AZ-104 2023

AZ-104 2023 You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named and an Azure Kubernetes Service (AKS) cluster named AKS1.An administrator reports that she is unable to grant access to AKS1 to the users in .You need to ensure that access to AKS1 can be granted to the users. What should you do first? A. From , modify the Organization relationships settings. B. From , create an OAuth 2.0 authorization endpoint. C. Recreate AKS1. D. From AKS1, create a namespace. Ans- Correct Answer: B Reference: You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named .You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.Which two groups should you create? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. an Office 365 group that uses the Assigned membership type B. a Security group that uses the Assigned membership type C. an Office 365 group that uses the Dynamic User membership type D. a Security group that uses the Dynamic User membership type E. a Security group that uses the Dynamic Device membership type Ans- AC You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.You can set up a rule for dynamic membership on security groups or Office 365 groups.Incorrect Answers:B, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).Reference: You recently created a new Azure subscription that contains a user named Admin1.Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using AzurePowerShell and receives the following error message: "User failed validation to purchase resources. Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal ( configure programmatic deployment for the Marketplace item or create it there for the first time."You need to ensure that Admin1 can deploy the Marketplace resource successfully.What should you do? A. From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet B. From the Azure portal, register the Microsoft.Marketplace resource provider C. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet D. From the Azure portal, assign the Billing administrator role to Admin1 Ans- Correct Answer: C Reference: You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.You create a new user account named AdminUser1.You need to assign the User administrator administrative role to AdminUser1.What should you do from the user account properties? A. From the Licenses blade, assign a new license B. From the Directory role blade, modify the directory role C. From the Groups blade, invite the user account to a new group Ans- Correct Answer: B Assign a role to a user -1. Sign in to the Azure portal with an account that's a global admin or privileged role admin for the directory.2. Select Azure Active Directory, select Users, and then select a specific user from the list.3. For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.4. Press Select to save.Reference: You have an Azure Active Directory (Azure AD) tenant named that contains 100 user accounts.You purchase 10 Azure AD Premium P2 licenses for the tenant.You need to ensure that 10 users can use all the Azure AD Premium features.What should you do? A. From the Licenses blade of Azure AD, assign a license B. From the Groups blade of each user, invite the users to a group C. From the Azure AD domain, add an enterprise application D. From the Directory role blade of each user, modify the directory role Ans- Correct Answer: A Reference: You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager.Subscription1 contains a virtual machine named VM1.You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.What should you do first? A. Create an automation runbook B. Deploy a function app C. Deploy the IT Service Management Connector (ITSM) D. Create a notification Ans- Correct Answer: C The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service, such as theMicrosoft System Center Service Manager.With ITSMC, you can create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts).Reference: You sign up for Azure Active Directory (Azure AD) Premium.You need to add a user named as an administrator on all the computers that will be joined to the Azure AD domain.What should you configure in Azure AD? A. Device settings from the Devices blade B. Providers from the MFA Server blade C. User settings from the Users blade D. General settings from the Groups blade Ans- Correct Answer: A When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device: The Azure AD global administrator role The Azure AD device administrator role The user performing the Azure AD joinIn the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:1. Sign in to your Azure portal as a global administrator or device administrator.2. On the left navbar, click Azure Active Directory.3. In the Manage section, click Devices.4. On the Devices page, click Device settings.5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.Reference: You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.Subscription1 has a user named User1. User1 has the following roles: Reader Security AdminSecurity Reader -You need to ensure that User1 can assign the Reader role for VNet1 to other users.What should you do