Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ-104 > AZ104 50 Questions > Flashcards

AZ104 50 Questions Flashcards

1
Q

Replication modes need to be specified for storage accounts. Read-access georedundant storage, zone redundancy, georedundancy, and locally redundant storage are available options.

True or False

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are a tenant of Azure Active Directory (Azure AD).To gain access to the Azure site, all administrators need to input a verification code.Make sure that the administrators can only use your on-premises network to access the Azure interface.What configuration should you make?

  1. An Azure AD Identity Protection user risk policy
  2. The default for all the roles in Azure AD Privileged Identity Management
  3. The multi-factor authentication service settings.
A

The multi-factor authentication service settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

App1 is your application, and it operates on VM1 and VM2 virtual machines in Azure. For App1, you intend to implement an Azure Availability Set. The solution needs to guarantee that App1 is accessible when the hardware supporting VMs 1 and 2 is undergoing scheduled repair. What ought to be a part of the availability set?

  1. one update domain
  2. one fault domain
  3. two fault domains
  4. two update domains
A

two update domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Three virtual machines are connected to a public load balancer that distributes traffic across ports 80 and 443. All Remote Desktop Protocol (RDP) connections must be made only to VM3. What configuration should you make?

1.a frontend IP configuration
2. an inbound NAT rule
3. a new public load balancer for VM3
4. a load balancing rule

A

an inbound NAT rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Because they align with availability sets and offer storage in redundant storage units, unmanaged disks offer more availability than managed disks.

True or False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Azure Active Directory (Azure AD) tenant contoso.onmicrosoft.com is what you have.You work with a contract vendor. The vendor logs in with user1@outlook.com to a Microsoft account.Make sure the vendor may use user1@outlook.com to authenticate to the tenant.How ought one to proceed?

  1. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the “UserPrincipalName user1@outlook.com parameter.
  2. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the “UserPrincipalName user1@outlook.com parameter.
  3. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify user1@outlook.com as the username.

4.From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address.

A

From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Subscription1 is the name of your Azure subscription. There is a resource group called RG1 in Subscription1. Resources that were delivered using templates can be found in RG1. You must see the time and date when the resources in RG1 were created. Resolution: After selecting the RG1 blade, select Automation script. Does this accomplish the goal?

Yes or No

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To keep an eye on the status of your storage accounts, let ________________.

Pick correct Answers
1. Diagnostics
2. Alerts
3. Special classes
4. Exceptions

A
  1. Diagnostics
  2. Alerts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

For a user with the email address admin1@contoso.com, you have enabled multi-factor authentication.Admin1 uses a web browser to access the Azure interface. Which other security checks is Admin1 able to do via the Azure portal?

1.An app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app

  1. An app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app
  2. An app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app
  3. A phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app
A
  1. A phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Custom domains are supported by both CDNs and storage accounts. Only on custom domains is it possible to enable SSL while accessing the blob over a CDN.

TRUE or FALSE

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Using diagnostics similar to those used by Connection Troubleshoot, Connection Monitor allows for long-term connection monitoring.

TRUE or FALSE

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

100 client PCs are located at your company’s London main office.You switched to Azure Active Directory (Azure AD) three years ago.All personal devices and corporate-owned devices need to be registered or linked to Azure AD, according to the company’s security policy.It is not possible for User1, a distant user, to connect a personal device from a home network to Azure AD.You confirm that users can connect other users’ devices to Azure AD.Make that User1 is able to connect the device to Azure AD.How ought one to proceed?

  1. From the Device settings blade, modify the Users may join devices to Azure AD setting.
  2. Assign the User administrator role to User1.
  3. From the Device settings blade, modify the Maximum number of devices per user setting.
    4.Create a point-to-site VPN from the home network of User1 to Azure.
A

From the Device settings blade, modify the Maximum number of devices per user setting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Images and disks can be managed or unmanaged. Azure does this for you with both managed and unmanaged disks, which makes managing disks and images much easier.

TRUE or FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Metric alerts (obtained from Azure Diagnostics) and Activity Log alerts that can be triggered by email, voice, web hooks, SMS, Logic Apps, or even an Azure Automation Runbook can be used to set up alerts.

TRUE or FALSE

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Workspace1 is the Azure Log Analytics workspace that is part of your Subscription1 Azure subscription.The error events must be viewed via the Event table.In Workspace1, which query should you execute?

  1. search in (Event) “error”
  2. select *from Event where EventType == “error”
  3. search in (Event) * | where EventType “eq “error”
    4.Get-Event Event | where ($_.EventType == “error”)
A

search in (Event) “error”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You intend to use the Windows Server 2016 Datacenter image to automate the deployment of a virtual machine scale set. Make sure that web server components are installed on the scale set virtual machines when they are provisioned. Which two things ought you to do? Part of the solution is presented in each accurate response. NOTE: One point is awarded for each correct answer.

  1. Modify the extension Profile section of the Azure Resource Manager template.
  2. Upload a configuration script.
  3. Create an Azure policy.
  4. Create a new virtual machine scale set in the Azure portal.
  5. Create an automation account.
A
  1. Modify the extension Profile section of the Azure Resource Manager template.
  2. Create a new virtual machine scale set in the Azure portal.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

File transfers between storage accounts or from external, publicly accessible places to your Azure storage account are not supported by the async blob copy service.

TRUE or FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Azure Active Directory (Azure AD) tenant contosocloud.onmicrosoft.com is what you have. You have a public DNS zone set up for contoso.com. You add contoso.com to Azure AD as a custom domain name. Make sure Azure is able to validate the domain name. Which kind of DNS record ought to be set up?

  1. DNSKEY
  2. SRV
  3. NSEC
  4. MX
A

MX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You test backups using a Recovery Service vault that you own. There are two protected virtual computers in the test backups. The Recovery Services vault must be deleted. What ought to you do initially?

  1. Modify the disaster recovery properties of each virtual machine.
  2. From the Recovery Service vault, stop the backup of each backup item
  3. Modify the locks of each virtual machine
  4. From the Recovery Service vault, delete the backup data.
A

From the Recovery Service vault, stop the backup of each backup item

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

For an on-premises network, you set up Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO).

Users claim that they are required to use an account name that ends in onmicrosoft.com and are repeatedly prompted to sign in when they try to access myapps.microsoft.com. You find that the on-premises Active Directory and Azure AD have different UPNs. It is imperative to confirm that users are able to access Azure resources through single-sign-on (SSO). What ought to you do initially?

  1. From Azure AD, add and verify a custom domain name.
  2. From the on-premises network, request a new certificate that contains the Active Directory domain name.
  3. From the on-premises network, deploy Active Directory Federation Services (AD FS).
  4. From the server that runs Azure AD Connect, modify the filtering options.
A

From Azure AD, add and verify a custom domain name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Tenant1 and Tenant2 are your two Azure Active Directory (Azure AD) tenants, and Subscription1 is your Azure subscription. Tenant1 is connected to Subscription1. In Tenant1, multi-factor authentication (MFA) is activated for every user. Tenant2 users’ MFA needs to be enabled. Tenant1’s MFA must be maintained by the solution. What ought to you do initially?

1.Change the directory for Subscription1.
2. Transfer the administration of Subscription1 to a global administrator of Tenant2.
3.Create and link a subscription to Tenant2.
4.Configure the MFA Server setting in Tenant1.

A

Create and link a subscription to Tenant2.

22
Q

You own an Azure subscription with a resource group called RG1, which has one hundred virtual machines in it.The three cost areas in your organization are called Manufacturing, Sales, and Finance. Every virtual machine must be connected to a distinct cost center. How ought one to proceed?

  1. Add an extension to the virtual machines.
  2. Configure locks for the virtual machine.
  3. Modify the inventory settings of the virtual machine.
  4. Assign tags to the virtual machines.
A

Assign tags to the virtual machines.

23
Q

To gain access to the Azure site, all administrators need to input a verification code. When the administrators connect from your on-premises network to the Azure portal, you need to make sure they can access it without typing a verification code. Keep in mind that the sign-in risk policy includes some IP restrictions. What configuration should you make?

  1. The default for all the roles in Azure AD Privileged Identity Management
  2. An Azure AD Identity Protection sign-in risk policy
  3. An Azure AD Identity Protection user risk policy
A

An Azure AD Identity Protection sign-in risk policy

24
Q

You have an Azure Storage account with your subscription to Azure. You intend to utilize a Docker image called Image1 to construct an Azure container instance called container1. A Microsoft SQL Server instance that needs persistent storage is present in Image 1. For Container1, a storage service needs to be configured. What kind of tool ought to you use?

  1. Azure Files
  2. Azure Queue storage
  3. Azure Table storage
  4. Azure Blob storage
A

Azure Table storage

25
Q

VNet1, a virtual network hosted in the West US Azure region, is under your management. Two Windows Server-powered virtual machines, VM1 and VM2, are hosted by VNet1.For three hours, you must examine every network transaction from VM1 to VM2.Resolution: Create a connection monitor from Azure Network Watcher. Does this accomplish the goal?

YES or NO

A

YES

26
Q

The on-premises ActiveDirectory domain is set up for hybrid coexistence with your company’s Azure Active Directory (Azure AD) tenant, contoso.com. The users listed in the following table are part of the tenant. It is imperative that you implement Azure Multi-Factor Authentication (MFA) for all users on contoso.com whenever feasible. Which users ought to have Azure MFA enabled?

Table Location
https://www.examtopics.com/discussions/microsoft/view/16595-exam-az-103-topic-5-question-20-discussion/

1.User2 only
2. User1, User2, User3, and User4
3. User1 only
4. User1, User2, and User3 only
5. User1 and User2 only

A

User1, User2, User3, and User4

27
Q

Subscription1 is the name of your Azure subscription. It is necessary for you to move 5 TB of data to Subscription1. You intend to use an import/export task from Azure. What may you utilize the imported data’s destination to be?

  1. The Azure File Sync Storage Sync Service
  2. Azure File Storage
  3. An Azure Cosmos DB database
  4. A virtual machine
A

Azure File Storage

28
Q

Adatum is the tenant of your Azure Active Directory (Azure AD), and Subscription1 is your Azure subscription. There is an organization called Developers in Adatum. There is a resource group called Dev in Subscription1.The ability to construct Azure logic apps in the Dev resource group must be granted to the Developers group. Resolution: You give the Developers group the Contributor role on Dev. Does this accomplish the goal?

YES or NO

A

YES

29
Q

High availability is provided at the data center level by Azure Availability Zones. High availability is offered within a data center via Azure Availability Sets.

TRUE or FALSE

A

TRUE

30
Q

Application security groups are another way to specify IP address ranges (ASGs). Network Security Groups rules can be set for groups of virtual machines (VMs) using ASGs, eliminating the need to divide the VMs into individual subnets.

TRUE or FALSE

A

TRUE

31
Q

When there is little or no connectivity at on-premises locations, data can still be imported into Azure storage by utilizing Azure Data Box or the Azure Import/Export service.

TRUE or FALSE

A

TRUE

32
Q

Through the use of an encrypted tunnel across the open Internet, site-to-site VPN connections enable access between an Azure virtual network and an on-premises network.

TRUE or FALSE

A

TRUE

33
Q

Many different hardware (and software) configurations can be used as the on-premises Site-to-Site VPN endpoint. A static IPv4 address pointed at the Internet is required for the device.

TRUE or FALSE

A

TRUE

34
Q

Utilizing RDP, SSH, or even PowerShell, you may establish a connection to an Azure virtual machine (VM) with a public or private IP address. You must additionally enable connection, such as site-to-site, point-to-site, or ExpressRoute, in order to connect to a virtual machine (VM) via a private IP.

TRUE or FALSE

A

TRUE

35
Q

Storage1 is the name of your Azure Storage account. You intend to copy data to storage using AzCopy1. The storage services in storage1 that you can copy the data to must be identified. What ought you to recognize?

  1. file and table only
  2. file only
  3. blob, table, and queue only
  4. blob, file, table, and queue
  5. blob and file only
A

blob and file only

36
Q

The resources shown in the following table are included in your Azure subscription. The resource kinds that are prohibited Azure policy with the following parameters is assigned to RG1: Virtual Networks and Microsoft.Network Computer/Virtual Machines / Microsoft You must first construct a new virtual machine in RG1 called V2, then connect it to VNET1. What ought to you do initially?

  1. Create an Azure Resource Manager template.
  2. Add a subnet to VNET1.
  3. Remove Microsoft.Compute/virtualMachines from the policy.
  4. Remove Microsoft.Network/virtualNetworks from the policy.
A

Remove Microsoft.Compute/virtualMachines from the policy.

37
Q

Azure Active Directory (Azure AD) tenant contosocloud.onmicrosoft.com is what you have. You have a public DNS zone set up for contoso.com. You add contoso.com to Azure AD as a custom domain name.Make sure Azure is able to validate the domain name. Which kind of DNS record ought to be set up?

  1. TXT
  2. RRSIG
  3. PTR
  4. SRV
A

TXT

38
Q

Administrators may extract value from complex machine data by utilizing the many management tools offered by Azure Log Analytics. These solutions come with pre-made queries and visuals to aid in rapidly revealing insights.

TRUE or FALSE

A

TRUE

39
Q

High availability is made possible by ________________________ with the use of site-to-site VPNs.

  1. Traditional hubs
  2. BGP routing
  3. Active-active gateways and connections
A

Traditional hubs and BGP routing

40
Q

Subscription1 is the name of your Azure subscription. There is a resource group called RG1 in Subscription1. Resources that were delivered using templates can be found in RG1.You must see the time and date when the resources in RG1 were created. Resolution: After choosing the subscription from the Subscriptions blade, click Resource providers. Does this accomplish the goal?

YES or NO

A

NO

41
Q

Only public (Internet) frontend IP addresses羊ather than private (intranet) addresses幼an be used to deploy Azure Load Balancer.

TRUE or FALSE

A

FALSE

42
Q

There are numerous ways to manage who can access storage accounts. These include using the storage firewall and virtual network service endpoints, sharing access signatures (SAS) and combining them with access policies, as well as the name and key of the storage account. The public access level of the blob container can also be used to manage access to blob storage.

TRUE or FALSE

A

TRUE

43
Q

The on-premises VPN equipment and network are represented in Azure by a local network connection, which is an Azure resource.

TRUE or FALSE

A

TRUE

44
Q

Subscription1 is the name of your Azure subscription. The resource groups in the following table are part of Subscription1. WebApp1 is the name of RG1’s web app. West Europe is where WebApp1 is situated. WebApp1 is relocated to RG2. What impact does the relocation have?

  1. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.
  2. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
    3, The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.
  3. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.
A

The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

45
Q

VNet1, VNet2, and VNet3 are the three virtual networks that are included in your Azure subscription. A virtual appliance called VM2 that serves as a router is present in VNet2. Using VNet2 as the hub network, you are configuring the virtual networks in a hub and spoke structure. You intend to set up peering between VNets 2 and 3 as well as between VNets 1 and 2. You must establish connectivity via VNet2 between VNet1 and VNet3. Which two setups ought you to carry out? Part of the solution is presented in each accurate response.

  1. On the peering connections, allow forwarded traffic.
  2. Create route tables and assign the table to subnets.
    3, On the peering connections, allow gateway transit.
  3. Create a route filter.
  4. On the peering connections, use remote gateways
A

On the peering connections, allow forwarded traffic.

46
Q

Subscription1 is the name of your Azure subscription. It is necessary for you to move 5 TB of data to Subscription1. You intend to use an import/export task from Azure. What may you utilize the imported data’s destination to be?

  1. Azure Blob storage
  2. The Azure File Sync Storage Sync Service
  3. An Azure Cosmos DB database
  4. Azure Data Lake Store
A

Azure Blob storage

47
Q

Your business registers the contoso.com domain name. After creating an Azure DNS zone called contoso.com, you add an A record for a host called www with the IP address 131.107.1.10 to the zone. You see that www.contoso.com cannot be resolved by Internet hosts to the IP address 131.107.1.10. The issue of name resolution must be resolved. Resolution: At the domain registrar, you make changes to the name servers. Does this accomplish the goal?

YES or NO

A

NO

48
Q

You have an Azure virtual network called VNet1 and an Azure subscription called Subscription1. VNet1 uses Azure ExpressRoute to establish a connection with your on-premises network. A site-to-site VPN must be used to link VNet1 to the on-premises network. Cost must be kept to a minimum in the solution. Which three things ought you to do? (Pick 3)

  1. Create a connection.
  2. Create a local site VPN gateway.
  3. Create a VPN gateway that uses the Basic SKU.
  4. Create a gateway subnet.
A

A. Create a connection
B. Create a local site VPN gateway
C. Create a VPN gateway that uses basic SKU

49
Q

Subscription1 is the name of your Azure subscription. There is a resource group called RG1 in Subscription1. Resources that were delivered using templates can be found in RG1.You must see the time and date when the resources in RG1 were created. Resolution: After choosing the subscription from the Subscriptions blade, click Programmatic deployment. Does this accomplish the goal?

YES or NO

A

NO

50
Q

Metric alerts (obtained from Azure Metrics) and Activity Log alerts, which can only be notified via an Azure Automation Runbook (and not via email), can both be configured as alert sources.

TRUE or FALSE

A

FALSE

AZ-104 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions