AZ-104 Practice Questions
What kind of account would you create to allow an external organization easy access? A. A guest user account for each member of the external team. B. An external account for each member of the external team. C. An administrator account for each member of the external team.
A
What kind of group account can you create so you can apply the same permissions to all group members? A. Security group B. Azure AD bulk group C. Microsoft 365 group
A
What option can the infrastructure team use for their IIS configuration instead of Custom Script Extensions? A. Desired State Configuration B. Virtual machine extension C. Windows update
A
What scaling option provides more CPU, memory, or disk space without adding more virtual machines? A. Scale up B. Scale out C. Scale back
A
What term defines a dedicated and trusted instance of Azure Active Directory? A. Azure tenant B. Identity C. Azure AD account
A
What's a correct way to locate a command in PowerShell? A. Call Get-Command 'name of command' B. Call Find 'name of command' C. Call Locate 'name of command'
A
What's the default network rule when configuring network access to an Azure storage account? A. Allow all connections from all networks. B. Allow all connection from a private IP address range. C. Deny all connections from all networks.
A
Which Azure AD role enables a user to manage all groups in your Teams tenants, and also assign other admin roles? A. Global administrator B. Security administrator C. User administrator
A
Which of the following changes between access tiers happens immediately? A. Hot tier to cool tier B. Archive tier to cool tier C. Archive tier to hot tier
A
Which of the following is true about resource groups? A. Resources can be in only one resource group. B. Role-based access control can't be applied to a resource group C. Resource groups can be nested.
A
Which of the following situations would be a good example of when to use a resource lock? A. An ExpressRoute circuit with connectivity back to the on-premises network. B. A non-production virtual machine used to test occasional application builds. C. A storage account used to temporarily store images processed in a development environment.
A
Which one of these is not an element of an Azure Resource Manager template? A. idempotent B. schema C. parameters
A
Which option is a valid automated deployment source? A. GitHub B. JavaScript code C. SharePoint
A
Why should you use pull mode instead of push mode for DSC? A. Pull mode is best for complex environments that need redundancy and scale. B. Pull mode is easy to set up and doesn't need its own dedicated infrastructure. C. Pull mode uses the local configuration manager (LCM) to make sure that the state on each node matches the state specified by the configuration.
A
How would you describe blob object replication? A. Blob object replication doesn't require versioning to be enabled. B. Blob object replication doesn't support blob snapshots. C. Blob object replication is supported in the archive tier.
B
Why should you select virtual machines over containers for your configuration? A. Virtual machines run the user mode portion of an operating system and can be tailored to contain just the needed services for your app. B. Virtual machines provide complete isolation from the host operating system and other virtual machines. C. Virtual machines use Azure Disks for local storage for a single node.
B
Which storage solution replicates data to a secondary region, maintains six copies of the data, and is the default replication option? A. Locally redundant storage B. Read-access geo-redundant storage C. Zone-redundant storage
B
Which virtual machine is best for running a network appliance? A. Memory-optimized virtual machine B. Compute-optimized virtual machine C. Storage-optimized virtual machine
B
Another Administrator is managing Azure locally using PowerShell. They have launched PowerShell as an Administrator. Which of the following commands should be executed first? A. Connect-AzAccount B. Get-AzResourceGroup C. Get-AzSubscription
A
In a typical project, when would you create your storage account(s)? A. At the beginning, during project setup. B. After deployment, when the project is running. C. At the end, during resource cleanup.
A
True or false: Azure App service can automatically scale your web application to meet traffic demand? A. True B. False
A
A new project has several resources that need to be administered together. Which of the following strategies would provide a good solution? A. Azure templates B. Azure resource groups C. Azure subscriptions
B
What happens if the same template is run a second time? A. Azure Resource Manager will deploy new resources as copies of the previously deployed resources. B. Azure Resource Manager won't make any changes to the deployed resources. C. Azure Resource Manager will delete the previously deployed resources and redeploy them.
B
What is an Azure Resource Manager template? A. A series of Azure CLI commands to deploy infrastructure to Azure. B. A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment. C. A script used by the Azure Resource Manager to manage the Azure storage account.
B
Your users want to sign-in to devices, apps, and services from anywhere. Users want to sign-in by using an organizational work or school account instead of a personal account. What should you do first? A. Enable the device in Azure AD. B. Join the device to Azure AD. C. Register the device with Azure AD.
B
A PowerShell DSC script ______________. A. Contains the steps required to configure a virtual machine to get it into a specified state. B. Is idempotent. C. Describes the desired state.
C
How does Kubernetes enable internal-only applications to support other workloads within the cluster? A. The LoadBalancer service B. The NodePort service C. The ClusterIP service
C
The Azure CLI can be installed on which of the following? A. Linux B. Windows C. Both Linux and Windows
C
Which of the following isn't a valid automated deployment source? A. GitHub B. Azure DevOps C. SharePoint
C
Which of the following options is a feature of Azure Container Instances? A. Container Instances require several minutes to load. B. Container Instances use Azure Blob Storage for retrieve and persist state. C. Billing for Container Instances occurs when containers are in use.
C
Which of the following parameters is an element in the template schema? A. Includes B. Scripts C. Outputs
C
True or false: The Azure portal, the Azure CLI, and Azure PowerShell offer significantly different services, so it is unlikely that all three will support the operation you need.
F
Suppose you're an administrator of several Azure virtual machines. You get a text message indicating some problems with your VMs. You are at a friend's house and only have your tablet with you. True or false: you'll still be able to access the Azure CLI using the tablet, even though you can't install the CLI on it.
T
True or false: The Azure CLI can be installed on Linux, macOS, and Windows, and the CLI commands you use are the same in all platforms.
T
Explain the main differences between Azure roles and Azure Active Directory (Azure AD) roles. A. Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. B. Azure roles can be assigned at the root level. C. Azure AD roles are used to manage access to Azure resources.
A
How is the Azure File Sync agent installed and used? A. The Azure File Sync agent is installed on a server to enable Azure File Sync replication between the local file share and an Azure Files share. B. The Azure File Sync agent is installed on a server to set NTFS permissions on files and folders. C. The Azure File Sync agent is installed on an Azure Files share to control on-premises file and folder replication traffic.
A
Most Azure commands return JSON by default. Sometimes this data set can be very large which makes it difficult to read and tricky to use the result of one command as input to another command. What can you use with Azure CLI to filter the results to get only the data that you need? A. You can use the '--query' argument. B. You can use the '--filter' argument. C. You can pipe the results to a JSON parsing utility and use filtering capability there.
A
Suppose an administrator needs to generate a report of the role assignments for the last week. Where in the Azure portal would they generate that report? A. Search for Activity log and filter on the Create role assignment (roleAssignments) operation. B. At the appropriate scope, go to Access control (IAM) > Download role assignments. C. At the appropriate scope, go to Access control (IAM) > Role assignments.
A
Suppose you are building a video-editing application that will offer online storage for user-generated video content. You will store the videos in Azure Blobs, so you need to create an Azure storage account to contain the blobs. Once the storage account is in place, it is unlikely you would remove and recreate it because this would delete all the user videos. Which tool is likely to offer the quickest and easiest way to create the storage account? A. Azure portal B. Azure CLI C. Azure PowerShell
A
The DevOps team wants to configure Azure Virtual Machine Scale Sets for their production servers. Thursday evening is typically the busiest time in preparation for delivery to customers by COB on Friday. Conversely, early Monday is generally the quietest time. You need a plan to add more machines when the workload is high. Which Virtual Machine Scale Sets feature can be configured to add more DevOps machines during peak production? A. Schedule-based rules B. Autoscale C. Metric-based rules
A
The manufacturing division has sensors that record time-relative data. Only the most recent data is useful. The company wants the lowest cost storage solution for this data. What's the best storage account solution to support the requirements of the manufacturing division? A. Locally redundant storage B. Geo-redundant storage C. Zone-redundant storage
A
What component of Azure Kubernetes Service contributes to the monthly Azure charge? A. Per node virtual machine B. Primary node C. Per deployed pod
A
What effect do the default network security settings have on a new virtual machine? A. Outbound requests are allowed. Inbound traffic is allowed only from within the virtual network. B. No outbound and inbound requests are allowed. C. There are no restrictions. All outbound and inbound requests are allowed.
A
What implementation ensures container software runs the same locally and in the cloud on Azure? A. Docker B. Container groups C. Container Instances
A
What is a role definition in Azure? A. A collection of permissions with a name that is assignable to a user, group, or application B. The collection of users, groups, or applications that have permissions to a role C. The binding of a role to a security principal at a specific scope, to grant access
A
Your administrators maintain an existing storage account in Azure for unstructured data. For billing purposes, management has requested a new storage account for the data. The admins need to be sure no data is lost when moving to the new storage account. How can admins move the data in the existing storage account to the new storage account? A. Use the AzCopy command-line tool B. Use the Azure portal C. Use the Robocopy command-line tool
A
Your company is building a video-editing application that will offer online storage for user-generated video content. The videos will be stored in Azure Blobs. An Azure storage account will contain the blobs. It's unlikely the storage account would ever need to be removed and recreated. Which tool is likely to offer the quickest and easiest way to create the storage account? A. Azure portal B. Azure CLI C. Azure PowerShell
A
Your public-facing static website stores all its public UI images in blob storage. The website needs to display the graphics without any kind of authorization. Which is the best option? A. Public access B. Shared key C. Shared access signature
A
Which parameter value can you add to most CLI commands to get concise, formatted output? A. list B. table C. group
B
As load increases on applications hosted in Azure Virtual Machine Scale Sets, you want to increase the CPU capacity of the existing instances rather than deploy more instances. What types of scaling can you use to increase the CPU capacity for your existing Virtual Machine Scale Sets instances? A. Horizontal scaling B. Vertical scaling C. Load balancing
B
Azure Resource Manager templates are idempotent. This means that if you run a template with no changes a second time: A. Azure Resource Manager will deploy new resources as copies of the previously deployed resources. B. Azure Resource Manager won't make any changes to the deployed resources. C. Azure Resource Manager will delete the previously deployed resources and redeploy them.
B
How soon do Custom Script Extensions time out? A. 30 minutes B. 90 minutes C. 120 minutes
B
One scenario you're working to resolve involves the manufacturing division. They're running dedicated software in their warehouse to keep track of product stock. The software needs to run on machines in the warehouse, but the management team wants to access the stock data from the main office. The limited bandwidth available in the warehouse has caused problems in the past when they tried to use cloud-based solutions. What's the best way to sync files stored on the manufacturing warehouse machines with the cloud? A. Create an Azure Files share and directly mount shares on the machines in the warehouse. B. Use a machine in the warehouse to host a file share, install Azure File Sync, and share a drive with the rest of the warehouse. C. Install Azure File Sync on every machine in the warehouse and also in the main office.
B
Suppose a developer needs full access to a resource group. If you are following least-privilege best practices, what scope should you specify? A. Resource B. Resource group C. Subscription
B
Suppose a team member can't view resources in a resource group. Where would the administrator go to check the team member's access? A. Check the team member's permissions by going to their Azure profile > My permissions. B. Go to the resource group and select Access control (IAM) > Check Access. C. Go to one of the resources in the resource group and select Role assignments.
B
Suppose an administrator wants to assign a role to allow a user to create and manage Azure resources but not be able to grant access to others. Which of the following built-in roles would support this? A. Owner B. Contributor C. Reader D. User Access Administrator
B
The company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which approach supports this request? A. Create an Azure reservation. B. Create a budget and a spending threshold. C. Create a management group.
B
The company is planning a delegation model for Azure storage. Applications in the production environment must have unrestricted access to Azure Storage resources. What's the best way to implement secure access to Azure Storage for the company's users? A. Use shared access signatures for the production applications. B. Use access keys for the production applications. C. Use stored access policies for the production applications.
B
The company wants the ability to revoke access to the files and to change the period for which users can access the files. Which solution is the easiest way to implement secure storage for the company's media files? A. Create a shared access signature (SAS) for each user and delete the SAS to prevent access. B. Create stored access policies for each container to enable revocation of access or change of duration. C. Periodically regenerate the account key to control access to the files.
B
The finance team needs to transfer a series of large files to Azure Blob Storage. The operation might take several hours to upload each file. The team is concerned about what happens if the transfer fails and the process has to be restarted. Which storage approach can help resolve the concerns of the finance team? A. The Azure CLI B. AzCopy C. Azure Storage Explorer
B
There are several Azure policies that need to be applied to a new branch office. What's the best approach? A. Create a management group B. Create a policy initiative C. Create a policy definition
B
To satisfy the finance team's request for billing by department, multiple resource groups have been created and the resource tags applied. What's the next step? A. Create a management group B. Create an Azure policy C. Review the Azure Policy compliance page
B
Triggering a webhook at 8:00 AM on Saturday is an example of what type of rule? A. A metric-based rule. B. A time-based rule. C. An app-insight rule.
B
What is Azure Automation State Configuration? A. A declarative management platform to configure, deploy, and control systems. B. A service used to write, manage, and compile PowerShell Desired State Configuration (DSC) configurations, import DSC resources, and assign configurations to target nodes. C. A service that manages the state configuration on each destination, or node.
B
What is an Azure Resource Manager template? A. A series of Azure CLI commands to deploy infrastructure to Azure. B. A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your deployment. C. A script held in Azure Resource Manager to manage your Azure storage account.
B
What is the final rule that is applied in every Network Security Group? A. Allow All B. Deny All C. You configure the final rule to your needs
B
What is the inheritance order for scope in Azure? A. Management group, Resource group, Subscription, Resource B. Management group, Subscription, Resource group, Resource C. Subscription, Management group, Resource group, Resource D. Subscription, Resource group, Management group, Resource
B
What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally? A. The Azure cloud shell B. The base PowerShell product and the Az module C. The Azure CLI and Azure PowerShell
B
When is a user considered registered for SSPR? A. When they've registered at least one of the permitted authentication methods B. When they've registered at least the number of methods that you've required to reset a password C. When they've set up the minimum number of security questions
B
When you clone a configuration from another deployment slot, which configuration setting follows the content across the swap? A. Custom domain names B. Connection strings C. Scale settings
B
Which Kubernetes component processes orchestration requests and schedules when to run requested containers? A. container B. kubelet C. node
B
Which choice correctly describes Azure Active Directory? A. Azure AD can be queried through LDAP. B. Azure AD is primarily an identity solution. C. Azure AD uses organizational units (OUs) and group policy objects (GPOs).
B
Which option preserves data residency, and offers comprehensive compliance and resiliency options? A. Azure Active Directory (Azure AD) Account B. Regions C. Subscriptions
B
You have three virtual machines (VM1, VM2, VM3) in a resource group. A new admin is hired, and they need to be able to modify settings on VM3. They shouldn't be able to make changes to VM1 or VM2. How can you implement RBAC to minimize administrative overhead? A. Assign the admin to the Contributor role on the resource group. B. Assign the admin to the Contributor role on VM3. C. Move VM3 to a new resource group, and then assign the admin to the Owner role on VM3.
B
Your organization has an internal system to share patient appointment information and notes. You can secure the access based on a user's membership in an Azure Active Directory (Azure AD) group. Which kind of authorization supports this scenario best, and why? A. Use a shared access signature (SAS) token. You use the Azure AD credentials and a user delegation SAS token. B. Use Azure Active Directory. By using Azure AD, you can create a service principal to authenticate the app. C. Use a shared key. The Azure Storage account can create and revoke keys that will be used in your app.
B
How can you ensure that only cost-effective virtual machine SKU sizes are deployed? A. Periodically inspect the deployment to see which SKU sizes are used B. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes C. Create a policy in Azure Policy that specifies the allowed SKU sizes
C
How would you search for commands that deal with files? A. Call Get-Command -Verb File* B. Call Get-Command -Noun File C. Call Get-Command -Noun File*
C
If you delete a user account by mistake, can it be restored? A. When a user account is deleted, it's gone forever and can't be restored. B. The user account can be restored, but only if it was created within the last 30 days. C. The user account can be restored, but only if it was deleted within the last 30 days.
C
Suppose an administrator in another department needs access to a virtual machine managed by your department. What's the best way to grant them access to just that resource? A. At the resource scope, create a role for them with the appropriate access. B. At the resource group scope, assign the role with the appropriate access. C. At the resource scope, assign the role with the appropriate access.
C
Suppose you have a script that creates several VMs with different images. When the script issues the command to create the first VM you do not want to block the script while the VM is created, instead you want the script to immediately move on to the next command. What is the best way to do this? A. Add the '--async' argument to your create command. B. Use the ampersand (&) to run the process in the background. C. Add the '--no-wait' argument to your create command.
C
Suppose you have an application running on a Windows virtual machine in Azure. What is the best-practice guidance on where the app should store data files? A. OS disk (C:) B. Temporary disk (D:) C. Attached data disk
C
Suppose you have two video files stored as blobs. One of the videos is business-critical and requires a replication policy that creates multiple copies across geographically diverse datacenters. The other video is non-critical, and a local replication policy is sufficient. Which of the following options would satisfy both data diversity and cost sensitivity consideration. A. Create a single storage account that makes use of Local-redundant storage (LRS) and host both videos from here. B. Create a single storage account that makes use of Geo-redundant storage (GRS) and host both videos from here. C. Create two storage accounts. The first account makes use of Geo-redundant storage (GRS) and hosts the business-critical video content. The second account makes use of Local-redundant storage (LRS) and hosts the non-critical video content.
C
The Admin team is testing an implementation of Azure Virtual Machine Scale Sets with five virtual machines. During testing, monitoring alerts show all virtual machines running at maximum capacity. However, you discover that when the CPU is fully consumed more virtual machines aren't deploying in the scale set. How can you ensure more virtual machines are deployed for the Admin team when the CPU is 75% consumed? A. Manually increase the instance count. B. Change the CPU percentage to 50%. C. Enable the autoscale option.
C
The Marketing team needs to know which research web pages are most popular, at what times of day, and where users are located. How can you support the Marketing team requests about research web page usage? A. Continuous deployment B. Application logging C. Azure Application Insights
C
The Production team manages a web app that requires scaling to 5 instances and 100 GB of disk storage. They'd like a cost-efficient scaling solution. Which App Service Plan can you implement to support the infrastructure team's requirements? A. Basic B. Standard C. Premium
C
The Sales department has a subnet with an address range of 10.3.0.0/16. For the Sale department subnet range, which IP address can be dynamically assigned? A. 10.3.0.2 B. 10.3.255.255 C. 10.3.255.254
C
The admin team needs to know the requirements for storage account names. To what extent does a storage account name need to be unique? A. The name must be unique within the containing resource group. B. The name must be unique within the organization's subscription. C. The name must be globally unique.
C
The company financial controller wants to identify which billing department each Azure resource belongs to. Which approach enables this requirement? A. Track resource usage in a spreadsheet. B. Place the resources in different regions. C. Apply a tag to each resource that includes the associated billing department.
C
The manufacturing department wants to control how data is transferred to Azure Files. They want a graphical tool to manage the process, but they don't want to use the Azure portal. What storage tool satisfies the request of the manufacturing department? A. Azure Data Box B. Robocopy C. Azure Storage Explorer
C
The name of a storage account must be: A. Unique within the containing resource group. B. Unique within your Azure subscription. C. Globally unique.
C
What do you need to install on your machine to let you execute Azure CLI commands locally? A. The Azure Cloud Shell B. The Azure CLI and Azure PowerShell C. Only the Azure CLI
C
What statement best describes Azure Blob Storage access tiers? A. The cool access tier is for frequent access of objects in the storage account. B. The hot access tier is for storing large amounts of data that's infrequently accessed. C. The administrator can switch between hot and cool performance tiers at any time.
C
What type of user account allows an external organization to access your resources? A. A Contributor user account for each member of the team. B. An administrator account for each member of the team. C. A guest user account for each member of the external team.
C
What's included in a custom Azure role definition? A. Assignment of a custom role B. Actions and DataActions operations scoped to the tenant level C. Operations allowed for Azure resources, and scope of permissions
C
When creating a Windows virtual machine in Azure, which port would you open using the INBOUND PORT RULES in order to allow remote-desktop access? A. HTTPS B. SSH (22) C. RDP (3389)
C
When you enable SSPR for your Azure AD organization... A. Users can only change their password when they're signed in B. Admins can reset their password by using one authentication method C. Users can reset their passwords when they can't sign in
C
Which of the following options is a small application that provides post-deployment configuration and automation tasks for Azure Virtual Machines? A. Automation State Configuration B. Desired State Configuration C. Virtual machine extensions
C
Which of the following statements correctly describes cloud tiering? A. Cloud tiering prioritizes the sync order of file shares. B. Cloud tiering sets the frequency at which the sync job runs. C. Cloud tiering archives infrequently access files to free up space on the local file share.
C
Which option can you use to manage governance across multiple Azure subscriptions? A. Azure initiatives B. Resource groups C. Management groups
C
You have an established security policy for specific data that prohibits exposing SSH ports to external connections. For the security requirements, how can you connect to Azure Linux virtual machines and install software? A. Configure a guest configuration on the virtual machine. B. Create a custom script extension. C. Configure Azure Bastion.
C