what-should-this-rule-do
Suppression: This action removes all the action groups from the affected fired alerts. So, the fired alerts won't invoke any of their action groups, not

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 74/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

even at the end of the maintenance window. Those fired alerts will still be visible when you list your alerts in the portal, Azure Resource Graph, API,
or PowerShell.
upvoted 1 times

  zellck 3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 1 times

  HMKM 3 weeks, 5 days ago

In Create an alert processing rule - Rule settings, it says:
Suppress notifications: The alert will still fire, but the action groups won't be invoked so you won't receive any notifications when it fires.
So imho,
Y - A new alert will be listed on Monitor - Alerts
N - Action group will not be triggered.
Y - Out of time range of the alert processing rule, so email will be sent.
upvoted 1 times

  AMOLMANTHALKAR 1 month, 1 week ago

Sorry i mean N- suppress notifications Y - as per rule N - date is beyond 13 aug
upvoted 1 times

  AMOLMANTHALKAR 1 month, 1 week ago

shud be YNY
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 75/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #42 Topic 6

You have an Azure subscription that contains a storage account named storage1 in the North Europe Azure region.

You need to ensure that when blob data is added to storage1, a secondary copy is created in the East US region. The solution must minimize
administrative effort.

What should you configure?

A. operational backup

B. object replication

C. geo-redundant storage (GRS)

D. a lifecycle management rule

Correct Answer: C

Community vote distribution

B (71%) C (29%)

  sadhou2004 Highly Voted  3 weeks, 2 days ago

Selected Answer: B
With GRS you can't choose the Destination region and for North Europe the paired region is West Europe so correct answer Object replication.
upvoted 6 times

  DeBoer 1 week, 3 days ago

Easy to confirm in lab (just did) and you're absolutely right
upvoted 1 times

  zellck Most Recent  5 days, 9 hours ago

Selected Answer: B
B is the answer.

https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-overview
Object replication asynchronously copies block blobs between a source storage account and a destination account.
upvoted 1 times

  Kimoz 1 week, 3 days ago

B is the correct answer :With GRS you can't choose the Destination region
upvoted 1 times

  SKR94 2 weeks, 2 days ago

Is not C, North Europe(Netherlands) Cross-Region is North Europe (Irland)

https://learn.microsoft.com/en-us/azure/reliability/cross-region-replication-azure
upvoted 1 times

  Shipada 3 weeks, 1 day ago

Selected Answer: B
With GRS you can't choose the Destination region
upvoted 2 times

  Mo22 3 weeks, 1 day ago

Selected Answer: B
Object replication is a feature that allows you to replicate data, such as blobs, across different storage accounts or containers within the same
storage account. This can be configured to automatically copy data from one storage location to another, either within the same region or across
different regions. Object replication can be used to create disaster recovery solutions or to distribute data globally for better performance and
availability.
It is similar to GRS but it is more flexible as you can choose the storage account and container to replicate the data.
The GRS of a North Europe region is a secondary copy of the data stored in a different region. The exact location of the secondary region will
depend on the specific Azure region you have selected. For the North Europe region, the secondary copy is stored in the West Europe region. This
means that if there is an outage or disaster in the North Europe region, your data will still be available in the West Europe region. This provides a
high level of data durability and protection.
upvoted 3 times

  salambrosalam 3 weeks, 2 days ago

Selected Answer: C

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 76/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

I guess that correct answer is C

upvoted 2 times
  Theguy97 4 weeks ago
Selected Answer: C
Correct Answer : C
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 77/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #43 Topic 6

You have an Azure subscription that contains two Log Analytics workspaces named Workspace1 and Workspace2 and 100 virtual machines that
run Windows Server.

You need to collect performance data and events from the virtual machines. The solution must meet the following requirements:

• Logs must be sent to Workspace1 and Workspace 2.

• All Windows events must be captured.
• All security events must be captured.

What should you install and configure on each virtual machine?

A. the Azure Monitor agent

B. the Windows Azure diagnostics extension (WAD)

C. the Windows VM agent

Correct Answer: A

Community vote distribution

A (100%)

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 78/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  zellck 5 days, 9 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to
Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Azure Monitor Agent
replaces all of Azure Monitor's legacy monitoring agents.
upvoted 1 times

  DeBoer 1 week, 3 days ago

Selected Answer: A
Azure Monitor agent will help with the collection of all of these; https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-
rule-azure-monitor-agent?tabs=portal

The only thing that might be an issue here is that we're writing to 2 LA workspaces, but the documentation states that you can use data rules to
ingest multiple sources and write to multiple destinations.
upvoted 1 times

  salambrosalam 3 weeks, 2 days ago

Selected Answer: A
I think that correct answer is A. (Azure Monitor)
upvoted 1 times

  B_M_A 3 weeks, 5 days ago

Yes SME please update this.
upvoted 1 times

  Ashfaque_9x 3 weeks, 6 days ago

Selected Answer: A
A. the Azure Monitor agent
upvoted 1 times

  Georgego 4 weeks ago

Selected Answer: A
Answer is correct
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#install-the-agent-and-configure-data-collection
upvoted 3 times

  1475 4 weeks, 1 day ago

wake up experts tell us the answer
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 79/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #44 Topic 6

You have an Azure subscription that contains a virtual machine named VM1 and an Azure function named App1.

You need to create an alert rule that will run App1 if VM1 stops.

What should you create for the alert rule?

A. an application security group

B. a security group that has dynamic device membership

C. an action group

D. an application group

Correct Answer: C

Community vote distribution

C (100%)

  GBAU 4 days, 10 hours ago

C: It sounded most right. I wanted something to happen, actions do something, so I went with Action Group. Looks like from others actual
knowledge I scored some bonus points if this was a real exam :)
upvoted 1 times

  zellck 5 days, 9 hours ago

Selected Answer: C
C is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule
You create an alert rule by combining:
- The resources to be monitored.
- The signal or telemetry from the resource.
- Conditions.

Then you define these elements for the resulting alert actions by using:
- Alert processing rules
- Action groups
upvoted 1 times

  zellck 3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 1 times

  omgMerrick 1 week, 3 days ago

Selected Answer: C
Answer is correct, C.

An action group is a collection of actions that are triggered by an Azure alert. In this scenario, you need to create an alert rule that will run App1 if
VM1 stops, and for this purpose, you need to create an action group. An action group defines the set of actions to be taken when an alert is
triggered, such as running an Azure function, sending an email, or creating an Azure ticket.

By creating an action group and associating it with the alert rule, you can automate the process of running App1 if VM1 stops, without the need for
manual intervention. This helps ensure that critical systems, such as App1, are automatically activated when necessary, improving the overall
reliability and availability of your Azure services.
upvoted 4 times

  HMKM 3 weeks, 5 days ago

Create an action group.
In Home > Monitor | Alerts > Action groups > Create action group > Actions tab, select action type "Azure Function" and choose the Function app
and Function.
upvoted 4 times

  Georgego 4 weeks ago

Selected Answer: C
Answer is correct.
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups#action-specific-information
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 80/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #45 Topic 6

You have an Azure subscription that contains a virtual network named VNet1.

VNet1 uses two ExpressRoute circuits that connect to two separate on-premises datacenters.

You need to create a dashboard to display detailed metrics and a visual representation of the network topology.

What should you use?

A. Azure Monitor Network Insights

B. a Data Collection Rule (DCR)

C. Azure Virtual Network Watcher

D. Log Analytics

Correct Answer: A

Community vote distribution

A (100%)

  vishalgu Highly Voted  3 weeks, 3 days ago

Ans: C
expl: Azure Virtual Network Watcher, on the other hand, is a service that provides network topology visualization, diagnostic and visualization tools,
and information on virtual network security flow. It allows you to see the topology of your virtual network, and also provides detailed metrics and
visual representation of the network topology which is the requirement mentioned in the question.
upvoted 5 times

  spaceman12 2 days, 6 hours ago

This is a little tricky as both Network Watcher and Azure Monitor Network Insights offer topology visualization but the focus/use cases are
different.

Network watcher is more monitoring network traffic and security.

Azure monitor network insights is more for application performance and dependencies.

If I had to pick based on the question saying “detailed metrics” I would go with azure monitor network insights rather and something that
focuses on traffic/security… so just semantics?
upvoted 1 times

  AbleApe 2 weeks ago

Virtual Network Watcher seems quite VM-based. I do not see support for monitoring Express Routes or creating dashboards.
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
upvoted 1 times

  zellck Most Recent  5 days, 9 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview
Azure Monitor Network Insights provides a comprehensive and visual representation through topologies, of health and metrics for all deployed
network resources, without requiring any configuration. It also provides access to network monitoring capabilities like Connection Monitor, flow
logging for network security groups (NSGs), and Traffic Analytics. And it provides other network diagnostic features.
upvoted 1 times

  Ashfaque_9x 3 weeks, 6 days ago

Selected Answer: A
A. Azure Monitor Network Insights
upvoted 1 times

  Georgego 4 weeks ago

Selected Answer: A
Answer is correct.
upvoted 1 times

  Onobhas01 1 month ago

Azure Monitor Network Insights is correct.
Reference: https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 81/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 82/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #46 Topic 6

You deploy Azure virtual machines to three Azure regions

Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.

Each subnet contains a network security group (NSG) that has defined rules.

A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.

Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A. Azure Virtual Network Manager

B. IP flow verify

C. Azure Monitor Network Insights

D. Connection troubleshoot

E. elective security rules

Correct Answer: BC

Community vote distribution

BD (100%)

  zellck 5 days, 9 hours ago

Selected Answer: BD
BD is the answer.

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP,
local port, and a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source
or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the
on-premises environment.
upvoted 1 times

  zellck 3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 2 times

  zellck 5 days, 9 hours ago

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview
The connection troubleshoot feature of Network Watcher provides the capability to check a direct TCP connection from a virtual machine to a
virtual machine (VM), fully qualified domain name (FQDN), URI, or IPv4 address. Network scenarios are complex, they're implemented using
network security groups, firewalls, user-defined routes, and resources provided by Azure. Complex configurations make troubleshooting
connectivity issues challenging. Network Watcher helps reduce the amount of time to find and detect connectivity issues. The results returned
can provide insights into whether a connectivity issue is due to a platform or a user configuration issue. Connectivity can be checked with
PowerShell, Azure CLI, and REST API.
upvoted 1 times

  omgMerrick 1 week, 3 days ago

Selected Answer: BD
Answer is correct, B & D.

The IP flow verify (B) and connection troubleshoot (D) options can be used to diagnose the issue reported by the user.

IP flow verify is a feature of Azure Network Watcher that you can use to verify if a packet is allowed or denied to or from a virtual machine based
on the security group rules defined on the subnet. By using IP flow verify, you can determine if a rule is blocking traffic to port 33000 from one
virtual machine to another in different regions.

Connection troubleshoot is another feature of Azure Network Watcher that provides a simple and easy-to-use solution for troubleshooting
connectivity issues between virtual machines. With connection troubleshoot, you can determine if the network security groups (NSGs) or firewall
rules are blocking traffic to port 33000, and identify the exact rule that is causing the issue.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 83/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  vishalgu 3 weeks, 3 days ago

Ans:- AD
Expla: A. Azure Virtual Network Manager: It allows you to view the topology of your virtual network, and can help you diagnose issues with virtual
network peering.

D. Connection troubleshoot: It is a feature of Azure Network Watcher that allows you to troubleshoot and diagnose connectivity issues between
virtual machines within a virtual network or across virtual networks. It can help you identify if the issue is with the NSG rules or with the virtual
network peering.
upvoted 1 times

  Ashfaque_9x 3 weeks, 6 days ago

Selected Answer: BD
Correct Answers

B. IP flow verify
D. Connection troubleshoot
upvoted 1 times

  kamlau 4 weeks ago

Selected Answer: BD
Azure Monitor Network Insights provides sth like dashboard and access to the diagnostics toolkit only, which cannot perform troubleshooting as IP
flow verify and connection troubleshoot. Thus, I think the ans is B & D
upvoted 4 times

  kamlau 4 weeks ago

Azure Monitor Network Insights provides sth like dashboard and access to the diagnostics toolkit only, which cannot perform troubleshooting as IP
flow verify and connection troubleshoot. Thus, I think the ans is B & D
upvoted 3 times

  Karpovsky2222 1 month ago

The correct answer is B and D
upvoted 4 times

  1475 4 weeks, 1 day ago

Whats the reference
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 84/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #47 Topic 6

You have an Azure subscription.

You need to receive an email alert when a resource lock is removed from any resource in the subscription.

What should you use to create an activity log alert in Azure Monitor?

A. a resource, a condition, and an action group

B. a resource, a condition, and a Microsoft 365 group

C. a Log Analytics workspace, a resource, and an action group

D. a data collection endpoint, an application security group, and a resource group

Correct Answer: A

Community vote distribution

A (100%)

  elior19940 5 days, 7 hours ago

is it new question?
upvoted 1 times

  zellck 5 days, 9 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule
You create an alert rule by combining:
- The resources to be monitored.
- The signal or telemetry from the resource.
- Conditions.

Then you define these elements for the resulting alert actions by using:
- Alert processing rules
- Action groups
upvoted 1 times

  DanSuaricius 1 week, 1 day ago

The correct answer is A
"You create an alert rule by combining:
The resources to be monitored.
The signal or telemetry from the resource.
Conditions"
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 85/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 7 - Testlet 1

Question #1 Topic 7

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 86/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
HOTSPOT -
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
Hot Area:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 87/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

Box 1: Selected -
Only selected users should be able to join devices

Box 2: Yes -
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer:

Box 1: Selected
As per User requirements “Ensure that only users who are part of a group named Pilot can join devices to Azure AD.”
So, “Selected” must be selected for “User may join devices to Azure AD”

Box 2: Yes
As per User Requirements “Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their
identity”.
So, “Yes” must be selected for “Require Multi-Factor Auth to join devices”.
upvoted 71 times

  Holydud 6 months ago

Was on exam 19 Aug 2022. Scored 870. Around 85% questions were also on ET. You just need to mark the box that should be changed so I
marked the first one "User may join devices to Azure AD" and almost last box "Require Multi-Factor Auth to join devices"
upvoted 11 times

  Alim786 Highly Voted  1 year, 9 months ago

Correct Answer
upvoted 10 times

  Navz Most Recent  2 months, 1 week ago

Wrote the exam on the 02/12/2022 this case study came out. Passed with 870
Most questions were from this dump so they are still valid. about 5 - 7 new questions. Go through the discussions.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 88/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Good luck all.

upvoted 6 times
  seussiii 5 months, 1 week ago
This appears to be the exact same as "Testlet 1", is this just a duplicate?
upvoted 1 times

  humnahibataynge 5 months, 2 weeks ago

Received this on my exam today 03/09/2022
total of 6 questions for this Case Study
upvoted 4 times

  EmnCours 5 months, 3 weeks ago

Box 1: Selected -
Only selected users should be able to join devices

Box 2: Yes -
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
upvoted 1 times

  Dobby25 11 months ago

Received this on my exam today 19/03/2022
total of 5 questions for this Case Study
upvoted 5 times

  InvisibleShadow 11 months, 2 weeks ago

This question came in the exam today 8/Mar/2022.
I passed the exam, 95% questions came from here.
upvoted 3 times

  sid132 11 months, 2 weeks ago

On the exam today, 4.March.2022
upvoted 4 times

  MitchelLauwers1993 11 months, 2 weeks ago

came in exam today, followed mlantonis
upvoted 3 times

  Mozbius_ 11 months, 3 weeks ago

During the exam do they provide a pencil and paper to take notes make drawings?
upvoted 1 times

  jorgecalle28 10 months, 2 weeks ago

dont think so.
upvoted 1 times

  YUCHAN2022 12 months ago

On the exam today, 19 Feb 2022. Passed with 862/1000, Thank you ExamTopics.
upvoted 3 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022, 1st question!
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 5 times

  ilagnadod 1 year ago

How about this...
First Setting:
“User may join devices to Azure AD”: change All -> Selected
“Ensure that only users who are part of a group named Pilot can join devices to Azure AD.”

Second Setting:
“Additional local administrators on Azure Ad joined devices”: change None -> Selected
“Designate a new user named Admin1 as the service admin for the Azure subscription.”
upvoted 1 times

  ARYMBS 6 months, 2 weeks ago

This is Device Join/Register Settings Blade, not Azure Subscription Blade.
upvoted 1 times

  vasko85 1 year, 2 months ago

Correct answer! Was on the exam today 15/12/2021. Passed with 927.
upvoted 3 times

  im82 1 year, 2 months ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 89/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Was on exam today 19.11.2021. Passed with 920.

Correct Answer:
- Selected for "User may join devices to Azure AD"
- Yes for "Require MFA to join devices"
upvoted 3 times

  AghaZulfiqar 1 year, 2 months ago

how much questions came from these questions?
upvoted 1 times

  nathk 1 year, 4 months ago

Was on exam 21/9/21
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 90/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 7

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 91/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
You need to meet the user requirement for Admin1.
What should you do?

A. From the Azure Active Directory blade, modify the Groups

B. From the Azure Active Directory blade, modify the Properties

C. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings

D. From the Subscriptions blade, select the subscription, and then modify the Properties

Correct Answer: D
Scenario:
✑ Designate a new user named Admin1 as the service admin for the Azure subscription.
✑ Admin1 must receive email alerts regarding service outages.
Follow these steps to change the Service Administrator in the Azure portal.
1. Make sure your scenario is supported by checking the limitations for changing the Service Administrator.
2. Sign in to the Azure portal as the Account Administrator.
3. Open Cost Management + Billing and select a subscription.
4. In the left navigation, click Properties.
5. Click Service Admin.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/classic-administrators

Community vote distribution

D (54%) C (46%)

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer: D

As per User Requirements “Designate a new user named Admin1 as the service admin for the Azure subscription.”
So, In the Azure portal, you can view or change the Service Administrator or view the Account Administrator on the properties blade of your
subscription.

Check this: https://i.imgur.com/fKzqPKq.png

upvoted 136 times

  Abubaker3030 8 months, 2 weeks ago

https://i.imgur.com/fKzqPKq.png - This doesnt show in my current subscription
I verified in my subscription "Properties" option is not listed
This question itself should not be listed by Microsoft as it is outdated
upvoted 2 times

  LeBeano 6 months, 2 weeks ago

Are signed in as owner of the sub?
upvoted 2 times

  Lazylinux 7 months, 3 weeks ago

Well it is listed on Mine and - properties is listed under settings - click on it then => option at top left hand corner reads "CHANGE SERVICE
ADMIN'
upvoted 2 times

  Holydud 6 months ago

Was on exam 19 Aug 2022. Scored 870. Around 85% questions were also on ET. Answered D
upvoted 5 times

  1475 1 week, 2 days ago

Your comment is in almost every question's comment. How many questions were on your exam

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 92/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 3 times
  DevOpposite 1 year, 4 months ago
thanks legend..
upvoted 17 times

  sri1972 Highly Voted  2 years, 1 month ago

Came in 01/09/21 exam. Passed exam with 906 marks. 98% of the questions are from this dump.
upvoted 46 times

  asaz 2 years, 1 month ago

Thanks for input. I also passed. many of questions from the dump
upvoted 16 times

  RougePotatoe Most Recent  1 day, 18 hours ago

Selected Answer: C
"In the Azure portal, you can view or change the Service Administrator or view the Account Administrator on the properties blade of your
subscription."
https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#classic-subscription-administrator-roles

Step by step how to change service admin:

"In the left navigation, click Properties. Click Change service admin."
https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators#change-the-service-administrator
upvoted 1 times

  RougePotatoe 1 day, 18 hours ago

Service admins are not part of the new Azure RBAC model. If you don't see it it's because you are not on classic deployment model.

"Microsoft recommends that you manage access to Azure resources using Azure role-based access control (Azure RBAC). However, if you are
still using the classic deployment model, you'll need to use a classic subscription administrator role: Service Administrator and Co-Administrator.
For more information, see Azure Resource Manager vs. classic deployment."
https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators

More details can be found here:

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/deployment-models#understand-support-for-the-models
upvoted 1 times

  GBAU 4 days, 10 hours ago

Selected Answer: D
Subscription-Settings-Properties-"Change service admin"
upvoted 1 times

  er101q 1 week, 5 days ago

Option C is the correct choice because it addresses the requirement for Admin1 by modifying the Access control (IAM) settings in the Azure
Subscription. The Access control (IAM) feature in Azure allows you to manage access to resources in the subscription by assigning roles to users. In
this case, you need to assign the role of Service Admin to Admin1, which will give them the necessary permissions to receive email alerts regarding
service outages. This is the most direct and efficient way to meet the requirement for Admin1.
upvoted 1 times

  maheshm124 2 weeks, 1 day ago

100% its option c
https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
upvoted 2 times

  sa66ath 2 weeks, 3 days ago

correct answer is C: Please find link to MS article "Assign a user as an administrator of an Azure subscription" : https://learn.microsoft.com/en-
us/azure/role-based-access-control/role-assignments-portal-subscription-admin
upvoted 1 times

  KennethLZK 1 month ago

Selected Answer: D
Answer is D
upvoted 1 times

  tabitan 1 month ago

D - https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator
upvoted 1 times

  khaled_razouk 1 month, 1 week ago

Selected Answer: C
Sign in to the Azure portal.
In the left-hand navigation pane, click Subscriptions.
Select the subscription that you want to modify.
In the Subscription blade, click Access control (IAM).
In the IAM blade, click the Add button.
In the Add permissions blade, select the role of Service Admin from the Role dropdown list.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 93/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

In the Select field, type the name of the user (Admin1) and select their name from the list of suggestions.
Click Save to apply the changes.
upvoted 1 times

  GBAU 4 days, 10 hours ago

Answer is D: Subscription-Settings-Properties-Change service admin option at the top of the page

You state: "In the Add permissions blade, select the role of Service Admin from the Role dropdown list."
However: No such role of "Service Admin" exists.

Trust me bro 🤣
Nah, go look
upvoted 1 times

  Baconrind 3 months ago

Selected Answer: D
Subscription-Settings-Properties-Change service admin
upvoted 2 times

  Babushka 3 months ago

Selected Answer: D
Answer is D
upvoted 1 times

  Kem81 3 months, 2 weeks ago

Selected Answer: D
its all about the D
upvoted 2 times

  Kem81 3 months, 2 weeks ago

Selected Answer: D
This is the way. D
upvoted 1 times

  Kem81 3 months, 2 weeks ago

Selected Answer: D
as per mlantonis and others, I concur, the answer is D
upvoted 1 times

  satyaauzure 3 months, 2 weeks ago

Answer D is correct you can check it with Azure portal itself.
upvoted 1 times

  alirasouli 3 months, 2 weeks ago

Selected Answer: C
Correct Answer: C

The account Administrator should grant Admin1 the Owner role for the subscription.

Quote from Microsoft documentation:

"To make a user an administrator of an Azure subscription, an existing billing administrator assigns them the Owner role (an Azure role) at the
subscription scope. The Owner role gives the user full access to all resources in the subscription, including the right to delegate access to others.
These steps are the same as any other role assignment."

Reference:
https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator#assign-a-subscription-
administrator
upvoted 1 times

  alirasouli 3 months, 2 weeks ago

Why can answer D not be correct?
"Service Administrator" is a Classic subscription administrator role. As per notes, "The Service Administrator has the equivalent access of a user
who is assigned the Owner role at the subscription scope." In another quote: "In the Azure portal, you can view or change the Service
Administrator or view the Account Administrator on the properties blade of your subscription." This role is for legacy support.

Reference:
https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#classic-subscription-administrator-roles
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 94/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 8 - Testlet 10

Question #1 Topic 8

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 95/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
HOTSPOT -
You need to configure Azure Backup to back up the file shares and virtual machines.
What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the
answer area.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 96/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: 3 -
If you have data sources in multiple regions, create a Recovery Services vault for each region.
The File Shares and VMs are located in three Regions: West US, East US, Central US.

Box 2: 6 -
A backup policy is scoped to a vault. For each vault we need one backup policy for File Shares and one backup policy for VM.
Note:
Back up the Azure file shares and virtual machines by using Azure Backup

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 97/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault https://docs.microsoft.com/en-us/azure/backup/guidance-best-
practices

  favela Highly Voted  5 months, 1 week ago

Came this question today and I choose 3 and 6 and my score was 900
upvoted 35 times

  GBAU 4 days, 10 hours ago

Nice, but unfortunately that doesn't mean you got this question correct
upvoted 1 times

  GBAU 4 days, 10 hours ago

Even though I think you did 😊
upvoted 1 times

  Marcelmikael 1 week, 4 days ago

Legend
upvoted 1 times

  klexams Highly Voted  3 months, 3 weeks ago

To back up the file shares and virtual machines.
one vault per region. 3 vaults for 3 regions
File shares: 3 region.
VMs: 3 region.
so...
vault = 3
backup policies = 3FS + 3VM = 6
upvoted 15 times

  zellck Most Recent  3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 1 times

  GBAU 4 days, 10 hours ago

RSV: 3 We have 3 regions and VMs in all of them without even looking at Storage
https://learn.microsoft.com/en-us/azure/backup/backup-create-recovery-services-vault
Region: Select the geographic region for the vault. For you to create a vault to help protect any data source, the vault must be in the same region
as the data source.

back up the file shares and virtual machines

+3 :1 for VMs in each region to their RSV
+1 :for Storage4 to Central US RSV
+1 :for Storage2 to East US RSV
+1 :for Storage1 to West US RSV
#Note we are not backing up Blobs, only Files Shares so don't backup Storage3.

Result: 6 Polices
upvoted 1 times

  Karlos1985 2 months, 1 week ago

Why you are not counting region East US 2? There is 1 File share.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 98/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 2 times

  coringlax 2 months ago

There is no File share on that Storage account.
3 & 6 correct.
upvoted 2 times

  DagoMad 2 months, 2 weeks ago

In my opinion:
Vault: 3
Policies: 3

Source: https://learn.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
upvoted 1 times

  qwerty100 3 months, 3 weeks ago

In my opinion:

3 Recovery Services Vault:

-West US
-Central US
-East US

6 Backups policies:

- Virtual machines West US

- Virtual machines Central US
- Virutal machines East US
- Storage 1
- Storage2
- Storage 4
upvoted 8 times

  awssecuritynewbie 4 months ago

so each VM would require a separate vault so we have 3 region and plus one vault for the storage account (azure file). so that is 4 and we need 2
policy to manage them right?
upvoted 1 times

  lol2525 4 months, 2 weeks ago

The Select virtual machines pane will open. Select the VMs you want to back up using the policy. Then select OK.
The selected VMs are validated.
You can only select VMs in the same region as the vault.
VMs can only be backed up in a single vault.
upvoted 2 times

  Derek_C 3 months, 4 weeks ago

so what's the answer
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 99/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 8

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 100/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
DRAG DROP -
You need to configure the alerts for VM1 and VM2 to meet the technical requirements.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in
the correct order.
Select and Place:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 101/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

  humnahibataynge Highly Voted  5 months, 2 weeks ago

Not sure but I think the answer should be :
1. Create a log Analytics workspace.
2. Collect windows performance counters from the Log Analytics agents.
3. Create an alert rule.
upvoted 62 times

  DeBoer 1 week, 3 days ago

Weird they give this as only correct option to this answer: the Log Analytics agent will be retired in 2024 and they're actively pushing Monitoring
agent on us now. Shows that the exams - even newish questions - lag behind reality :-)
upvoted 2 times

  akavoor 5 months, 1 week ago

Yes this is correct. Ref: https://docs.microsoft.com/en-us/answers/questions/752170/cant-see-logs-about-free-disk-space-of-azure-vm.html
upvoted 3 times

  pmsiva 4 months, 1 week ago

This is correct. Log analytics workspace must be configured to receive performance counters from windows and then query the perf table to
create an alert.
upvoted 1 times

  nigw 3 months, 2 weeks ago

if 'Log Analytics agents' is part of the answer, it means that the Log Analytics agent needs to be installed on the VM first? there is no such step
listed. shouldn't it be 'Configure Diagnostic settings' instead?
upvoted 1 times

  awssecuritynewbie 4 months ago

that makes more sense! why would you spend money configuring a azure DB? the log analytics storage does that for you by storing it ( however
it does it) then go on to it and create alert rules that can be triggered if a certain query is discovered within the logs that is capturing via the log
analytics agent.
upvoted 1 times

  fabio79 Highly Voted  5 months, 2 weeks ago

For me is Create alog Analytics->Collect Windows performance..->create an alert rule
upvoted 13 times

  szymex 5 months, 1 week ago

https://www.catapultsystems.com/blogs/adding-alerts-for-log-analytics-in-azure/
upvoted 1 times

  Jaafer09 Most Recent  6 days, 8 hours ago

Came in exam today 10/2/23.
upvoted 1 times

  rpalanivel83 1 month ago

Answer is
1. Create a log Analytics Workspace
2. Collect windows performance counter from the Log Analytics agents (which collects disk space %)
3. Create an alert

Ref: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-performance-counters
upvoted 6 times

  Bigc0ck 1 month, 1 week ago

On the test, this case I hated because you can't go back
upvoted 2 times

  OrangeSG 2 months, 3 weeks ago

Microsoft learning portal has a very detailed guide on how to set up azure alert for disk space alert when 10gb or less.

I tend to agree with:

1. Create a log Analytics workspace.
2. Collect windows performance counters from the Log Analytics agents.
3. Create an alert rule.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 102/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Reference
help to set up azure alert for disk space alert when 10gb or less
https://learn.microsoft.com/en-us/answers/questions/165893/help-to-set-up-azure-alert-for-disk-space-alert-wh.html
upvoted 7 times
  KingChuang 2 months, 3 weeks ago
1. Create a log Analytics workspace.
2. Configure the Diagnostics settings.
3. Create an alert rule.

Ref:
Step 1 、 2 and 3 :
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/tutorial-resource-logs

Step 3 Detail:
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/tutorial-log-alert
upvoted 5 times

  darthfodio 1 month, 2 weeks ago

Just to clarify, the diagnostic settings is used to send the resource logs from an Azure resource to a Log Analytics workspace for any Azure
resource, other than a virtual machine.

See - https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/tutorial-log-alert#prerequisites
upvoted 1 times

  klexams 3 months, 2 weeks ago

this is perf mon metrics within a vm. so:
1. create a LAW
2. collect win perf counters using LA agent
3. create alert rule
upvoted 3 times

  alirasouli 3 months, 2 weeks ago

The answer is:
1. Create a Log Analytics workspace
2. Configure Diagnostic settings
3. Create an alert rule

Why "Diagnostic settings"?

To measure the "% Free Space" of a Virtual Machine, from "Diagnostic settings", select Performance counters. You can choose "Disk" from "Basic",
or if you want to have more elaborate control, choose "\LogicalDisk(_Total)\% Free Space" from "Custom".

Reference:
https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/performance-diagnostics
upvoted 8 times

  Padjo 3 months, 3 weeks ago

1.Create log Analytics workspace
2. Collect windows performance counters
3.Create an alert rule
upvoted 2 times

  Mev4953 5 months ago

1.Create log Analytics workspace
2. Collect windows performance counters
3.Create an alert rule
upvoted 4 times

  Mev4953 4 months, 4 weeks ago

https://learn.microsoft.com/en-us/answers/questions/752170/cant-see-logs-about-free-disk-space-of-azure-
vm.html#:~:text=That%20blog%20refers,to%20a%20subscription
upvoted 1 times

  EleChie 5 months ago

So the answer should be:
1. Create a Log Analytics workspace.
2. Configure Diagnostic settings
3. Create am alert rule
upvoted 3 times

  EleChie 5 months ago

The Solution:
1. You create an Azure Log Analytics workspace and configure the data settings.
2. You install the Microsoft Monitoring Agent on VM1.
3. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source
upvoted 2 times

  favela 5 months, 1 week ago

I think is correct because today this question came on my exam and I score 900
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 103/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 2 times

  preetikapj 5 months, 1 week ago

what options did u choosed can you tell?
upvoted 1 times

  payl 5 months, 1 week ago

What was the answer that you selected? Create alog Analytics->Collect Windows performance..->create an alert rule?
upvoted 1 times

  Dannxx 5 months, 2 weeks ago

I would say:
1. Create Log Analystic workspace
2. Configure Diagnostic settings
3. Create an alert rule
upvoted 6 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 104/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 9 - Testlet 2

Question #1 Topic 9

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 105/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
HOTSPOT -
You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical
requirements.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 106/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

  areza Highly Voted  1 year, 1 month ago

passed 902. in exam 29.12.21 - resource policy contributor for sub1, resource contributor for rg2
upvoted 27 times

  meet_satish 4 months, 3 weeks ago

Contributor can't create or update definitions and assignments
upvoted 3 times

  favela 5 months, 1 week ago

Me too score 900 and I choose the mentioned answer
upvoted 4 times

  randy0077 5 months ago

did you guys study anything else than examtopics and MS study guide to pass this exam?
upvoted 2 times

  StanAzure Highly Voted  10 months, 4 weeks ago

I passed this exam today 24 Mars 2022 with score 900.
This question was part of this exam.
90% of question s from the Dumps.
Thank to y'all guys and especially @MLANTONIS great Guy !!!!!
upvoted 21 times

  zellck Most Recent  5 days, 13 hours ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 107/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Resource Policy Contributor

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#resource-policy-contributor
Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
- Create and manage policy assignments
- Create and manage policy definitions
upvoted 1 times

  zellck 3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 1 times

  Jaafer09 6 days, 8 hours ago

Came in exam today 10/2/23
upvoted 2 times

  ttttaa 3 weeks, 2 days ago

Correct answer check: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#resource-policy-contributor
upvoted 2 times

  HMKM 3 weeks, 5 days ago

"The Resource Policy Contributor role includes most Azure Policy operations. ... Contributor may trigger resource remediation, but can't create or
update definitions and assignments."
Reference: https://learn.microsoft.com/en-us/azure/governance/policy/overview#azure-rbac-permissions-in-azure-policy
upvoted 1 times

  SumanSaurabh 2 months ago

correct answer is resource policy contributor for sub1, resource contributor for rg2.
When i started reading case studies oh boy getting sleep in the middle as it is too much read :)
Finally got trick to start reading questions and then look for Technical requirement and planned changes or any other details so basically Bottom to
Top Approach !
upvoted 7 times

  sa66ath 2 weeks, 3 days ago

why RG2, technical requirements are 'assign policy for RG1' not RG2 ????
upvoted 1 times

  klexams 3 months, 2 weeks ago

- Resource Policy Contributor role
- Resource Policy Contributor role
The Resource Policy Contributor role includes most Azure Policy operations.
Contributor may trigger resource remediation, but can't create or update definitions and assignments.
Security Admin - View and update permissions for Microsoft Defender for Cloud. Same permissions as the Security Reader role and can also update
the security policy and dismiss alerts and recommendations.
upvoted 8 times

  adrianspa 4 months, 2 weeks ago

https://learn.microsoft.com/en-us/azure/governance/policy/overview it seems that the owner role is needed
upvoted 1 times

  majerly 4 months, 2 weeks ago

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#resource-policy-contributor
Actions Description
*/read Read resources of all types, except secrets.
Microsoft.Authorization/policyassignments/* Create and manage policy assignments
Microsoft.Authorization/policydefinitions/* Create and manage policy definitions
Microsoft.Authorization/policyexemptions/* Create and manage policy exemptions
Microsoft.Authorization/policysetdefinitions/* Create and manage policy sets
Microsoft.PolicyInsights/*
Microsoft.Support/* Create and update a support ticket
upvoted 4 times

  ZacAz104 5 months ago

i passed the exam today 18 sep 2022 with 870 score 49 out of 50 questions are from here some of them i was just looking at the answers without
reading the question but the catch is i reviewed the 391 questions almost 3 times i was going mad about this lol anyway hard work always results
great funny in the middle of exam i was like gee i know all these questions lol best of luck to everyone

And btw i finished in one hour almost instead of 2 hours

upvoted 16 times

  Kem81 4 months, 2 weeks ago

You are a legend sir. thank you.
upvoted 4 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 108/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  InvisibleShadow 11 months, 2 weeks ago

This question came in the exam today 8/Mar/2022.
I passed the exam, 95% questions came from here.
upvoted 2 times

  sid132 11 months, 2 weeks ago

On the exam today, 4.March.2022
upvoted 2 times

  theorut 11 months, 3 weeks ago

This question sucks, it's way to much information.
upvoted 8 times

  pappkarcsiii 1 year ago

U1: resource policy contributor for sub1,
U4: resource contributor for rg2
upvoted 4 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 5 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 109/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 9

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 110/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
You need to ensure that you can grant Group4 Azure RBAC read only permissions to all the Azure file shares.
What should you do?

A. On storage2, enable identity-based access for the file shares.

B. Recreate storage2 and set Hierarchical namespace to Enabled.

C. On storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).

D. Create a shared access signature (SAS) for storage1, storage2, and storage4.

Correct Answer: A
Azure Files supports identity-based authentication over Server Message Block (SMB) through on-premises Active Directory Domain Services
(AD DS) and Azure
Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 111/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Community vote distribution

A (100%)

  qwerty100 Highly Voted  5 months, 1 week ago

Selected Answer: A
I think is A, because storage1 and storage2 have enabled Azure Active Directory Domain services. I think that you have to enable in storage 2
identity-based access for the file shares too.

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#enable-identity-based-authentication
upvoted 9 times

  kukeleku 5 months ago

Agree on this.
upvoted 3 times

  Mazinger Most Recent  2 days, 11 hours ago

A. On storage2, enable identity-based access for the file shares.

To grant Group4 Azure RBAC read-only permissions to all the Azure file shares, you should enable identity-based access for the file shares on
storage2. Identity-based access enables you to manage access to file shares based on Azure AD identities, including users, groups, and service
principals. By enabling identity-based access, you can grant access to specific users or groups and manage access control centrally from Azure AD.

Recreating storage2 with Hierarchical namespace enabled (Option B) is not relevant to granting RBAC permissions to Azure file shares.

Changing the account kind type to StorageV2 (general purpose v2) (Option C) is not relevant to granting RBAC permissions to Azure file shares.

Creating a shared access signature (SAS) (Option D) provides temporary access to resources in storage accounts, but it does not allow you to grant
RBAC permissions to Azure file shares.

Therefore, the correct answer is A. On storage2, enable identity-based access for the file shares.
upvoted 2 times

  Shely 2 months ago

I think it should be A.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal
upvoted 1 times

  Babushka 3 months, 1 week ago

Selected Answer: A
RBAC = Role Based Access Control and you will give Reader Role so you would need Azure AD for this, no? So A seems like a right answer
upvoted 1 times

  klexams 3 months, 3 weeks ago

the closest is A. the question is wrong. Azure RBAC is for Azure resource, not for File Share. Identity-based access is Azure AD which needs Azure
AD role.
upvoted 2 times

  awssecuritynewbie 4 months ago

storage 1 and 4 already had azure AD enabled so the only storage that does not have is storage 2 and you enable it. Storage 3 IS BOB NOT FILE
share so yeah :)
it also makes sense as it wants group4 plus RBAC. SAS does not go by Azure AD groupss
upvoted 1 times

  awssecuritynewbie 4 months ago

A is right
upvoted 1 times

  adrianspa 4 months, 2 weeks ago

Selected Answer: A
You have to look in the table. storag2 has the auth disabled.
upvoted 1 times

  lol2525 4 months, 2 weeks ago

Once either Azure AD DS or on-premises AD DS authentication is enabled, you can use Azure built-in roles or configure custom roles for Azure AD
identities and assign access rights to any file shares in your storage accounts. The assigned permission allows the granted identity to get access to
the share only, nothing else, not even the root directory. You still need to separately configure directory or file-level permissions for Azure file
shares.
upvoted 2 times

  EleChie 5 months ago

Why not D ?
Since the File shares exist on Storage1, Storage2 and Storage4 !!

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 112/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 2 times
  akavoor 5 months, 1 week ago
A is the correct answer
upvoted 1 times

  todorov 5 months, 1 week ago

Selected Answer: A
The question only asks about File Shares not Blob Storage
upvoted 1 times

  humnahibataynge 5 months, 2 weeks ago

The answer should be D?
Because with A we can give only to storage1 file shares only.
upvoted 3 times

  pmsiva 4 months, 1 week ago

The question is RBAC, D is SAS token
upvoted 3 times

  MoSea 3 months, 1 week ago

thank you kind person. you made it make sense.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 113/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 10 - Testlet 3

Question #1 Topic 10

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 114/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
You need to implement a backup solution for App1 after the application is moved.
What should you create first?

A. a recovery plan

B. an Azure Backup Server

C. a backup policy

D. a Recovery Services vault

Correct Answer: D
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup
job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
Reference:
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal

Community vote distribution

D (100%)

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer: D

As per requirements:
- Move all the tiers of App1 to Azure.
- There are three application tiers, each with five virtual machines.
- Ensure that all the virtual machines for App1 are protected by backups.

Before starting the backup process, you must create a Recovery Services Vault as an initial step, as a place for the backups, or restore points, to be
stored. Later steps include downloading recovery services agent, installing and registering the agent.

A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job
for a protected resource runs, it creates a recovery point inside the Recovery Services vault.

Reference:
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
https://docs.microsoft.com/en-us/azure/app-service/manage-backup
https://docs.microsoft.com/en-us/azure/backup/tutorial-backup-windows-server-to-azure
upvoted 75 times

  Holydud 6 months ago

Was on exam 19 Aug 2022. Scored 870. Around 85% questions were also on ET. Answered D
upvoted 7 times

  SandipSingha Highly Voted  2 years, 5 months ago

correct
upvoted 18 times

  Mazinger Most Recent  2 days, 11 hours ago

D. a Recovery Services vault

To implement a backup solution for App1 after the application is moved, the first thing you should create is a Recovery Services vault. A Recovery

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 115/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Services vault is an Azure resource that allows you to manage backup and disaster recovery for virtual machines, files, and other resources. You can
use the Recovery Services vault to create a backup policy, which defines the backup schedule, retention policy, and other settings for the backups.

Once you have created the Recovery Services vault, you can create a backup policy (Option C) that defines the backup schedule and retention
policy for the application.

An Azure Backup Server (Option B) is a hybrid backup solution that allows you to back up on-premises data to the cloud. It is not necessary for
backing up an application in Azure.

A recovery plan (Option A) is a set of predefined steps that you can use to recover a system or application from a disaster. It is not necessary for
setting up a backup solution.

Therefore, the correct answer is D. a Recovery Services vault.

upvoted 1 times
  Ashfaque_9x 1 month, 1 week ago
Selected Answer: D
Correct Answer: D
upvoted 1 times

  mung 2 months, 3 weeks ago

There are too many unneeded informations that makes my eye tired of reading the same content..!
upvoted 8 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: D
Correct Answer: D
upvoted 1 times

  Lazylinux 8 months ago

Selected Answer: D
D is the correct answer and as per mlantonis comments
upvoted 1 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 2 times

  Leti 11 months, 2 weeks ago

Selected Answer: D
D is correct
upvoted 1 times

  InvisibleShadow 11 months, 2 weeks ago

This question came in the exam today 8/Mar/2022.
I passed the exam, 95% questions came from here.
upvoted 3 times

  sid132 11 months, 2 weeks ago

On the exam today, 4.March.2022
upvoted 2 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 3 times

  areza 1 year, 1 month ago

passed 902. in exam 29.12.21 - answer D
upvoted 5 times

  im82 1 year, 2 months ago

Was on exam today 19.11.2021. Passed with 920.
Correct Answer: D
upvoted 6 times

  Hatsh 1 year, 6 months ago

in exam 17/aug/2021
upvoted 5 times

  Merkur76 1 year, 6 months ago

came in exam 07/30/2021 - passed
B. was my answer
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 116/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  Kopy 1 year, 6 months ago

congrats! How many cases were there in the exam?
upvoted 2 times

  Alitahir 1 year, 6 months ago

It’s D mate !!
upvoted 4 times

  Bloodwar 1 year, 7 months ago

D. a Recovery Services vault
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 117/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 10

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 118/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
You need to move the blueprint files to Azure.
What should you do?

A. Generate an access key. Map a drive, and then copy the files by using File Explorer.

B. Use Azure Storage Explorer to copy the files.

C. Use the Azure Import/Export service.

D. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

Correct Answer: B
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can
use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage.
Technical Requirements include: Copy the blueprint files to Azure over the Internet.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-using-azure-storage-explorer

Community vote distribution

B (100%)

  mlantonis Highly Voted  1 year, 9 months ago

Correct Answer: B

As per requirements:
- Move the existing product blueprint files to Azure Blob storage.
- Copy the blueprint files to Azure over the Internet.
- Ensure that the blueprint files are stored in the archive storage tier.
- Ensure that partner access to the blueprint files is secured and temporary.
- Minimize administrative effort whenever possible.

Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it
to upload and download data from Azure blob storage. It’s the best solution, because copies data through Internet and minimizes administrative
effort.
C: Azure Import/Export service is not using Internet, but ships data drives using a shipping carrier such as FedEx, UPS, or DHL.
D: You can't use SAS with a mapped drive.
upvoted 80 times

  Holydud 6 months ago

Was on exam 19 Aug 2022. Scored 870. Around 85% questions were also on ET. Answered B
upvoted 4 times

  imartinez 1 year, 7 months ago

I was for D, thinking than the best approach was to use a SAS.
It is possible to use a SAS on "Azure Storage Explorer" but option D also mentions map a drive, and that's different, it's using Windows Explorer
and it doesn't support SAS.
upvoted 6 times

  fedztedz Highly Voted  2 years, 1 month ago

Answer is correct. "B" using Azure Storage Explorer.
It matches all the requirements:
- Move the existing product blueprint files to Azure Blob storage.
- Copy the blueprint files to Azure over the Internet.
upvoted 59 times

  vince60370 2 years, 1 month ago

And you can add that it matchs the requirement "Minimize administrative effort whenever possible." Other solutions need more admin actions.
upvoted 13 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 119/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  mikl 2 years ago

Valid point there mr.
upvoted 3 times

  sn0rlaxxx 2 years, 1 month ago

best and shortest explanation of the answer.
upvoted 2 times

  NinjaPenguin 1 year, 1 month ago

And you can use SAS in Azure Storage Explorer
upvoted 1 times

  nigw Most Recent  3 months, 2 weeks ago

Selected Answer: B
Req1: 'Ensure that the blueprint files are stored in the archive storage tier'
Archive storage tier is only for blobs, this means that the answers containing File Explorer can't be right.

Req2: Copy the blueprint files to Azure over the Internet.

Azure Import/Export service doesn't use internet, you have to ship drives to Microsoft

Only remaining answer is: Azure Storage Explorer, which can be used to copy files to blob storage

Azure Import/Ex
upvoted 1 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: B
Answer is correct. "B" using Azure Storage Explorer
upvoted 1 times

  SoSheBake 6 months, 2 weeks ago

How to filter this questions on New questions? it just updated today (Aug 1, 2022)
upvoted 1 times

  Lazylinux 7 months, 3 weeks ago

Selected Answer: B
Requirements: to watch for for this question
*Move the existing product blueprint files to Azure Blob storage.
*Copy the blueprint files to Azure over the Internet.*****
* Minimize administrative effort whenever possible.*****

Based on the above B is the Answer

upvoted 1 times

  InvisibleShadow 11 months, 2 weeks ago

This question came in the exam today 8/Mar/2022.
I passed the exam, 95% questions came from here.
upvoted 3 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 5 times

  areza 1 year, 1 month ago

passed 902. in exam 29.12.21 - answer B
upvoted 2 times

  nzalex1 1 year, 3 months ago

I think what missed in discussion - the archive storage is available only for blobs. And blueprints should be on archive storage. So Storage Explorer
is the only option.
upvoted 3 times

  ScoutP 1 year, 4 months ago

This question was asked on exam taken on Sept 30, 2021
upvoted 3 times

  Hatsh 1 year, 6 months ago

in exam 17/aug/2021
upvoted 4 times

  Merkur76 1 year, 6 months ago

came in exam 07/30/2021 - passed
B was my answer

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 120/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 3 times
  Jotess 1 year, 6 months ago
the question was on Jul 23, 2021 exam
upvoted 2 times

  ZUMY 1 year, 11 months ago

Explicitly mentioned copy Giles over the Internet
upvoted 5 times

  PBA1211 1 year, 11 months ago

Thanx here, I was using import / export, keyword here indeed is copy over the internet.
Once again a good trigger to read very carefull , it is very human to think already ...aahhhh I know.. and then get busted because of the quick
assumption.
Very good learning point for me..:-)
upvoted 3 times

  ZUMY 1 year, 11 months ago

B is correct
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 121/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #3 Topic 10

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 122/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
HOTSPOT -
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

Box 1: Yes -
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.

Box 2: No -
Box 3: No

  fedztedz Highly Voted  2 years, 1 month ago

Answer is correct:
- Yes: As mentioned, move the files to blob storage , in addition the unmanaged storage is used for VM's disks.
- NO: Azure files is not required here. As it is basically used for managed file shares accessed by NFS or SMB protocols. In addition, you can't
archive them https://feedback.azure.com/forums/217298-storage/suggestions/35343037-add-cold-and-archive-tiers-to-azure-files
- NO: Azure tables are not needed as they act as structured NoSQL which is not required with SQL on VM.
upvoted 86 times

  atspace 3 months, 3 weeks ago

Was on exam 10/23/22
upvoted 6 times

  Holydud 6 months ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 123/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Was on exam 19 Aug 2022. Scored 870. Around 85% questions were also on ET. Answered:

YNN
upvoted 8 times

  mlantonis Highly Voted  1 year, 9 months ago

As per requirements:
- Move the existing product blueprint files to Azure Blob storage.
- Copy the blueprint files to Azure over the Internet.
- Ensure that the blueprint files are stored in the archive storage tier.
- Use unmanaged standard storage for the hard disks of the virtual machines.
- App1 is comprised of SQL database.
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage and requires using unmanaged standard storage for the hard disks of
the virtual machines. We use Page Blobs for these. As mentioned, move the files to blob storage , in addition the unmanaged storage is used for
VM's disks.
Box 2: No
Azure Tables are not needed as they act as structured NoSQL, which is not required with SQL on VM.
Box 3: No
Azure Files is not required here. As it is basically used for managed file shares accessed by NFS or SMB protocols. In addition, you can't archive
them.
upvoted 80 times

  klexams Most Recent  3 months, 2 weeks ago

Y - quite obvious.
N - Table for noSQL. There is only SQL.
N - this is tricky one, but there is no indication of Azure Files requirement.
Move the existing product blueprint files to Azure Blob storage.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Use unmanaged standard storage for the hard disks of the virtual machines.
A SQL database
upvoted 4 times

  EmnCours 5 months, 3 weeks ago

Box 1: Yes -
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.

Box 2: No -

Box 3: No -
upvoted 1 times

  Lazylinux 7 months, 3 weeks ago

YNN
One MUST requirement
Move the existing product blueprint files to Azure Blob storage.
upvoted 2 times

  techie_11 10 months, 1 week ago

On exam 4/12/2022. Y N N right answer
upvoted 1 times

  InvisibleShadow 11 months, 2 weeks ago

This question came in the exam today 8/Mar/2022.
I passed the exam, 95% questions came from here.
upvoted 5 times

  sid132 11 months, 2 weeks ago

On the exam today, 4.March.2022
upvoted 1 times

  YUCHAN2022 12 months ago

On the exam today, 19 Feb 2022. Passed with 862
upvoted 2 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 4 times

  im82 1 year, 2 months ago

Was on exam today 19.11.2021. Passed with 920.
Correct Answer: Y-N-N
upvoted 8 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 124/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  nathk 1 year, 4 months ago

Was on exam 21/9/21
upvoted 3 times

  MrJR 1 year, 5 months ago

What about "Create a hybrid directory to support an upcoming Microsoft Office 365 migration project."? Does it not mean that we require a Azure
Files directory?
upvoted 2 times

  Eltooth 1 year, 3 months ago

Not needed for O365 migration.
upvoted 1 times

  Hatsh 1 year, 6 months ago

in exam 17/aug/2021
upvoted 2 times

  JimBobSquare101 1 year, 6 months ago

In 30 July 21
upvoted 3 times

  Merkur76 1 year, 6 months ago

came in exam 07/30/2021 - passed
Y-N-N was my answer
upvoted 3 times

  Spandrop 1 year, 6 months ago

And what about the Contoso file servers? Shouldn't that indicate the need of Azure files?
upvoted 2 times

  saschgo 1 year, 5 months ago

The existing product blueprint files that are stored on Contoso file servers (on premise) are supposed to be moved to Azure Blob storage.
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 125/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 11 - Testlet 4

Question #1 Topic 11

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 126/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
HOTSPOT -
You need to create container1 and share1.
Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 127/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers https://docs.microsoft.com/en-
us/azure/storage/common/storage-account-overview

  Bere Highly Voted  1 year, 3 months ago

Storage (general-purpose v1) doesn’t support tier.

Standard (general-purpose v2) supports tier for Blob service and for Azure file.

Premium BlockBlobStorage doesn’t support tier.

https://docs.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview

Legacy Standard BlobStorage supports tier.

https://docs.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview#default-account-access-tier-setting

Premium FileStorage doesn’t support tier.

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal

Container1 with tier: Can be created in storage2 (storagev2) and storage3. The question refers to BlobStorage (standard legacy one that supports
tier) and not to BlockBlobStorage (Premium one that doesn’t support tier).

Share1 with tier: Can be created in storage2 (storagev2) only.

upvoted 25 times

  Snownoodles 1 year, 2 months ago

But if you go through Storagev2 account creation process, you will find storagev2 only support blob storage tier, doesn't support Azure files
tier(You can find this in 'advaince' option).

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 128/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times

  Snownoodles 1 year, 2 months ago

I apologize, please disregard my comment.
Azure StorageV2 does support Fileshare hot/cool tier when the fileshare is created in portal
upvoted 3 times

  Timock Highly Voted  1 year, 3 months ago

Objective: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.

Container1: Needs to be in a cool Storage Tier capable of supporting a container/vm.

In addition to storing Azure file shares, GPv2 storage accounts can store other storage resources such as blob containers, queues, or tables. File
shares can be deployed into the transaction optimized (default), hot, or cool tiers.
Storage accounts that support tiering Object storage data tiering between hot, cool, and archive is simply supported in Blob storage and GPv2
accounts. General Purpose v1 aka GPv1 accounts don’t maintain tiering. Therefore, customers should easily convert their existing GPv1 or Blob
storage accounts into GPv2 accounts through the Azure portal.
Storage1: No: Although GPv1 can do fileshares it cannot be used for tiering.
Storage2: Yes: Blob containers can be stored in GPv2 and tiering is supported
Storage3: Yes: This is literally blob storage and a blob container and supports tiering.
Storage4: No: Can only be used to storage Azure file shares.
upvoted 12 times

  Bigc0ck Most Recent  1 month, 1 week ago

came on test
upvoted 2 times

  Moradiya 1 month, 1 week ago

This was appearedin exam on 01/04/23
upvoted 4 times

  Pear7777 2 months ago

This question is unbelievable, isf I wouldn';t have ET, or other sources, I would have needed to learn a 50 odd matrix befoure I could answer this,
this is no Exam question!
upvoted 4 times

  spike15_mk 2 months ago

General Purpose v2: Blob, File, Queue, Table Standard Hot, Cool, Archive
Disk/Page Premium Hot

Blob Block Storage : Blob Premium Hot

Blob Storage Blob Standard Hot, Cool, Archive

General Purpose v1 Blob, File, Queue, Table Standard Hot

Disk/Page Premium Hot

File Storage File Premium Hot

Follow this table and you'll never mistake.

1.storage2 and storage3 can support cool tier

2.storage2 only -General Purpose v2 can create container1 blobs and share1 at the same time where we can set cool tier
upvoted 2 times

  favela 5 months, 1 week ago

Correct today I passed with 900 score and I choose this answer
upvoted 5 times

  atilla 9 months, 2 weeks ago

there is also a lot of information in the question which is not relevant
upvoted 2 times

  ajayasa 11 months, 1 week ago

this casestudy was there on 16/03/2022 with same question and passed with 900 percent
upvoted 2 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  benvdw 11 months, 1 week ago

on exam 13/3/2022

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 129/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times
  InvisibleShadow 11 months, 2 weeks ago
This question came in the exam today 8/Mar/2022.
I passed the exam, 95% questions came from here.
upvoted 3 times

  gharbi 11 months, 1 week ago

Plz Stop lyin bro
upvoted 13 times

  ilagnadod 1 year ago

Am I wrong here?

Box 1: Objective: Create a blob container named container1 – storage has to support Blob sources.
For container1 (blob container) use: storage 1, storage2 and storage3 only.

storage1 (storage or general purpose V1): supports Blob sources

storage2 (storageV2 or general purpose V2): supports blob resources
storage3: BlobStorage - supports blob resources
storage4: FileStorage – doesn’t support Blob sources

box 2: Create a file share named share1 that will use the Cool storage tier – storage has to support file sharing and tiering.
For share1 use: storage2 only

storage2 (storageV2 or general purpose V2): supports file shares and tiering.
storage1 (storage or general purpose V1): does not support file shares or tiering.
storage3: BlobStorage – supports tiering, but not file shares.
storage4: FileStorage – Supports only files shares, therefore, doesn’t support tiering.
upvoted 2 times

  polinoma 1 year ago

The condition is container 1 to use Cool tier (container1 and a file share named share1 that will use the Cool storage tier). With V1 you are able
to create a blob storage, but the tier is only HOT. That's why storage 1 shouldn't be part of the answer. The correct answer is storage2 and
storage3 only
upvoted 3 times

  Timock 1 year, 3 months ago

Storage1: No: Although GPv1 can do fileshares it cannot be used for tiering.

Storage2: Yes: GPv2 can handle both file shares and tiering

Storage3: No: BlobStorage cannot be used for FileShares.

Storage4: No: This is a FileStorage account and will ONLY handle file shares and does not provide tiering.You can select a Premium model but that
is not a cool tier. If you need a cool tier you would have to go with a file share on a GPv2 storage account.

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-cloud-tiering-overview

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-upgrade?tabs=azure-portal
upvoted 6 times

  rigonet 1 year, 3 months ago

Storage accounts that support tiering
Object storage data tiering between hot, cool, and archive is simply supported in Blob storage and GPv2 accounts. General Purpose v1 aka GPv1
accounts don’t maintain tiering.

Box 1 : storage2 and storage3 only

Box 2 : storage2 only
upvoted 7 times

  SanjSL 1 year, 3 months ago

Passed exam on 01/11/2021 with 894. This one came up and my answer was 2&3 and 2&4
upvoted 6 times

  Zarzi 1 year, 3 months ago

how mane % of questions of this topic did you get on your exam ?
upvoted 1 times

  AZ_Guru_Wannabe 12 months ago

It's 2&3 and 2 only. I tested #4 and it definitely does not support hot/cool tiers.
upvoted 2 times

  Mozbius_ 11 months, 3 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 130/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

I think you got mixed up by the question's wrong formulation. There's no such thing as "file share" life cycle. So therefore it is wrong to refer to
file sharing as "cool" which is what the premise of the question appears to refer to which is I believe only meant to cause confusion.
upvoted 1 times

  Mozbius_ 9 months, 2 weeks ago

OK I take this back. Even though "life cycle" appears to apply only to blobs, "file share" can be deployed into the transaction optimized
(default), hot, or cool tiers.

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal
upvoted 1 times

  Mozbius_ 9 months, 2 weeks ago

I think I got confused between "Fileshare" (deosn't have hot/cool tiers) and "File storage" ( which doesn't do hot/cooltiers).
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 131/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 11

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 132/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
HOTSPOT -
You need to create storage5. The solution must support the planned changes.
Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the
appropriate options in the answer area.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 133/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/object-replication-configure?tabs=portal

  DevOpposite Highly Voted  1 year, 4 months ago

I m very lonely here
upvoted 31 times

  theOldOne 1 year, 4 months ago

Good. Its impossible to study with a lot of people around.
upvoted 16 times

  DevOpposite 1 year, 4 months ago

true, exam tomorrow. wish me luck O Old one..
upvoted 12 times

  juniorccs 1 year, 1 month ago

lucky or not ?
upvoted 2 times

  MoSea 3 months, 1 week ago

I wish ET would provide notifications if someone replies to your comment. DevOpposite has no way of knowing you asked him
something. Neither will I know if someone ever replied to my comment. All these comments will be lost to time.....like tears in
rain....time to die.
upvoted 7 times

  hifoda9249 1 year, 4 months ago

Exam in 4 hours

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 134/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 8 times
  zodraz Highly Voted  1 year, 4 months ago
Answer is correct: Storage V2 and Storage 2. We want to use replication for blobs and only that storage type is available. The other one is in
Premium, which should never apply to the exams.
Quoting from https://docs.microsoft.com/en-us/azure/storage/blobs/object-replication-configure?tabs=portal:
"Before you configure object replication, create the source and destination storage accounts if they do not already exist. The source and
destination accounts can be either general-purpose v2 storage accounts or premium block blob accounts (preview). "
upvoted 30 times

  LiamAzure 3 months, 1 week ago

What is replication for blobs?
upvoted 1 times

  laszeklsz Most Recent  2 months, 3 weeks ago

Object replication is supported for general-purpose v2 storage accounts and premium block blob accounts. Both the source and destination
accounts must be either general-purpose v2 or premium block blob accounts. Object replication supports block blobs only; append blobs and
page blobs aren't supported.
upvoted 4 times

  techie_11 10 months, 1 week ago

On exam 4/12/2022. right answer. same question, but on a different case study.
upvoted 3 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 4 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  sid132 11 months, 2 weeks ago

On the exam today, 4.March.2022
upvoted 2 times

  nidhogg 1 year ago

On the exam today, 1.feb.2022
Just 761/1000, but OK! :D
Thanks to ExamTopics and to you all!
upvoted 5 times

  Plextor 1 year, 2 months ago

On exam 17/12/21 I selected this storagev2 and storage2 approved, not sure if it is correct
upvoted 2 times

  Snownoodles 1 year, 2 months ago

Answer is correct.
One more thing I want to bring your attention is the difference between Storage account redundancy vs replication, which confuses me a while.
Storage account redundancy GRS/RA-GRS support v1 and v2
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

but storage account replication only supports v2.

https://docs.microsoft.com/en-us/azure/storage/blobs/object-replication-overview
upvoted 12 times

  Mozbius_ 11 months, 3 weeks ago

Thank you for the clarification. Thanks to az104 training course not saying anything about storage replication I thought that redundancy and
replication were the same. SMH.
upvoted 2 times

  Timock 1 year, 3 months ago

Objective: Create storage5 and configure storage replication for the Blob Service.

Account Kind: Storage GPv2. It says nothing about Premium block blob accounts.

Destination: Storage2 is the only GPv2 account.

Azure Blob Storage contains three types of blobs: Block, Page and Append. A block is a single unit in a Blob.

Object replication is supported for general-purpose v2 storage accounts, and for premium block blob accounts in preview. Both the source and
destination accounts must be either general-purpose v2 or premium block blob accounts. Object replication supports block blobs only; append
blobs and page blobs are not supported.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 135/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Note: Object replication is supported when the source and destination accounts are in the hot or cool tier. The source and destination accounts
may be in different tiers.

In the question it states Blob Service but it literally means blob block as there are three types of blob storage and only block blobs are supported
for replication.

https://docs.microsoft.com/en-us/azure/storage/blobs/object-replication-overview
upvoted 11 times
  Ash3250 1 year, 3 months ago
DevOppsite, Have you received the questions from this Dump?
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 136/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #3 Topic 11

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 137/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements.
Which storage account should you identify?

A. storage1

B. storage2

C. storage3

D. storage4

Correct Answer: C
We use the BlobStorage account storage3 for retention.
Storage lifecycle management offers a rule-based policy that you can use to transition blob data to the appropriate access tiers or to expire
data at the end of the data lifecycle.
Note: Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 138/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview https://docs.microsoft.com/en-us/azure/network-
watcher/network-watcher-nsg-flow-logging-overview

Community vote distribution

B (100%)

  alirasouli Highly Voted  3 months, 2 weeks ago

Selected Answer: B
For at least two reasons, storage2 is the only candidate:
- Location: The storage account used must be in the same region as the NSG.
- Retention is available only if you use General Purpose v2 Storage accounts (GPv2).

Reference:
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
upvoted 23 times

  lebowski Highly Voted  5 months, 1 week ago

Selected Answer: B
"Retention is available only if you use General purpose v2 Storage accounts (GPv2)"
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#how-logging-works
upvoted 5 times

  SumanSaurabh Most Recent  2 months, 1 week ago

Correct answer is B
Retention is available only if you use General Purpose v2 Storage accounts (GPv2)
upvoted 1 times

  wolf13 2 months, 2 weeks ago

Selected Answer: B
I agree with the answer given by Alirasouli.
This question appears in case study: Contoso LTD, Consulting Conpany
upvoted 1 times

  Mev4953 4 months, 4 weeks ago

Answer is B
Retention is available only if you use General purpose v2 Storage accounts (GPv2).

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#how-logging-
works:~:text=Retention%20is%20available%20only%20if%20you%20use%20General%20purpose%20v2%20Storage%20accounts%20(GPv2).
upvoted 3 times

  EleChie 5 months ago

Correct Answer is: B
"Retention is available only if you use General purpose v2 Storage accounts (GPv2)"

Reference: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#how-logging-works
upvoted 4 times

  nox2447 5 months, 1 week ago

Selected Answer: B
Should be B
upvoted 2 times

  Amrrax 5 months, 2 weeks ago

Selected Answer: B
Retention is available only if you use General purpose v2 Storage accounts (GPv2)
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 139/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 140/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 12 - Testlet 5

Question #1 Topic 12

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The
tenant uses the
Premium P1 pricing tier.

Existing Environment -
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the
litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU)
that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective
department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs)

Requirements -

Planned Changes -
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 141/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

Technical Requirements -
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

Question
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?

A. Diagram in VNet1

B. Diagnostic settings in Azure Monitor

C. Diagnose and solve problems in Traffic Manager profiles

D. The security recommendations in Azure Advisor

E. IP flow verify in Azure Network Watcher

Correct Answer: E
Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP,
remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While
any source or destination IP can be chosen,
IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Community vote distribution

E (100%)

  d0bermannn Highly Voted  1 year, 7 months ago

correct
use
Test-AzNetworkWatcherIPFlow to get NSG security rule which blocked traffic +
Get-AzEffectiveNetworkSecurityGroup to get details of NSG rules
https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-traffic-filtering-problem-powershell
upvoted 26 times

  fabylande Highly Voted  1 year, 4 months ago

in exam today! October 16, 2021
upvoted 12 times

  Mev4953 Most Recent  4 months, 4 weeks ago

IMO answer is E
"IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote
IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned"

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
upvoted 2 times

  Mev4953 4 months, 3 weeks ago

IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 142/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  atilla 9 months, 2 weeks ago

why some much text for a simple question
upvoted 4 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 2 times

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  benvdw 11 months, 1 week ago

on exam 13/3/2022
upvoted 1 times

  cirspass 11 months, 4 weeks ago

take exam on next monday, pray for me~~!!
upvoted 3 times

  pappkarcsiii 1 year ago

Selected Answer: E
IpFlow can check port traffic
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 143/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 13 - Testlet 6

Question #1 Topic 13

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The
tenant uses the
Premium P1 pricing tier.

Existing Environment -
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the
litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU)
that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective
department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs)

Requirements -

Planned Changes -
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 144/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

Technical Requirements -
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

Question
You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort.
What should you do?

A. Create an NSG and associate the NSG to VM1 and VM4.

B. Establish peering between VNET1 and VNET3.

C. Assign VM4 an IP address of 10.0.1.5/24.

D. Create a user-defined route from VNET1 to VNET3.

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Community vote distribution

B (67%) C (33%)

  Lionred Highly Voted  1 year, 4 months ago

I think this question is missing some critical info. Where does the VNET3 and 10.0.1.x/24 come from? No mentioning of them at all in the question!
upvoted 56 times

  JDWaters 2 weeks, 5 days ago

The reason why critical information is missing is because here the question is attached to the wrong case. The question pertains to Contoso, Ltd
Consulting, not Litware. See Topic 15 Question 4 and it will all make sense…and the correct answer is “Establish peering between VNET1 and
VNET3”
upvoted 3 times

  klexams 3 months, 3 weeks ago

yep missing big time!
upvoted 2 times

  VeiN Highly Voted  1 year, 1 month ago

I`ve passed the exam today with 900 and had this question. It was connected to testlet which has VNET1-4 and VM1-5.

Few maybe helpful info:

I got two case studies (testlests), each having 5 questions , one at the begining and one at the end (and in between 53 questions).
As you can see there is a lot missing questions in testlets but some of those were the same as previous "normal" cut from the case study content - I
got some with storage that I think I saw earlier.

From the rest questions I got about 4-5 new ones.

upvoted 24 times

  Mazinger Most Recent  1 day, 23 hours ago

B. Establish peering between VNET1 and VNET3.

Establishing peering between the virtual networks (VNETs) allows traffic to flow between them without the need for additional configuration or
routing. This solution minimizes administrative effort, as it requires only a single step to set up the peering. Option A, creating an NSG, would
require additional rules and configuration to allow communication between VM1 and VM4. Option C, assigning a specific IP address to VM4, does
not address the issue of network communication. Option D, creating a user-defined route, would also require additional configuration and
management.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 145/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  zellck 6 days, 21 hours ago

Selected Answer: B
B is the answer.

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for
connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic
between virtual machines in the same network, traffic is routed through Microsoft's private network only.
upvoted 1 times

  zellck 6 days, 21 hours ago

Selected Answer: C
C is the answer.

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for
connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic
between virtual machines in the same network, traffic is routed through Microsoft's private network only.
upvoted 1 times

  azuredemo2022three 3 weeks, 4 days ago

Selected Answer B
upvoted 2 times

  ttttaa 1 month ago

The question belongs to the case study Topic 15 (where there are several tables with one having vm1...vm4)
not this one.
upvoted 1 times

  EleChie 4 months, 4 weeks ago

Question to Admin: Please load all the information in this question. So we can at least decide what could be wrong !!
upvoted 9 times

  bigsam23 5 months ago

Correct Answer C. We need to establish an IP foot print for VM4 and of the answers did.
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
upvoted 1 times

  kevin9988 10 months, 3 weeks ago

Selected Answer: B
B is correct
upvoted 1 times

  josevirtual 10 months, 4 weeks ago

I see two possibilities here:

1. There is missing information

2. With the available information we should be able to know which is the only option that might make sense.

For the second option I think that C is the only one that make sense...
upvoted 1 times

  josevirtual 10 months, 3 weeks ago

After finished (and passed, 900/1000) the exam, I can reply myself. I had this question and there is missing information here, but not in the
exam. The right answer is B.
upvoted 9 times

  techrat 11 months ago

The correct should be B, establing peering. I passed my exam yesterday with score 923 and this question was on it. This question belongs to
another case study Contoso. Consulting company. On my score report, I got 100% correct on Configure and manage virtual networking section
and this question is related to networking, that's why I am positive the answer is B.
upvoted 9 times

  Chris1972 11 months ago

check Question #2Topic 10 missing info is there
upvoted 2 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 1 times

  cirspass 11 months, 4 weeks ago

i didn’t see any info about vnet3, am i blind person？if not , how stupid question~~
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 146/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  Sharathjogi 1 year ago

Stupid question
upvoted 1 times

  fumeta 1 year, 1 month ago

alguém pegou algum estudo de caso, além desses mencionados aqui no Exmetopics? qual o peso dessas questão no exame az-104? vou fazer a
prova na proxima semana que Deus me ajude.
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 147/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 13

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The
tenant uses the
Premium P1 pricing tier.

Existing Environment -
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the
litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU)
that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective
department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs)

Requirements -

Planned Changes -
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 148/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Technical Requirements -
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

Question
HOTSPOT -
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

Box 1: Create a virtual network gateway and a local network gateway.

Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more
information, see
Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
✑ Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-
premises network to the
VNet.
✑ Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises
network is routed through this gateway.
✑ Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 149/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

to encrypt traffic.
✑ Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the
Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.

Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not
go over the internet.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn

  wsscool Highly Voted  1 year, 7 months ago

in exam 7/3/2021
upvoted 13 times

  chopper563 Highly Voted  1 year, 5 months ago

The first is create a virtual network gateway & a local network gateway in the Azure Portal. Please see the steps for S2S VPN Connection at
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
upvoted 12 times

  meeko86 Most Recent  2 months, 1 week ago

Answer copied from mlantonis:
Box 1: Create a virtual network gateway and a local network gateway.
Box 2: Configure a site-to-site VPN connection.
As per requirements:
- Connect the New York office to VNet1 over the Internet by using an encrypted connection.
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2)
VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. Site-
to-Site VPN connection requires Virtual network gateway, Local network gateway and Gateway Subnet.
Note: ExpressRoute connections don't go over the public Internet, the connection is private.
upvoted 10 times

  meeko86 2 months, 1 week ago

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
https://docs.microsoft.com/en-us/azure-stack/user/azure-stack-vpn-s2s
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-classic-portal
upvoted 1 times

  favela 5 months, 1 week ago

Yes today I face this question and my score was 900
upvoted 4 times

  atilla 9 months, 2 weeks ago

I did this once on the azure portal, you really need to do it multiple time to get familiar with it
upvoted 2 times

  Risto83 10 months, 3 weeks ago

https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#LocalNetworkGateway
upvoted 1 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 150/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  ajayasa 11 months, 1 week ago

this question was on 16/03/2022 and answered what mentioned in the answer section
upvoted 1 times

  benvdw 11 months, 1 week ago

on exam 13/3/2022
upvoted 1 times

  husam421 1 year ago

in exam 10/2/2022
upvoted 2 times

  mfvsidiangco 1 year, 2 months ago

Does AZ-104 have labs or just case studies?
upvoted 1 times

  Oulmy1 1 year, 2 months ago

just case studies, no labs
upvoted 4 times

  Takloy 1 year, 1 month ago

Good to know! my first AZ104 had labs 3 years ago. I should have renewed it last year.
Now, I'm going through this review again :(
upvoted 1 times

  Mozbius_ 11 months, 3 weeks ago

My teacher told me that there may in fact be a lab but it would mostly already set and you would have to click on whatever option to fulfill
the question's requirement. So who knows if it's actually true or not.
upvoted 1 times

  Pamban 1 year, 3 months ago

in exam 15/11/2021
upvoted 1 times

  fabylande 1 year, 4 months ago

in exam today! October 16, 2021
upvoted 4 times

  theOldOne 1 year, 4 months ago

How do you create a local net work gateway inside of the Azure portal?
upvoted 5 times

  Barrie 1 year, 3 months ago

Search for local network gateway and create.
This is essentially a reference point for Azure to know how to connect to the remote endpoint. This is used when establishing the VPN
connection
upvoted 2 times

  dj88456 1 year, 6 months ago

Answer is correct.
upvoted 6 times

  SongOTD 1 year, 6 months ago

It says from Azure portal, I think it should be virtual network gateway only for the first quesiton.
upvoted 4 times

  mdmdmdmd 1 year, 4 months ago

Nope, you need to create a local network gateway, it's a common mistake I've made before as well. The wording is tricky with "local" in there.
"The local network gateway is a specific object that represents your on-premises location (the site) for routing purposes."

https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
upvoted 7 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 151/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 14 - Testlet 7

Question #1 Topic 14

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 152/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
HOTSPOT -
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows
for the data tier.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 153/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
✑ A SQL database
✑ A web front end
✑ A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
✑ Move all the virtual machines for App1 to Azure.
✑ Minimize the number of open ports between the App1 tiers.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server

  mlantonis Highly Voted  1 year, 9 months ago

As per requirements:
- You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database, A web front end and A
processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.

Box 1: 1
1 VNET and then follow the N-tier application architecture.

Box 2: 3
3 Subnets (1 Subnet for each tier of the App1). The tiers can communicate each other, because they are inside the same VNET. Of course you would
need additional NSGs to restrict traffic.

Reference:

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
upvoted 85 times

  fedztedz Highly Voted  2 years, 1 month ago

Answer is correct.
1 VNET
3 subnets
upvoted 35 times

  EmnCours Most Recent  5 months, 3 weeks ago

As per requirements:
- You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database, A web front end and A
processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.

Box 1: 1
1 VNET and then follow the N-tier application architecture.

Box 2: 3
3 Subnets (1 Subnet for each tier of the App1). The tiers can communicate each other, because they are inside the same VNET. Of course you would
need additional NSGs to restrict traffic.
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 154/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  Lazylinux 7 months, 4 weeks ago

Given answer is correct and comments as per mlantonis
upvoted 1 times

  ajayasa 11 months, 1 week ago

this case study was there on 16/03/2022 but with different quesionaire
upvoted 2 times

  ScreamingHand 1 year, 8 months ago

These case studies are huge, and yet you could just skip to the end, read the question, and very quickly ascertain the correct answer by going back
and skim reading the requirement.
upvoted 21 times

  rawrkadia 1 year, 7 months ago

This is probably the right play because it tells you specifically which pieces of info actually are relevant to the question at hand
upvoted 3 times

  Sharathjogi 1 year ago

Absolutely, I realized the same. If we read the complete question, we end up wasting so much time, lol :)
upvoted 2 times

  Bon_ 1 year, 5 months ago

Agreed. Don't waste time reading through the whole blurb. A lot of it is extra fluff to distract you. Read the question first, and then go back to
the case study description to determine what information needs to be gathered to answer the question.
upvoted 7 times

  atilla 9 months, 2 weeks ago

exactly...
upvoted 1 times

  ciscogeek 1 year, 10 months ago

"Minimize the number of open ports between the App1 tiers.", With 1 VNET, we have all ports open between the App1 tiers. With 3 VNETs and 1
Subnet for each VNET, it can be solved.
upvoted 4 times

  EricJason 1 year, 10 months ago

I am a SA and I never did that design in my last two years.... nobody wants 3 vnet peering solutions for this..
upvoted 8 times

  nicksu 1 year, 9 months ago

1 x Vnet, 3 x Subnet and 3 x NSGs might solve this as well
upvoted 4 times

  mung 2 months, 3 weeks ago

Why do you need 3 NSGs?
Why not just assign a one NSG to a VNET?
upvoted 1 times

  ddb116 1 year, 10 months ago

You want the 3 subnets so that the tiers can communicate freely with each other. If you and 1 VNet and 1 Subnet you would need to create a
bunch of NSGs. That would create more administrative effort.
upvoted 6 times

  Vole51 1 year, 11 months ago

1 VNET and 3 Subnets. 1 Subnet for each Tier of the App1
upvoted 3 times

  ZUMY 1 year, 11 months ago

Given Answer is correct
1 Vnet
3 Subnet for 3 Tiers
upvoted 4 times

  toniiv 1 year, 12 months ago

Key here is: Minimize administrative effort whenever possible.
So One Vnet, three Subnets to separate the 3 tiers.
upvoted 8 times

  mikl 2 years ago

1 VNET - 3 subnets
upvoted 2 times

  DRBKK 2 years ago

Although you could place all VMs in a single subnet, that does not seem to be a recommended configuration.
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 155/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  mikl 2 years ago

It sure does not : "Minimize the number of open ports between the App1 tiers."
upvoted 4 times

  Mozbius_ 11 months, 3 weeks ago

Thank you for the clarification.
upvoted 1 times

  Meesaw 2 years, 1 month ago

Came in exam 01 Jan 2021
upvoted 3 times

  maymaythar 2 years, 2 months ago

Anyone? Is that right answer plz? Thanks
upvoted 2 times

  rcdumps 2 years, 2 months ago

Yes, 1 VNET can contain the 3 Subnets for the 3 Tiers.
upvoted 8 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 156/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 14

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end

A processing middle tier -

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements -

Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 157/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

Question
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?

A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Correct Answer: A
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
✑ A SQL database
✑ A web front end
✑ A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Community vote distribution

A (100%)

  mcleavin Highly Voted  2 years, 1 month ago

Congrats to anybody that got this far! Answer is correct
upvoted 189 times

  JohnnyChimpo 2 weeks, 6 days ago

My exam is tomorrow. I have studied my ass off. I didnt just memorize questions. Im already an Azure cloud admin, so my day-to-day work
deeply involves all of these topics. That being said, and with all my experience - these Microsoft questions are ridiculous. They focus too much
on memorization. Thank God for Exam Topics, so I know what to expect tomorrow. Godspeed y'all. Wish me luck!
upvoted 2 times

  lksilesian 1 year, 3 months ago

Nothing to congrate mate. I am taking exam day after tomorrow and are sh*ting my pants because I know how much I do not know...
upvoted 25 times

  scouttyper 1 year, 3 months ago

howd it go?
upvoted 2 times

  kennynelcon 9 months, 3 weeks ago

Site need send notif to users
upvoted 3 times

  Holydud 6 months ago

Was on exam 19 Aug 2022. Scored 870. Around 85% questions were also on ET. Answered A
upvoted 7 times

  Gadzee 1 year ago

Hahahaha, this section is boring.
upvoted 5 times

  Jasonwcc Highly Voted  2 years ago

All the best to everyone that has arrived at this final page. My first comment tho. Good Luck and Good Health to everyone! Cheers!
upvoted 90 times

  SScott 1 year, 11 months ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 158/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Yes, everyone's discussion, comments and supportive opinions really make the forum and questions extremely constructive. Best of luck as well
to your future endeavors!
upvoted 39 times

  zellck Most Recent  6 days, 21 hours ago

Selected Answer: A
A is the answer.

https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
upvoted 1 times

  Ashfaque_9x 1 month ago

Selected Answer: A
A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
upvoted 1 times

  EmnCours 5 months, 3 weeks ago

Selected Answer: A
Correct Answer: A 🗳️
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
✑ A SQL database
✑ A web front end
✑ A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Monitor and back up Azure resources
upvoted 2 times

  Ash_B38 6 months, 1 week ago

Has anyone appeared for the exam recently? would like to know how accurate these dumps are. Cheers!
upvoted 2 times

  additionalpylons 5 months, 2 weeks ago

Writing today. I'll let you know!
upvoted 3 times

  Lazylinux 7 months, 4 weeks ago

Selected Answer: A
Given answer is correct and explanation too
upvoted 2 times

  michaelmorar 9 months, 4 weeks ago

Selected Answer: A
Simple questions like this give me anxiety! But it looks like there's a strong consensus for A which is great.

Outbound rules are irrelevant here. Inbound rule to 443 should only apply to the web tier.
upvoted 2 times

  techie_11 10 months, 2 weeks ago

A is correct. Lionred is also correct about the real world scenario
upvoted 2 times

  Jatinderjames 10 months, 3 weeks ago

my exam is in next 30 minutes.. not sure how many questions will come from this
upvoted 3 times

  ajayasa 11 months, 1 week ago

this casestudy was there on 16/03/2022 with same question and passed with 900 percent
upvoted 2 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 1 times

  ajayasa 11 months, 1 week ago

this case study was there on 16/03/2022 with same question and passed with 900 percent and provided the answer mentioned in the answer
section
upvoted 1 times

  G_unit_19 11 months, 4 weeks ago

Selected Answer: A
See the comment from mlantonis
upvoted 3 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 159/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  fedev21 11 months, 4 weeks ago

Good luck to everybody!
upvoted 2 times

  areza 1 year, 1 month ago

passed 902. in exam 29.12.21 - answer A
upvoted 7 times

  Takloy 1 year, 1 month ago

Taking the exam today, wish me luck! will update in the main page for this exam.
https://www.examtopics.com/exams/microsoft/az-104/
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 160/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 15 - Testlet 8

Question #1 Topic 15

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 161/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
HOTSPOT -
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 162/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: No -

NSG2 blocks RDP to VM2 -

Box 2: Yes -

ICMP is not blocked -

Box 3: No -

NSG2 blocks RDP from VM2 -

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

  humnahibataynge Highly Voted  5 months, 2 weeks ago

I think the Answers should be: YYN

VM1 has inbound rules, so no restriction on outbound.

VM2 has outbound rules, so no restrictions on inbound.

Hence VM1 can establish RDP to VM2.

VM2 —ping—> VM3: Yes(no restriction other than outbound RDP)

VM2 —RDP—> VM3: No(outbound RDP is not allowed on VM2)

Please correct me if I am wrong.

Tmrw I have my exam.
upvoted 33 times

  pythonier 5 months, 1 week ago

I agree that is YYN:

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 163/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

1-The rule is configured inbound from VM1 and VM2 will allow the traffic because of stateful firewall inspection, the traffic is allowed to come
in. If the traffic is initiated from VM2 them it wouldn't work.

2-ping will be allow because the vnets are already peered

3-No, traffic is initiated from VM2 and the outbound rule will block it.

Feel free to correct me if I am wrong.

upvoted 3 times
  fabio79 5 months, 2 weeks ago
how do you say it's one outbound rule for the VM2? NSG2 source for the rdp deny rule is a 10.0.0.0/16 and the ip of the VM1 is on this subnet. I
think that is NYN the answer
upvoted 5 times

  flurgen248 3 months, 4 weeks ago

I thought the same thing at first, and had to read it three times before I noticed what I was missing.

Create an NSG named NSG1 that will have the custom INBOUND security rules shown in the following table.
Create an NSG named NSG2 that will have the custom OUTBOUND security rules shown in the following table.

Capitalized for emphasis.

It's YYN.
upvoted 3 times

  humnahibataynge 5 months, 2 weeks ago

Passed the exam today with 920/1000.
This case was not there in my exam.
upvoted 4 times

  qwerty100 Highly Voted  4 months, 1 week ago

From VM1, you can Esablish a Remote Desktop sesion to VM2: Yes

They are in the same subnet and VM1 doesn't have restriction on outbound and VM2 doesn't have restriction on inbound

From VM2, you can ping VM3: No

Rule 400 only permit ping from 10.0.2.0/24 to 10.0.1.0/24. VM3 has 172.16.1.4 IP address

From VM2, you can establish a Remote Desktop sesion to VM3: No

Rule 200 only permit virtualNetwork (VNET1) destination RDP and VM3 is in VirtualNetwork VNET2
upvoted 12 times

  qwerty100 3 months, 4 weeks ago

Sorry, I made a mistake in the explanation:

From VM2, you can establish a Remote Desktop sesion to VM3: No

Rule 200 blocks RDP traffic
upvoted 1 times

  qwerty100 3 months, 3 weeks ago

Sorry I can't update the answer and I have to make a new post:

Finaly I think is : YYN

From VM1, you can Esablish a Remote Desktop sesion to VM2: Yes

They are in the same VNET and VM1 doesn't have restriction on outbound and VM2 doesn't have restriction on inbound

From VM2, you can ping VM3: Yes

Rule 400 only permit ping from 10.0.2.0/24 to 10.0.1.0/24. VM3 has 172.16.1.4 IP address, but there are implicit rules: any(port) any(protocol)
virtualnetwork(source) to virtualnetwork (destination). The VNETs are peered and ping works.

From VM2, you can establish a Remote Desktop sesion to VM3: No

Rule 200 blocks RDP traffic

upvoted 5 times

  darren888 Most Recent  2 months ago

New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4 this must be entered to allow a VM to ping another VM in a peered
network windows firewall blocks ICMP the case study indicates we are using windows machines.
upvoted 1 times

  Lexxsuse 1 month, 4 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 164/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

I'd say you are overthinking it. Nothing prevents us from thinking the firewalls are open as needed on the VMs. Here we need to justify ping
possibility from NSG configuration stand point. Yes the VM might not return the ping response. But it doesn't mean ping request can't reach the
destination.
upvoted 1 times

  spike15_mk 2 months ago

NO - Rule 200 outbound for VNET1/Subent2 and Rule 500 for Income from VNET1/Subent2(10.0.2.0/24) deny the traffic through port3389. VM1
don't have restriction to request on port 3389 to Subnet2 VM2, but VM2 when response on this request from VM1 on 3389 RULE 200 in NSG2 will
deny this message from VM2 response
YES - VNET1 and VNET2 are peered and default 65000 Rule AllowVnetOutBound allow any protocol and any port. Keep in mind default rules
existing in NSG
NO Rule 200 Deny
upvoted 4 times

  darren888 2 months, 1 week ago

YNN I dont believe you can ping VM3 from VM2 although they are in a peered network they are windows machines that block ICMP ping, VM3
would require a inbound rule to allow ICMP
upvoted 1 times

  jp_mcgee 2 months, 2 weeks ago

VM1/VNET1/SUBNET1/10.0.1.4
VM1/NSG1/INBOUND - Deny 3389 from VNET1/SUBNET2
VM1/NSG1/INBOUND - Allow ICMP

VM2/VNET1/SUBNET2/10.0.2.4
*/VNET1/SUBNET2/NSG2/OUTBOUND - Deny 3389 from 10.0.0.0/16 to vnet
*/VNET1/SUBNET2/NSG2/OUTBOUND - Allow ICMP from 10.0.2.0/24 to 10.0.1.0/24

VM3/VNET2/SUBNET1/172.16.1.4 (VNET2 peered to VNET1, VNET3)

From VM1, you can establish a Remote Desktop session to VM2

Yes. Same VNET. NSG1 denys inbound RDP to VM1 AND NSG2 denys outbound RDP from subnet2

From VM2, you can ping VM3

No. NSG2 Default rule DenyAllOutBound blocks VNET1 to VNET2

From VM2, you can establish a Remote Desktop session to VM3

No. NSG2 Default rule DenyAllOutBound blocks VNET1 to VNET3

https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
upvoted 3 times

  kf 3 months ago
This question was on the test 11/12/2022: YYN
upvoted 2 times

  matejka 3 months, 2 weeks ago

Y-Y-N
upvoted 2 times

  klexams 3 months, 3 weeks ago

VM1 - VNET1/Subnet1 - Inbound rules - No outbound rules
VM2 - VNET1/Subnet2 - Outbound rules - No inbound rules
VM3 - VNET2/Subnet1

Box1 - YES
VM1 no outbound rules
VM2 no Inbound rules.
same VNET, subnet to subnet Allowed by default.

Box2 - NO
VM2 has outbound ICMP rule to Allow from 10.0.2.0/24 to 10.0.1.0/24 only. VM3 is 172.16.1.4 but VNET1 and VNET2 are peered which means
inbound traffic between subnets has not restriction.

Box3 - NO
VM2 has outbound RDP rule to Deny from 10.0.0.0/16 to any VNET.
upvoted 6 times

  klexams 3 months, 3 weeks ago

I mean Box2 is YES. sorry.
upvoted 4 times

  awssecuritynewbie 4 months ago

please lets review this together guys,

"Associate NSG1 to the network interface of VM1" which is DENYING inbound traffic for 3389 from VM2. but the question states FROM VM1 -->
VM2 . so the NSG1 does not come in play as it is only for INBOUND RDP TRAFFIC TO VM1 not outbound vm

YES
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 165/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

YES
NO - as the outbound traffic is from source 10.0.0.0/16 ( the entire 10.0.255.255, that VM2 fails in) with port 3389 to any VNET
upvoted 1 times
  BD1988 4 months, 3 weeks ago
I think the answer is NYN.
1. VM1 will try to connect with VM2 but the VM2 have default inbound rules and by default port 3389 is blocked. For, this to happen VM2 has to
have inbound security rule that opens port 3389.
2. Yes : the VNET2 and VNET3 are peered.
3. No: Outbound RDP not allowed on VM2
upvoted 5 times

  Mev4953 4 months, 4 weeks ago

YES: VM1 => VM2 (RDP connection) NSG1 (inbound rule), hence no restriction

YES : VM2 => VM1 (ping) they are peered

NO : VM2 => VM3 (RDP connection) NG2 (outbound rule), hence NOT allowed
upvoted 2 times

  randy0077 4 months, 4 weeks ago

Ans is definately YYN
upvoted 1 times

  nox2447 5 months, 1 week ago

Y: same VNET, no restriction
N: VMs are not in the same VNET and not peered
N: VMs are not in the same VNET and not peered
upvoted 5 times

  awssecuritynewbie 4 months ago

they are peered ... look at the able above
upvoted 1 times

  favela 5 months, 1 week ago

Yes today on my exam. My score was 900
upvoted 1 times

  Amrrax 5 months, 2 weeks ago

Correct answers : YYN
upvoted 1 times

  ThaMagnit_ 5 months, 2 weeks ago

Goodluck, Got mine on 5 sep.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 166/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 15

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 167/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
What should you do first?

A. Redeploy VM1 and VM2 to the same availability zone.

B. Connect VM2 to VNET1/Subnet1.

C. Create a new NSG and associate the NSG to VNET1/Subnet1.

D. Redeploy VM1 and VM2 to the same availability set.

Correct Answer: B
Need to connect VM2 to VNET1/Subnet1.
Scenario: Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 168/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Community vote distribution

D (82%) B (18%)

  Amrrax Highly Voted  5 months, 2 weeks ago

Selected Answer: D
Correct answer D
Redeploy VM1 and VM2 to the same availability set.
For a LB basic it is required that the virtual machines are in a single availability set or scale set of virtual machines
upvoted 25 times

  James3958904 Highly Voted  5 months, 2 weeks ago

Selected Answer: D
I think the answer should be D.
As the requirement states that LB1 is a Basic SKU Load Balancer.
Basic LB only supports VMs in the same VM ScaleSet or AS.
Therefore we need to move these 2 VMs into the same AS.
upvoted 5 times

  Mazinger Most Recent  1 day, 21 hours ago

To add VM1 and VM2 to the backend pool of LB1, they need to be in the same availability set. Therefore, you should redeploy VM1 and VM2 to the
same availability set first. Option D is the correct answer.
upvoted 1 times

  zellck 3 days, 9 hours ago

Got this in Feb 2023 exam.
upvoted 1 times

  GBAU 4 days, 8 hours ago

Selected Answer: D
No point in Connecting VM2 to VNET1/Subnet1 as you are going to have to redeploy it anyway.

"An existing VM cannot be added to an availability set after it is created."

https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-availability-sets

A VM can only be added to an availability set when it is created.

"https://learn.microsoft.com/en-us/azure/virtual-machines/windows/change-availability-set"

If they are already in the same availability set , then you don't need to do B anyway, your a good little Azure admin, keep it up and create your
backend pool with them in it. The fact that this question is being asked with no option of 'nothing' means they are not already in the same AS.
upvoted 1 times

  lkjsatlwjwwge 1 week, 3 days ago

Selected Answer: D
The restrictions seem to be:
- Basic LB can only have VMSS or AS as backend
- Both LB AND backend VMs must be in the SAME VNET and the same location
(when creating a LB, in the step to create the backend pool, we can read: IP configurations associated to virtual machines and virtual machine scale
sets must be in same location as the load balancer and be in the same virtual network).
Unless someone finds a source that states the VMs need to be in the SAME SUBNET as the LB, there's no reason to consider B.
upvoted 1 times

  dagomo 2 weeks, 4 days ago

Selected Answer: B
As our colleague prenominal said must be B
prenominal 4 months, 3 weeks ago
Selected Answer: B
Requirement: "Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1"

For this reason, I believe it's B (Connect VM2 to VNET1/Subnet1)

upvoted 2 times
upvoted 2 times

  dimsok 1 month ago

Selected Answer: D
Availability Sets in different subnets of the same VNET: https://cloudbrothers.info/en/azure-availability-sets-vnet-dependency/
upvoted 1 times

  Vad133 1 month, 2 weeks ago

Availability Set can have VMs from different subnets within the same VNet thus there is no need to re-connect VM2 to VNET1/Subnet1. The answer
is D.
upvoted 1 times

  klexams 3 months, 3 weeks ago

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 169/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Selected Answer: D
VM1 and VM2 are not in AS because they have different subnet. VMs on AS have the same subnet! So for Basic ILB, it needs to be in single AS,
Scaleset or single VM.
upvoted 2 times

  Ravi1383 4 months ago

Trick is in this part of the question - What should you do first?

Even before adding both the VM to same availability set you need to add vm2 to vnet1/subnet1. B is correct!
upvoted 4 times

  flurgen248 3 months, 4 weeks ago

Can't you just move it to the other subnet while redeploying to the Availability set?
You're redeploying the entire VM, so just assign it a NIC in the right subnet.

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/change-availability-set
upvoted 1 times

  Kem81 4 months, 2 weeks ago

Selected Answer: D
For me the answer is D. There is no mention that VM1 and VM2 are in an Availability Set but they are both in VNET1 and a basic LB requirement is
for any VM's in VMSS or AS. Goodluck peeps!
upvoted 2 times

  prenominal 5 months, 1 week ago

Selected Answer: B
Requirement: "Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1"

For this reason, I believe it's B (Connect VM2 to VNET1/Subnet1)

upvoted 2 times

  lebowski 5 months, 1 week ago

Selected Answer: B
There is nothing that points out they are in a different availability set, but they need to be in the same Vnet/subnet
upvoted 4 times

  Traian 5 months, 1 week ago

Both VM1 and VM2 are inside VNET1.
They need to be in the same availability set or scale set as it is a basic LB , and as you point out there is no mention of that.
I think the correct answer is D
upvoted 10 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 170/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #3 Topic 15

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment -

Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-
premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.

Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.

User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table

No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 171/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.

Associate NSG1 to the network interface of VM1.

Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.

Associate NSG2 to VNET1/Subnet2.

Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

Question
You need to add VM1 and VM2 to the backend pool of LB1.
What should you do first?

A. Connect VM2 to VNET1/Subnet1.

B. Redeploy VM1 and VM2 to the same availability zone.

C. Redeploy VM1 and VM2 to the same availability set.

D. Create a new NSG and associate the NSG to VNET1/Subnet1.

Correct Answer: A
VM1 is already in VNET1/Subnet1.
VM2 is on VNET1/Subnet2, and must be moved to VNET1/Subnet1.
Note:
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 172/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-internal-portal

Community vote distribution

C (79%) 14% 7%

  GBAU 4 days, 8 hours ago

Selected Answer: C
No point in Connecting VM2 to VNET1/Subnet1 as you are going to have to redeploy it anyway.

"An existing VM cannot be added to an availability set after it is created."

https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-availability-sets

A VM can only be added to an availability set when it is created.

"https://learn.microsoft.com/en-us/azure/virtual-machines/windows/change-availability-set"

If they are already in the same availability set , then you don't need to do B anyway, your a good little Azure admin, keep it up and create your
backend pool with them in it. The fact that this question is being asked with no option of 'nothing' means they are not already in the same AS.
upvoted 1 times

  GBAU 4 days, 8 hours ago

Opps, should have read "then you don't need to do A anyway"
upvoted 1 times

  AnKiLa 6 days, 9 hours ago

Selected Answer: A
I have not tested this one, but did some reaserch. Configuration through Azure portal supports only one subnet
(https://i.stack.imgur.com/v7ePg.png) and it is possible to create a LB with more than one availability set (https://learn.microsoft.com/en-
us/azure/load-balancer/tutorial-multi-availability-sets-portal). That's why I will go with answer A (Connect VM2 to VNET1/Subnet1).
upvoted 1 times

  shrp 2 weeks, 1 day ago

Selected Answer: C
I've tested, you can have VMs in different subnets of a VNET and be a member of the same availability set. The basic internal LB will accept this
configuration.

I don't like the wording of answer C, because you need to recreate not redeploy the VMs but the rest of the answers make no sense.
upvoted 2 times

  dagomo 2 weeks, 3 days ago

Selected Answer: A
As our colleague prenominal said must be A
prenominal 4 months, 3 weeks ago
Selected Answer: A
Requirement: "Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1"

For this reason, I believe it's A (Connect VM2 to VNET1/Subnet1)

upvoted 2 times
upvoted 1 times

  tunaparker 1 month ago

de ja vu
upvoted 4 times

  Bigc0ck 1 month, 1 week ago

same quetion
upvoted 1 times

  Lexxsuse 1 month, 4 weeks ago

I really don't like term "Redeploy" in answer C. Redeploy has a specific meaning - it means restart VM on a new set of hardware. To add to an
availability set we actually need to recreate both VMs
upvoted 3 times

  Imy 4 months, 2 weeks ago

Same as the previous question.
upvoted 4 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 173/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  EleChie 4 months, 3 weeks ago

*The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set (VMSS), or a single machine.

*The Standard tier can span any virtual machine in a single virtual network (Vnet), including blends of scale sets, availability sets, and machines. In
another mening "Any virtual machines or virtual machine scale sets (VMSS) in a single virtual network"
upvoted 2 times

  DanishHassan 5 months, 1 week ago

Selected Answer: C
Should be C
upvoted 2 times

  prenominal 5 months, 1 week ago

Requirement: "Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1"

For this reason, I believe it's A (Connect VM2 to VNET1/Subnet1)

upvoted 4 times

  awssecuritynewbie 4 months ago

that is what i think,, can someONE PLEASE HELP , how do you know the availability set of the VMS?
upvoted 2 times

  flurgen248 3 months, 4 weeks ago

Since there's no mention of an availability set we have to assume there isn't one.

A Basic Load Balancer can only support multiple VMs if they're in a single Availability Set or a VM Scale Set.
upvoted 5 times

  darthfodio 1 month, 2 weeks ago

Plus, VM1 and VM2 are in different subnets. If they were already in an availability set, they would be in the same subnet already.
upvoted 1 times

  HMO 5 months, 1 week ago

Selected Answer: C
You can not use basic load balancer to balance between single VMs . the have to be in a scale set or availability set
upvoted 3 times

  libran 5 months, 1 week ago

Selected Answer: C
Redeploy VM1 and VM2 to the same availability set.
upvoted 1 times

  awssecuritynewbie 4 months, 1 week ago

WRONG! the deployment is good for a new AZ but not actually to change VM vnet
upvoted 1 times

  Amrrax 5 months, 2 weeks ago

Selected Answer: C
I'm sorry I made a mistake in the previous question, the correct answer is C: Redeploy VM1 and VM2 to the same availability set.
upvoted 2 times

  Amrrax 5 months, 2 weeks ago

Selected Answer: B
Redeploy VM1 and VM2 to the same availability zone.
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 174/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #4 Topic 15

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.

What should you do?

A. Create a user-defined route from VNET1 to VNET3.

B. Create an NSG and associate the NSG to VM1 and VM4.

C. Assign VM4 an IP address of 10.0.1.5/24.

D. Establish peering between VNET1 and VNET3.

Correct Answer: D

Community vote distribution

D (100%)

  wpestan 1 month, 1 week ago

Selected Answer: D
i can´t see any issue to create a peering
D. Establish peering between VNET1 and VNET3.
upvoted 2 times

  vitodobra 1 month, 1 week ago

Selected Answer: D
Peering
upvoted 1 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 175/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Topic 16 - Testlet 9

Question #1 Topic 16

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The
tenant uses the
Premium P1 pricing tier.

Existing Environment -
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the
litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU)
that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective
department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs)

Requirements -

Planned Changes -
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 176/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

Technical Requirements -
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

Question
HOTSPOT -
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer:

  Gromble_ziz Highly Voted  1 year, 7 months ago

Get-AzRoleDefinition -name "Reader" |ConvertTo-Json
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list?tabs=roles
upvoted 50 times

  Gromble_ziz 1 year, 7 months ago

Addition:
Create customer azure role from Json
https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azroledefinition?view=azps-6.2.0#example-2--create-using-json-file
upvoted 6 times

  atilla Highly Voted  9 months, 2 weeks ago

yes lets memorize all this azure cli commands... I got it correct becaouse I have a bit experience, but I look it up in the documentation
upvoted 10 times

  michaelmorar Most Recent  9 months, 4 weeks ago

Get-AzRoleDefinition + ConvertTo-Json
upvoted 2 times

  ajayasa 11 months, 1 week ago

this casestudy was there on 16/03/2022 with same question and passed with 900 percent
upvoted 2 times

  ajayasa 11 months, 1 week ago

this casestudy but not same question was there on 16/03/2022 with same question and passed with 900 percent

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 177/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

upvoted 1 times
  ajayasa 11 months, 1 week ago
this case study was there on 16/03/2022 with same question and passed with 900 percent and provided the answer mentioned in the answer
section
upvoted 1 times

  benvdw 11 months, 1 week ago

on exam 13/3/2022
upvoted 1 times

  husam421 1 year ago

in exam 10/2/2022
upvoted 3 times

  FabioVi 1 year ago

Correct. As the requirement states "Create a custom Azure role named Role1 that is based on the Reader role"...
... then you first need to know what the Reader role implies.
upvoted 4 times

  kandovn 1 year, 1 month ago

Correct answer
upvoted 1 times

  ITprof99 1 year, 1 month ago

On exam 01.02.22
Answer: Get-AzRoleDefinition <role_name> | ConvertTo-Json
upvoted 4 times

  Pamban 1 year, 3 months ago

in exam 15/11/2021
upvoted 4 times

  fabylande 1 year, 4 months ago

in exam today! October 16, 2021
upvoted 4 times

  Quantigo 1 year, 4 months ago

Answer is correct
Get-AzRoleDefinition <role_name> | ConvertTo-Json
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list?tabs=roles
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 178/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #2 Topic 16

Introductory Info
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However,
there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions
included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might
contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to
the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study
before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem
statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The
tenant uses the
Premium P1 pricing tier.

Existing Environment -
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the
litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU)
that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective
department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs)

Requirements -

Planned Changes -
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 179/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Technical Requirements -
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

Question
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical
requirements.
What should you include in the recommendation?

A. Azure AD B2C

B. dynamic groups and conditional access policies

C. Azure AD Identity Protection

D. an Azure logic app and the Microsoft Identity Management (MIM) client

Correct Answer: B
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other
conditions.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

Community vote distribution

B (100%)

  imartinez Highly Voted  1 year, 7 months ago

Answer is correct: "dynamic groups and conditional access policies"
Last question, wish you all the best!
upvoted 94 times

  lksilesian 1 year, 3 months ago

And all the best to you, if you took the exam - I hope you have passed!
upvoted 10 times

  Merkur76 Highly Voted  1 year, 6 months ago

Congratulations!
For reaching this end.

07/30/2021 AZ 104 passed with 909 points.

About 70% of the questions were from here.

Many given answers here are wrong.

Look carefully in the comments, there are more often the correct answers.

If you work through Microsoft Learn like I did, I'll give you a tip: Do everything you learn directly in Azure once yourself. This is the only way to have
a chance to answer the questions that are not listed here.
upvoted 52 times

  lksilesian 1 year, 3 months ago

Congrats on passing the exam. Comments and discussion are the main reasons why I am here. Apart from 1 course I could not find any place
with authoritative answers. Many places where you can BUY a test exam - they have questions from here with WRONG answers. I have learned
more from reading discussions here and FOLLOWING links attached to the official Microsoft documentation that I did from going through a
course that should prepare me for 104
upvoted 10 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 180/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

  juniorccs 1 year, 1 month ago

I don't thinkg that many given answers are wrong here. I bought the Measure Up for$100 and got 206 questions there, none of those questions
were in my exam which I failed with 640, after taking it and coming back here, ExamTopics have more relevant questions. Going through all
Microsoft Learn is good, but it can take you months and it's huge, the knowledge there. For passing the exam, only dumps like these are good,
even though you pass the exam, doesn't mean you can work with azure without properly working with it!
upvoted 19 times

  Mazinger Most Recent  1 day, 21 hours ago

To automate the configuration for the finance department users, you should recommend using dynamic groups and conditional access policies.
This will allow you to automatically add users to a specific group based on certain criteria (such as department) and then apply conditional access
policies (such as Azure Multi-Factor Authentication) to that group. This solution meets the technical requirements and also minimizes costs. Option
A (Azure AD B2C) is not relevant to this scenario, option C (Azure AD Identity Protection) does not directly address the automation of user
configuration, and option D (an Azure logic app and the Microsoft Identity Management (MIM) client) is not the most efficient solution for this
scenario.
upvoted 1 times

  seeyainthecloud 1 week, 5 days ago

Good luck to y'all
Next stop ----> how to pass 'Captcha exam". lezzzgooo!!
upvoted 1 times

  BShelat 1 month, 1 week ago

I took the test today and passed - 840/1000. I opted to show myself as "Novice" for all questions asked before the start of the exam. 90-95%
Questions were from this dump. Thanks Examtopics.
upvoted 3 times

  przema86 2 months ago

Something is wrong.. entire ET set should have 391 questions, if that one is last one then there is only 389.. Two questions are missing :)
upvoted 1 times

  SumanSaurabh 2 months, 1 week ago

Congratulations everyone for reaching out to this last question. Wishing you all good luck and score well. Now its time to do revision before the
exam.
upvoted 4 times

  coringlax 2 months, 1 week ago

I'm glad to be here at the top of the EVEREST (391m high). Now I will climb down all the way to question 1. Wish me luck.
upvoted 3 times

  meeko86 2 months, 1 week ago

As per requirements:
- Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Dynamic groups and conditional policies is the best option.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
upvoted 1 times

  Afsan 2 months, 2 weeks ago

Does AZ 104 contain Labs?
upvoted 1 times

  AlexAlbelice 2 months, 2 weeks ago

Not the exam itself but there are plenty of labs in the MS Learn courses. It's usually indicated by a (sandbox) next to the modules.
upvoted 1 times

  grrruby 3 months ago

Guys! 12/11/2023 passed my exam with 940/1000 score :)
I got 54 question (1 case study). Before exam you have questionnaire. I replied there on all question that I’m novice with azure (I belive you will
have easiest questions). At the exam I got only 1 exam which is not in this page! Always look for comments here! HIGHLY VOTED are the correct
ones! Good luck y’all!!! I don’t even read a questions on exam, just clicked on the correct answers :D 40minutes you got cert ;)
upvoted 8 times

  ccherukuri 2 months, 3 weeks ago

hey, 1 quick question...do you know if the questions towards the end of this dump appeared more in the exam or it was a mix. if the ones
towards the end seems to have appeared more then i can put some extra focus on them.
upvoted 1 times

  Kem81 4 months, 2 weeks ago

So I finally made it the end of these questions. Took me forever! But looking at the last updated was only yesterday, @Admin, is there a way to filter
only the questions that were updated recently? It would be a really helpful feature to implement.
upvoted 4 times

  renzoku 5 months ago

Selected Answer: B

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 181/182
2/16/23, 10:38 AM AZ-104 Exam – Free Actual Q&As, Page 1 | ExamTopics

Good Luck everyone,

I have my exam in 1 hour!
upvoted 2 times

  renzoku 5 months ago

Hello guys, I just finished my examn, passed with 840, Thanks to much
upvoted 14 times

  wydad 5 months ago

Selected Answer: B
and best wishes from MOROCCO
upvoted 3 times

  MoSea 3 months, 1 week ago

And best wishes from a Moroccan in the Netherlands! Good luck all! I'm up in 3 hours.
upvoted 1 times

  Davin0406 5 months, 1 week ago

So this is the final question! From now on, I'll repeat all questions again and again...good luck for all you guys!(and for meXD)
upvoted 3 times

  Ricardogs 5 months, 1 week ago

it will be my exam tomorrow :(
upvoted 2 times

  michaelmorar 9 months, 4 weeks ago

Selected Answer: B
B - Dynamic groups with Conditional access policy.

From this day forward, my resume will show that I am a veteran employee of Litware and Contoso - I have spent more time with their IT
department in the last few days than I have with my own employer!
upvoted 13 times

  Prasoon2576 10 months, 1 week ago

Thank you Examtopics. I passed this exam. I really liked the discussion against every questions which helped to build the concepts and answer right.
Case study is very relevant. Good Luck!
upvoted 2 times

https://www.examtopics.com/exams/microsoft/az-104/custom-view/ 182/182