Home Guides Blogs Your Exams Certifications

    Exam: AZ-104: Microsoft Azure Administrator

    Total Questions: 584
    Page of

    Your company has serval departments. Each department has a number of virtual machines (VMs).
    The company has an Azure subscription that contains a resource group named RG1.
    All VMs are located in RG1.
    You want to associate each VM with its respective department.
    What should you do?

    A. Create Azure Management Groups for each department.
    B. Create a resource group for each department.
    C. Assign tags to the virtual machines.
    D. Modify the settings of the virtual machines.
    Answer : C ✅ Explanation: You want to logically associate each VM with its respective department without physically moving or reorganizing the VMs. Here's how the options compare: ✅ C. Assign tags to the virtual machines Best choice for grouping and identifying resources like VMs by metadata (e.g., Department = HR). Tags allow you to: Filter and organize resources by department. Apply policies or cost management per department. Do this without changing the resource group structure.

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company has an Azure Active Directory (Azure AD) subscription.
    You want to implement an Azure AD conditional access policy.
    The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
    Solution: You access the multi-factor authentication page to alter the user settings.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B ✅ Explanation: The goal is to implement a Conditional Access policy that: - Targets Global Administrators - Requires MFA and an Azure AD-joined device - Applies only when accessing from untrusted locations

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company has an Azure Active Directory (Azure AD) subscription.
    You want to implement an Azure AD conditional access policy.
    The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
    Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company has an Azure Active Directory (Azure AD) subscription.
    You want to implement an Azure AD conditional access policy.
    The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
    Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : A

    You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription.
    You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA).
    Which of the following should you use to create the virtual machine?

    A. The New-AzureRmVm cmdlet.
    B. The New-AzVM cmdlet.
    C. The Create-AzVM cmdlet.
    D. The az vm create command.
    Answer : D ✅ Explanation: To implement a custom deployment (like adding a trusted root CA), you should use Azure CLI (az vm create) or ARM templates for more flexibility. New-AzVM (B) is a PowerShell cmdlet, but it's less flexible for custom configurations compared to Azure CLI or ARM templates. New-AzureRmVm (A) is the old (deprecated) AzureRM module cmdlet and should not be used. Create-AzVM (C) does not exist as a standard cmdlet. az vm create (D) is the correct Azure CLI command, which allows custom configurations via --custom-data (for cloud-init) or extensions. For Ubuntu, you can pass a cloud-init script via --custom-data to add the trusted root CA at deployment time.

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.
    After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.
    To achieve this, the Per Enabled User setting must be set for the usage model.
    Solution: You reconfigure the existing usage model via the Azure portal.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B ✅ Explanation: The "Per Authentication" usage model and "Per Enabled User" usage model are different MFA models in Azure. Simply reconfiguring the existing usage model via the Azure portal does not automatically enforce MFA for the newly added users using the "Per Enabled User" model. To meet the goal, you would need to: Enable MFA for each new user individually under the Per User MFA settings in Azure AD. Or, better yet, consider moving to Conditional Access policies, which is the modern and recommended approach for enforcing MFA based on conditions (like sign-in location, risk, etc.).

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.
    After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.
    To achieve this, the Per Enabled User setting must be set for the usage model.
    Solution: You reconfigure the existing usage model via the Azure CLI.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.
    After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.
    To achieve this, the Per Enabled User setting must be set for the usage model.
    Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active
    Directory domain.
    You have a server named DirSync1 that is configured as a DirSync server.
    You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
    Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
    Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active
    Directory domain.
    You have a server named DirSync1 that is configured as a DirSync server.
    You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.
    Solution: You use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller.
    Does the solution meet the goal?

    A. Yes
    B. No
    Answer : B
    Back View All Questions