2025/November Latest Braindump2go AZ-104 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AZ-104 Real Exam Questions!

QUESTION 597
You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated to Subnet1. NSG1 only contains the default rules.
You need to create a rule in NSG1 to prevent the hosts on Subnet1 form connecting to the Azure portal. The hosts must be able to connect to other internet hosts.
To what should you set Destination in the rule?

A. Application security group
B. IP Addresses
C. Service Tag
D. Any

Answer: C
Explanation:
You can use service tags to achieve network isolation and protect your Azure resources from the general Internet while accessing Azure services that have public endpoints. Create inbound/outbound network security group rules to deny traffic to/from Internet and allow traffic to/from AzureCloud or other available service tags of specific Azure services.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview

QUESTION 598
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?

A. search in (Event) “error”
B. Event | where EventType is “error”
C. select * from Event where EventType == “error”
D. Get-Event Event | where {$_.EventType == “error”}

Answer: A
Explanation:
To search a term in a specific table, add the table-name just after the search operator.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Event | search “error”
2. Event | where EventType == “error”
3. search in (Event) “error”
Other incorrect answer options you may see on the exam include the following:
1. Get-Event Event | where {$_.EventTye ג€”eq “error”}
2. Event | where EventType is “error”
3. search in (Event) * | where EventType ג€”eq “error”
4. select * from Event where EventType is “error”
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/searchoperator?pivots=azuredataexplorer

QUESTION 599
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
– Reader
– Security Admin
– Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?

A. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
B. Assign User1 the User Access Administrator role for VNet1.
C. Remove User1 from the Security Reader and Reader roles for Subscription1.
D. Assign User1 the Contributor role for VNet1.

Answer: B
Explanation:
Has full access to all resources including the right to delegate access to others.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
– Assign User1 the User Access Administrator role for VNet1.
– Assign User1 the Owner role for VNet1.
Other incorrect answer options you may see on the exam include the following:
– Assign User1 the Contributor role for VNet1.
– Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
– Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

QUESTION 600
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: From Azure AD in the Azure portal, you use the Bulk invite users operation.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
This implies that the required fields (Email and Redirection URL)are missing from the .csv file.
Here are the csv field pre-requisites that are needed for bulk upload of external users:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite#prerequisites

QUESTION 601
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.

Adatum.com contains the users shown in the following table.

You assign the Azure Active Directory Premium Plan 2 license to Group1 and User4.
Which users are assigned the Azure Active Directory Premium Plan 2 license?

A. User4 only
B. User1 and User4 only
C. User1, User2, and User4 only
D. User1, User2, User3, and User4

Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
Under Limitations and known issues:
“Group-based licensing currently does not support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied.”

QUESTION 603
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network.
What should you configure?

A. Azure Application Gateway
B. private endpoints
C. a network security group (NSG)
D. Azure Virtual WAN

Answer: B
Explanation:
You can use private endpoints for your Azure Storage accounts to allow clients on a virtual network (VNet) to securely access data over a Private Link. The private endpoint uses a separate IP address from the VNet address space for each storage account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.
Link: https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

QUESTION 608
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

A. an Azure Cosmos DB database
B. Azure File Storage
C. Azure SQL Database
D. a virtual machine

Answer: B
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB.
Note:
There are several versions of this question in the exam. The question has two correct answers:
1. Azure File Storage
2. Azure Blob Storage
The question can have other incorrect answer options, including the following:
– Azure Data Lake Store
– Azure SQL Database
– Azure Data Factory
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

QUESTION 610
You have an Azure subscription that contains a storage account named storage1.
You plan to create a blob container named container1.
You need to use customer-managed key encryption for container1.
Which key should you use?

A. an EC key that uses the P-384 curve only
B. an EC key that uses the P-521 curve only
C. an EC key that uses the P-384 curve or P-521 curve only
D. an RSA key with a key size of 4096 only
E. an RSA key type with a key size of 2048, 3072, or 4096 only

Answer: E
Explanation:
Azure storage encryption supports RSA and RSA-HSM keys of sizes 2048, 3072 and 4096.
https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#enable-customer-managed-keys-for-a-storage-account

QUESTION 614
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

A. an Azure Cosmos DB database
B. Azure Data Lake Store
C. Azure Blob storage
D. Azure Data Factory

Answer: C
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB.
Note:
There are several versions of this question in the exam. The question has two correct answers:
1. Azure File Storage
2. Azure Blob Storage
The question can have other incorrect answer options, including the following:
– Azure Data Lake Store
– Azure SQL Database
– Azure Data Factory
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

QUESTION 615
Hotspot Question
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a container named container1.
You create a blob lifecycle rule named rule1.
You need to configure rule1 to automatically move blobs that were NOT updated for 45 days from contained to the Cool access tier.
How should you complete the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview#rule-actions
daysAfterModificationGreaterThan
– The condition for actions on a current version of a blob
Tiering is not yet supported in a premium block blob storage account. For all other accounts, tiering is allowed only on block blobs and not for append and page blobs.
tierToCool
– Supported for blockBlob

QUESTION 616
You plan to create an Azure Storage account named storage1 that will contain a file share named share1.
You need to ensure that share1 can support SMB Multichannel. The solution must minimize costs.
How should you configure storage?

A. Premium performance with locally-redundant storage (LRS)
B. Standard performance with zone-redundant storage (ZRS)
C. Premium performance with geo-redundant storage (GRS)
D. Standard performance with locally-redundant storage (LRS)

Answer: A
Explanation:
According to documentation only Premium file shares (FileStorage), LRS/ZRS are supported for SMB.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-smb-multichannel-performance

QUESTION 617
You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RBAC) roles to storage1.
Which storage1 services support conditions when assigning roles?

A. containers only
B. file shares only
C. tables only
D. queues only
E. containers and queues only
F. files shares and tables only

Answer: E
Explanation:
Currently, conditions can be added to built-in or custom role assignments that have blob storage data actions or queue storage data actions.
https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal

QUESTION 619
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?

A. the Publish-AzVMDscConfiguration cmdlet
B. Azure Application Insights
C. a Desired State Configuration (DSC) extension
D. Azure AD Application Proxy

Answer: C
Explanation:
Azure virtual machine extensions are small packages that run post-deployment configuration and automation on Azure virtual machines.
In the following example, the Azure CLI is used to deploy a custom script extension to an existing virtual machine, which installs a Nginx webserver. az vm extension set \
–resource-group myResourceGroup \
–vm-name myVM –name customScript \
–publisher Microsoft.Azure.Extensions \
–settings ‘{“commandToExecute”: “apt-get install -y nginx”}
Note:
There are several versions of this question in the exam. The question has two correct answers:
1. a Desired State Configuration (DSC) extension
2. Azure Custom Script Extension
The question can have other incorrect answer options, including the following:
– the Publish-AzVMDscConfiguration cmdlet
– Azure Application Insights
Reference:
https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration

QUESTION 623
You have an Azure subscription.
You plan to deploy the Azure container instances shown in the following table.

Which instances can you deploy to a container group?

A. Instance1 only
B. Instance2 only
C. Instance1 and Instance2 only
D. Instance3 and Instance4 only

Answer: D
Explanation:
Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single container instance. While we are working to bring all features to Windows containers, you can find current platform differences in the service.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups

QUESTION 624
You have an Azure subscription that contains the resources shown in the following table.

You configure Azure Site Recovery to replicate VM1 between the US East and West US regions.
You perform a test failover of VM1 and specify VNET2 as the target virtual network.
When the test version of VM1 is created, to which subnet will the virtual machine be connected?

A. TestSubnet1
B. DemoSubnet1
C. RecoverySubnetA
D. RecoverySubnetB

Answer: B
Explanation:
The subnet of the target VM is selected based on the name of the subnet of the source VM.
– If a subnet with the same name as the source VM subnet is available in the target network, that subnet is set for the target VM.
– If a subnet with the same name doesn’t exist in the target network, the first subnet in the alphabetical order is set as the target subnet.
https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping

QUESTION 625
You have an Azure subscription that contains 20 virtual machines, a network security group (NSG) named NSG1, and two virtual networks named VNET1 and VNET2 that are peered.
You plan to deploy an Azure Bastion Basic SKU host named Bastion1 to VNET1.
You need to configure NSG1 to allow inbound access to the virtual machines via Bastion1.
Which port should you configure for the inbound security rule?

A. 22
B. 443
C. 389
D. 8080

Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/bastion/bastion-nsg
Ingress Traffic:
Ingress Traffic from public internet: The Azure Bastion will create a public IP that needs port 443 enabled on the public IP for ingress traffic. Port 3389/22 are NOT required to be opened on the AzureBastionSubnet. Note that the source can be either the Internet or a set of public IP addresses that you specify.
Egress Traffic:
Egress Traffic to target VMs: Azure Bastion will reach the target VMs over private IP. The NSGs need to allow egress traffic to other target VM subnets for port 3389 and 22. If you are using the custom port feature as part of Standard SKU, the NSGs will instead need to allow egress traffic to other target VM subnets for the custom value(s) you have opened on your target VMs.

QUESTION 626
Hotspot Question
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table.

You plan to migrate contoso.com to Azure.
You create an Azure virtual network named VNET1 that has the following settings:
– Address space: 10.0.0.0/16
– Subnet:
– Name: Subnet1
– IPv4: 10.0.1.0/24
You need to move DC1 to VNET1. The solution must ensure that the member servers in contoso.com can resolve AD DS DNS names.
How should you configure DC1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Obtain an IP address automatically
The first 4 IP addresses within a subnet space are getting reserved for Azure automatically. Thus, 10.0.1.3 can’t be the right answer. 10.0.2.1 is in the VNET space but falls out of the subnet space. 192.168.2.1 is just out of the VNET.
Box 2: Configure VNET1 to use a custom DNS server
This VNET1 should use our pre-created DNS server as its DNS server so tahat the member servers in contoso.com can resolve AD DS DNS names.

QUESTION 627
You have an Azure subscription that contains the virtual networks shown in the following table.

You need to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1?

A. VNET1, VNET2, VNET3, and VNET4
B. VNET1 and VNET2 only
C. VNET1 only
D. VNET1, VNET2, and VNET4 only
E. VNET1 and VNET4 only

Answer: C
Explanation:
Are there any firewall resource group restrictions? Yes. The firewall, VNet, and the public IP address all must be in the same resource group.
https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#are-there-any-firewall-resource-group-restrictions

QUESTION 628
You have an Azure subscription that contains a storage account. The account stores website data.
You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user’s location.
What should you configure?

A. private endpoints
B. Azure Firewall rules
C. Routing preference
D. load balancing

Answer: C
Explanation:
By default, clients outside of the Azure environment access your storage account over the Microsoft global network. The Microsoft global network is optimized for low-latency path selection to deliver premium network performance with high reliability. Both inbound and outbound traffic are routed through the point of presence (POP) that is closest to the client. This default routing configuration ensures that traffic to and from your storage account traverses over the Microsoft global network for the bulk of its path, maximizing network performance.
https://learn.microsoft.com/en-us/azure/storage/common/network-routing-preference#microsoft-global-network-versus-internet-routing

QUESTION 629
You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1.
You need to prevent VM1 from accessing VM2 on port 3389.
What should you do?

A. Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
B. Configure Azure Bastion in VNet1.
C. Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1.
D. Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.

Answer: A
Explanation:
It will prevent connections from VM1 on port 3389 to any destination, including the other VM. Question does not say that VM1 should be able to access other VMs on this port so it’s fine to block all outgoing connections.

QUESTION 630
You have an Azure subscription that contains the resources shown in the following table.

You need to manage outbound traffic from VNET1 by using Firewall1.
What should you do first?

A. Configure the Hybrid Connection Manager.
B. Upgrade ASP1 to the Premium SKU.
C. Create a route table.
D. Create an Azure Network Watcher.

Answer: C
Explanation:
When you create a virtual network, Azure automatically creates a default route table for each of its subnets and adds system default routes to the table. In this step, you create a user-defined route table that routes all traffic to the firewall, and then associate it with the App Service subnet in the integrated virtual network.
Section3 in document.
https://learn.microsoft.com/en-us/azure/app-service/network-secure-outbound-traffic-azure-firewall

QUESTION 631
You have an Azure subscription that contains the resources shown in the following table.

All the resources connect to a virtual network named VNet1.
You plan to deploy an Azure Bastion host named Bastion1 to VNet1.
Which resources can be protected by using Bastion1?

A. VM1 only
B. contoso.com only
C. App1 and contoso.com only
D. VM1 and contoso.com only
E. VM1, App1, and contoso.com

Answer: A
Explanation:
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don’t need a public IP address, agent, or special client software.
https://learn.microsoft.com/en-us/azure/bastion/bastion-overview

QUESTION 632
You have an Azure subscription that contains 10 virtual machines and the resources shown in the following table.

You need to ensure that Bastion1 can support 100 concurrent SSH users. The solution must minimize administrative effort.
What should you do first?

A. Resize the subnet of Bastion1
B. Configure host scaling.
C. Create a network security group (NSG)
D. Upgrade Bastion1 to the Standard SKU

Answer: D
Explanation:
When you configure Azure Bastion using the Basic SKU, two instances are created. If you use the Standard SKU, you can specify the number of instances. This is called host scaling.
Each instance can support 20 concurrent RDP connections and 40 concurrent SSH connections for medium workloads. Once the concurrent sessions are exceeded, an additional scale unit (instance) is required.
https://learn.microsoft.com/en-us/azure/bastion/configuration-settings#instance

QUESTION 633
Drag and Drop Question
You have a Windows 11 device named Device and an Azure subscription that contains the resources shown in the following table.

Device1 has Azure PowerShell and Azure Command-Line Interface (CLI) installed.
From Device1, you need to establish a Remote Desktop connection to VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
https://learn.microsoft.com/en-us/azure/bastion/connect-native-client-windows

QUESTION 634
You have an Azure subscription that contains the storage accounts shown in the following table.

You deploy a web app named App1 to the West US Azure region.
You need to back up App1. The solution must minimize costs.
Which storage account should you use as the target for the backup?

A. storage1
B. storage2
C. storage3
D. storage4

Answer: B
Explanation:
To minimize costs, you should use the storage account that is in the same region as the web app that you are backing up. In this case, the web app is in the West US region, so you should use storage2.

QUESTION 635
Hotspot Question
You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains two users named User1 and User2.
The subscription contains the resources shown in the following table.

The subscription contains the alert rules shown in the following table.

The users perform the following action:
– User1 creates a new virtual disk and attaches the disk to VM1
– User2 creates a new resource tag and assigns the tag to RG1 and VM1
Which alert rules are triggered by each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

QUESTION 636
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?

A. a Desired State Configuration (DSC) extension
B. the New-AzConfigurationAssignment cmdlet
C. Azure Application Insights
D. a Microsoft Endpoint Manager device configuration profile

Answer: A
Explanation:
Azure virtual machine extensions are small packages that run post-deployment configuration and automation on Azure virtual machines.
In the following example, the Azure CLI is used to deploy a custom script extension to an existing virtual machine, which installs a Nginx webserver. az vm extension set \
–resource-group myResourceGroup \
–vm-name myVM –name customScript \
–publisher Microsoft.Azure.Extensions \
–settings ‘{“commandToExecute”: “apt-get install -y nginx”}
Note:
There are several versions of this question in the exam. The question has two correct answers:
1. a Desired State Configuration (DSC) extension
2. Azure Custom Script Extension
The question can have other incorrect answer options, including the following:
– the Publish-AzVMDscConfiguration cmdlet
– Azure Application Insights
Reference:
https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration

QUESTION 637
You have an Azure subscription that contains 10 network security groups (NSGs), 10 virtual machines, and a Log Analytics workspace named Workspace1. Each NSG is connected to a virtual machine.
You need to configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected.
What should you do first?

A. Deploy Connection Monitor.
B. Configure data collection endpoints.
C. Configure a private link.
D. Configure NSG flow logs.

Answer: D
Explanation:
The Traffic tab provides access to all NSGs configured for NSG flow logs and Traffic Analytics for the selected set of subscriptions, grouped by location.
https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview#traffic

QUESTION 638
Hotspot Question
You have an Azure subscription named Sub1 that contains the resources shown in the following table.

Sub1 contains the following alert rule:
– Name: Alert1
– Scope: All resource groups in Sub1
o Include all future resources
– Condition: All administrative operations
– Actions: Action1
Sub1 contains the following alert processing rule:
– Name: Rule1
– Scope: Sub1
– Rule type: Suppress notifications
– Apply the rule: On a specific time
o Start: August 10, 2022
o End: August 13, 2022
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Yes
“alert is listed” does not mean a notification in my understanding therefore yes.
Box 2: No
The date is within suppression rule boundaries therefore email will be suppressed.
Box 3: Yes
The date is outside suppression rule boundaries.

QUESTION 639
You have an Azure subscription that contains a storage account named storage1 in the North Europe Azure region.
You need to ensure that when blob data is added to storage1, a secondary copy is created in the East US region. The solution must minimize administrative effort.
What should you configure?

A. operational backup
B. object replication
C. geo-redundant storage (GRS)
D. a lifecycle management rule

Answer: B
Explanation:
Object replication asynchronously copies block blobs between a source storage account and a destination account.
https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-overview

QUESTION 640
You have an Azure subscription that contains two Log Analytics workspaces named Workspace1 and Workspace2 and 100 virtual machines that run Windows Server.
You need to collect performance data and events from the virtual machines. The solution must meet the following requirements:
– Logs must be sent to Workspace1 and Workspace 2.
– All Windows events must be captured.
– All security events must be captured.
What should you install and configure on each virtual machine?

A. the Azure Monitor agent
B. the Windows Azure diagnostics extension (WAD)
C. the Windows VM agent

Answer: A
Explanation:
Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Azure Monitor Agent replaces all of Azure Monitor’s legacy monitoring agents.
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview

QUESTION 641
You have an Azure subscription that contains a virtual network named VNet1.
VNet1 uses two ExpressRoute circuits that connect to two separate on-premises datacenters.
You need to create a dashboard to display detailed metrics and a visual representation of the network topology.
What should you use?

A. Azure Monitor Network Insights
B. a Data Collection Rule (DCR)
C. Azure Virtual Network Watcher
D. Log Analytics

Answer: A
Explanation:
Azure Monitor Network Insights provides a comprehensive and visual representation through topologies, of health and metrics for all deployed network resources, without requiring any configuration. It also provides access to network monitoring capabilities like Connection Monitor, flow logging for network security groups (NSGs), and Traffic Analytics. And it provides other network diagnostic features.
https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview

---

Resources From:

1.2025 Latest Braindump2go AZ-104 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-104.html

2.2025 Latest Braindump2go AZ-104 PDF and AZ-104 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1UgWYSJj0uEU0eN4Uz8jnKDmXdqJJkSzZ?usp=sharing

3.2025 Free Braindump2go AZ-104 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-104-VCE-Dumps(597-641).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!