Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-104

Microsoft AZ-104 Exam (page: 9)
Microsoft Azure Administrator
Updated on: 02-Jan-2026

Viewing Page 9 of 69
AZ-104 PDF 553 Questions

You have an Azure subscription that contains a virtual network named VNet1.
VNet1 uses two ExpressRoute circuits that connect to two separate on-premises datacenters.
You need to create a dashboard to display detailed metrics and a visual representation of the network topology. What should you use?

  1. Log Analytics
  2. Azure Virtual Network Watcher
  3. a Data Collection Rule (DCR)
  4. Azure Monitor Network Insights

Answer(s): D

Explanation:

To monitor Azure on-premises sites connected via virtual networks and ExpressRoute circuits, leverage Azure Monitor and Network Insights. You can view key metrics like bandwidth utilization, latency, and packet loss, and visualize the network topology with Network Insights, helping you understand connectivity and identify potential issues.
Visualizing Network Topology:
Network Insights:
Utilize Network Insights within the Azure portal to visualize the network topology of your ExpressRoute circuits and their connections.
2. Topology View:
Navigate to the "Topology" feature within Network Insights to view a graphical representation of your ExpressRoute setup, including peering relationships, connections, and gateways.


Reference:

https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York.
Existing Environment Azure Environment
ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3.
The subscription contains the storage accounts shown in the following table.


The subscription contains the virtual machines shown in the following table.


The subscription has an Azure container registry that contains the images shown in the following table.


The subscription contains the resources shown in the following table.


Azure Key Vault
The subscription contains an Azure key vault named Vault1. Vault1 contains the certificates shown in the following table.


Vault1 contains the keys shown in the following table.


Microsoft Entra Environment
ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.


The tenant contains the groups shown in the following table.


The adatum.com tenant has a custom security attribute named Attribute1.
Planned Changes
ADatum plans to implement the following changes:
Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.
In storage1, create a new container named cont2 that has the following access policies:
- Three stored access policies named Stored1, Stored2, and Stored3
- A legal hold for immutable blob storage
Whenever possible, use directories to organize storage account content. Grant User1 the permissions required to link Zone1 to VNet1.
Assign Attribute1 to supported adatum.com resources. In storage2, create an encryption scope named Scope1.
Deploy new containers by using Image1 or Image2.
Technical Requirements
ADatum must meet the following technical requirements: Use TLS for WebApp1.
Follow the principle of least privilege.
Grant permissions at the required scope only.
Ensure that Scope1 is used to encrypt storage services.
Use Azure Backup to back up cont1 and share1 as frequently as possible.
Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.

HOTSPOT (Drag and Drop is not supported)
You need to implement the planned changes for User1.
Which roles should you assign to User1, and for which resources? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Private DNS Zone Contributor Roles
* Private DNS Zone Contributor
Lets you manage private DNS zone resources, but not the virtual networks they are linked to.
Allowed actions include: Microsoft.Network/virtualNetworks/join/action
Incorrect:
* DNS Zone Contributor
Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
Scenario:
Planned Changes include:
Grant User1 the permissions required to link Zone1 to VNet1.
Zone1 is an Azure Private DNS zone in RG3. VNet1 is a Virtual network in RG2.
Box 2: RG3 only Resources
The DNS Zone is on RG3. Reference:
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant. The network contains an on-premises Active Directory domain that syncs to the Microsoft Entra tenant.
The Microsoft Entra tenant contains the users shown in the following table.


Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.


User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table


No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.


Requirements Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.


Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.


Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements: Create container1 and share1.
Use the principle of least privilege.
Create a Microsoft Entra security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/ Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

HOTSPOT (Drag and Drop is not supported)
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: No
NSG2 blocks RDP to VM2
Box 2: Yes
ICMP is not blocked
Box 3: No
NSG2 blocks RDP from VM2


Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant. The network contains an on-premises Active Directory domain that syncs to the Microsoft Entra tenant.
The Microsoft Entra tenant contains the users shown in the following table.


Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.


User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table


No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.


Requirements Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.


Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.


Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements: Create container1 and share1.
Use the principle of least privilege.
Create a Microsoft Entra security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/ Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

You need to add VM1 and VM2 to the backend pool of LB1. What should you do first?

  1. Connect VM2 to VNET1/Subnet1.
  2. Redeploy VM1 and VM2 to the same availability zone.
  3. Redeploy VM1 and VM2 to the same availability set.
  4. Create a new NSG and associate the NSG to VNET1/Subnet1.

Answer(s): C




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
Contoso has an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant. The network contains an on-premises Active Directory domain that syncs to the Microsoft Entra tenant.
The Microsoft Entra tenant contains the users shown in the following table.


Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.


User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table


No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.


Requirements Planned Changes
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.


Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.


Associate NSG2 to VNET1/Subnet2.
Technical Requirements
Contoso must meet the following technical requirements: Create container1 and share1.
Use the principle of least privilege.
Create a Microsoft Entra security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/ Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort. What should you do?

  1. Create a user-defined route from VNET1 to VNET3.
  2. Create an NSG and associate the NSG to VM1 and VM4.
  3. Assign VM4 an IP address of 10.0.1.5/24.
  4. Establish peering between VNET1 and VNET3.

Answer(s): D

Explanation:

Setup network peeing between VNET1 and VNET3 through VNET2.
Note 1: Service chaining
Service chaining enables you to direct traffic from one virtual network to a virtual appliance or gateway in a peered network through user-defined routes.
To enable service chaining, configure user-defined routes that point to virtual machines in peered virtual networks as the next hop IP address. User-defined routes could also point to virtual network gateways to enable service chaining.
You can deploy hub-and-spoke networks, where the hub virtual network hosts infrastructure components such as a network virtual appliance or VPN gateway. All the spoke virtual networks can then peer with the hub virtual network. Traffic flows through network virtual appliances or VPN gateways in the hub virtual network.
Virtual network peering enables the next hop in a user-defined route to be the IP address of a virtual machine in the peered virtual network, or a VPN gateway.
Note 2:
VM1 is connected to VNET1/Subnet1. VM4 is connected to VNET3/Subnet1. VNET1 is peered with VNET2.
VNET3 is peered with VNET2.
Incorrect:
* user-defined routes
Is a possible solution, but would require more effort.
Custom routes
You create custom routes by either creating user-defined routes, or by exchanging border gateway protocol (BGP) routes between your on-premises network gateway and an Azure virtual network gateway.
Custom routes
You create custom routes by either creating user-defined routes, or by exchanging border gateway protocol (BGP) routes between your on-premises network gateway and an Azure virtual network gateway.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following: File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements Planned Changes
Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Microsoft Entra ID, the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Microsoft Entra ID. Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

HOTSPOT (Drag and Drop is not supported)
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.


Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Technical requirements include:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.


Reference:

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following: File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements Planned Changes
Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Microsoft Entra ID, the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Microsoft Entra ID. Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

  1. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  2. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  3. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  4. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Answer(s): A

Explanation:

Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.




Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Microsoft Entra tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.


Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.


The network security team implements several network security groups (NSGs)
Requirements Planned Changes
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Microsoft Entra ID.
Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Technical Requirements
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified. Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort.
What should you do?

  1. Create an NSG and associate the NSG to VM1 and VM4.
  2. Establish peering between VNET1 and VNET3.
  3. Assign VM4 an IP address of 10.0.1.5/24.
  4. Create a user-defined route from VNET1 to VNET3.

Answer(s): B



Viewing Page 9 of 69



Share your comments for Microsoft AZ-104 exam with other users:

Alex 5/24/2025 12:54:15 AM

Can I trust to this source?
Anonymous