microsoft az-104 practice test

Microsoft Azure Administrator Exam

Note: Test Case questions are at the end of the exam
Last exam update: Dec 14 ,2024
Page 1 out of 23. Viewing questions 1-15 out of 346

Question 1 Topic 9, Mixed Questions

DRAG DROP
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:

Answer:


Explanation:
Step 1: From the Azure portal, click File Recovery from the vault
Step 2. Select a restore point that contains the deleted files
Step 3: Download and run the script to mount a drive on the local computer Generate and download script to browse and
recover files:
Step 4: Copy the files using File Explorer!
After the disks are attached, use Windows File Explorer to browse the new volumes and files. The restore files functionality
provides access to all files in a recovery point. Manage the files via File Explorer as you would for normal files.
Step 1-3 below:
To restore files or folders from the recovery point, go to the virtual machine and perform the following steps:
1. Sign in to the Azure portal and in the left pane, select Virtual machines. From the list of virtual machines, select the virtual
machine to open that virtual machine's dashboard.
2. In the virtual machine's menu, select Backup to open the Backup dashboard.
3. In the Backup dashboard menu, select File Recovery.

The File Recovery menu opens.


4. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the
latest recovery point is already selected.
5. Select Download Executable (for Windows Azure VMs) or Download Script (for Linux Azure VMs, a python script is
generated) to download the software used to copy files from the recoverypoint.
Running the script and identifying volumes:
For Linux machines, a python script is generated. Download the script and copy it to the relevant/compatible Linux server.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm https://docs.microsoft.com/en-
us/azure/backup/backup-azure-vms-automation#restore-files-from-an-azure-vm-backup

Discussions
0 / 1000
dazzler
1 year, 5 months ago

Answer is correct , view the link below
https://learn.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm


Question 2 Topic 9, Mixed Questions

You have an existing Azure subscription that contains 10 virtual machines.
You need to monitor the latency between your on-premises network and the virtual machines.
What should you use?

  • A. Service Map
  • B. Connection troubleshoot
  • C. Network Performance Monitor
  • D. Effective routes
Answer:

C


Explanation:
Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network
performance between various points in your network infrastructure. It also helps you monitor network connectivity to service
and application endpoints and monitor the performance of Azure ExpressRoute.
You can monitor network connectivity across cloud deployments and on-premises locations, multiple data centers, and
branch offices and mission-critical multitier applications or microservices. With Performance Monitor, you can detect network
issues before users complain.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
dazzler
1 year, 5 months ago

C is correct but please note that network performance monitor is no longer supported by microsoft

wolf
5 months ago

Connection troubleshoot


Question 3 Topic 9, Mixed Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named
contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
Does that meet the goal?

  • A. Yes
  • B. No
Answer:

A


Explanation:
Only a global administrator can add users to this tenant.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000
dazzler
1 year, 5 months ago

The user1 which created the tenant is always the tenant owner . Answer is correct

wolf
5 months ago

Yes, User1 to create the user accounts


Question 4 Topic 9, Mixed Questions

HOTSPOT
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant
is synced to the on-premises Active Directory domain. The domain contains the users shows in the following table.

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication
methods:
Number of methods required to reset: 2

Methods available to users: Mobile phone, Security questions

Number of questions required to register: 3

Number of questions required to reset: 3

You select the following security questions:
What is your favorite food?

In what city was your first job?

What was the name of your first pet?

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to
changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password
reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not syncing on-
prem AD admin accounts to Azure AD. An administrator cannot use secret Questions & Answers as a method to reset
password.
Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords
without needing to contact IT staff. Box 3: Yes
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment

Discussions
0 / 1000
dazzler
1 year, 5 months ago

NO
NO
Yes,
Administrator accounts cant use security questions for verification
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-security-questions

yehyamedhat3 (replied to dazzler)
1 year, 3 months ago

no
no
yes
or
no
yes
yes
i dont know the right answer i ask any one to know


Question 5 Topic 9, Mixed Questions

HOTSPOT
You have two Azure App Service app named App1 and App2. Each app has a production deployment slot and a test
deployment slot.
The Backup Configuration settings for the production slots are shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Discussions
0 / 1000
dazzler
1 year, 5 months ago

NNY
1. NO - https://docs.microsoft.com/en-us/cli/azure/webapp/config/backup?view=azure-cli-latest
2. NO - only production is mentioned , test slots do not have nay backups
3. Yes - https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/restore-slot
you can restore app2 to another slot


Question 6 Topic 9, Mixed Questions

Your company has a main office in London that contains 100 client computers.
Three years ago, you migrated to Azure Active Directory (Azure AD).
The companys security policy states that all personal devices and corporate-owned devices must be registered or joined to
Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network.
You verify that User1 was able to join devices to Azure AD in the past.
You need to ensure that User1 can join the device to Azure AD.
What should you do?

  • A. Assign the User administrator role to User1.
  • B. From the Device settings blade, modify the Maximum number of devices per user setting.
  • C. Create a point-to-site VPN from the home network of User1 to Azure.
  • D. From the Device settings blade, modify the Users may join devices to Azure AD setting.
Answer:

B


Explanation:
The Maximum number of devices setting enables you to select the maximum number of devices that a user can have in
Azure AD. If a user reaches this quota, they will not be able to add additional devices until one or more of the existing
devices are removed.
Incorrect Answers:
C: Azure AD Join enables users to join their devices to Active Directory from anywhere as long as they have connectivity
with the Internet.
D: The Users may join devices to Azure AD setting enables you to select the users who can join devices to Azure AD.
Options are All, Selected and None. The default is All.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal http://techgenix.com/pros-
and-cons-azure-ad-join/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
dazzler
1 year, 5 months ago

ans is B
https://learn.microsoft.com/zh-tw/azure/active-directory/devices/device-management-azure-portal

wolf
5 months ago

From the Device settings blade, modify the Maximum number of devices per user setting.


Question 7 Topic 9, Mixed Questions

HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the
following table.

You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit. (Click the Password Reset
tab.)

You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the
Authentication Methods tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Box 1: No Two methods are required.
Box 2: No
Self-service password reset is only enabled for Group2, and User1 is not a member of Group2.
Box 3: Yes
As a User Administrator, User3 can add security questions to the reset process.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr
https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

Discussions
0 / 1000
dazzler
1 year, 5 months ago

BOX3 is NO
you need to be global administrator
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

wolf
5 months ago

Statement 1: No - After User2 answers three security questions correctly, he can reset his password immediately.No, User2 is part of Group2 for which the Self-Service Password Reset (SSPR) is enabled. As per the image, two methods for password reset are required - MobilePhone and Security question.The question asks if User2 can reset the password immediately after he answers three security questions correctly. Obviously the answer is no, because User2 also needs to use his Mobile Phone (validation like a one-time password or MFA authentication) for resetting his password.Statement 2: No - If User1 forgets her password, she can reset the password by using the mobile phone app.No, it can be noted from the image above that SSPR is enabled only for Group2 (in turn for User2) and User1 does not belong to Group2, rather she belongs toGroup1, and therefore if she forgets her password, she cannot reset the password by using the mobile phone app.Statement 3: No - User3 can add security question


Question 8 Topic 9, Mixed Questions

You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1.
After creating Backup1, you perform the following changes to VM1:
Modify the size of VM1.

Copy a file named Budget.xls to a folder named Data.

Reset the password for the built-in administrator account. Add a data disk to VM1.


An administrator uses the Replace existing option to restore VM1 from Backup1.
You need to ensure that all the changes to VM1 are restored.
Which change should you perform again?

  • A. Modify the size of VM1.
  • B. Reset the password for the built-in administrator account.
  • C. Add a data disk.
  • D. Copy Budget.xls to Data.
Answer:

C D


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/backup/about-azure-vm-restore

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
dazzler
1 year, 5 months ago

C,D are the correct answer

wolf
5 months ago

Copy Budget.xls to Data.


Question 9 Topic 9, Mixed Questions

HOTSPOT
You have the web apps shown in the following table.

You need to monitor the performance and usage of the apps by using Azure Application Insights. The solution must minimize
modifications to the application code.
What should you do on each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/azure-web-apps

Discussions
0 / 1000
dazzler
1 year, 5 months ago

Correct
https://learn.microsoft.com/en-us/azure/azure-monitor/app/application-insights-asp-net-agent?tabs=getting-started


Question 10 Topic 9, Mixed Questions

You have an Azure subscription.
You are deploying an Azure Kubernetes Service (AKS) cluster that will contain multiple pods. The pods will use kubernet
networking.
You need to restrict network traffic between the pods.
What should you configure on the AKS cluster?

  • A. the Azure network policy
  • B. the Calico network policy
  • C. pod security policies
  • D. an application security group
Answer:

B


Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/aks/use-network-policies

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
dazzler
1 year, 5 months ago

Ans is correct, Verified on Exam


Question 11 Topic 9, Mixed Questions

You have an Azure subscription that uses the public IP addresses shown in the following table.

You need to create a public Azure Standard Load Balancer.
Which public IP addresses can you use?

  • A. IP1, IP2, and IP3
  • B. IP2 only
  • C. IP3 only
  • D. IP1 and IP3 only
Answer:

C


Explanation:
Matching SKUs are required for load balancer and public IP resources. You can't have a mixture of Basic SKU resources
and standard SKU resources.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
dazzler
1 year, 5 months ago

answer is correct
you cant mix SKU's


Question 12 Topic 9, Mixed Questions

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

  • A. Session persistence to Client IP and protocol
  • B. Protocol to UDP
  • C. Session persistence to None
  • D. Floating IP (direct server return) to Enabled
Answer:

A


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-distribution-mode?tabs=azure-portal

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
dazzler
1 year, 5 months ago

Answer is correct A


Question 13 Topic 9, Mixed Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1.
The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic.
Does this meet the goal?

  • A. Yes
  • B. No
Answer:

B


Explanation:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a
client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is
not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000
dazzler
1 year, 5 months ago

Correct
You have to create the certificate from Computer1 and install on Computer2


Question 14 Topic 9, Mixed Questions

HOTSPOT
You have a network security group (NSG) named NSG1 that has the rules defined in the exhibit. (Click the Exhibit tab.)

NSG1 is associated to a subnet named Subnet1. Subnet1 contains the virtual machines shown in the following table.

You need to add a rule to NSG1 to ensure that VM1 can ping VM2. The solution must use the principle of least privilege.
How should you configure the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Reference: https://www.thomasmaurer.ch/2019/09/how-to-enable-ping-icmp-echo-on-an-azure-vm/

Discussions
0 / 1000
dazzler
1 year, 5 months ago

Answer is correct , Verified on the exam In May 3


Question 15 Topic 9, Mixed Questions

You have the Azure virtual machines shown in the following table.

VNET1 is linked to a private DNS zone named contoso.com that contains the records shown in the following table.

You need to ping VM2 from VM1.
Which DNS names can you use to ping VM2?

  • A. comp2.contoso.com and comp4.contoso.com only
  • B. comp1.contoso.com, comp2.contoso.com, comp3.contoso.com, and comp4.contoso.com
  • C. comp2.contoso.com only
  • D. comp1.contoso.com and comp2.contoso.com only
  • E. comp1.contoso.com, comp2.contoso.com, and comp4.contoso.com only
Answer:

C


Explanation:
https://learn.microsoft.com/en-us/azure/dns/dns-zones-records

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
dazzler
1 year, 5 months ago

C is correct
Only A record can resolve IP to dns name

To page 2