Free Preparation Discussions
MENU
Microsoft AZ-104 Exam
- Topic 1: Azure Identity Management and Management/ Configure Igure self-service password reset
- Topic 2: Manage group users and group properties/ Create group users and groups/ Configure joining Azure AD
- Topic 3: Provide access to Azure resources by specifying roles and memberships or resource groups/ Manage guest accounts
- Topic 4: Investment and Management Department/ Role-based access control management
- Topic 5: Explain registration tasks Manage multiple directories/ Configure resource locking
- Topic 6: Settings Manage device settings/ Apply bulk user update/ Manage Azure AD objects
- Topic 7: Manage Membership to configure cost management/ Create, manage, move resources, or remove resource group rotation groups
- Topic 8: Configure network access for storage accounts/ Storage implementation and management
- Topic 9: Configure Azure AD authentication for the storage account/ Create a group administration group
- Topic 10: Ure Azure Repository Replication Application/ Create and configure storage accounts
- Topic 11: Data Management Azure Storage/ Create a shared access signature/ Manage storage accounts
- Topic 12: Install and use Azure Storage Explorer/ Export from Azure functionality
- Topic 13: Create Azure files and Azure Blob storage/ Create and configure the Azure File Sync service
- Topic 14: Configure large binary digit storage layers/ Configure Igure Azure Big Data Storage
- Topic 15: Configure the VM for high availability and scalability/ Deploy and manage Azure account resources
- Topic 16: Automate the deployment and configuration of virtual machines/ High availability configuration
- Topic 17: Automate configuration management with extension-specific script extensions/ Create Azure file sharing
- Topic 18: Modify the Azure Resource Manager (ARM) template/ Create a VHD template. Deploy from template
- Topic 19: Moving virtual machines from one resource group to another/ Publish and create a metric group
- Topic 20: Create and configure K Azure Governorate Service (AKS)/ Create and configure the Service plan for the Plan application
Free Microsoft AZ-104 Exam Actual Questions
The questions for AZ-104 were last updated On Nov. 26, 2023
You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for Appl. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.
What should you include in the Availability Set?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
A custom policy definition is a way to define your own rules for using Azure resources. You can use custom policies to enforce compliance, security, cost management, or organization-specific requirements. However, a custom policy definition alone is not enough to meet the goal of automatically blocking TCP port 8080 between the virtual networks. You also need to create a policy assignment that applies the custom policy definition to the scope of the subscription. A policy assignment is the link between a policy definition and an Azure resource. Without a policy assignment, the custom policy definition will not take effect. Therefore, the solution does not meet the goal.
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud.
Traffic analytics - Azure Network Watcher | Microsoft Learn
Traffic analytics FAQ - Azure Network Watcher | Microsoft Learn
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.
On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK)
You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To prepare a key vault for Azure Disk Encryption, you need to select Azure Virtual machines for deployment and select Azure Disk Encryption for volume encryption in the key vault access policy settings. These options enable the VMs to access the keys and secrets stored in the key vault for disk encryption. Creating a new key or secret is not required, as Azure Disk Encryption can generate them automatically. Configuring a key rotation policy is optional and not related to preparing the key vault for disk encryption. Reference:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Submit Cancel