Microsoft Azure Administrator - AZ-104 Exam Practice Test
You have an Azure subscription.
You need to receive an email alert when a resource lock is removed from any resource in the subscription What should you use to create an activity log alert in Azure Monitor?
You need to receive an email alert when a resource lock is removed from any resource in the subscription What should you use to create an activity log alert in Azure Monitor?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription that contains the resources shown in the following table.
All the resources connect to a virtual network named VNet1.
You plan to deploy an Azure Bastion host named Bastion1 to VNet1.
Which resources can be protected by using Bastion1?
All the resources connect to a virtual network named VNet1.
You plan to deploy an Azure Bastion host named Bastion1 to VNet1.
Which resources can be protected by using Bastion1?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription that contains the virtual networks shown in the following table.
You add a service endpoint to each subnet as shown in the following table.
You create the service endpoint policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You add a service endpoint to each subnet as shown in the following table.
You create the service endpoint policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Service endpoint policies are used to restrict virtual network traffic over service endpoints to only specific Azure resources (for example, specific Storage accounts). Microsoft's service endpoint policy limitations state two key rules that apply directly here: (1) "Virtual networks must be in the same region and subscription as the service endpoint policy," and (2) "You can only apply a service endpoint policy on a subnet if service endpoints are configured for the Azure services listed in the policy." Microsoft Learn Given the configuration, Subnet2 has the service endpoint Microsoft.KeyVault, not Storage. Because the subnet does not have a Storage service endpoint configured, a Storage service endpoint policy (Policy1) can't be associated to Subnet2. Microsoft Learn Subnet1 is in VNet1 (East US), while Policy2 is created in West US. Since service endpoint policies must be in the same region as the virtual network/subnet they're applied to, Policy2 cannot be associated to Subnet1.
Microsoft Learn
Subnet3 is in VNet2 (West US) and has the Microsoft.Storage service endpoint configured, matching Policy2' s region and service requirement. Therefore, Policy2 can be associated to Subnet3. Microsoft Learn
You have an Azure subscription that contains virtual machine named VM1.
You need to back up VM. The solution must ensure that backups are stored across three availability zones in the primary region.
Which three actions sh ould you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to back up VM. The solution must ensure that backups are stored across three availability zones in the primary region.
Which three actions sh ould you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
According to 1, Availability Zones are unique physical locations within an Azure region that provide high availability and disaster recovery for your virtual machines. To back up your VM across three availability zones in the primary region, you need to perform the following actions in sequence:
Create a Recovery Services vault2 that will store your backups and enable geo-redundancy for cross-region protection.
For VM1, create a backup policy and configure the backup2 to use the Recovery Services vault as the backup destination.
Configure a replication policy1 that will replicate your VM1 to another availability zone in the same region.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have a Standard Azure App Service plan named Plan1.
You need to ensure that Plan1 will scale automatically when the CPU usage of the web app exceeds 80 percent What should you select for Plan1?
You need to ensure that Plan1 will scale automatically when the CPU usage of the web app exceeds 80 percent What should you select for Plan1?
Correct Answer: E
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
The subscription contains the users shown in the following table.
You have the following Bicep file named Deploy.bicep.
You run the following command.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The subscription contains the users shown in the following table.
You have the following Bicep file named Deploy.bicep.
You run the following command.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
No
Yes
No
The command creates a resource group-scoped deployment stack in RG1 and enables deny settings using - DenySettingsMode DenyWriteAndDelete with -ActionOnUnmanage DetachAll. Deployment stacks manage the resources defined in the template (here, VNet2 and Subnet1) and can apply deny assignments that block changes to managed resources. Microsoft states that deny settings "define the operations that are prohibited on the managed resources" and that "this restriction applies to everyone unless they're explicitly granted access" (for example, excluded principals). Microsoft Learn Therefore, even though Admin1 is Owner at the subscription scope, the deny assignment still prevents delete and write operations against VNet2 outside controlled stack updates, so Admin1 cannot delete VNet2 and cannot add a subnet to VNet2 (adding a subnet is a write/update to the VNet). Microsoft Learn For VNet1, it already exists in RG1 and is not defined in the Bicep file, so it is not a managed resource of the stack. The deny settings apply to managed resources, so they do not block updates to VNet1. Admin2 has the Contributor role scoped to RG1, which Microsoft describes as granting "full access to manage all resources" at that scope (except assigning roles). Microsoft Learn Hence, Admin2 can add a subnet to VNet1.
You plan to move a distributed on-premises app named App1 to an Azure subscription.
After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create?
After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure Storage account named storage1.
You need to enable a user named User1 to list and regenerate storage account keys for storage1.
Solution: You assign the Storage Account Contributor role to User1.
Does this meet the goal?
You need to enable a user named User1 to list and regenerate storage account keys for storage1.
Solution: You assign the Storage Account Contributor role to User1.
Does this meet the goal?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure AD tenant that is linked to 10 Azure subscriptions.
You need to centrally monitor user activity across all the subscriptions.
What should you use?
You need to centrally monitor user activity across all the subscriptions.
What should you use?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription that contains a virtual network named VNET in the East Us 2 region. A network interface named VM1-NI is connected to VNET1.
You successfully deploy the following Azure Resource Manager template.
You successfully deploy the following Azure Resource Manager template.
Correct Answer:
Explanation:
" A resource can only be created in a virtual network that exists in the same region and subscription as the resource. " https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design- arm#regions
You have an Azure subscription that contains the virtual machines shown in the following table.
javascript:void(0)
You deploy a load balancer that has the following configurations:
* Name: LB1
* Type internal
* SKU: Standard
* Virtual network VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
javascript:void(0)
You deploy a load balancer that has the following configurations:
* Name: LB1
* Type internal
* SKU: Standard
* Virtual network VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
*Name: LB1
*Type: Internal
*SKU: Standard
*Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.
You deploy a load balancer that has the following configurations:
*Name: LB1
*Type: Internal
*SKU: Standard
*Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription that contains two peered virtual networks named VNet1 and VNet2. VNet1 has a VPN gateway that uses static routing.
The on-premises network has a VPN connection that uses the VPN gateway of VNet1.
You need to configure access for users on the on-premises network to connect to a virtual machine on VNet2.
The solution must minimize costs.
Which type of connectivity should you use?
The on-premises network has a VPN connection that uses the VPN gateway of VNet1.
You need to configure access for users on the on-premises network to connect to a virtual machine on VNet2.
The solution must minimize costs.
Which type of connectivity should you use?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).