Practice Free AZ-104 Exam Online Questions
You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
- A . A Microsoft intune device configuration profile
- B . Microsoft entra Application proxy
- C . Azure Custom Script Extension
- D . Department Center in Azure App service
C
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
https://docs.microsoft.com/en-us/samples/mspnp/samples/azure-well-architected-framework-sample-state-configuration
https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration
HOTSPOT
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
Explanation:
Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Require Multi-Factor Auth to join devices.
From scenario:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
You plan to use an Azure key vault to provide a secret to appl.
What should you create for app1 to access the key vault, and from which key vault can the secret be used? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?
- A . Configure a service endpoint on VNet2.
- B . Modify the address space of VNet1.
- C . Add a gateway subnet to VNet1.
- D . Create a subnet on VNet1 and VNet2.
B
Explanation:
To create a peering between two virtual networks, the address spaces of the virtual networks must not overlap. VNet1 has an address space of 10.0.0.0/16, which overlaps with VNet2’s address space of 10.2.0.0/16. Therefore, you need to modify the address space of VNet1 to a non-overlapping range, such as 10.1.0.0/16, before you can create the peering. You do not need to configure a service endpoint, add a gateway subnet, or create a subnet on either virtual network for the peering to work. Then,
Reference: [Virtual network peering] [Modify a virtual network’s address space]
You have an Azure subscription that contains a storage account named storage 1.
You need to ensure that the access keys for storage! rotate automatically.
What should you configure?
- A . a backup vault
- B . redundancy for storage!
- C . lifecycle management for storage1
- D . an Azure key vault
- E . a Recovery Services vault
You need to create an Azure Storage account named storage1.
The solution must meet the following requirements:
• Support Azure Data Lake Storage.
• Minimize costs for infrequently accessed data.
• Automatically replicate data to a secondary Azure region.
Which three options should you configure for storage1? Each correct answer presents part of the solution. NOTE: Each correct answer is worth one point.
- A . the Cool access tier
- B . the Hot access tier
- C . hierarchical namespace
- D . zone-redundant storage (ZRS)
- E . geo-redundant storage (GRS)
A, C, E
Explanation:
To create an Azure Storage account that supports Azure Data Lake Storage, you need to enable the hierarchical namespace option. This option allows you to organize and manipulate files and folders efficiently in a data lake. It also enables compatibility with the Hadoop Distributed File System (HDFS) API, which is widely used for big data analytics. For more information, see Azure Data Lake Storage Gen2 Introduction.
To minimize costs for infrequently accessed data, you can choose the Cool access tier for your storage account. This tier offers lower storage costs than the Hot access tier, but higher access and transaction costs. The Cool access tier is suitable for data that is infrequently accessed or modified, such as short-term backup, disaster recovery, or archival data. Data in the Cool access tier should be stored for at least 30 days. For more information, see Access tiers for blob data.
To automatically replicate data to a secondary Azure region, you can choose the geo-redundant storage (GRS) option for your storage account. This option replicates your data synchronously three times within the primary region, and then asynchronously to the secondary region. GRS provides the highest level of durability and availability for your data, and protects against regional outages or disasters. For more information, see Data redundancy.
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . a public load balancer
- B . Traffic Manager
- C . an Azure Content Delivery Network (CDN)
- D . an internal load balancer
- E . an Azure Application Gateway
DE
Explanation:
Line of Business WebAPP works on VMs need internal load balancer. So D is needed. Then deploy WebAPP on VMs, check the link. https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal So B is needed as well. The orignal answer is not accomplished.
HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier.
What should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
Explanation:
1) storage1, storage2, storage3
"Lifecycle management policies are supported for block blobs and append blobs in general-purpose v2, premium block blob, and Blob Storage accounts."
https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview
2) storage2
"The archive tier isn’t supported for ZRS, GZRS, or RA-GZRS accounts."
https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview#archive-access-tier
HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: contoso104 only
Premium file shares are hosted in a special purpose storage account kind, called a FileStorage account.
Box 2: contoso101, contoso102, and contos103 only
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-premium-fileshare?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
HOTSPOT
You have a hybrid deployment of Azure AD that contains the users shown in the following table.
You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the attributes from Azure AD? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: User1 and User3 only
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.
Box 2: User1, User2, and User3
Usage location is an Azure property that can only be modified from Azure AD (for all users including Windows Server AD users synced via Azure AD Connect).
Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal