AZ 104 Exam 2023
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which
domain name should you use?
A.
B.
C.
D. Ans- Answer: D
Every Azure AD directory comes with an initial domain name in the form of .
The initial domain name cannot be ch...
AZ 104 Exam 2023
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which
domain name should you use?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com Ans- Answer: D
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed of deleted, but you can add your corporate domain name to AAD
as well. Adding custom domain names to Azure AD allows you to assign user names in the directory that are
familiar to your users, such as 'alice@contoso.com.' instead of 'alice@domain name.onmicrosoft.com'.
You need to prepare the environment to meet the authentication requirements. Which two actions should
you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one
point.
A. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami
office.
C. Join the client computers in the Miami office to Azure AD.
D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami Questions
& Answers PDF P-16 www.dumpskey.com office.
E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication. Ans-
Answer: BE
,B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to
all or selected users' Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com
E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-
through Authentication, and can be enabled via Azure AD Connect.
Scenario: Licensing Issue
1. You attempt to assign a license in Azure to several users and receive the following error message: "Licenses
not assigned. License agreement failed for one user."
2. You verify that the Azure subscription has the available licenses.
You need to resolve the licensing issue before you attempt to assign the license again. What should you do?
A. From the Groups blade, invite the user accounts to a new group.
B. From the Profile blade, modify the usage location.
C. From the Directory role blade, modify the directory role. Ans- Answer: B
Explanation: Some Microsoft services aren't available in all locations because of local laws and regulations.
Before you can assign a license to a user, you must specify the Usage location property for the user. You can
specify the location under the User > Profile > Settings section in the Azure portal.
You have an azure subscription named Subscription that contains the resource groups shown in the following
table.
RG1 - East Asia
RG2 - East US
In RG1, you create a virtual machine named VM1 in the East Asia location. You plan to create a virtual
network named VNET1. You need to create VNET, and then connect VM1 to VNET1. What are two possible
ways to achieve this goal? Each correct answer presents a complete a solution. NOTE: Each correct selection
is worth one point.
,A. Create VNET1 in RG2, and then set East Asia as the location.
B. Create VNET1 in a new resource group in the West US location, and then set West US as the location.
C. Create VNET1 in RG1, and then set East Asia as the location
D. Create VNET1 in RG1, and then set East US as the location.
E. Create VNET1 in RG2, and then set East US as the location. Ans- Answer: AC
A network interface can exist in the same, or different resource group, than the virtual machine you attach it
to, or the virtual network you connect it to. The virtual machine you attach a network interface to and the
virtual network you connect it to must exist in the same location, also referred to as a region. Note, Resource
groups can span multiple Regions, but VNets only can hold resources (VMs, Network Adapters) that exists in
the same region. So in this scenario, you need to create VNET1 in any RG and set location as East Asia.
You have an Azure subscription that contains a storage account named account1. You plan to upload the disk
files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public
IP address space of 131.107.1.0/24. You plan to use the disk files to provision an Azure virtual machine
named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of
192.168.0.0/24. You need to configure account1 to meet the following requirements: Ensure that you can
upload the disk files to account1. Ensure that you can attach the disks to VM1. Prevent all other access to
account1. Which two actions should you perform? Each correct selection presents part of the solution. NOTE:
Each correct selection is worth one point.
A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
B. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of acount1, add VNet1.
D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to
access this storage account.
E. From the Service endpoints blade of VNet1, add a service endpoint. Ans- Answer: AB
By default, storage accounts accept connections from clients on any network. To limit access to selected
networks, you must first change the default action. Azure portal
1. Navigate to the storage account you want to secure. 2. Click on the settings menu called Firewalls and
virtual networks.
3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all
networks, choose to allow access from 'All networks'.
, 4. Click Save to apply your changes. Grant access from a Virtual Network Storage accounts can be configured
to allow access only from specific Azure Virtual Networks. By enabling a Service Endpoint for Azure Storage
within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of
the virtual network and the subnet are also transmitted with each request.
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company
has a public DNS zone for contoso.com. You add contoso.com as a custom domain name to Azure AD. You
need to ensure that Azure can verify the domain name. Which type of DNS record should you create?
A. PTR
B. MX
C. NSEC3
D. RRSIG Ans- Answer: B
TXT or MX : Correct You can use either a TXT or MX record to verify the custom domain in the Azure AD. MX
records can serve the purpose of TXT records Questions & Answers PDF P-56 www.dumpskey.com
SRV : Incorrect SRV records are used by various services to specify server locations. When specifying an SRV
record in Azure DNS
DNSKEY : Incorrect Choice This will verify that the records are originating from an authorized sender. NSEC :
Incorrect Choice This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used
to prove a name does not exist.
You have an Azure virtual machine named VM1. Azure collects events from VM1. You are creating an alert
rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1. You
need to specify which resource type to monitor. What should you specify?
A. metric alert
B. Azure Log Analytics workspace
C. virtual machine
D. virtual machine extension Ans- Answer: B
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CertifiedGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
