AZ-104 Exam Practice Questions 1st

Questions and Answers

What should you do to associate each VM with its respective department?

• Create a resource group for each department.
• Modify the settings of the virtual machines.
• Assign tags to the virtual machines. (correct)
• Create Azure Management Groups for each department.

Does the solution meet the goal?

• Yes
• No (correct)

Accessing the multi-factor authentication page to alter the user settings meets the goal of the Azure AD conditional access policy.

False (B)

Does the solution meet the goal?

Yes (B)

Accessing the Azure portal to alter the session control of the Azure AD conditional access policy meets the goal.

False (B)

Accessing the Azure portal to alter the grant control of the Azure AD conditional access policy meets the goal.

True (A)

Which of the following actions should you take to resize a VM part of an availability set?

You should stop all three VMs. (D)

Which cmdlet should you use to create an Ubuntu Server virtual machine that includes adding a trusted root CA?

The Create-AzVM cmdlet. (B)

What is the FIRST action you should take to attach a data disk to another Azure VM?

Stop the VM that includes the data disk. (A)

Reconfiguring the existing usage model via the Azure portal meets the goal for enabling Multi-Factor Authentication for new employees.

False (B)

What value should you configure for the platformFaultDomainCount property to maximize accessibility in case of failures?

Max Value (C)

What value should you configure for the platformUpdateDomainCount property to maximize accessibility in case of maintenance?

20 (A)

Reconfiguring the existing usage model via the Azure CLI meets the goal for enabling Multi-Factor Authentication for new employees.

False (B)

Creating a new Multi-Factor Authentication provider with a backup from the existing data meets the goal.

True (A)

What should you create to ensure that an administrative password is not stored in plain text in an ARM template?

Use a Key Vault to store the password.

Running the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet replicates the user information to Azure AD immediately.

True (A)

Which PowerShell cmdlet should you use to upload a generalized VM image to Azure?

Add-AzVhd (A)

Forcing replication of the Global Catalog on a domain controller meets the goal for immediate user information replication to Azure AD.

False (B)

Does the solution meet the goal of replicating a Hyper-V VM to Azure?

No (A)

Match the following actions with their correct order to report costs for each department:

Assign a tag to each resource = Box 1 From the Cost analysis blade, filter the view by tag = Box 2 Download the usage report = Box 3

Restarting the NetLogon service on a domain controller will replicate the user information to Azure AD immediately.

False (B)

Does choosing the Allow gateway transit setting on VirtualNetworkA meet the goal of accessing VirtualNetworkB from a Windows 10 workstation?

No (A)

How many tag name/value pairs can each resource or resource group have?

15

Which Azure storage redundancy option should you recommend given these requirements: data must be stored on multiple nodes in different geographic locations and can be read from both locations?

Read-only geo-redundant storage (D)

Tags applied to the resource group are inherited by the resources in that resource group.

False (B)

What can you filter by in the Cost analysis blade?

All of the above (D)

What should you do to ensure that 10 users can use all the Azure AD Premium features?

From the Licenses blade of Azure AD, assign a license (B)

What should you do to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent?

Deploy the IT Service Management Connector (ITSM) (D)

What should you configure in Azure AD to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain?

Device settings from the Devices blade (C)

User1 is a Cloud Device Administrator for Device2, which is Azure AD joined.

True (A)

You need to stop the backup of SQLDB01 before deleting resource group RG26.

True (A)

What type of DNS record should you create to ensure Azure can verify the custom domain name contoso.com?

MX (B)

Does assigning the DevTest Labs User role to the Developers group provide them the ability to create Azure logic apps in the Dev resource group?

No (B)

Does assigning the Contributor role to the Developers group in the Dev resource group meet the goal of enabling them to create Azure logic apps?

Yes (B)

Does using the Bulk create user operation in Azure AD meet the goal of creating a guest user account for each of the 500 external users?

No (B)

Does creating a PowerShell script that runs the New-AzureADMSInvitation cmdlet for each external user meet the goal of creating guest user accounts?

Yes (B)

What role should you assign to Admin1 to manage internal and public load balancers while following the principle of least privilege?

Network Contributor

What should you do first to ensure access to the AKS1 cluster for users in contoso.com?

From contoso.com, create an OAuth 2.0 authorization endpoint. (B)

Which groups should you create to ensure automatic deletion after 180 days?

A Microsoft 365 group that uses the Assigned membership type (B), A Microsoft 365 group that uses the Dynamic User membership type (E)

Tags applied to a resource group are inherited by the resources within it.

False (B)

Which resources can be moved to the new Azure subscription AZPT2?

VM1, storage1, VNET1, VM1Managed, and RVAULT1 (C)

What should you do to ensure Admin1 can deploy the Marketplace resource successfully?

From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet. (A)

What should you do from the user account properties to assign the User administrator administrative role to AdminUser1?

From the Directory role blade, modify the directory role. (C)

Does the solution to allow gateway transit on VirtualNetworkB meet the goal of establishing a connection to VirtualNetworkB from the Windows 10 workstation?

No (A)

Does downloading and re-installing the VPN client configuration package on the Windows 10 workstation meet the goal?

Yes (A)

What should you configure to provide access for remote workers to virtual machines on VNet1?

Configure a Point-to-Site (P2S) VPN (C)

Does setting an HTTP health probe on port 1433 for the Azure internal load balancer as a listener for an Always On availability group meet the goal?

No (A)

Does setting session persistence to Client IP on an Azure internal load balancer as a listener for an Always On availability group meet the goal?

No (B)

Does enabling Floating IP for an Azure internal load balancer as a listener for an Always On availability group meet the goal?

Yes (B)

What should you do to configure the two Azure VMs with static internal IP addresses?

Run the Set-AzureStaticVNetIP PowerShell cmdlet (D)

What is the least amount of network interfaces needed to deploy five VMs with both public and private IP addresses and identical inbound and outbound security rules?

5 (D)

What is the least amount of security groups needed for the configuration of five VMs with public and private IP address management?

1 (D)

When recovering files from a VM infected with ransomware, which statement is TRUE?

You can only recover the files to the infected VM. (C)

What should you do to restore a VM infected with ransomware?

You should restore the VM to any VM within the company's subscription. (D)

Which tool should you use to find the cause of performance issues related to metrics on Azure infrastructure?

Azure Monitor (D)

Which of the following virtual machines can be backed up using Azure Backup?

VMs that run Windows Server 2012 or higher. (A), VMs that have NOT been shut down. (B), VMs that run Debian 8.2+. (C), VMs that have been shut down. (D), VMs that run Windows 10. (E)

Does the PowerShell script using the New-AzureADUser cmdlet create a guest user account for each of the 500 external users?

No (A)

What is required for members of the Global Administrators group when accessing Azure AD from untrusted locations?

Use Multi-Factor Authentication and an Azure AD-joined device (D)

Changing which aspect of the Azure AD conditional access policy would not satisfy the requirement for Multi-Factor Authentication?

Session control (D)

Which configuration method is necessary to enforce Multi-Factor Authentication for Global Administrators using Azure AD?

Configuring the grant control in the conditional access policy (B)

What should be done to ensure a Global Administrator is compliant when connecting from an untrusted location?

Utilize an Azure AD-joined device and complete Multi-Factor Authentication (D)

Which condition in the Azure AD policy impacts the use of Multi-Factor Authentication?

Geographic location of access (C)

Which statement is true regarding altering Azure AD conditional access policies?

Policies must specify both device compliance and user authentication requirements. (C)

If altering the session control does not meet compliance for Multi-Factor Authentication for Global Administrators, what is the next best step?

Change the grant control in the policy (A)

What must be configured in addition to Multi-Factor Authentication to meet the security conditions for Global Administrators?

An Azure AD-joined device requirement (D)

What is the maximum number of update domains that can be provided in Azure Resource Manager deployments?

20 (A)

What is the primary purpose of update domains in an availability set?

To indicate groups of VMs that can be rebooted simultaneously (C)

Which component should be used to store sensitive information securely in an ARM template?

Key Vault (B)

When adapting an ARM template for deployment, which practice should be followed to safeguard an administrative password?

Use Key Vault to retrieve the password (D)

What does the term 'availability set' refer to in Azure?

A configuration to ensure application uptime during maintenance (B)

What happens if a virtual machine is deployed outside of an availability set?

It has a higher chance of downtime during maintenance (B)

How many non-user-configurable update domains are assigned by default in an availability set?

5 (A)

In what context is a Key Vault used within Azure Resource Manager templates?

For retrieving secrets securely during VM provisioning (D)

What must be done before resizing a VM that is part of an availability set?

Stop all VMs in the availability set. (A)

What is a requirement for resizing a VM to a size that uses different hardware?

All VMs in the availability set must be stopped. (D)

What is the FIRST step to take when attaching a data disk to another Azure VM?

Stop the VM that includes the data disk. (A)

Why must all VMs in an availability set be stopped before resizing any VM?

To ensure all VMs are using the same physical hardware cluster. (C)

What happens if you try to resize a VM in an availability set without stopping all VMs first?

An error occurs citing hardware mismatch. (D)

How should VMs in an availability set be restarted after resizing?

Restart each VM one-by-one. (C)

Which of the following statements is TRUE regarding the use of data disks in Azure VMs?

Data disks must be detached from one VM before being attached to another. (A)

Which option best describes the physical hardware cluster requirement for VMs in availability sets?

They must operate on the same physical hardware cluster. (D)

What should you do to view the deployment history of a resource group in Azure?

Navigate to the Resource Group blade and select the deployment link. (A)

What information will you find when selecting the summary of a deployment through the Resource Group blade?

The status of the deployment and parameters used. (D)

Which component is essential to review when trying to understand what was deployed within a resource group?

The ARM template from the deployment history. (B)

Which link should you click on to view the used template for a specific deployment in Azure?

View Template (D)

What is the initial step to take when you want to check the success of a virtual machine deployment in Azure?

Go to the resource group overview. (B)

Why would a user access the Resource Group blade after Jon Ross deploys a virtual machine?

To see the deployment history and review the used ARM template. (D)

Which feature in Azure helps to see what changes were made during the last deployment?

Deployment History (D)

After deploying resources, where can you verify the specific configurations used?

View the ARM template from the deployment details. (B)

What tool should be used to diagnose performance issues on Azure infrastructure metrics?

Azure Monitor (B)

Which of the following virtual machines can be backed up using Azure Backup? (Select all that apply)

VMs that run Debian 8.2+ (A), VMs that run Windows Server 2012 or higher (B), VMs that are currently shut down (C), VMs that run Windows 10 (D)

What type of operating system versions does Azure Backup support for its backup operations?

64-bit versions of Windows and Debian operating systems (A)

Which of the following statements about Azure Backup is FALSE?

It does not support backing up Linux VMs. (C)

What characteristic of Azure Monitor makes it suitable for quick detection of issues?

It uses a time-series database optimized for analysis. (C)

Which option is least suitable for ensuring proper backup procedures in Azure?

Configuring backup frequency to be minimal (B)

What percentage of VMs in Azure can be scheduled for backup under Azure Backup guidelines?

Any 64-bit VM from supported operating systems (C)

Which operational scenario can potentially lead to the failure of VM backups in Azure Backup?

Not having an appropriate Recovery Services vault (A)

Flashcards

Azure VM Tags

Metadata associated with resources that allows for efficient organization without requiring separate resource groups.

Azure AD Conditional Access Policy

A policy that controls access to Azure resources based on conditions such as user location, device type, and authentication methods.

Deploying Ubuntu Server VM

A method of deploying an Ubuntu Server VM using the Create-AzVM cmdlet, incorporating custom data through cloud-init for enhanced configuration.

MFA Settings: Per Authentication

A setting for Multi-Factor Authentication (MFA) allowing individual authentication events to require MFA, while "Per Enabled User" requires a new MFA provider setup.

Replicating User Accounts to Azure AD

A command used to immediately replicate a user account from an on-premises Active Directory to Azure AD.

Read-Only Geo-Redundant Storage (RA-GRS)

A storage redundancy option that replicates data across geographically separate Azure locations, providing read access from both primary and secondary storage nodes.

ARM Template Review Location

The location for reviewing ARM templates used to deploy resources, providing insights into configuration settings and deployment history.

ARM Template Parameters

Parameters defined in ARM templates for deployment, including storage accounts and virtual machines, that govern the deployment process.

Resizing VMs in Availability Sets

A set of virtual machines designed for high availability and resilience, where resizing a VM requires stopping all VMs in the set to ensure uniform hardware allocation.

Attaching Data Disks to VMs

The process of attaching a data disk to another VM, requiring the VM containing the disk to be stopped first to minimize downtime.

Fault Domain Count

The maximum number of fault domains within a managed availability set, which varies depending on the Azure region.

Update Domain Count

The number of update domains assigned to each virtual machine within an availability set, allowing for phased updates and reduced downtime, with a maximum of 20 update domains.

Password Handling in ARM Templates

Storing sensitive information like passwords in Azure Key Vault instead of plain text within ARM template files to enhance security and compliance.

Custom Scripts for VMs

A batch file named SetupComplete.cmd that executes customized scripts on newly created VMs to configure and customize them after deployment.

Uploading VHDs to Azure

A PowerShell cmdlet used to upload on-premises VHDs to Azure Blob Storage for creating Azure VMs.

Hyper-V Replication to Azure

The process of replicating a VM from an on-premises Hyper-V environment to Azure, involving specific object creation and configuration.

VPN Connections and Peering

Ensuring correct VPN connection settings for secure access to resources across virtual networks, potentially requiring VPN client configuration updates for access to peered networks.

Point-to-Site (P2S) VPN

A VPN connection type allowing secure access for individual client computers to a virtual network, often preferred for remote worker access.

Azure SQL Server Always On Availability Group

A type of Azure SQL Server availability group that requires a correctly configured Azure internal load balancer with appropriate health probe settings and session persistence to ensure high availability.

Static Internal IP Configuration for Azure VMs

A PowerShell cmdlet used to assign static internal IP addresses to Azure virtual machines, requiring the VM to restart after the update.

Single Network Interface for Public and Private IP Addresses

Configuring a single network interface for a VM, allowing it to have both a public and a private IP address, optimizing resource usage.

Managing Security Rules with a Single Security Group

Managing inbound and outbound security rules for multiple VMs using a single security group, streamlining management and security enforcement.

Azure Backup Instant Restore

A process that enables instant recovery of individual files to the original infected virtual machine, but requires a full VM restoration to recover to a different VM within the subscription.

Azure Monitor

The recommended tool for performance analysis and issue detection within Azure infrastructure, featuring a time-series database for efficient alerting and monitoring.

Azure Backup for VM Support

The capability to back up virtual machines running specific operating systems, including both online and offline instances, using Azure Backup resources.

Creating Guest User Accounts in Azure AD

The process of creating guest user accounts in Azure Active Directory, requiring a different cmdlet (New-AzureADMSInvitation) rather than the New-AzureADUser cmdlet.

Managing Azure Load Balancers

The appropriate Azure role for administrators needing to manage both internal and public load balancers, balancing access with least privilege principles.

Azure Kubernetes Service Access Management

Enabling user access to an Azure Kubernetes Service (AKS) cluster through adjustments to organization relationships within Azure AD for effective role-based access control.

Azure AD Conditional Access Policy: MFA for Global Admins

Changing grant control is a possible solution to fulfilling the MFA requirements for Global Administrators from untrusted locations.

Resizing VMs in Availability Sets

Resizing a VM in an availability set requires stopping all VMs in the set for consistent hardware allocation.

Attaching Data Disks to VMs

Minimizing downtime when attaching a data disk to another VM by stopping the original VM that contained the data disk.

Study Notes

Azure VM Tagging and Resource Group Management

• Associate virtual machines (VMs) with departments by using tags for effective resource organization.
• Tags add metadata to resources without needing separate resource groups for each department.

Azure AD Conditional Access Policy

• Conditional access policy can require Multi-Factor Authentication (MFA) for Global Administrators from untrusted locations.
• Accessing the MFA settings page or altering session controls does not meet policy requirements; modifications must include specific device conditions.
• Correctly altering the grant control in the conditional access policy satisfies the requirements for Global Administrators to use MFA.

Deploying Ubuntu Server VM

• Use the Create-AzVM cmdlet to deploy an Ubuntu Server VM with a custom root certification authority.
• The custom data is provided through cloud-init via the --custom-data parameter during deployment.

Multi-Factor Authentication (MFA) Settings

• The Per Authentication option is set for MFA usage, but switching to the Per Enabled User setting requires creating a new MFA provider.
• Reconfiguring the existing provider via the Azure portal or CLI does not suffice due to restrictions on changing the usage model.

User Account Replication to Azure AD

• To immediately replicate a user account from on-premises Active Directory to Azure AD, use the Start-ADSyncSyncCycle -PolicyType Initial command.
• Restarting the NetLogon service or using Active Directory Sites and Services to force replication does not achieve the desired immediate replication.

Azure Storage Redundancy Options

• Read-only geo-redundant storage (RA-GRS) is suitable for scenarios where data must be stored across multiple nodes in geographically separate locations, allowing read access from both primary and secondary nodes.
• Azure storage redundancy ensures data availability and resilience across data centers.

Reviewing Azure Resource Manager (ARM) Templates

• To review ARM templates used for deployments, access the Resource Group blade rather than the Virtual Machine blade.
• The deployment history within the resource group provides insights into the ARM templates used and their configurations.### Azure Resource Manager (ARM) Templates
• ARM templates specify the parameters for deployment, including storage accounts and virtual machines.
• Review of ARM templates is best done through the Resource Group blade, not the Container blade.

Virtual Machines in Availability Sets

• To resize a VM within an availability set, all VMs in that set must be stopped to ensure they use the same physical hardware; an allocation failure will occur if just one VM is stopped.

Attaching Data Disks

• To attach a data disk to another VM while minimizing downtime, the VM containing the data disk should be stopped first.

Fault Domain Count

• Maximum number of fault domains in managed availability sets is region-dependent (2 or 3).
• Configure the platformFaultDomainCount to its maximum value to optimize VM accessibility during fabric failure or maintenance.

Update Domain Count

• Each VM in an availability set is assigned update domains and can have up to 20 update domains for Resource Manager deployments.
• Configuring the platformUpdateDomainCount property correctly allows for optimal VM maintenance and accessibility.

Handling Passwords in ARM Templates

• Use Azure Key Vault to store sensitive information like passwords, preventing them from being stored in plain text within ARM template files.

Custom Scripts for VMs

• Implement a SetupComplete.cmd batch file to execute scripts on newly created VMs for customization and configuration post-deployment.

Uploading VHDs to Azure

• Use the Add-AzVhd PowerShell cmdlet to upload on-premises VHDs to Azure Blob Storage for creating new Azure VMs.

Hyper-V Replication to Azure

• Proper configuration is required to replicate a VM from an on-premises Hyper-V environment to Azure, involving specific object creation.

VPN Connections and Peering

• Ensure VPN connection settings are correct for users to access resources across different virtual networks.
• Downloading and reinstalling the VPN client configuration on workstations can resolve connection issues to peered networks.

Key Concepts for AZ-104 Exam

• Understanding of ARM templates, VM operations in availability sets, disk management, Azure AD hybrid setups, and VPN configurations are crucial for deploying and managing Azure resources effectively.### VPN Configurations for Remote Access
• A Point-to-Site (P2S) VPN allows secure connections for individual client computers to a virtual network.
• Community consensus indicates P2S VPN is the preferred choice for remote worker access (93% support).

Azure SQL Server Always On Availability Group

• Configuration of an Azure internal load balancer requires proper health probe settings.
• An HTTP health probe on port 1433 is insufficient for listener configuration (100% agreement on the solution being incorrect).
• Session persistence set to Client IP does not meet listener requirements (63% disagree).
• Enabling Floating IP is a valid solution for setting up the internal load balancer as a listener (79% support).

Static Internal IP Configuration for Azure VMs

• To configure static internal IP addresses for Azure virtual machines, use Set-AzureStaticVNetIP PowerShell cmdlet.
• Updating a VM with a static IP requires the VM to restart during the update process.

Azure Security and Network Configuration

• Each virtual machine (VM) can be deployed with a public and private IP address using only one network interface, minimizing resources (95% support).
• A single security group can manage inbound and outbound rules for multiple VMs, providing streamlined management (100% support).

Azure Backup and Recovery Scenarios

• When using Azure Backup Instant Restore, files can only be recovered to the original infected VM (63% support this fact).
• If full VM restoration is needed, it can be done to any VM within the subscription (87% support this option).

Performance Monitoring in Azure

• Azure Monitor is the recommended tool for analyzing performance issues in the Azure infrastructure (100% agreement).
• It features a time-series database optimized for alerting and quick issue detection.

Virtual Machine Backup Support

• Azure Backup supports backup of VMs running Windows 10, Windows Server 2012 or higher, and Debian 8.2+ (90% agreement).
• Backup capabilities include both online and offline VMs.

Guest User Accounts in Azure Active Directory

• The New-AzureADUser cmdlet does not create guest accounts; use New-AzureADMSInvitation instead to invite external users (91% agree).
• Bulk user creation operations in Azure AD also cannot create guest accounts directly (92% support this).

Azure Load Balancer Management

• Assign the Network Contributor role to administrators needing to manage both internal and public load balancers.
• This role aligns with the principle of least privilege, ensuring appropriate access without excess permissions.

Azure Kubernetes Service Access Management

• Enabling user access to an Azure Kubernetes Service (AKS) cluster requires adjustments to organization relationships in Azure AD (proposed solution).
• Proper setup is essential for ensuring that users in Azure AD can be granted access to AKS resources.

Azure AD Conditional Access Policy

• Multi-Factor Authentication (MFA) is required for Global Administrators from untrusted locations.
• Changing session control does not satisfy the policy requirements (Answer: B).
• Changing grant control may satisfy the policy requirements (Answer: C).

Resizing Azure VMs in Availability Sets

• All VMs in an availability set must be stopped before resizing any VM requiring different hardware.
• This ensures all VMs use the same physical hardware cluster.

Attaching Data Disks to Azure VMs

• First action to take is stopping the VM that contains the data disk (Correct Answer: A).
• This minimizes downtime when attaching disks to another Azure VM.

Azure Availability Set Update Domains

• Default configuration includes five non-user-configurable update domains.
• Resource Manager deployments can extend this to a maximum of 20 update domains.

ARM Template and Azure Key Vault

• Use ARM templates to deploy VMs while securing passwords through Azure Key Vault to prevent plain text visibility.
• This enhances security for sensitive information like administrative passwords.

Reviewing ARM Templates

• Access Resource Group blade to review ARM templates used in VM deployments.
• Check deployment history for operations and parameter values.

Tools for Performance Issue Diagnosis in Azure

• Azure Monitor is essential for identifying metrics-related performance issues.
• Metrics are stored in a time-series database optimizing for alerting and quick detection.

Azure Backup and Recovery Services Vault

• Azure Backup supports backups for multiple VM types:
  • Windows 10 and Windows Server (2012 or higher) can be backed up.
  • Debian VMs (version 7.9 and above) are also supported.
• Backups can be scheduled for both running and shut down VMs.

Description

Prepare for the AZ-104 exam with this set of practice questions designed for Azure administrators. Test your knowledge on virtual machines and departmental setups to boost your confidence before the exam. This quiz offers a realistic experience to help you succeed.