Here you have the best Microsoft AZ-104 practice exam questions
Your company has serval departments. Each department has a number of virtual machines (VMs).
The company has an Azure subscription that contains a resource group named RG1.
All VMs are located in RG1.
You want to associate each VM with its respective department.
What should you do?
To associate each virtual machine with its respective department in Azure, you should use tags. Tags in Azure are name/value pairs that can be assigned to resources such as virtual machines. By assigning tags that correspond to department names, you can easily categorize and identify which VMs belong to which departments without needing to modify the existing resource group structure or VM settings.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings.
Does the solution meet the goal?
Accessing the multi-factor authentication page to alter user settings allows you to configure multi-factor authentication requirements for users. However, to meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting to Azure AD from untrusted locations, you need to create a conditional access policy in Azure AD. Conditional access policies allow you to specify conditions, such as the user's group membership and their device's joining status, and enforce specific access controls based on these conditions.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?
The solution does not meet the goal because altering the session control of the Azure AD conditional access policy is not sufficient to enforce the required conditions for Multi-Factor Authentication and Azure AD-joined devices. To meet the goal, the policy should be configured by altering the grant control, not the session control. The grant control allows administrators to enforce access requirements such as Multi-Factor Authentication and device compliance, which are necessary for ensuring that members of the Global Administrators group use an Azure AD-joined device and MFA when connecting from untrusted locations.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?
The solution does not meet the goal. While altering the grant control of the Azure AD conditional access policy in the Azure portal can be part of the solution, it is not sufficient on its own. The policy needs to be configured with specific conditions and controls to require Multi-Factor Authentication (MFA) and the use of an Azure AD-joined device when connecting from untrusted locations. Altering the grant control alone does not cover these requirements; conditions must also be set to specify untrusted locations. Therefore, the correct answer is No.
You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription.
You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA).
Which of the following should you use to create the virtual machine?
To deploy an Ubuntu Server virtual machine in Azure with a custom deployment that includes adding a particular trusted root certification authority (CA), you should use the 'az vm create' command. This command, part of the Azure CLI (Command-Line Interface), supports various customization options, including the use of cloud-init scripts for configuration, which can handle the installation of a trusted root CA as part of the VM's initialization process. The other cmdlets mentioned either do not exist or do not provide the required level of customization. Using 'az vm create', you can employ the --custom-data parameter to provide your cloud-init script, facilitating the custom deployment.