Valid AZ-104 Dumps shared by PassLeader for Helping Passing AZ-104 Exam! PassLeader now offer the newest AZ-104 VCE dumps and AZ-104 PDF dumps, the PassLeader AZ-104 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-104 dumps with VCE and PDF here: https://www.passleader.com/az-104.html (720 Q&As Dumps –> 764 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-104 dumps from Cloud Storage: https://drive.google.com/open?id=1ms1PBdUaeBViEHIq26Ry2_bjnBBmO9PL
NEW QUESTION 681
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each user.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
‘New-MgInvitation’ is the command to add external users to the organization.
https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/new-mginvitation?view=graph-powershell-1.0
NEW QUESTION 682
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1. A user named User1 has the following roles for Subscription1:
– Reader
– Security Admin
– Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?
A. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
B. Assign User1 the Contributor role for VNet1.
C. Assign User1 the Owner role for VNet1.
D. Assign User1 the Network Contributor role for RG1.
Answer: C
Explanation:
Has full access to all resources including the right to delegate access to others.
Note:
There are several versions of this QUESTION 6in the exam. The QUESTION 6has two possible correct answers:
– Assign User1 the User Access Administrator role for VNet1.
– Assign User1 the Owner role for VNet1.
Other incorrect answer options you may see on the exam include the following:
– Assign User1 the Contributor role for VNet1.
– Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
– Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
NEW QUESTION 683
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK). You need to prepare Vault1 for Azure Disk Encryption. Which two actions should you perform on Vault1? (Each correct answer presents part of the solution. Choose two.)
A. Select Azure Virtual machines for deployment.
B. Create a new key.
C. Create a new secret.
D. Configure a key rotation policy.
E. Select Azure Disk Encryption for volume encryption.
Answer: BE
Explanation:
To prepare Vault1 for Azure Disk Encryption with a key encryption key (KEK):
1. You need to have a key in the Key Vault. This will be the KEK. Azure Disk Encryption uses BitLocker for Windows VMs, which requires a key for encrypting the data disk. If you’re using a KEK, the BEK (BitLocker Encryption Key) will be wrapped by this KEK. So, you should: Create a new key. (Option B)
2. The key vault itself should be configured for Azure Disk Encryption. This ensures the vault is set up to work with Azure VMs and their disks. Therefore: Select Azure Disk Encryption for volume encryption. (Option E)
NEW QUESTION 684
You have an Azure subscription that contains a virtual machine named VM1 and an Azure key vault named KV1. You need to configure encryption for VM1. The solution must meet the following requirements:
– Store and use the encryption key in KV1.
– Maintain encryption if VM1 is downloaded from Azure.
– Encrypt both the operating system disk and the data disks.
Which encryption method should you use?
A. customer-managed keys
B. confidential disk encryption
C. azure disk encryption
D. encryption at host
Answer: C
Explanation:
You can protect your managed disks by using Azure Disk Encryption for Linux VMs, which uses DM-Crypt, or Azure Disk Encryption for Windows VMs, which uses Windows BitLocker, to protect both operating system disks and data disks with full volume encryption. Encryption keys and secrets are safeguarded in your Azure Key Vault subscription. By using the Azure Backup service, you can back up and restore encrypted virtual machines (VMs) that use Key Encryption Key (KEK) configuration.
https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
NEW QUESTION 685
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a container named container1. You need to configure access to container1. The solution must meet the following requirements:
– Only allow read access.
– Allow both HTTP and HTTPS protocols.
– Apply access permissions to all the content in the container.
What should you use?
A. an access policy
B. a shared access signature (SAS)
C. Azure Content Delivery Network (CDN)
D. access keys
Answer: B
Explanation:
To configure read access to container1 in your Azure Storage account while allowing both HTTP and HTTPS protocols and applying access permissions to all content in the container, you should use a Shared Access Signature (SAS) token with the appropriate settings.
NEW QUESTION 686
You need to create an Azure Storage account named storage1. The solution must meet the following requirements:
– Support Azure Data Lake Storage.
– Minimize costs for infrequently accessed data.
– Automatically replicate data to a secondary Azure region.
Which three options should you configure for storage1? (Each correct answer presents part of the solution. Choose three.)
A. zone-redundant storage (ZRS)
B. the Cool access tire
C. geo-redundant storage (GRS)
D. the Hot access tier
E. hierarchical namespace
Answer: BCE
NEW QUESTION 687
You have an Azure AD tenant named contoso.com. You have an Azure subscription that contains an Azure App Service web app named App1 and an Azure key vault named KV1. KV1 contains a wildcard certificate for contoso.com. You have a user named [email protected] that is assigned the Owner role for App1 and KV1. You need to configure App1 to use the wildcard certificate of KV1. What should you do first?
A. Create an access policy for KV1 and assign the Microsoft Azure App Service principal to the policy.
B. Assign a managed user identity to App1.
C. Configure KV1 to use the role-based access control (RBAC) authorization system.
D. Create an access policy for KV1 and assign the policy to User1.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app
NEW QUESTION 688
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use?
A. the New-AzConfigurationAssignment cmdlet
B. Azure Application Insights
C. the Publish-AzVMDscConfiguration cmdlet
D. a Desired State Configuration (DSC) extension
Answer: D
NEW QUESTION 689
You have an Azure subscription that contains the resources shown in the following table:
You need to assign Workspace1 a role to allow read, write, and delete operations for the data stored in the containers of storage1. Which role should you assign?
A. Storage Account Contributor
B. Contributor
C. Storage Blob Data Contributor
D. Reader and Data Access
Answer: C
Explanation:
Storage Blob Data Contributor Read, write, and delete Azure Storage containers and blobs.
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor
NEW QUESTION 690
You have an Azure AD tenant that contains the groups shown in the following table:
You purchase Azure Active Directory Premium P2 licenses. To which groups can you assign a license?
A. Group1 only.
B. Group1 and Group3 only.
C. Group3 and Group4 only.
D. Group1, Group2, and Group3 only.
E. Group1, Group2, Group3, and Group4.
Answer: B
Explanation:
The feature can only be used with security groups, and Microsoft 365 groups that have securityEnabled=TRUE.
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced#limitations-and-known-issues
NEW QUESTION 691
HotSpot
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage. You need to use AzCopy to copy data to the blob storage and file storage in storage1. Which authentication method should you use for each type of storage? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#authorize-azcopy
NEW QUESTION 692
HotSpot
You purchase a new Azure subscription. You create an Azure Resource Manager (ARM) template named deploy.json as shown in the following exhibit:
You connect to the subscription and run the following command:
New-AzDeployment -Location westus -TemplateFile “deploy.json”
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Box 1: No. Because it creates 4 Resource Groups and not 3 Resource Groups (RGS0, RGS1, RGroup4 and ResGrp8).
Box 2: No. Because it doesn’t create a resourcer group named RGroup5.
Box 3: Yes. Because all resource groups were created in the East US Azure Region.
NEW QUESTION 693
HotSpot
You have an Azure AD tenant. You need to create a Microsoft 365 group that contains only members of a marketing department in France. How should you complete the dynamic membership rule? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership#operator-precedence
NEW QUESTION 694
HotSpot
You have an Azure subscription. You plan to create a role definition to meet the following requirements:
– Users must be able to view the configuration data of a storage account.
– Users must be able to perform all actions on a virtual network.
– The solution must use the principle of least privilege.
What should you include in the role definition for each requirement? (To answer, select the appropriate options in the answer area.)
NEW QUESTION 695
HotSpot
You have an Azure AD tenant that contains a user named External User. External User authenticates to the tenant by using [email protected]. You need to ensure that External User authenticates to the tenant by using [email protected]. Which two settings should you configure from the Overview blade? (To answer, select the appropriate settings in the answer area.)
Answer:
Explanation:
If the user wants to sign in using a different email:
– Select the Edit properties icon.
– Scroll to Email and type the new email.
– Next to Other emails, select Add email. Select Add, type the new email, and select Save.
– Select the Save button at the bottom of the page to save all changes.
On the Overview tab, under My Feed, select the “Reset redemption” status link in the B2B collaboration tile.
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status#use-the-microsoft-entra-admin-center-to-reset-redemption-status
NEW QUESTION 696
……
Get the newest PassLeader AZ-104 VCE dumps here: https://www.passleader.com/az-104.html (720 Q&As Dumps –> 764 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-104 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=1ms1PBdUaeBViEHIq26Ry2_bjnBBmO9PL