Microsoft Azure Administrator AZ-104 PDF Dumps 2025.pdf

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
2/12
1.Topic1,Litware,inc.
Overview
Litware,Ltd.isaconsultingcompanythathasamainofficeinMontrealandtwobranchofficesinSeattle
andNewYork.
TheMontrealofficehas2,000employees.TheSeattleofficehas1,000employees.TheNewYorkoffice
has200employees.
AlltheresourcesusedbyLitwarearehostedon-premises.
LitwarecreatesanewAzuresubscription.TheAzureActiveDirectory(AzureAD)tenantusesadomain
namedLitware.onmicrosoft.com.ThetenantusestheP1pricingtier.
ExistingEnvironment
ThenetworkcontainsanActiveDirectoryforestnamedLitware.com.Alldomaincontrollersareconfigured
asDNSserversandhosttheLitware.comDNSzone.
Litwarehasfinance,humanresources,sales,research,andinformationtechnologydepartments.Each
departmenthasanorganizationalunit(OU)thatcontainsalltheaccountsofthatrespectivedepartment.
Alltheuseraccountshavethedepartmentattributesettotheirrespectivedepartment.Newusersare
addedfrequently.
Litware.comcontainsausernamedUser1.
Alltheofficesconnectbyusingprivatelinks.
LitwarehasdatacentersintheMontrealandSeattleoffices.Eachdatacenterhasafirewallthatcanbe
configuredasaVPNdevice.
Allinfrastructureserversarevirtualized.
Thevirtualizationenvironmentcontainstheserversinthefollowingtable.
LitwareusestwowebapplicationsnamedApp1andApp2.Eachinstanceoneachwebapplication
requires1GBofmemory.
TheAzuresubscriptioncontainstheresourcesinthefollowingtable.
Thenetworksecurityteamimplementsseveralnetworksecuritygroups(NSGs).
PlannedChanges
Litwareplanstoimplementthefollowingchanges:
•DeployAzureExpressRoutetotheMontrealoffice.
•MigratethevirtualmachineshostedonServer1andServer2toAzure.
•Synchronizeon-premisesActiveDirectorytoAzureActiveDirectory(AzureAD).
•MigrateApp1andApp2totwoAzurewebappsnamedwebApp1andWebApp2.

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
3/12
Technicalrequirements
Litwaremustmeetthefollowingtechnicalrequirements:
•EnsurethatWebApp1canadjustthenumberofinstancesautomaticallybasedontheloadandcan
scaleuptofiveinstance*.
•EnsurethatVM3canestablishoutboundconnectionsoverTCPport8080totheapplicationsserversin
theMontrealoffice.
•EnsurethatroutinginformationisexchangedautomaticallybetweenAzureandtheroutersinthe
Montrealoffice.
•EnableAzureMulti-FactorAuthentication(MFA)fortheusersinthefinancedepartmentonly.
•Ensurethatwebapp2.azurewebsites.netcanbeaccessedbyusingthenameapp2.Litware.com.
•ConnecttheNewYourofficetoVNet1overtheInternetbyusinganencryptedconnection.
•CreateaworkflowtosendanemailmessagewhenthesettingsofVM4aremodified.
•CreateacustomAzurerolenamedRole1thatisbasedontheReaderrole.
•Minimizecostswheneverpossible.
HOTSPOT
YouneedtoimplementRole1.
WhichcommandshouldyourunbeforeyoucreateRole1?Toanswer,selecttheappropriateoptionsin
theanswerarea.NOTE:Eachcorrectselectionisworthonepoint.
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershellGet-Az
RoleDefinition-Name"Reader"|ConvertTo-Json
https://docs.microsoft.com/en-us/powershell/module/az.resources/get-azroledefinition?view=azps-5.9.0
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/convertto-json?view=po
wershell-7.1
https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaddirectoryrole?view=azureadps-
2.0
2.YouneedtoensurethatVM1cancommunicatewithVM4.Thesolutionmustminimizeadministrative
effort.

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
4/12
Whatshouldyoudo?
A.Createauser-definedroutefromVNET1toVNET3.
B.AssignVM4anIPaddressof10.0.1.5/24.
C.EstablishpeeringbetweenVNET1andVNET3.
D.CreateanNSGandassociatetheNSGtoVMIandVM4.
Answer:B
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
3.YoudiscoverthatVM3doesNOTmeetthetechnicalrequirements.Youneedtoverifywhethertheissue
relatestotheNSGs.
Whatshouldyouuse?
A.DiagraminVNet1
B.thesecurityrecommendationsinAzureAdvisor
C.DiagnosticsettingsinAzureMonitor
D.DiagnoseandsolveproblemsinTrafficManagerProfiles
E.IPflowverifyinAzureNetworkWatcher
Answer:E
Explanation:
Scenario:Litwaremustmeettechnicalrequirementsincluding:
EnsurethatVM3canestablishoutboundconnectionsoverTCPport8080totheapplicationsserversin
theMontrealoffice.
IPflowverifychecksifapacketisallowedordeniedtoorfromavirtualmachine.Theinformationconsists
ofdirection,protocol,localIP,remoteIP,localport,andremoteport.Ifthepacketisdeniedbyasecurity
group,thenameoftherulethatdeniedthepacketisreturned.WhileanysourceordestinationIPcanbe
chosen,IPflowverifyhelpsadministratorsquicklydiagnoseconnectivityissuesfromortotheinternetand
fromortotheon-premisesenvironment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
4.HOTSPOT
YouneedtomeettheconnectionrequirementsfortheNewYorkoffice.
Whatshouldyoudo?Toanswer,selecttheappropriateoptionsintheanswerarea.NOTE:Eachcorrect
selectionisworthonepoint.

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
5/12
Answer:
Explanation:
Box1:Createavirtualnetworkgatewayandalocalnetworkgateway.
AzureVPNgateway.TheVPNgatewayserviceenablesyoutoconnecttheVNettotheon-premises
networkthroughaVPNappliance.Formoreinformation,seeConnectanon-premisesnetworktoa
MicrosoftAzurevirtualnetwork.
TheVPNgatewayincludesthefollowingelements:
Virtualnetworkgateway.AresourcethatprovidesavirtualVPNappliancefortheVNet.Itisresponsible
forroutingtrafficfromtheon-premisesnetworktotheVNet.
Localnetworkgateway.Anabstractionoftheon-premisesVPNappliance.Networktrafficfromthecloud

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
6/12
applicationtotheon-premisesnetworkisroutedthroughthisgateway.
Connection.Theconnectionhaspropertiesthatspecifytheconnectiontype(IPSec)andthekeyshared
withtheon-premisesVPNappliancetoencrypttraffic.
Gatewaysubnet.Thevirtualnetworkgatewayisheldinitsownsubnet,whichissubjecttovarious
requirements,describedintheRecommendationssectionbelow.
Box2:Configureasite-to-siteVPNconnection
Onpremisescreateasite-to-siteconnectionforthevirtualnetworkgatewayandthelocalnetwork
gateway.
Scenario:ConnecttheNewYorkofficetoVNet1overtheInternetbyusinganencryptedconnection.
5.HOTSPOT
YouneedtotheappropriatesizesfortheAzurevirtualforServer2.
Whatshouldyoudo?Toanswer,selecttheappropriateoptionsintheanswerarea.NOTE:Eachcorrect
selectionisworthonepoint.
Answer:

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
7/12
Explanation:
Box1:CreateaRecoveryServicesvault
CreateaRecoveryServicesvaultontheAzurePortal.
Box2:InstalltheAzureSiteRecoveryProvider
AzureSiteRecoverycanbeusedtomanagemigrationofon-premisesmachinestoAzure.
Scenario:MigratethevirtualmachineshostedonServer1andServer2toAzure.
Server2hastheHyper-Vhostrole.
Reference:https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
6.HOTSPOT
YouimplementtheplannedchangesforNSG1andNSG2.
Foreachofthefollowingstatements,selectYesifthestatementistrue.Otherwise,selectNo.NOTE:
Eachcorrectselectionisworthonepoint.
Answer:

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
8/12
7.YouneedtomeetthetechnicalrequirementforVM4.
Whatshouldyoucreateandconfigure?
A.anAzureNotificationHub
B.anAzureEventHub
C.anAzureLogicApp
D.anAzureservicesBus
Answer:B
Explanation:
Scenario:CreateaworkflowtosendanemailmessagewhenthesettingsofVM4aremodified.
YoucanstartanautomatedlogicappworkflowwhenspecificeventshappeninAzureresourcesor
third-partyresources.TheseresourcescanpublishthoseeventstoanAzureeventgrid.Inturn,theevent
gridpushesthoseeventstosubscribersthathavequeues,webhooks,oreventhubsasendpoints.Asa
subscriber,yourlogicappcanwaitforthoseeventsfromtheeventgridbeforerunningautomated
workflowstoperformtasks-withoutyouwritinganycode.
Reference:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
8.Youneedtorecommendasolutiontoautomatetheconfigurationforthefinancedepartmentusers.
Thesolutionmustmeetthetechnicalrequirements.
Whatshouldyouincludeintherecommended?
A.AzureAPB2C
B.AzureADIdentityProtection
C.anAzurelogicappandtheMicrosoftIdentityManagement(MIM)client
D.dynamicgroupsandconditionalaccesspolicies
Answer:D
Explanation:
Technically,ThefinancedepartmentneedstomigratetheirusersfromADtoAADusingAADCbasedon
thefinanceOU,andneedtoenforceMFAuse.Thisisconditionalaccesspolicy.Employeesalsooftenget
promotionsand/orjoinotherdepartmentsandwhenthatoccurs,theuser'sOUattributewillchangewhen
theadminputstheuserinanewOU,andthedynamicgroupconditionalaccessexception(OU=
[DepartmentNameValue])willmovetheusertotheappropriatedynamicgrouponnextAADCdeltasync.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
9.Topic4,HumongousInsurance
Overview
ExistingEnvironment
HumongousInsuranceisaninsurancecompanythathasthreeofficesinMiami,Tokoyo,andBankok.
Eachhas5000users.
ActiveDirectoryEnvironment

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
9/12
HumongousInsurancehasasingle-domainActiveDirectoryforestnamedhumongousinsurance.com.
ThefunctionalleveloftheforestisWindowsServer2012.
YourecentlyprovisionedanAzureActiveDirectory(AzureAD)tenant.
NetworkInfrastructure
Eachofficehasalocaldatacenterthatcontainsalltheserversforthatoffice.Eachofficehasadedicated
connectiontotheInternet.
Eachofficehasseverallinkloadbalancersthatprovideaccesstotheservers.
ActiveDirectoryIssue
Severalusersinhumongousinsurance.comhaveUPNsthatcontainspecialcharacters.
YoususpectthatsomeofthecharactersareunsupportedinAzureAD.
LicensingIssue
YouattempttoassignalicenseinAzuretoseveralusersandreceivethefollowingerrormessage:
"Licensesnotassigned.Licenseagreementfailedforoneuser."YouverifythattheAzuresubscriptionhas
theavailablelicenses.
Requirements
PlannedChanges
HumongousInsuranceplanstoopenanewofficeinParis.TheParisofficewillcontain1,000userswho
willbehiredduringthenext12months.AlltheresourcesusedbytheParisofficeuserswillbehostedin
Azure.
PlannedAzureADInfrastructure
Theon-premisesActiveDirectorydomainwillbesynchronizedtoAzureAD.
AllclientcomputersintheParisofficewillbejoinedtoanAzureADdomain.
PlannedAzureNetworkingInfrastructure
YouplantocreatethefollowingnetworkingresourcesinaresourcegroupnamedAll_Resources:
✑DefaultAzuresystemroutesthatwillbetheonlyroutesusedtoroutetraffic
✑AvirtualnetworknamedParis-VNetthatwillcontaintwosubnetsnamedSubnet1andSubnet2
✑AvirtualnetworknamedClientResources-VNetthatwillcontainonesubnetnamedClientSubnet
✑AvirtualnetworknamedAllOffices-VNetthatwillcontaintwosubnetsnamedSubnet3andSubnet4
YouplantoenablepeeringbetweenParis-VNetandAllOffices-VNet.YouwillenabletheUseremote
gatewayssettingfortheParis-VNetpeerings.
YouplantocreateaprivateDNSzonenamedhumongousinsurance.localandsettheregistrationnetwork
totheClientResources-VNetvirtualnetwork.
PlannedAzureComputerInfrastructure
EachsubnetwillcontainseveralvirtualmachinesthatwillruneitherWindowsServer2012R2,Windows
Server2016,orRedHatLinux.
DepartmentRequirements

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
10/12
HumongousInsuranceidentifiesthefollowingrequirementsforthecompany'sdepartments:
✑WebadministratorswilldeployAzurewebappsforthemarketingdepartment.Eachwebappwillbe
addedtoaseparateresourcegroup.Theinitialconfigurationofthewebappswillbeidentical.Theweb
administratorshavepermissiontodeploywebappstoresourcegroups.
✑Duringthetestingphase,auditorsinthefinancedepartmentmustbeabletoreviewallAzurecosts
fromthepastweek.
AuthenticationRequirements
UsersintheMiamiofficemustuseAzureActiveDirectorySeamlessSingleSign-on(AzureADSeamless
SSO)whenaccessingresourcesinAzure.
YouneedtoresolvetheActiveDirectoryissue.
Whatshouldyoudo?
A.FromActiveDirectoryUsersandComputers,selecttheuseraccounts,andthenmodifytheUser
PrincipalNamevalue.
B.Runidfix.exe,andthenusetheEditaction.
C.FromActiveDirectoryDomainsandTrusts,modifythelistofUPNsuffixes.
D.FromAzureADConnect,modifytheoutboundsynchronizationrule.
Answer:B
Explanation:
IdFixisusedtoperformdiscoveryandremediationofidentityobjectsandtheirattributesinan
on-premisesActiveDirectoryenvironmentinpreparationformigrationtoAzureActiveDirectory.IdFixis
intendedfortheActiveDirectoryadministratorsresponsiblefordirectorysynchronizationwithAzure
ActiveDirectory.
Scenario:ActiveDirectoryIssue
Severalusersinhumongousinsurance.comhaveUPNsthatcontainspecialcharacters.
YoususpectthatsomeofthecharactersareunsupportedinAzureAD.
Reference:https://www.microsoft.com/en-us/download/details.aspx?id=36832
10.Whichbladeshouldyouinstructthefinancedepartmentauditorstouse?
A.Partnerinformation
B.Overview
C.Paymentmethods
D.Invoices
Answer:D
Explanation:
YoucanoptinandconfigureadditionalrecipientstoreceiveyourAzureinvoiceinanemail.Thisfeature
maynotbeavailableforcertainsubscriptionssuchassupportoffers,EnterpriseAgreements,orAzurein
Open.
SelectyoursubscriptionfromtheSubscriptionspage.Opt-inforeachsubscriptionyouown.Click
InvoicesthenEmailmyinvoice.
ClickOptinandaccepttheterms.
Scenario:Duringthetestingphase,auditorsinthefinancedepartmentmustbeabletoreviewallAzure
costsfromthepastweek.

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
11/12
Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date
11.YouneedtodefineacustomdomainnameforAzureADtosupporttheplannedinfrastructure.
Whichdomainnameshouldyouuse?
A.ad.humongousinsurance.com
B.humongousinsurance.onmicrosoft.com
C.humongousinsurance.local
D.humongousinsurance.com
Answer:D
Explanation:
EveryAzureADdirectorycomeswithaninitialdomainnameintheformofdomainname.onmicrosoft.com.
Theinitialdomainnamecannotbechangedordeleted,butyoucanaddyourcorporatedomainnameto
AzureADaswell.Forexample,yourorganizationprobablyhasotherdomainnamesusedtodobusiness
anduserswhosigninusingyourcorporatedomainname.AddingcustomdomainnamestoAzureAD
allowsyoutoassignusernamesinthedirectorythatarefamiliartoyourusers,suchas
‘[email protected].’insteadof'[email protected]'.
Scenario:
NetworkInfrastructure:Eachofficehasalocaldatacenterthatcontainsalltheserversforthatoffice.
EachofficehasadedicatedconnectiontotheInternet.
HumongousInsurancehasasingle-domainActiveDirectoryforestnamedhumongousinsurance.com
PlannedAzureADInfrastructure:Theon-premisesActiveDirectorydomainwillbesynchronizedtoAzure
AD.
Reference:https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
12.Youneedtopreparetheenvironmenttomeettheauthenticationrequirements.
Whichtwoactionsshouldyouperform?Eachcorrectanswerpresentspartofthesolution.NOTEEach
correctselectionisworthonepoint.
A.AzureActiveDirectory(AD)IdentityProtectionandanAzurepolicy
B.aRecoveryServicesvaultandabackuppolicy
C.anAzureKeyVaultandanaccesspolicy
D.anAzureStorageaccountandanaccesspolicy
Answer:C
Explanation:
D:SeamlessSSOworkswithanymethodofcloudauthentication-PasswordHashSynchronizationor
Pass-throughAuthentication,andcanbeenabledviaAzureADConnect.
B:YoucangraduallyrolloutSeamlessSSOtoyourusers.YoustartbyaddingthefollowingAzureAD
URLtoallorselectedusers'IntranetzonesettingsbyusingGroupPolicyinActiveDirectory:
https://autologon.microsoftazuread-sso.com
13.HOTSPOT
Youareevaluatingthenameresolutionforthevirtualmachinesaftertheplannedimplementationofthe
Azurenetworkinginfrastructure.
Foreachofthefollowingstatements,selectYesifthestatementistrue.Otherwise,selectNo.

DownloadValidMicrosoftAZ-104ExamDumpsforBestPreparation
12/12
Answer:
Explanation:
Statement1:Yes
AllclientcomputersintheParisofficewillbejoinedtoanAzureADdomain.
AvirtualnetworknamedParis-VNetthatwillcontaintwosubnetsnamedSubnet1andSubnet2.
MicrosoftWindowsServerActiveDirectorydomains,canresolveDNSnamesbetweenvirtualnetworks.
Automaticregistrationofvirtualmachinesfromavirtualnetworkthat'slinkedtoaprivatezonewith
auto-registrationenabled.ForwardDNSresolutionissupportedacrossvirtualnetworksthatarelinkedto
theprivatezone.
Statement2:Yes
AvirtualnetworknamedClientResources-VNetthatwillcontainonesubnetnamedClientSubnetYouplan
tocreateaprivateDNSzonenamedhumongousinsurance.localandsettheregistrationnetworktothe
ClientResources-VNetvirtualnetwork.
Asthisisaregistrationnetworksothiswillwork.
Statement3:No
OnlyVMsintheregistrationnetwork,heretheClientResources-VNet,willbeabletoregisterhostname
records.SinceSubnet4notconnectedtoClientResourcesNetworkthusnotabletoregisteritshostname
withhumongoinsurance.local
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role
-instances