Microsoft AZ-104 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains a virtual machine named VM1.

You plan to deploy an Azure Monitor alert rule that will trigger an alert when CPU usage on VM1 exceeds 80 percent.

You need to ensure that the alert rule sends an email message to two users named User1 and User2.

What should you create for Azure Monitor?

Aan action group

Ba mail-enabled security group

Ca distribution group

Da Microsoft 365 group

Answer : A

An action group is a collection of notification preferences that can be used by Azure Monitor to send alerts to users or groups when an alert rule is triggered. An action group can include email recipients, SMS recipients, voice call recipients, webhook URLs, Azure functions, Logic Apps, and more. To send an email message to two users named User1 and User2 when CPU usage on VM1 exceeds 80 percent, you need to create an action group that contains their email addresses and associate it with the alert rule. Reference:

Create and manage action groups in the Azure portal

Create, view, and manage Metric alerts using Azure Monitor

Question 2

You create an Azure Storage account named Contoso storage.

You plan to create a file share named data.

Users need to map a drive to the data file share from home computers that run Windows 10.

Which outbound port should be open between the home computers and the data file share?

A80

B443

C445

D3389

Answer : C

Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.

Question 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Owner role at the subscription level to Admin1.

Does this meet the goal?

AYes

BNo

Answer : B

The Owner role is a very high-level role that grants full access to manage all resources in the scope, including the ability to assign roles to other users. This role does not follow the principle of least privilege, which means that you should only grant the minimum level of access required to accomplish the goal.

To enable Traffic Analytics for an Azure subscription, you need to have a role that grants you the following permissions at the subscription level:

Microsoft.Network/applicationGateways/read

Microsoft.Network/connections/read

Microsoft.Network/loadBalancers/read

Microsoft.Network/localNetworkGateways/read

Microsoft.Network/networkInterfaces/read

Microsoft.Network/networkSecurityGroups/read

Microsoft.Network/publicIPAddresses/read

Microsoft.Network/routeTables/read

Microsoft.Network/virtualNetworkGateways/read

Microsoft.Network/virtualNetworks/read

Microsoft.OperationalInsights/workspaces/*

Some of the built-in roles that have these permissions are Owner, Contributor, or Network Contributor1. However, these roles also grant other permissions that may not be necessary or desirable for enabling Traffic Analytics.Therefore, the best practice is to use the principle of least privilege and create a custom role that only has the required permissions for enabling Traffic Analytics2.

Therefore, to meet the goal of ensuring that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription, you should create a custom role with the required permissions and assign it to Admin1 at the subscription level.

Question 4

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the Azure policy to the subscription.

Does this meet the goal?

AYes

BNo

Answer : A

Question 5

You have an Azure virtual machine named VM1.

You use Azure Backup to create a backup of VM1 named Backup1.

After creating Backup1, you perform the following changes to VM1:

Modify the size of VM1.

Copy a file named Budget.xls to a folder named Data.

Reset the password for the built-in administrator account.

Add a data disk to VM1.

An administrator uses the Replace existing option to restore VM1 from Backup1.

You need to ensure that all the changes to VM1 are restored.

Which change should you perform again?

AModify the size of VM1.

BAdd a data disk.

CReset the password for the built-in administrator account.

DCopy Budget.xls to Data.

Answer : D

The scenario mentioned in the question, we are using the replace option. So in this case we would lose the existing data written to the disk after the backup was taken. The file was copied to the disk after the backup was taken. Hence, we would need to copy the file once again.

https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-disks

Question 6

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARMIjson.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the resource group blade, move VM1 to another subscription.

Does this meet the goal?

AYes

BNo

Answer : B

Question 7

You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

AA Microsoft intune device configuration profile

BMicrosoft entra Application proxy

CAzure Custom Script Extension

DDepartment Center in Azure App service

Answer : C

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

https://docs.microsoft.com/en-us/samples/mspnp/samples/azure-well-architected-framework-sample-state-configuration

https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration

Microsoft AZ-104 Microsoft Azure Administrator Exam Practice Test