AZ-104: Real Exam Questions - Part 2

1 2
Custom script extension timeout after: . You have an Azure Active Directory (Azure AD) tenant named
thetechblackboard.com. Multi-factor authentication (MFA) is enabled for all
users. You need to provide users with the ability to bypass MFA for 10 days on
devices to which they have successfully signed in by using MFA.
a) 30 minutes What should you do?

b) 45 minutes a) From the multi-factor authentication page, configure the users’ settings.
c) 90 minutes b) From Azure AD, create a conditional access policy.

d) Never timeout c) From the multi-factor authentication page, configure the service settings.
d) From the MFA blade in Azure AD, configure the MFA Server settings.

3 4
You download an Azure Resource Manager template based on an existing virtual Which port would you open using the inbound port rules to allow remote desktop
machine. The template will be used to deploy 100 virtual machines. access, while you create Window virtual machine
You need to modify the template to reference an administrative password. You
must prevent the password from being stored in plain text.
What should you create to store the password?

a) an Azure Key Vault and an access policy a) HTTPS

b) an Azure Storage account and an access policy b) FTP

c) a Recovery Services vault and a backup policy c) RDP (3389)

d) Azure Active Directory (AD) Identity Protection and an Azure policy d) SSH (22)
AZ-104: Real Exam Questions - Part 2
5 6
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators
group to use Multi-Factor Authentication and an Azure AD-joined device when
they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user
settings.
Does the solution meet the goal?
Yes No
7 8
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators
group to use Multi-Factor Authentication and an Azure AD-joined device when
they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD
conditional access policy.
Does the solution meet the goal?
Yes No
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators
group to use Multi-Factor Authentication and an Azure AD-joined device when
they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure
AD conditional access policy.
Does the solution meet the goal?
Yes No
Your company has three virtual machines (VMs) that are included in an
availability set. You try to resize one of the VMs, which returns an allocation
failure message. It is imperative that the VM is resized.
Which of the following actions should you take?
a) You should only stop one of the VMs.
b) You should stop two of the VMs.
c) You should stop all three VMs.
d) You should remove the necessary VM from the availability set.
AZ-104: Real Exam Questions - Part 2
9
10
You have an Azure subscription named Subscription1. You plan to deploy an
Your company has a Microsoft Azure subscription. The company has
Ubuntu Server virtual machine named VM1 to Subscription1. You need to
datacenters in Los Angeles and New York. You are configuring the two
perform a custom deployment of the virtual machine. A specific trusted root
datacenters as geo-clustered sites for site resiliency.
certification authority (CA) must be added during the deployment.
You need to recommend an Azure storage redundancy option.
What should you do? To answer, select the appropriate options in the answer
You have the following data storage requirements:
area.
• Data must be stored on multiple nodes.
NOTE: Each correct selection is worth one point.
• Data must be stored on nodes in separate geographic locations.
• Data can be read from the secondary location as well as from the primary
File to create: location.
Answer.ini Which of the following Azure stored redundancy options should you recommend?
Autounattend.conf
Cloud-init.txt a) Geo-redundant storage
Unattend.xml
b) Read-only geo-redundant storage

c) Zone-redundant storage

Tool to deploy Virtual Machine: d) Locally redundant storage

New-AzureRmVm cmdlet
New-AzVM cmdlet
Create-AzVM cmdlet
az vm create command
AZ-104: Real Exam Question and Answer exam series - Part 3
11
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3.
The virtual machines will host a web app named App1. You need to ensure that
at least two virtual machines are available if a single Azure datacenter becomes
unavailable.
What should you deploy?
a) all three virtual machines in a single Availability Zone
b) all virtual machines in a single Availability Set
c) each virtual machine in a separate Availability Zone
d) each virtual machine in a separate Availability Set
13
Your company has an azure subscription that includes a storage account, a
resource group, a blob container and a file share.
A colleague named Tom Smith makes use of a solitary Azure Resource Manager
(ARM) template to deploy a virtual machine and an additional Azure Storage
account.
You want to review the ARM template that was used by Tom Smith.
Solution: You access the Resource Group blade.
Does the solution meet the goal?
Yes No
12
Your company has an azure subscription that includes a storage account, a
resource group, a blob container and a file share.
A colleague named Tom Smith makes use of a solitary Azure Resource Manager
(ARM) template to deploy a virtual machine and an additional Azure Storage
account.
You want to review the ARM template that was used by Tom Smith.
Solution: You access the Virtual Machine blade.
Does the solution meet the goal?
Yes No
14
Your company has an azure subscription that includes a storage account, a
resource group, a blob container and a file share.
A colleague named Tom Smith makes use of a solitary Azure Resource Manager
(ARM) template to deploy a virtual machine and an additional Azure Storage
account.
You want to review the ARM template that was used by Tom Smith.
Solution: You access the Container blade.
Does the solution meet the goal?
Yes No
AZ-104: Real Exam Question and Answer exam series - Part 3
15 16
You have an Azure virtual machine (VM) that has a single data disk. You have Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs
been tasked with attaching this data disk to another Azure VM. are located in a single Azure virtual network named VNet1.
You need to make sure that your strategy allows for the virtual machines to be The company has users that work remotely. The remote workers require access
offline for the least amount of time possible. to the VMs on VNet1. You need to provide access for the remote workers.
Which of the following is the action you should take first? What should you do?
a) Stop the VM that includes the data disk. a) Configure a Site-to-Site (S2S) VPN.
b) Stop the VM that the data disk must be attached to. b) Configure a VNet-toVNet VPN.
c) Detach the data disk. c) Configure a Point-to-Site (P2S) VPN.
d) Delete the VM that includes the data disk. d) Configure a Multi-Site VPN

17 18
Your company has serval departments. Each department has a number of virtual You want to provide more CPU, memory and disk space without adding more
machines (VMs). The company has an Azure subscription that contains a virtual machines.
resource group named RG1. All VMs are located in RG1. Which of the following solution should you choose?
You want to associate each VM with its respective department.
What should you do? a) Scale up

a) Create Azure Management Groups for each department. b) Scale out

b) Create a resource group for each department. c) Scale more

c) Assign tags to the virtual machines. d) Scale high

d) Modify the settings of the virtual machines.

AZ-104: Real Exam Question and Answer exam series - Part 3

19
Your company has an Azure subscription. You need to deploy a number of Azure
virtual machines (VMs) using Azure Resource Manager (ARM) templates. You
have been informed that the VMs will be included in a single availability set. You
are required to make sure that the ARM template you configure allows for as
many VMs as possible to remain accessible in the event of fabric failure or
maintenance.
Which of the following is the value that you should configure for the
platformFaultDomainCount property?
20
Your company has an Azure subscription. You need to deploy a number of Azure
virtual machines (VMs) using Azure Resource Manager (ARM) templates. You
have been informed that the VMs will be included in a single availability set. You
are required to make sure that the ARM template you configure allows for as
many VMs as possible to remain accessible in the event of fabric failure or
maintenance.
Which of the following is the value that you should configure for the
platformUpdateDomainCount property?

a) 10
a) 10
b) 20
b) 30
c) 30
c) Min Value
d) 40
d) Max Value
AZ-104: Real Exam Question and Answer exam series - Part 4
21

Your company has an Azure Active Directory (Azure AD) tenant named thetechblackboard.com. Company has appointed User1 to
review all the settings of the tenant. As an admin your job is to ensure that the User1 can review all the settings of the tenant
however User1 must be prevented from changing any settings. Which role should you assign to User1?

a) Directory reader
b) Security reader
c) Reports reader
d) Global reader

22

Your company’s website is hosted on two different IP addresses. The website requires two different ‘A’ records, one for each IP
address. Which record map should you choose?
www.thetechblackboard.com 3600 IN A 133.102.188.46
www.thetechblackboard.com 3600 IN A 133.102.185.46

a) CNAME
b) AAAA
c) SOA
AZ-104: Real Exam Question and Answer exam series - Part 4
23

In you Azure subscription you have several hundred virtual machines. You need to identify which virtual machines are
underutilized. What should you use?

a) Azure Advisor
b) Azure Monitor
c) Azure policies

24

You have a production Azure Active Directory (Azure AD) tenant named contoso.com. You deploy a development Azure Active
Directory (AD) tenant, and then you create several custom administrative roles in the development tenant.
You need to copy the roles to the production tenant. What should you do first?

a) From the development tenant, export the custom roles to JSON.

b) From the production tenant, create a new custom role.
c) From the development tenant, perform a backup.
d) From the production tenant, create an administrative unit.
AZ-104: Real Exam Question and Answer exam series - Part 4
25

You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to
the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
a) operating system
b) administrator username
c) virtual machine size
d) resource group

26

When assigning private IPv4 addresses in a Subnet with the address range 10.3.0.0/16.
Which of the following addresses are available for assignment dynamically?
a) 10.3.0.2
b) 10.3.0.1
c) 10.3.255.255
d) 10.3.255.254
AZ-104: Real Exam Question and Answer exam series - Part 4
27

Your company wants to have some post-deployment configuration and automation tasks on Azure Virtual Machines.
Solution: As an administrator you suggested to use ARM templates. Does this meet the goal?

Yes No

28

Your company wants to have some post-deployment configuration and automation tasks on Azure Virtual Machines.
Solution: As an administrator you suggested to use Virtual machine extensions. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 4
29

You have an Azure web app named App1. App1 has the deployment slots shown in the following table:

Name Function
webapp1-prod Production
webapp1-test Staging

In webapp1-test, you test several changes to App1. You back up App1. You swap webapp1-test for webapp1-prod and discover that
App1 is experiencing performance issues. You need to revert to the previous version of App1 as quickly as possible.
What should you do?

a) Redeploy App1
b) Swap the slots
c) Clone App1
d) Restore the backup of App1
AZ-104: Real Exam Question and Answer exam series - Part 4

30
You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains
the resources in the following table:

Name Function
Storage1 Storage account
RG1 Resource group
container1 Blob
share1 File Share

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single
Azure Resource Manager template. You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?

a) VM1
b) RG1
c) Storage1
d) container1
AZ-104: Real Exam Question and Answer exam series - Part 5
31
You have an Azure subscription named Subscription1 that You create virtual machines in Subscription1 as shown in the
contains the resources shown in the following table. following table:

Resource Resource
Name Type Region Name Region Operating system
Group Group
VM1 RG1 West Europe Windows server 2016
West Not
RG1 Resource group VM2 RG1 North Europe Windows server 2016
Europe applicable
VM3 RG2 West Europe Windows server 2016
North Not
RG2 Resource group VMA RG1 West Europe Ubuntu 18.04
Europé applicable
VMB RG1 North Europe Ubuntu 18.04
Recovery services West
vault1 RG1 VMC RG2 West Europe Ubuntu 18.04
vault Europe

You plan to use Vault1 for the backup of as many virtual machines as possible. Which virtual machines can be backed up to
Vault1?

a) VM1 only d) VM1, VM3, VMA, and VMC only

b) VM3 and VMC only e) VM1 and VM3 only
c) VM1, VM2, VM3, VMA, VMB, and VMC
AZ-104: Real Exam Question and Answer exam series - Part 5
32
You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster named autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution.

a) the kubectl command

b) the az aks command
c) the Set-AzVm cmdlet
d) the Azure portal
e) the Set-AzAks cmdlet

a) kubectl command is used for configuring Kubernetes and not AKS cluster.
b) The az aks command is used for the AKS cluster configuration.
c) Set-AzVm cmdlet is used for VMs.
d) Set-AzAks, creates or updates an AKS cluster, the correct cmdlet is Set-AzAksCluster.
AZ-104: Real Exam Question and Answer exam series - Part 5
33
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains
resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers. Does this meet the goal?

Yes No

34
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains
resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Automation script. Does this meet the goal?

Yes No

35
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains
resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Deployments. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 5
36
You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do?

a) Deploy five virtual machines. Modify the Availability Zones settings for each virtual machine.
b) Deploy five virtual machines. Modify the Size setting for each virtual machine.
c) Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode.
d) Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.

37
You plan to create the Azure web apps shown in the following table. What is the minimum number of App Service plans you
should create for the web apps?
Name Runtime stack
webapp1 W L .NET Core 3.0 a) 1
Webapp2 W L ASP .NET V4.7 b) 2
Webapp3 W L PHP 7.3
c) 3
webapp4 L Ruby 2.6
d) 4
AZ-104: Real Exam Question and Answer exam series - Part 5
38
Your company wants to share the JSON files stored in a container inside a storage account:

Storage Account: ‘monthlyreports’

File (Blob)
Container: ‘april2022’ employee_data.json

Container
File: ‘employee_data.json’
Storage Account
What is the correct URL for the file called ‘employee_data.json’:

a) https://employee_data.json
b) https://monthlyreports.blob.core.windows.net/april2022/employee_data.json
c) https://monthlyreports.blob.core.windows.net/employee_data.json
d) https://monthlyreports /april2022/employee_data.json
AZ-104: Real Exam Question and Answer exam series - Part 5
39
Your company wants to share the JSON files stored in a container inside a storage account:

Storage Account: ‘monthlyreports’

File (Blob)
Container: ‘april2022’ employee_data.json

Container
File: ‘employee_data.json’
Storage Account
Company want to give access to this file to users. However, the access to Azure Storage file ‘employee_data.json’ should only be
provide for three days. What should you choose:

a) Access to storage account

b) Access Keys
c) Shared Access Signature (SAS)
d) Azure key vault
AZ-104: Real Exam Question and Answer exam series - Part 5

40
You have a general-purpose v1 Azure Storage account named storage1 that uses locally-redundant storage (LRS).
You need to ensure that the data in the storage account is protected if a zone fails. The solution must minimize costs and
administrative effort.
What should you do first?

a) Create a new storage account.

b) Configure object replication rules.
c) Upgrade the account to general-purpose v2.
d) Upgrade the account to Premium block blobs1
e) Upgrade the account to Premium file shares
AZ-104: Real Exam Question and Answer exam series - Part 6
41
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1.
Solution: From Azure CLI, you run az aks. Does this meet the goal?

Yes No

42
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1.
Solution: From Azure CLI, you run azcopy. Does this meet the goal?

Yes No

43
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1.
Solution: From Azure CLI, you run the kubectl client. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 6
44
You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure
when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the
Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the
source.
Does that meet the goal?

Yes No

45
You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure
when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft
Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the
source
Does that meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 6
46
You have an Azure subscription that contains a user named User1. You need to
ensure that User1 can deploy virtual machines and manage virtual networks. The
solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?

a) Owner
b) Virtual Machine Contributor
c) Contributor
d) Virtual Machine Administrator Login
AZ-104: Real Exam Question and Answer exam series - Part 6

47

Which two of the following are an elements of Template schema?

a) includes
b) parameters
c) scripts
d) outputs
AZ-104: Real Exam Question and Answer exam series - Part 6
48

Working on modernization, your company wants to move all services to Azure

Kubernetes service. Which two of the following components contributes to the
monthly Azure charge?

a) Master node
b) Per deployed pod
c) Networking resources
d) Per node VM
AZ-104: Real Exam Question and Answer exam series - Part 6
49

You have an Azure subscription named Subscription1 that contains an Azure virtual
machine named VM1. VM1 is in a resource group named RG1. VM1 runs services
that will be used to deploy resources to RG1. You need to ensure that a service
running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?

a) From the Azure portal, modify the Managed Identity settings of VM1
b) From the Azure portal, modify the Access control (IAM) settings of RG1
c) From the Azure portal, modify the Access control (IAM) settings of VM1
d) From the Azure portal, modify the Policies settings of RG1
AZ-104: Real Exam Question and Answer exam series - Part 6
50

For each of the following statements, select Yes if the statement is true.
Otherwise, select No. NOTE: Each correct selection is worth one point.
Statement Yes No

• Azure Blob storage is supported with Azure Import service.

• Azure data lake is supported with Azure Import service.

• Azure Files storage is supported with Azure Import service.

• Azure SQL database is supported with Azure Import service.

AZ-104: Real Exam Question and Answer exam series - Part 6
51

For each of the following statements, select Yes if the statement is true.
Otherwise, select No. NOTE: Each correct selection is worth one point.
Statement Yes No
• Azure Blob storage is supported with Azure Export service.

• Azure data lake is supported with Azure Export service.

• Azure Files storage is supported with Azure Export service.

• Azure SQL database is supported with Azure Export service.

AZ-104: Real Exam Question and Answer exam series - Part 6

52

You have an Azure virtual machine named VM1 that runs Windows Server 2016. You
need to create an alert in Azure when more than two error events are logged to the
System event log on VM1 within an hour.
Solution: You use Azure advisor to collect the error events on Virtual machines.
Does that meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 6

53

You have an Azure subscription named Subscription1. Subscription1 contains a

resource group named RG1. RG1 contains resources that were deployed by using
templates. You need to view the date and time when the resources were created in
RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click
Programmatic deployment. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 6
54

Your Azure subscription contains an Azure Storage account. You need to create an
Azure container instance named container1 that will use a Docker image named
Image1. Image1 contains a Microsoft SQL Server instance that requires persistent
storage. You need to configure a storage service for Container1. What should you
use?

a) Azure Files
b) Azure Blob storage
c) Azure Queue storage
d) Azure Table storage
AZ-104: Real Exam Question and Answer exam series - Part 6

55

Your company want to move an entire solution to Azure. Due to security constraints
company want to restrict creation of all resources in a particular region. Which
Azure service can restrict resource creation to a specific region.

a) Azure Monitor
b) Azure Availability Zone
c) Azure policy
d) Azure web apps
AZ-104: Real Exam Question and Answer exam series - Part 7
56
You have an Azure subscription named Subscription1 that contains a resource group named RG1.
In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.
You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution
must follow the principle of least privilege. Which role should you assign to Admin1 for each task?
To answer, select the appropriate options in the answer area.

To add backend pool to To add health probe to

LB1 Contributor on LB1 LB2 Contributor on LB2
Network Contributor on LB1 Network Contributor on LB2
Network Contributor on RG1 Network Contributor on RG2
Owner on LB1 Owner on LB2
AZ-104: Real Exam Question and Answer exam series - Part 7
57
You're currently using network security groups (NSGs) to control how your network traffic flows in
and out of your virtual network subnets and network interfaces. You want to customize how your
NSGs work. For all incoming traffic, you need to apply your security rules to both the virtual
machine and subnet level. Which of the following options will let you accomplish this? (Choose
two)

a) Delete the default rules.

b) Create the AllowVNetInBound security rule for all new NSGs.
c) Create rules for both NICs and subnets with an allow action.
d) Add rules with a higher priority than the default rules.
AZ-104: Real Exam Question and Answer exam series - Part 7
58
You create an Azure Storage account named storage1. You plan to create a file share named
data1. Users need to map a drive to the data file share from home computers that run Windows
10. Which outbound port should you open between the home computers and the data file share?

a) 80
• Port 80: HTTP, this is for web
b) 443 • Port 443: HTTPS, for web too
• Port 445, as this is port for SMB protocol to share files
c) 445
• Port 3389: Remote desktop protocol (RDP)
d) 3389
AZ-104: Real Exam Question and Answer exam series - Part 7
59
You have deployed in an application named App1 in Azure. App1 is deployed on two Azure virtual
machines named VM1 and VM2. You plan to implement an Azure Availability Set for App1. The
solution must ensure that App1 is available during planned maintenance of the servers hosting
VM1 and VM2. What should you include in the Availability Set?

a) Single fault domain

b) Single update domain
c) Two fault domains
d) Two update domains
AZ-104: Real Exam Question and Answer exam series - Part 7
60
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named
contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary
Microsoft SharePoint document library named Library1. You need to create groups for the users.
The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.

a) a Microsoft 365 group that uses the Assigned membership type

b) a Security group that uses the Assigned membership type
c) a Microsoft 365 group that uses the Dynamic User membership type
d) a Security group that uses the Dynamic User membership type
e) a Security group that uses the Dynamic Device membership type
AZ-104: Real Exam Question and Answer exam series - Part 7
61
Triggering a webhook at 5AM on Monday is an example of which of the following?

a) A matric based rule

b) An app insight rule
c) A time-based rule.
AZ-104: Real Exam Question and Answer exam series - Part 7
62
Which of the following rule would you apply to the Network Security Group for the Network
interface attached to the Web server for incoming secure traffic? Choose best possible answer?

a) An outbound rule allowing traffic on port 80

b) An outbound rule allowing traffic on port 443
c) An inbound rule allowing traffic on port 443
d) An inbound rule allowing traffic on port 80
AZ-104: Real Exam Question and Answer exam series - Part 7
63
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the
required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Reader role at the subscription level to Admin1. Does this meet the goal?

64 Yes No
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the
required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?
Yes No
65
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the
required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this
meet the goal?
Yes No
AZ-104: Real Exam Question and Answer exam series - Part 7
66
You have an Azure subscription named Subscription1. You have 5 TB of data that you need to
transfer to Subscription1. You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

a) Azure File Storage

b) an Azure Cosmos DB database
c) Azure Data Factory
d) Azure SQL Database
AZ-104: Real Exam Question and Answer exam series - Part 7
67
You have Azure subscription named S1 that contains the resources shown in the following table:
Name Type You create a new Azure subscription
Storage1 Azure Storage account named S2. You need to identify which
VNET1 Virtual network resources can be moved to S2.Which
VM1 Azure virtual machine resources should you identify?
VM1 Managed Managed disk for VM1
VAULT1 Recovery Services vault for the site
recovery of VM1

a) VM1, storage1, VNET1, and VM1Managed only

b) VM1 and VM1Managed only
c) VM1, storage1, VNET1, VM1Managed, and VAULT1
d) VAULT1 only
AZ-104: Real Exam Question and Answer exam series - Part 7
68
What does Application Gateway use to route requests to a web server?

a) The IP address of the web server that is the target of the request
b) The IP address and subnet of web server hosting the web application
c) The hostname, port, and path in the URL of the request
d) The user’s authentication information
AZ-104: Real Exam Question and Answer exam series - Part 7
69
Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows
Server 2016. One of the VMs is backed up every day using Azure Backup Instant Restore.
When the VM becomes infected with data encrypting ransomware, you are required to restore the
VM. Which of the following actions should you take?

a) You should restore the VM after deleting the infected VM.

b) You should restore the VM to any VM within the company’s subscription.
c) You should restore the VM to a new Azure VM.
d) You should restore the VM to an on-premise Windows device.
AZ-104: Real Exam Question and Answer exam series - Part 7
70
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual
machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016. VM1 is backed up daily
by Azure Backup without using the Azure Backup agent. VM1 is affected by ransomware that
encrypts data. You need to restore the latest backup of VM1. To which location can you restore the
backup? To answer, select the appropriate options in the answer area.

You can perform a file

VM1 Only You can restore VM1 to VM1 Only
recovery of VM1 to
VM1 or a new Azure Virtual VM1 or a new Azure Virtual
machine only machine only
VM1 and VM2 only VM1 and VM2 only
A new Azure virtual machine A new Azure virtual machine
only only
AZ-104: Real Exam Question and Answer exam series - Part 8
71
You have an Azure subscription that contains the storage accounts shown in the following table
Name Type Performance You plan to manage the data stored in the
storage1 Storage V2 Standard accounts by using lifecycle management
storage2 Blob Storage Standard rules. To which storage accounts can you
storage3 Block Blob Storage Premium apply lifecycle management rules?
storage4 File Storage Premium

a) storage1 only
b) storage1 and storage2 only
c) storage3 and storage4 only
d) storage1, storage2, and storage3 only
e) storage1, storage2, storage3, and storage4
AZ-104: Real Exam Question and Answer exam series - Part 8
72
You have an Azure DNS zone named thetechblackboard.com. You need to delegate a subdomain
named research.thetechblackboard.com to a different DNS server in Azure. What should you do?

a) Create Named Server (NS) record for the thetechblackboard.com zone.

b) Create a PTR record named research in the thetechblackboard.com zone.
c) Modify the SOA record of thetechblackboard.com
d) Create an A record named *.research in the thetechblackboard.com zone.
AZ-104: Real Exam Question and Answer exam series - Part 8
73
The team for a delivery company is configuring a virtual machine scale set. Friday night is
typically the busiest time. Conversely, 8AM on Tuesday is generally the quietest time. Which of
the following virtual machine scale set features should be configured to add more machines
during that time?

a) Autoscale
b) Metric-based rules
c) Schedule-based rules
AZ-104: Real Exam Question and Answer exam series - Part 8
74
You want to deploy 10 Azure web apps using a deployment template named Template1. From the
following options choose the one as a first step before you deploy Template1. The solution must
minimize Azure costs. What should you identify?

a) five Azure Application Gateways

b) one App Service plan
c) 10 App Service plans
d) one Azure Traffic Manager
e) one Azure Application Gateway
AZ-104: Real Exam Question and Answer exam series - Part 8
75
In Azure what is the starting point of controlling any resource
a) Resource Group
b) Subscription
c) Tenant
76
The infrastructure team needs to install IIS on the localhost. They do not want to use a Custom
Script Extension. Which of the following could be used instead?

a) Desired state configuration

b) Virtual machine extension
c) Windows update
AZ-104: Real Exam Question and Answer exam series - Part 8
77
You need to deploy two Azure virtual machines named VM1 and VM2 based on Windows server
2016. The deployment must provide a Service Level Agreement (SLA) of 99.95 percent availability.
Solution: You propose a solution to create a scale set for the requirement.
Would the solution meet the goal?

Yes No
78
You need to deploy two Azure virtual machines named VM1 and VM2 based on windows server
2016. The deployment must provide a Service Level Agreement (SLA) of 99.95 percent availability.
Solution: You propose a solution to put VMs in availability set.
Would the solution meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 8
79
You have an Azure subscription named Subscription1 that contains the resources shown in the
following table.
Name Type Location Resource
Group
RG1 Resource Group East US NA
RG2 Resource Group West Europe NA
RG3 Resource Group North Europe NA
VNET1 Virtual Network Central US RG1
VM1 Virtual Machine West US RG2

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You
need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and Central US. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 8
80
You have an Azure subscription named Subscription1 that contains the resources shown in the
following table.
Name Type Location Resource
Group
RG1 Resource Group East US NA
RG2 Resource Group West Europe NA
RG3 Resource Group North Europe NA
VNET1 Virtual Network Central US RG1
VM1 Virtual Machine West US RG2

VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You
need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 8
81
In an Azure subscription you need to use an Azure Resource Manager (ARM) template to create a
virtual machine that will have multiple data disks. How should you complete the template?

"copy": [
"copyIndex": [
“dependsOn": [

"copy": [
1 "copyIndex": [
“dependsOn": [

2
AZ-104: Real Exam Question and Answer exam series - Part 8
82
You plan to deploy five virtual machines to a virtual network subnet. Each virtual machine will
have a public IP address and a private IP address. Each virtual machine requires the same
inbound and outbound security rules. What is the minimum number of network interfaces and
network security groups that you require?

Minimum number of network interface Minimum number of network security groups

5 1
10 2
15 5
20 10

The same network security group can be

associated to as many subnets and network
interfaces as you choose.
AZ-104: Real Exam Question and Answer exam series - Part 8
83
You need to configure a VPN connection for network T-net2. Which of the following would you
need to configure in the virtual network?

a) A peering connection
b) An additional address space
c) A gateway subnet
d) An express route connection
AZ-104: Real Exam Question and Answer exam series - Part 8
84
You have an Azure Storage account named storage1. You plan to use AzCopy to copy data to
storage1. You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?

a) blob, file, table, and queue

b) blob and file only
c) file and table only
d) file only
e) blob, table, and queue only
AZ-104: Real Exam Question and Answer exam series - Part 8
85
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File
storage. You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage?
Blob Storage File Storage
Azure Active Directory (Azure AD) only Azure Active Directory (Azure AD) only
Shared access signatures (SAS) only Shared access signatures (SAS) only
Access keys and shared access signatures (SAS) only Access keys and shared access signatures (SAS) only
Azure Active Directory (AzureAD) and SAS Azure Active Directory (AzureAD) and SAS
Azure Active Directory (Azure AD), access keys, and SAS Azure Active Directory (Azure AD), access keys, and SAS
AZ-104: Real Exam Question and Answer exam series - Part 9
86
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named
contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator
reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to
ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?

a) From contoso.com, modify the Organization relationships settings.

b) From contoso.com, create an OAuth 2.0 authorization endpoint.
c) Recreate AKS1.
d) From AKS1, create a namespace.
AZ-104: Real Exam Question and Answer exam series - Part 9
87
Your organization needs a way to create application aware snapshots and backup Linux virtual
machines and VMware virtual machines. You have files, folders, volumes, and workloads to
protect. You recommend which of the following solutions? Select one.

a) Azure Backup (MARS) agent

b) Azure Backup Server
c) Enable disk snapshots
d) Enable backup for individual Azure VMs
AZ-104: Real Exam Question and Answer exam series - Part 9
88
Your company has a series of virtual machines created as part of their Azure subscription. They
want to ensure the IT administrative team is notified if any of the virtual machines go into the
“deallocated” state. Which of the following could you perform to fulfill this requirement?

a) Create an Azure policy using an in-built definition from the compute category
b) Assign a resource tag for the virtual machine and then create an alert based on
that resource tag
c) Enable Diagnostics logs for the virtual machine
d) Create an alert based on the Activity log for the virtual machine
AZ-104: Real Exam Question and Answer exam series - Part 9
89
You have an Azure subscription named Subscription1 containing following resources:
Name Type VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between
RG1 Resource Group VNet1 and VNet2. An administrator named Admin1 creates an
RG2 Resource Group Azure virtual machine named VM1 in RG1. VM1 uses a disk named
VNET1 Virtual Network Disk1 and connects to VNet1. Admin1 then installs a custom
VNET2 Virtual Network application in VM1. You need to move the custom application to
VNet2. The solution must minimize administrative effort.
Which two actions should you perform?
First Step Second Step
Create a network interface in RG2 Attach a network interface.
Detach a network interface. Create a network interface in RG2
Delete VM1. Create a new virtual machine
Move a network interface to RG2 Move VM1 to RG2
AZ-104: Real Exam Question and Answer exam series - Part 9
90
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics
workspace named Workspace1. You need to view the error events from a table named Event.
Which query should you run in Workspace1?
a) Get-Event Event | where {$_.EventType == "error"}
b) Event | search "error"
c) select * from Event where EventType == "error"
d) search in (Event) * | where EventType -eq "error"
AZ-104: Real Exam Question and Answer exam series - Part 9
90
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics
workspace named Workspace1. You need to view the error events from a table named Event.
Which query should you run in Workspace1?
a) Get-Event Event | where {$_.EventType == "error"}
b) Event | where EventType == "error"
c) select * from Event where EventType == "error"
d) search in (Event) * | where EventType -eq "error"

There are several versions of this question in the exam. The question has three possible correct answers:
1. search in (Event) "error"
2. Event | search "error"
3. Event | where EventType == "error"
AZ-104: Real Exam Question and Answer exam series - Part 9
91
You have an Azure Directory (Azure AD) tenant named tenant1 and an Azure Subscription named
Subscription1. Tenant1 contains a group named Developers. Subscription1 contains a resource
group named Dev. You need to provide the Developers group with the ability to create Azure logic
apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the
Developers group. Does this meet the goal?
Yes No
92
You have an Azure Directory (Azure AD) tenant named tenant1 and an Azure Subscription named
Subscription1. Tenant1 contains a group named Developers. Subscription1 contains a resource
group named Dev. You need to provide the Developers group with the ability to create Azure logic
apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the
Developers group. Does this meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 9
93
You have an Azure Directory (Azure AD) tenant named tenant1 and an Azure Subscription named
Subscription1. Tenant1 contains a group named Developers. Subscription1 contains a resource
group named Dev. You need to provide the Developers group with the ability to create Azure logic
apps in the Dev resource group. Solution: On Subscription1, you assign the DevTest Labs User role
to the Developers group. Does this meet the goal?

Yes No

1. Logic App Contributor: Lets you manage logic apps, but you can't change
access to them.
2. Logic App Operator: Lets you read, enable, and disable logic apps, but you
can't edit or update them.
3. Contributor: Grants full access to manage all resources but does not allow
you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or
share image galleries.
AZ-104: Real Exam Question and Answer exam series - Part 9
94
When you're creating an Azure Public Load Balancer, which option allows you to set the Load
Balancer as Public?

sku subscription Public IP address Type

95
You have an Azure Storage account named storage1 that contains a blob container named
container1. You need to prevent new content added to container1 from being modified for one
year. What should you configure?

the access tier an access policy the access level

the Access control (IAM) settings

AZ-104: Real Exam Question and Answer exam series - Part 9
96
AKS cluster can spread across regions?

Yes No
97
AKS cluster can spread across availability zones

Yes No

98
Can you limit who has access to the Kubernetes API server?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 9
99
You download an Azure Resource Manager template based on an existing virtual machine. The
template will be used to deploy 100 virtual machines. You need to modify the template to
reference an administrative password. You must prevent the password from being stored in plain
text.
What should you create to store the password?

a) an Azure Key Vault and an access policy

b) an Azure Storage account and an access policy
c) a Recovery Services vault and a backup policy
d) Azure Active Directory (AD) Identity Protection and an Azure policy
AZ-104: Real Exam Question and Answer exam series - Part 9
100
What two fundamental types of data does Azure Monitor collect?

Email notifications and Username and Metrics and

mobile alerts Password Logs
AZ-104: Real Exam Question and Answer exam series - Part 10
101
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that
contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?

a) From the Licenses blade of Azure AD, assign a license

b) From the Groups blade of each user, invite the users to a group
c) From the Azure AD domain, add an enterprise application
d) From the Directory role blade of each user, modify the directory role
AZ-104: Real Exam Question and Answer exam series - Part 10
102
Your users want to sign-in to devices, apps, and services from anywhere. They want to sign-in
using an organizational work or school account instead of a personal account. You must ensure
corporate assets are protected and that devices meet standards for security and compliance.
Specifically, you need to be able to enable or disable a device. What should you do?

a) Enable the device in Azure AD.

b) Join the device to Azure AD.
c) Connect the device to Azure AD.
d) Register the device with Azure AD.
AZ-104: Real Exam Question and Answer exam series - Part 10
103
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a
financial reporting app named App1 that does not support multiple active instances. At the end of
each month, CPU usage for VM1 peaks when App1 runs. You need to create a scheduled runbook
to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?

a) Add the Azure Performance Diagnostics agent to VM1.

b) Modify the VM size property of VM1.
c) Add VM1 to a scale set.
d) Increase the vCPU quota for the subscription.
e) Add a Desired State Configuration (DSC) extension to VM1.
AZ-104: Real Exam Question and Answer exam series - Part 10
104
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics
workspace named Workspace1. You need to view the error events from a table named Event.
Which query should you run in Workspace1?

a) Get-Event Event | where {$_.EventType == "error"}

b) search in (Event) "error"
c) select * from Event where EventType == "error"
d) search in (Event) * | where EventType -eq "error"
AZ-104: Real Exam Question and Answer exam series - Part 10
105
Azure Files supports identity-based authentication over Server Message Block (SMB)
through which two types of Domain Services?

a) Microsoft Active Directory

b) kerberos authentication active directory
c) On-premises Active Directory Domain Services (AD DS)
d) Azure Active Directory Domain Services (Azure AD DS).
AZ-104: Real Exam Question and Answer exam series - Part 10
106
You have an Azure subscription containing a storage account named
Name Type
storage1. The subscription is linked to an Azure Active Directory (Azure
User1 User
AD) tenant named contoso.com that syncs to an on-premises Active
Computer 1 Computer
Directory domain. The domain contains the security principals shown:
In Azure AD, you create a user named User2.
The storage1 account contains a file share
named share1 and has the following
configurations
Statement Yes No
• You can assign the Storage File Data SMB Share Contributor role to User1
for share1.
• You can assign the Storage File Data SMB Share Reader role to Computer1
for share1.
• You can assign the Storage File Data SMB Share Elevated Contributor role
to User2 for share1.
AZ-104: Real Exam Question and Answer exam series - Part 10
107
You are a big logistics company with many offices and an Azure subscription that contains an
Azure Active Directory (Azure AD) tenant. You need to grant user management permissions to a
local administrator in each office. What should you use?

a) Azure AD roles
b) access packages in Azure AD entitlement management
c) Administrative units
d) Azure roles
AZ-104: Real Exam Question and Answer exam series - Part 10
108
A company has an Azure subscription contains a web app named thetechblackboard.
The company needs to add a custom domain name www.thetechblackboard.com to
thetechblackboard. Which is the first step for the company?

a) Upload SSL certificate

b) Stop the web app
c) Create a DNS record
d) Connect to a web app
AZ-104: Real Exam Question and Answer exam series - Part 10
109
Your organization maintains media files of online library. Overall hundreds of terabytes of data
needs to be sent to Azure. Considering the limited bandwidth of your datacenter you need to find
a quick, inexpensive, and reliable way to transfer this data. The data must be encrypted 256-bit.
What is you option? Select one.

a) Upload using Azure portal

b) Data Box Heavy
c) Data Box Edge
d) Import/Export
AZ-104: Real Exam Question and Answer exam series - Part 10
110
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com. You add contoso.com as a custom
domain name to Azure AD. You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?

a) MX
b) NSEC
c) PTR
d) RRSIG
AZ-104: Real Exam Question and Answer exam series - Part 10
111
You have an Azure Active Directory (Azure AD) tenant. You plan to delete multiple users by using
Bulk delete in the Azure Active Directory admin center. You need to create and upload a file for the
bulk delete. Which user attributes should you include in the file?

a) The user principal name and usage location of each user only
b) The user principal name of each user only
c) The display name of each user only
d) The display name and usage location of each user only
e) The display name and user principal name of each user only
AZ-104: Real Exam Question and Answer exam series - Part 10
112
One or more apps can be configured to run on the same App Service plan.
Yes No

113
Azure VM extensions can be managed using the Azure CLI, PowerShell, Resource Manager
templates, and the Azure portal.
Yes No
114
The Azure portal, the Azure CLI, and Azure PowerShell offer significantly different services, so it is
unlikely that all three will support the operation you need.

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 10
115
You have an Azure subscription named Subscription1 and an on-premises deployment of
Microsoft System Center Service Manager. Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory
on VM1 is below 10 percent. What should you do first?

a) Create an automation runbook

b) Deploy a function app
c) Deploy the IT Service Management Connector (ITSM)
d) Create a notification
AZ-104: Real Exam Question and Answer exam series - Part 11
116
You have an Azure virtual machine named VM1 that runs Windows Server 2019. The VM was
deployed using default drive settings. You sign in to VM1 as a user named User1 and perform the
following actions:
• Create files on drive C.
• Create files on drive D.
• Modify the screen saver timeout.
• Change the desktop background.
You plan to redeploy VM1. Which changes will be lost after you redeploy VM1?

a) the modified screen saver timeout

For Linux based VM’s the temporary disk is
b) the new desktop background
mounted as “/dev/sdb1”.
c) the new files on drive D
d) the new files on drive C
AZ-104: Real Exam Question and Answer exam series - Part 11
117
You sign up for Azure Active Directory (Azure AD) Premium P2. You need to add a user named
[email protected] as an administrator on all the computers that will be joined to the Azure AD
domain. What should you configure in Azure AD?

a) Device settings from the Devices blade
b) Providers from the MFA Server blade
c) User settings from the Users blade
d) General settings from the Groups blade
In the Azure portal, you can manage the
device administrator role on the Devices
page. To open the Devices page:
1. Sign in to your Azure portal as a global
administrator or device administrator.
2. On the left navbar, click Azure Active
Directory.
3. In the Manage section, click Devices.
4. On the Devices page, click Device
settings.
AZ-104: Real Exam Question and Answer exam series - Part 11
118
An IT administrator creates an Azure virtual machine scale set with 10 VMS. However, VMS are
running at max capacity with the CPU being fully consumed and additional VMS are not deploying
in the scale set. You need to ensure that additional VMS are deployed when the CPU is 80%
consumed. What should you do? Select one.

a) Enable the autoscale option.

b) Increase the instance count.
c) Add the scale set automation script to the library.
d) Deploy the scale set automation script.
AZ-104: Real Exam Question and Answer exam series - Part 11
119
A company needs to create a storage account that needs to have the following requirements:
a) Users should be able to add files such as images and videos in primary location
b) The data needs to be available even if a region goes down
c) The solution needs to be cost effective
What is the type of replication that needs to be configured for the storage account?

a) Geo-redundant storage (GRS)

b) Locally redundant storage (LRS)
c) Zone-redundant storage (ZRS)
d) Read-access geo-redundant storage (RA-GRS)
AZ-104: Real Exam Question and Answer exam series - Part 11
120
Your company has an Azure subscription with a storage accounts. Storage account includes a
queue service, a table service, Azure Files and a blob service. You have created two apps that
must be configured to store various types of data to all the storage services You need to
configure the required number of endpoints for the apps.
Solution: You configure four endpoints per app. Does the solution meet the goal?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 11
121
Your company has an Azure subscription with two storage accounts. Each of these storage
accounts includes a queue service, a table service, Azure Files and a blob service. You have
created two apps that must be configured to store various types of data to all the storage services
on the two storage accounts. You need to configure the required number of endpoints for the
apps.
Solution: You configure four endpoints per app. Does the solution meet the goal?

Yes No

https://*mystorageaccount*.blob.core.windows.net/*mycontainer*/*myblob*
AZ-104: Real Exam Question and Answer exam series - Part 11
122
You have an Azure Storage account named storage1. You have an Azure App Service named App1
and an app named App2 that runs in an Azure container instance. Each app uses a managed
identity. You need to ensure that App1 and App2 can read blobs from storage1. The solution must
meet the following requirements:
• Minimize the number of secrets used.
• Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app?
App1 App2
Access keys Access keys
Advanced security Advanced security
Access control (IAM) Access control (IAM)
Shared access signatures (SAS) Shared access signatures (SAS)
AZ-104: Real Exam Question and Answer exam series - Part 11
123
You have a general-purpose v1 Azure Storage account named storage1 that uses locally-
redundant storage (LRS). You need to ensure that the data in the storage account is protected if a
zone fails. The solution must minimize costs and administrative effort. What should you do first?

a) Create a new storage account.

b) Configure object replication rules.
c) Upgrade the account to general-purpose v2.
d) Modify the Replication setting of storage1.
AZ-104: Real Exam Question and Answer exam series - Part 11
124
You have an Azure subscription named Subscription1 that contains a virtual network named
VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1
has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should
you do?

a) Remove User1 from the Security Reader and Reader roles for Subscription1.
b) Assign User1 the User Access Administrator role for VNet1.
c) Assign User1 the Network Contributor role for VNet1.
d) Assign User1 the Network Contributor role for RG1.
AZ-104: Real Exam Question and Answer exam series - Part 11
125
You have an Azure subscription named Subscription1 that Name Type
is used by several departments at your company. Storage1 Storage account
Subscription1 contains the resources in this table: RG1 Resource group
Container1 Container
Share1 File Share

Another administrator deploys a virtual machine named VM1 and an Azure Storage account
named storage2 by using a single Azure Resource Manager template. You need to view the
template used for the deployment.
From which blade can you view the template that was used for the deployment?

a) Storage1 b) RG1 c) Container1 d) Share1

AZ-104: Real Exam Question and Answer exam series - Part 11
126
You have an Azure web app named App1 having deployment slots shown in the following table:
Name Env Type
Webapp1-prod Production
Webapp1-test Test

In webapp1-test, you test several changes to App1. You back up App1. You swap webapp1-test
for webapp1-prod and discover that App1 is experiencing performance issues. You need to revert
to the previous version of App1 as quickly as possible. What should you do?

a) Redeploy App1
b) Swap the slots
c) Clone App1
d) Restore the backup of App1
AZ-104: Real Exam Question and Answer exam series - Part 11
127
Azure backup has unlimited data transfer.
Yes No
128
Azure Backup requires which of the following?

a) A dedicated backup server.

b) A recovery service vault.
c) An Azure blob storage container.
AZ-104: Real Exam Question and Answer exam series - Part 11
129
Your company want to backup files and folders to Azure. Which of these steps should be
completed first?

a) Download the agent and credential file.

b) Configure the backup.
c) Create the recovery services vault.
AZ-104: Real Exam Question and Answer exam series - Part 11
130
You have an Azure subscription named Subscription1. You create an Azure Storage account
named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share?

a) contosostorage.file.core.windows.net\data
b) data.file.core.windows.net\contosostorage
c) contosostorage.blob.core.windows.net\data
d) data.blob.core.windows.net\contosostorage
AZ-104: Real Exam Question and Answer exam series - Part 12
131
You have an Azure subscription that contains a resource group named RG1. RG1 is set to the West
Europe location and is used to create temporary resources for a project. RG1 contains the
resources shown in the following table.
Name Type Location SQLDB01 is backed up to RGV1.
VM1 Virtual machine North Europe When the project is complete, you attempt to
RGV1 Recovery service vault North Europe delete RG1 from the Azure portal. The deletion
SQLDB01 SQL server in Azure VM North Europe fails. You need to delete RG1.
sa1 Storage account West Europe What should you do first?

a) Delete VM1
b) Stop VM1
c) Stop the backup of SQLDB01
d) Delete sa1
AZ-104: Real Exam Question and Answer exam series - Part 12
132
Log analytics agents can run on which of the following?

a) Only on physical computers.

b) Only on cloud computers.
c) On many different platforms including other cloud providers.
AZ-104: Real Exam Question and Answer exam series - Part 12
133
You deploy an Azure Kubernetes Service
Containers will be assigned an IP address in the subnet.
(AKS) cluster that has the network profile
10.244.0.0/16
shown in the following exhibit.
10.0.0.0/16
172.17.0.1/16

Services in the AKS cluster will be assigned an IP address in

the subnet.
10.244.0.0/16
10.0.0.0/16
172.17.0.1/16

POD CIDR:
• This address range must be large enough to accommodate the number of nodes that you expect to scale up to.
• You can't change this address range once the cluster is deployed if you need more addresses for additional
nodes.
AZ-104: Real Exam Question and Answer exam series - Part 12
134
You have an Azure subscription that includes following resources:
Name Type You plan to export data by using Azure import/export job named
container1 Blob container Export1.
DB1 SQL database You need to identify the data that can be exported by using
Share1 File Share Export1.
Table1 Azure Table Which data should you identify?

a) DB1
b) container1
c) share1
d) Table1
AZ-104: Real Exam Question and Answer exam series - Part 12
135
A company has an Azure Directory tenant named abc.com containing the groups in the below
table, Also given configuration of two user accounts. To which groups do User1 and User2
belong?
Name Group Membership Membership Rule User 1
Type Group1
Group1 Security Dynamic User (user.department --ne “IT") Group 2
Group2 MS o365 Dynamic User (user.Country --startsWith “I") Group 3
Group3 MS o365 Assigned Not available Group 2 and 3
Name Departme Country O365 License
User 2
nt
Group1
User1 Revenue United States Yes
Group 2
User2 Research India No
Group 3
Group 1 and 2
AZ-104: Real Exam Question and Answer exam series - Part 12
136
You have an Azure subscription. Users access the resources in the subscription from either home
or from customer sites. From home, users must establish a point-to-site VPN to access the Azure
resources. The users on the customer sites access the Azure resources by using site-to-site
VPNs. You have a line-of-business-app named App1 that runs on several Azure virtual machine.
The virtual machines run Windows Server 2016. You need to ensure that the connections to App1
are spread across all the virtual machines. What are two possible Azure services you can use?
A: The customer sites are connected through VPNs, so an internal load balancer is enough.

B: The customer sites are connected through VPNs, so there's no need for a public load balancer, an internal
a) an
load internal
balancer load balancer
is enough.
b) a public load balancer
C: A CDN does not provide load balancing for applications, so it not relevant for this situation.
c) an Azure Content Delivery Network (CDN)
D: Traffic manager is a DNS based solution to direct users' requests to the nearest (typically) instance and
d) Traffic
does Manager
not provide load balancing for this situation.
e) an Azure Application Gateway
E: Azure Application Gateway is a valid option, as it provides load balancing in addition to routing and
security functions
AZ-104: Real Exam Question and Answer exam series - Part 12
137
You have an on-premises server that contains a folder named D:\Folder1. You need to copy the
contents of D:\Folder1 to the public container in an Azure Storage account named contosodata.
Which command should you run?

a) https://techdata.blob.core.windows.net/public
b) azcopy sync D:\folder1 https://techdata.blob.core.windows.net/public --snapshot
c) azcopy copy D:\folder1 https://techdata.blob.core.windows.net/public --recursive
d) az storage blob copy start-batch D:\Folder1 https://techdata.blob.core.windows.net/public
AZ-104: Real Exam Question and Answer exam series - Part 12
138
Can I move/migrate my cluster between Azure tenants?

Yes No
139
Can I move/migrate my cluster between subscriptions?

Yes No

140
Can I move my AKS cluster or AKS infrastructure resources to other resource groups or rename
them?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 12
141
You have an Azure virtual machine named VM1. You use Azure Backup to create a backup of VM1
named Backup1. After creating Backup1, you perform the following changes to VM1:
• Modify the size of VM1.
• Copy a file named Budget.xls to a folder named Data.
• Reset the password for the built-in administrator account.
• Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1. You need to
ensure that all the changes to VM1 are restored. Which change should you perform again?

a) Modify the size of VM1.

b) Reset the password for the built-in administrator account.
c) Add a data disk.
d) Copy Budget.xls to Data.
AZ-104: Real Exam Question and Answer exam series - Part 12
142
You need to create an Azure Storage account that meets the following requirements:
• Minimizes costs
• Supports hot, cool, and archive blob tiers
• Provides fault tolerance if a disaster affects the Azure region where the account resides
How should you complete the command? To answer, select the appropriate options in the answer
area.
az storage account create -n mystorageaccount -g MyResourceGroup --kind ??? --sku ???

--kind --sku
BlobStorage Standard_GRS
Storage Standard_LRS
StorageV2 Standard_RAGRS
Standard_LRS

az storage account create -n mystorageaccount -g MyResourceGroup --kind StorageV2 --sku Standard_LRS

AZ-104: Real Exam Question and Answer exam series - Part 12
143
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User
administrator role is assigned to a user named Admin1. An external partner has a Microsoft
account that uses the [email protected] sign in. Admin1 attempts to invite the external partner
to sign in to the Azure AD tenant and receives the following error message “Unable to invite user
[email protected], Generic authorization exception” You need to ensure that Admin1 can invite
the external partner to sign into the Azure AD tenant.
What should you do?

a) From the Users settings blade, modify the External collaboration settings.
b) From the Custom domain names blade, add a custom domain.
c) From the Organizational relationships blade, add an identity provider.
d) From the Roles and administrators blade, assign the Security administrator role to Admin1.
AZ-104: Real Exam Question and Answer exam series - Part 12
144
You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a
user account named User1. You need to ensure that User1 can assign a policy to the tenant root
management group. What should you do?
a) Assign the Owner role for the Azure Subscription to User1, and then modify the default
conditional access policies.
b) Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure
access management for Azure resources.
c) Assign the Azure AD Global Administrator role to User1, and then instruct User1 to configure
access management for Azure resources.
d) Create a new management group and delegate User1 as the owner of the new management
group.
AZ-104: Real Exam Question and Answer exam series - Part 12
145
A company has several Azure VMS that are currently running production workloads. There is a mix
of production Windows Server and Linux servers. Which of the following is the best choice for
production backups?

a) Azure repos An Azure Snapshot is a read-only copy of the existing

disk in the Microsoft Azure Cloud. This snapshot can be
b) Managed snapshots used as a backup or to create a virtual machine.
However, the snapshot is only for a single point in time
c) Azure Backup and is not the best choice for production
environments.
d) Azure Site Recovery

https://www.facebook.com/thetechblackboard

https://www.instagram.com/askthetechblackboard

https://twitter.com/Dtechblackboard
AZ-104: Real Exam Question and Answer exam series - Part 13
146
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure
Resource Manager template named ARM1.json. You receive a notification that VM1 will be
affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?
Yes No

147
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure
Resource Manager template named ARM1.json. You receive a notification that VM1 will be
affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Update management blade, you click Enable. Does this meet the goal?
Yes No
AZ-104: Real Exam Question and Answer exam series - Part 13
148
You have an Azure subscription that contains the resources shown in the following table.
Name Type Region VM1 connects to VNET1. You need to connect
RG1 Resource Group West US VM1 to VNET2.
RG2 Resource Group East Asia Solution: You move VM1 to RG2, and then you
storage1 Storage account West US add a new network interface to VM1.
storage2 Storage account East Asia Does this meet the goal?
VM1 Virtual Machine West US
VNET1 Virtual Network West US
VNET2 Virtual Network East Asia

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 13
149
You have an Azure subscription that contains the resources shown in the following table.
Name Type Region VM1 connects to VNET1. You need to connect
RG1 Resource Group West US VM1 to VNET2.
RG2 Resource Group East Asia Solution: You delete VM1. You recreate VM1, and
storage1 Storage account West US then you create a new network interface for VM1
storage2 Storage account East Asia and connect it to VNET2.
VM1 Virtual Machine West US Does this meet the goal?
VNET1 Virtual Network West US
VNET2 Virtual Network East Asia

When you create an Azure Virtual Machine

Yes No (VM), you must create a Virtual Network
(VNet) or use an existing VNet. You can
change the subnet a VM is connected to after
it's created, but you cannot change the VNet.
You can also change the size of a VM.
AZ-104: Real Exam Question and Answer exam series - Part 13
150
You have an Azure subscription named Subscription1 You plan to deploy the virtual machines shown in the
containing following quotas: 1 following table. 3
Quota Location Usage Name Size vCPUs
Standard BS Family vCPUs West US 0 of 20 VM3 Standard_B2ms 1
Standard D Family vCPUs West US 0 of 20 VM4 Standard_D4s_v3 4
Total regional vCPUs West US 0 of 20 VM5 Standard_B16ms 16

You deploy virtual machines to Subscription1 as shown in Statement Yes No

the following table. 2
Name Size vCPU Location Status • You can deploy VM3 to West US.
s
VM1 Standard_B2ms 2 West US Running
• You can deploy VM4 to West US.
VM20 Standard_B16m 16 West US Stopped
s (Deallocated)
• You can deploy VM5 to West US.

1st: Yes, We can add 1 vCPU. 2 vCPUs (VM1) + 16 vCPUs (VM20) + 1 vCPU (VM3) = 19 vCPUs
2nd: No, We cannot add 4 vCPUs. 2 vCPUs (VM1) + 16 vCPUs (VM20) + 4 vCPU (VM4) = 22 vCPUs
3rd: No, We cannot add 16 vCPU. 2 vCPUs (VM1) + 16 vCPUs (VM20) + 16 vCPU (VM5) = 34 vCPUs
AZ-104: Real Exam Question and Answer exam series - Part 13
151
Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid
coexistence with the on-premises Active Directory domain. The on-premise virtual environment
consists of virtual machines (VMs) running on Windows Server 2012 R2 Hyper-V host servers.
You have created some PowerShell scripts to automate the configuration of newly created VMs.
You plan to create several new VMs. You need a solution that ensures the scripts are run on the
new VMs. Which of the following is the best solution?
a) Configure a SetupComplete.cmd batch file in the %windir%\setup\scripts directory.
b) Configure a Group Policy Object (GPO) to run the scripts as logon scripts.
c) Configure a Group Policy Object (GPO) to run the scripts as startup scripts.
d) Place the scripts in a new virtual hard disk (VHD).
AZ-104: Real Exam Question and Answer exam series - Part 13
152
Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid
coexistence with the on-premises Active Directory domain. You plan to deploy several new virtual
machines (VMs) in Azure. The VMs will have the same operating system and custom software
requirements. You configure a reference VM in the on-premise virtual environment. You then
generalize the VM to create an image. You need to upload the image to Azure to ensure that it is
available for selection when you create the new Azure VMs. Which PowerShell cmdlets should you
use?

a) Add-AzVM
b) Add-AzVhd
c) Add-AzImage
d) Add-AzImageDataDisk
AZ-104: Real Exam Question and Answer exam series - Part 13
153
The development team asks you to provision an Azure storage account for their use. To remain in
compliance with IT security policy, you need to ensure that the new Azure storage account meets
the following requirements:
- Data must be encrypted at rest.
- Access keys must facilitate automatic rotation.
- The company must manage the access keys.

a) Configure the storage account to store its keys in Azure Key Vault.
b) Create a service endpoint between the storage account and a virtual network (VNet).
c) Require secure transfer for the storage account.
d) Enable Storage Service Encryption (SSE) on the storage account.
AZ-104: Real Exam Question and Answer exam series - Part 13
154
You have web app in the West US, Central US and East US Azure regions. You have the App plans
shown in the following table.
Name Operating system Location SKU and Size
ASP1 Windows West US Standard S1
ASP2 Linux Central US Premium V2 P1v2
ASP3 Linux East US Premium V2 P1v2
ASP4 Linux East US Premium V2 P1v2

You plan to create an additional App Service plan named ASPs that will use the Linux operating
system. You need to identify in which of the currently used locations you can deploy ASPs.
What should you recommend?
a) Central US only
b) West US, Central US, or East US
c) East US only
d) West US only
AZ-104: Real Exam Question and Answer exam series - Part 13
155
The infrastructure team is responsible for managing a production web app. The app requires
scaling to five instances, 40GB of storage, and a custom domain name. A least cost solution is
desired. Which App Service Plan would meet the requirements?
a) Basic
b) Standard
c) Premium
AZ-104: Real Exam Question and Answer exam series - Part 13
156
Your company website is “Thetechblackboard.com”. Your marketing team wants to know which
web pages are most popular, at what times of day, and where the users are located. Which of the
following should be recommended?
a) Application Insights
b) Azure Monitor
c) Application logging
AZ-104: Real Exam Question and Answer exam series - Part 13
157
Can you have different VM sizes in a single cluster?

Yes No
158
Can you provide your own name for the AKS node resource group?

Yes No

159
Can you run Windows Server containers on AKS?

Yes No
AZ-104: Real Exam Question and Answer exam series - Part 13
160
Suppose you are building a photo-editing application that will offer online storage for user-
generated photo content. You will store the photos in Azure Blobs, so you need to create an Azure
storage account to contain the blobs. Once the storage account is in place, it is unlikely you would
remove and recreate it because this would delete all the user photos.
Which tool is likely to offer the quickest and easiest way to create the storage account?
a) Azure Portal
b) Azure CLI
c) Azure Powershell
AZ-104: Real Exam Question and Answer exam series - Part 14
161
You have an Azure subscription that contains the following VM1 has a public IP address and
resources: is connected to Subnet1. NSG-
• A virtual network that has a subnet named Subnet1 VM1 is associated to the network
• Two network security groups (NSGs) named NSG-VM1 and NSG- interface of VM1. NSG-Subnet1 is
Subnet1
• A virtual machine named VM1 that has the required Windows Server
associated to Subnet1. You need
configurations to allow Remote Desktop connections to be able to establish Remote
NSG-Subnet1 has the default inbound security rules only. NSG- Desktop connections from the
VM1 has the default inbound security rules and the following internet to VM1.
custom inbound security rule: Solution: You add an inbound
Priority: 100 Source: Any Source port range: * Destination: * security rule to NSG-Subnet1 that
allows connections from the
Destination port range: 3389 Protocol: UDP Action: Allow
internet source to the Virtual
Network destination for port
range 3389 and uses the UDP
Yes No protocol.
Does this meet the goal?
AZ-104: Real Exam Question and Answer exam series - Part 14
162
You have an Azure subscription that contains the following VM1 has a public IP address and
resources: is connected to Subnet1. NSG-
• A virtual network that has a subnet named Subnet1 VM1 is associated to the network
• Two network security groups (NSGs) named NSG-VM1 and NSG- interface of VM1. NSG-Subnet1 is
Subnet1
• A virtual machine named VM1 that has the required Windows Server
associated to Subnet1. You need
configurations to allow Remote Desktop connections to be able to establish Remote
NSG-Subnet1 has the default inbound security rules only. NSG- Desktop connections from the
VM1 has the default inbound security rules and the following internet to VM1.
custom inbound security rule: Solution: You add an inbound
Priority: 100 Source: Any Source port range: * Destination: * security rule to NSG-Subnet1 that
allows connections from the Any
Destination port range: 3389 Protocol: UDP Action: Allow
source to the *destination for
port range 3389 and uses the
TCP protocol. You remove NSG-
Yes No VM1 from the network interface
of VM1. Does this meet the goal?
AZ-104: Real Exam Question and Answer exam series - Part 14
163
An administrator is deploying couple of new virtual machines in Azure subscription via
automation. All VMS will be deployed in the resource group RG07 based on an ARM template
that is stored in GitHub. Which TWO commands should the administrator use ?

a) New-AzResourceGroupDeployment
b) New-AzVM
c) az group deployment create
d) az vm create
AZ-104: Real Exam Question and Answer exam series - Part 14
164
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure
virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer
named Computer2. You need to ensure that you can establish a point-to-site VPN connection to
VNet1 from Computer2.
Solution: You export the client certificate from Computer1 and install the certificate on
Computer2.
Does this meet this goal?

Yes No

Each client computer that connects to a VNet using Point-to-Site must have a client
certificate installed. You generate a client certificate from the self-signed root
certificate, and then export and install the client certificate. If the client certificate is not
installed, authentication fails.
AZ-104: Real Exam Question and Answer exam series - Part 14
165
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure
virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer
named Computer2. You need to ensure that you can establish a point-to-site VPN connection to
VNet1 from Computer2.
Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet this goal?

Yes No

A client computer that connects to a VNet using Point-to-Site must have a client
certificate installed.
AZ-104: Real Exam Question and Answer exam series - Part 14
166
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure
virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer
named Computer2. You need to ensure that you can establish a point-to-site VPN connection to
VNet1 from Computer2.
Solution: You join Computer2 to Azure Active Directory (Azure AD).
Does this meet this goal?

Yes No

A client computer that connects to a VNet using Point-to-Site must have a client
certificate installed.
AZ-104: Real Exam Question and Answer exam series - Part 14
167
You have an Azure subscription that contains the following resources:
• 100 Azure virtual machines
• 20 Azure SQL databases
• 50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup.
What is the minimum number of backup policies that you must create?

a) 1
b) 2
c) 3
d) 120
e) 170
AZ-104: Real Exam Question and Answer exam series - Part 14
168
You are troubleshooting a performance issue for an Azure Application Gateway.
You need to compare the total requests to the failed requests during the past six hours.
What should you use?
a) Metrics in Application Gateway
b) Diagnostics logs in Application Gateway
c) NSG flow logs in Azure Network Watcher
d) Connection monitor in Azure Network Watcher
AZ-104: Real Exam Question and Answer exam series - Part 14
169
You create the following resources in a subscription:
• An Azure Container Registry instance named Registry1
• An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App1 on your administrative workstation. You need to deploy
App1 to cluster1. What should you do first?

a) Create a host pool on Cluster1

b) Run the docker push command.
c) Run the kubect1 apply command.
d) Run the az aks create command.

An Azure container registry stores and manages private Docker container images similar to
the the way Docker Hub stores public Docker images. You can use the Docker command-line
interface (Docker CLI) for login, push, pull, and other operations on your container registry.
AZ-104: Real Exam Question and Answer exam series - Part 14
170
You have an Azure 1 Name Location RG1 contains resources shown in the 2
subscription that contains RG1 West US following table.
the resource groups shown RG2 East US
Name Type Location
in the following table. storage1 Storage Account West US
VM1 is running and connects to NIC1 and Disk1. VNET1 Virtual Network West US
NIC1 connects to VNET1. NIC1 Network Interface West US
RG2 contains a public IP address named IP2 that Disk1 Disk West US
is in the East US location. IP2 is not assigned to a VM1 Virtual Machine West US
virtual machine.
3
Choose all that apply:
• You can move storage1 to RG2
• You can move NIC1 to RG2
• If you move IP2 to RG1, the location of IP2 will change
AZ-104: Real Exam Question and Answer exam series - Part 14
171
Your company wants to move all services to Azure Kubernetes service. Which of the following
components contributes to the monthly Azure charge?

a) Master Node
b) Per deployed pod
c) Per node VM
AZ-104: Real Exam Question and Answer exam series - Part 14
172
You need to resolve the Active Directory issue. What should you do?
a) Run the IdFix tool then use the Update actions.
b) From Active Directory Domains and Trusts, modify the list of UPN suffixes.
c) From Azure AD Connect, modify the outbound synchronization rule.
d) From Active Directory Users and Computers, select the user accounts and then modify the UPN
suffix value.

IdFix is used to perform discovery and remediation of identity objects and their
attributes in an on-premises Active Directory environment in preparation for migration
to Azure Active Directory. IdFix is intended for the Active Directory administrators
responsible for directory synchronization with Azure Active Directory.
AZ-104: Real Exam Question and Answer exam series - Part 14
173
Which of the following is the Kubernetes agent that processes the orchestration requests and
schedules running the requested containers?
a) container
b) node
c) kubelet
174
You have an Azure subscription. You are deploying an Azure Kubernetes Service (AKS) cluster that
will contain multiple pods. The pods will use kubernet networking. You need to restrict network
traffic between the pods. What should you configure on the AKS cluster?
a) the Azure network policy
b) the Calico network policy
c) pod security policies
d) an application security group
AZ-104: Real Exam Question and Answer exam series - Part 14
175
You are part of the infrastructure team. You need to configure networking for the Azure Kubernetes
service. Which of the following services would be best for internal-only applications that support
other workloads within the cluster?
a) LoadBalancer
b) ClusterIP
c) NodePort

ClusterlP creates an internal IP address for use within the AKS cluster. This is
good for internal-only applications that support other workloads within the cluster.
AZ-104: Real Exam Question and Answer exam series - Part 15
176
You have an Azure subscription that contains an Azure Storage account. You plan to create an
Azure container instance named container1 that will use a Docker image named Image1. Image1
contains a Microsoft SQL Server instance that requires persistent storage. You need to configure a
storage service for Container1. What should you use?
a) Azure Files
b) Azure Blob storage
c) Azure Queue storage
d) Azure Table storage

Azure file shares can be used as persistent volumes for stateful containers. Containers deliver "build once,
run anywhere" capabilities that enable developers to accelerate innovation. For the containers that access
raw data at every start, a shared file system is required to allow these containers to access the file system
no matter which instance they run on.
AZ-104: Real Exam Question and Answer exam series - Part 15
177
You have an Azure subscription that contains a web app named webapp1. You need to add a
custom domain named www.contoso.com to webapp1. What should you do first?
a) Create a DNS record
b) Add a connection string
c) Upload a certificate.
d) Stop webapp1.
AZ-104: Real Exam Question and Answer exam series - Part 15
178
Suppose you have a script that creates several VMS with different images. When the script issues
the command to create the first VM you do not want to block the script while the VM is created,
instead you want the script to immediately move on to the next command. What is the best way to
do this?
a) Add the '--async' argument to your create command.
b) Use the ampersand (&) to run the process in the background.
c) Add the '--no-wait' argument to your create command.

Adding '--no-wait’ will cause 'azure VM create' to return immediately without waiting for the VM to
be actually created.
AZ-104: Real Exam Question and Answer exam series - Part 15
179
You create the following resources in an Azure subscription:
• An Azure Container Registry instance named Registry1
• An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App1 on your administrative workstation. You need to deploy
App1 to Cluster1. What should you do first?
a) Run the docker push command.
b) Create an App Service plan.
c) Run the az acr build command.
d) Run the az aks create command.

You should sign in and push a container image to az acr build \

Container Registry. --image contoso-website \
Run the az acr build command to build and push the --registry $ACR_NAME \
container image. --file Dockerfile .
AZ-104: Real Exam Question and Answer exam series - Part 15
180
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines
will host a web app named App1. You need to ensure that at least two virtual machines are
available if a single Azure datacenter becomes unavailable. What should you deploy?
a) all three virtual machines in a single Availability Zone
b) all virtual machines in a single Availability Set
c) each virtual machine in a separate Availability Zone
d) each virtual machine in a separate Availability Set
AZ-104: Real Exam Question and Answer exam series - Part 15
181
What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally?
a) The Azure cloud shell
b) The base PowerShell product and the Az module
c) The Azure CLI and Azure PowerShell
AZ-104: Real Exam Question and Answer exam series - Part 15
182
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are
configured as web servers. You have an Azure load balancer named LB1 that provides load
balancing services for the virtual machines. You need to ensure that visitors are serviced by the
same web server for each request. What should you configure?
a) Floating IP (direct server return) to Enabled
b) Floating IP (direct server return) to Disabled
c) a health probe
d) Session persistence to Client IP and Protocol

With Sticky Sessions when a client starts a session on one of your web servers, session stays on
that specific server. To configure an Azure Load-Balancer for Sticky Sessions set Session
persistence to Client IP.
AZ-104: Real Exam Question and Answer exam series - Part 15
183
Your company has three offices. The offices are in Miami, Los Angeles, and New York. Each office
contains datacenter. You have an Azure subscription that contains resources in the East US and
West US Azure regions. Each region contains a virtual network. The virtual networks
are peered. You need to connect the datacenters to the subscription. The solution must minimize
network latency between the datacenters. What should you create?

a) three Azure Application Gateways and one On-premises data gateway

b) three virtual hubs and one virtual WAN
c) three virtual WANs and one virtual hub
d) three On-premises data gateways and one Azure Application Gateway
AZ-104: Real Exam Question and Answer exam series - Part 15
184
When assigning private IPv4 addresses in a subnet with the address range 10.3.0.0/16, which of
the following addresses are available for assignment dynamically?
a) 10.3.0.2
b) 10.3.255.255
c) 10.3.255.254

a) 10.3.0.2: That's incorrect. Azure reserves the first four addresses in each subnet address range.
These four addresses can't be assigned to resources: 10.3.0.0, 10.3.0.1, 10.3.0.2 and 10.3.0.3.

b) 10.3.255.255: That's incorrect. This is the subnet broadcast address, which is unavailable.
AZ-104: Real Exam Question and Answer exam series - Part 15
185
You are using blob storage. Which of the following is true? Select one.
a) The cool access tier is for frequent access objects in the storage account.
b) The hot access tier is for storing large amounts of data that is infrequently accessed.
c) The performance tier you select does not affect pricing.
d) You can switch between hot and cool performance tiers at any time.
AZ-104: Real Exam Question and Answer exam series - Part 15
186
You host a service with two Azure virtual machines. You discover that occasional outages cause
your service to fail. What two actions can you do to minimize the impact of the outages? Select
two

a) Add a load balancer.

b) Put the virtual machines in an availability set.
c) Put the virtual machines in a scale set.
d) Add a network gateway.
e) Add a third instance of the virtual machine.
AZ-104: Real Exam Question and Answer exam series - Part 15
187
How many resource groups are created for each AKS deployment
a) 1
b) 2
c) 3
d) 4

Each AKS deployment spans two resource groups:

1. First resource group: This one is created by you it contains only the
Kubernetes service resource.
2. The second resource group, known as the node resource group, contains
all of the infrastructure resources associated with the cluster.
AZ-104: Real Exam Question and Answer exam series - Part 15
188
What is the Azure ExpressRoute service?

a) Azure ExpressRoute is a service that provides a VPN connection between on-premises and the
Microsoft cloud.
b) Azure ExpressRoute is a service that provides a direct connection from the on-premises
datacenter to the Microsoft cloud.
c) Azure ExpressRoute is a service that provides a site-to-site VPN connection between the on-
premises network and the Microsoft cloud.
AZ-104: Real Exam Question and Answer exam series - Part 15
189
You're currently using network security groups (NSGs) to control how your network traffic flows
in and out of your virtual network subnets and network interfaces. You want to customize how
your NSGs work. For all incoming traffic, you need to apply your security rules to both the
virtual machine and subnet level. Which of the following options will let you accomplish this?
(Choose two)

a) Configure the AllowVNetInBound security rule for all new NSGs.

b) Create rules for both NICs and subnets with an allow action.
c) Delete the default rules.
d) Add rules with a higher priority than the default rules.
AZ-104: Real Exam Question and Answer exam series - Part 15
190
A company plans to copy an on-premises VM image to a container named myimages. Which
command should you run in order to create the container for the planned image?

azcopy copy Your account-name table .core.windows.net/myimages

sync image
make blob

azcopy make "https://[account-name].[blob,file,dfs].core.windows.net/[top-level-

resource-name]"