Practice Assessment for Exam AZ-104: Microsoft Azure Administrator Flashcards
You have an Azure subscription.
You plan to create a storage account named storage1.
You need to ensure that storage1 provides POSIX-compliant access control lists (ACLs).
Which option should you configure when creating storage1?
Select only one answer.
A. hierarchical namespace
B. access tier
C. version-level immutable support
D. SFTP
A. hierarchical namespace
Explanation:
To enable POSIX-compliant access control lists (ACLs), the hierarchical namespace must be used. The remaining options are valid for a storage account, but do not provide the POSIX-compliant feature.
You need to generate the shared access signature (SAS) token required to authorize a request to a resource.
Which two parameters are required for the SAS token? Each correct answer presents part of the solution
Select all answers that apply.
A. SignedStart (st)
B. SignedIP (sip)
C. SignedServices (ss)
D. SignedResourceTypes (srt)
C. SignedServices (ss)
D. SignedResourceTypes (srt)
Explanation:
SignedServices (ss) is required to refer blobs, queues, tables, and files. SignedResourceTypes (srt) is required to refer services, containers, or objects. SignedStart (st) is an optional parameter that refers to the time when the SAS becomes valid. If unmentioned, the start time is assumed to be the time when the storage service receives the request. SignedIP (sip) is an optional parameter that refers to the range of IP addresses from which to accept requests.
Create an account SAS - Azure Storage | Microsoft Learn
Configure Azure Storage security - Training | Microsoft Learn
Your need to create an Azure Storage account that meets the following requirements:
Stores data in a minimum of two availability zones Provides high availability
Which type of storage redundancy should you use?
Select only one answer.
A. geo-redundant storage (GRS)
B. read-access geo-redundant storage (RA-GRS)
C. zone-redundant storage (ZRS)
D. locally-redundant storage (LRS)
C. zone-redundant storage (ZRS)
Explanation:
Zone-redundant storage (ZRS) replicates a storage account synchronously across three Azure availability zones in the primary region. For ensuring high availability, Microsoft recommends using ZRS in the primary region and also replicating to a secondary region.
Data redundancy - Azure Storage | Microsoft Learn
Determine replication strategies - Training | Microsoft Learn
You have an Azure Storage account named corpimages and an on-premises shared folder named \server1\images.
You need to migrate all the contents from \server1\images to corpimages.
Which two commands can you use? Each correct answer presents a complete solution?
Select all answers that apply.
A. Azcopy copy \server1\images https://corpimages.blog.core.windows.net/public -recursive
B. Azcopy sync \server1\images https://corpimages.blog.core.windows.net/public -recursive
C. Set-AzStorageBlobContent -Container “ContosoUpload” -File “\server1\images” -Blob “ corporateimages “
D. Get-ChildItem -Path \server1\images -Recurse | Set-AzStorageBlobContent -Container “ corpimages”
A. Azcopy copy \server1\images https://corpimages.blog.core.windows.net/public -recursive
D. Get-ChildItem -Path \server1\images -Recurse | Set-AzStorageBlobContent -Container “ corpimages”
Explanation:
The AzCopy command allows you to copy all files to a storage account. You then use Get-ChildItem with the path parameter, recurse to select everything, and then use the Set-AzureStorageBlobContent cmdlet.
Copy or move data to Azure Storage by using AzCopy v10 | Microsoft Learn
Set-AzureStorageBlobContent (Azure.Storage) | Microsoft Learn
Configure Azure Storage with tools - Training | Microsoft Learn
You have an Azure subscription that contains the following StorageV2 (general purpose v2) storage accounts:
store1 is a Premium account that uses geo-redundant storage (GRS) redundancy. store2 is a Standard account that uses locally-redundant storage (LRS) redundancy. store3 is a Premium account that uses read-access geo-redundant storage (RA-GRS) redundancy. store4 is a Premium account that uses RA-GRS redundancy.
You need to identify which storage account can be converted to zone-redundant replication (ZRS) for live migration.
Which storage account should you identify?
Select only one answer.
A. store1
B. store2
C. store3
D. store4
B. store2
Explanation:
Only zone-redundant replication (ZRS) supports StorageV2, FileStorage, and BlockBlobStorage accounts. Live migration is not supported for read-access geo-redundant storage (RA-GRS) and only standard storage accounts can be used.
Data redundancy - Azure Storage | Microsoft Learn
Determine replication strategies - Training | Microsoft Learn
You plan to configure object replication between two Azure Storage accounts.
The Blob service of the source storage account has the following settings:
Hierarchical namespace: Disabled Default access tier: Hot Blob public access: Enabled Blob soft delete: Enabled (7 days) Container soft delete: Enabled (7 days) Versioning: Disabled Change feed: Enabled NFS v3: Disabled Allow cross-tenant replication: Enabled
Which setting should be modified on the source storage account to support object replication?
Select only one answer.
A. Change feed
B. Blob soft delete
C. Hierarchical namespace
D. Versioning
You have an Azure AD tenant named contoso.com. Azure AD Connect is configured to import users to the tenant.
You need to assign licenses to the users based on Azure AD attributes. The attribute values will be set by the HR department.
Which two actions should you perform? Each correct answer presents part of the solution.
Select all answers that apply.
A. Create dynamic groups.
B. Assign the licenses to the dynamic groups.
C. Create security groups.
D. Assign the licenses to the security groups.
E. Create an automatic assignment policy.
A. Create dynamic groups.
B. Assign the licenses to the dynamic groups.
Explanation:
To assign licenses to users based on Azure AD attributes, you must create a dynamic security group and configure rules based on custom attributes. The dynamic group must be added to a license group for automatic synchronization. All users in the groups will get the license automatically. Azure AD evaluates the users in the organization that are in scope for an assignment policy rule and creates assignments for the users who don’t have assignments to an access package; automatic assignment policies are not used for licensing.
Assign licenses to a group - Azure Active Directory - Microsoft Entra | Microsoft Learn
Configure user and group accounts - Training | Microsoft Learn
You have an Azure AD tenant that uses Azure AD Connect to sync with an Active Directory Domain Services (AD DS) domain.
You need to ensure that users can reset their AD DS password from the Azure portal. The users must be able to use two methods to reset their password.
Which two actions should you perform? Each correct answer presents part of the solution.
Select all answers that apply.
A. Run Azure AD Connect and select Password writeback.
B. From Password reset in the Azure portal, configure the Authentication methods settings.
C. From Password reset in the Azure portal, configure the Notifications settings.
D. From Password reset in the Azure portal, configure the Registration settings.
E. Run Azure AD Connect and select Device writeback.
A. Run Azure AD Connect and select Password writeback.
B. From Password reset in the Azure portal, configure the Authentication methods settings.
Explanation:
You must run the Azure AD Connect Wizard to enable Password writeback. You must configure the authentication option to enable the two methods required to reset a password.
Enable Azure Active Directory password writeback - Microsoft Entra | Microsoft Learn
Implement Azure AD self-service password reset - Training | Microsoft Learn
You have an Azure AD tenant.
Your company has several offices in the same region. Each office has a dedicated IT staff.
You need to ensure that the IT staff in each office can manage passwords for their users and administrators.
Which two actions should you perform? Each correct answer presents part of the solution.
Select all answers that apply.
A. From the Azure portal, add administrative units.
B. Assign the Helpdesk administrator role.
C. Assign the Password administrator role
D. From the Azure portal, create a new custom role.
A. From the Azure portal, add administrative units.
B. Assign the Helpdesk administrator role.
Explanation:
You must create an administrative unit and the Helpdesk role assignment allows members to change password for both users and other administrators.
Administrative units in Azure Active Directory - Microsoft Entra | Microsoft Learn
Configure user and group accounts - Training | Microsoft Learn
You have an Azure subscription that contains multiple users and administrators.
You are creating a new custom role by using the following JSON.
{
“Name”: “Custom Role”,
“Id”: null,
“IsCustom”: true,
“Description”: “Custom Role description”,
“Actions”: [
"Microsoft.Compute/*/read", “Microsoft.Compute/snapshots/write”, “Microsoft.Compute/snapshots/read”, "Microsoft.Support/*"
],
“NotActions”: [
“Microsoft.Compute/snapshots/delete”
],
“AssignableScopes”: [
"/subscriptions/00000000-0000-0000-0000-000000000000", "/subscriptions/11111111-1111-1111-1111-111111111111"
]
}
Which three actions can be performed by a user that is assigned the custom role? Each correct answer presents a complete solution.
Select all answers that apply.
A. Read all virtual machine settings.
B. Call Microsoft Support.
C. Create and read a snapshot.
D. Create and delete a snapshot.
E. Create virtual machines.
A. Read all virtual machine settings.
B. Call Microsoft Support.
C. Create and read a snapshot.
Explanation:
The role can read all compute resources, call Microsoft support roles, and allow the creation and reading of a snapshot.
Azure custom roles - Azure RBAC | Microsoft Learn
Configure role-based access control - Training | Microsoft Learn
You have the following resource groups, management groups, and Azure subscriptions:
Two resource groups named RG1 and RG2 that are associated with a subscription named 111-222-333 and a management group named MG1 Two resource groups named RG3 and RG4 that are associated with a subscription named 777-888-999 and a management group named MG1 Two resource groups named RG5 and RG6 that are associated with a subscription named 444-555-666 and a management group named MG1 Two resource group named RG10 and RG11 that are associated with a subscription named 222-333-444 and a management group named MG2 Two resource group named RG11 and RG12 that are associated with a subscription named 555-666-888 and a management group named MG2
You need to assign a role to a user to ensure the user can view all the resources in the subscriptions. The solution must use the principle of least privilege.
Which role should you assign?
Select only one answer.
A. the Reader role for MG1 and MG2
B. the Billing Reader role for MG1 and MG2
C. the Billing Reader role for all the subscriptions
D. the Contributor role for MG1 and MG2
A. the Reader role for MG1 and MG2
Explanation:
Assigning the Reader role for MG1 and MG2 is correct because the simplest way to give user access to all resources is to assign a role at the management group level.
Steps to assign an Azure role - Azure RBAC | Microsoft Learn
Configure role-based access control - Training | Microsoft Learn
You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine that runs daily reports.
You need to ensure that the virtual machine shuts down when resource group costs exceed 75 percent of the allocated budget.
Which two actions should you perform? Each correct answer presents part of the solution.
Select all answers that apply.
A, From Cost Management + Billing, modify the Budgets settings.
B. Create an action group of type Runbook, and then select Stop VM as an action.
C. Create an action group of type Runbook, and then select Scale Up VM.
D. From Cost Management + Billing, create a new cost analysis.
A, From Cost Management + Billing, modify the Budgets settings.
B. Create an action group of type Runbook, and then select Stop VM as an action.
Explanation:
You must go to Cost Management + Billing, and then Budgets to edit the budget associated with the resource group resources. You must also create a new action group of the Runbook type, and then choose Stop VM as an action. The cost analysis will not stop the virtual machine from running and the Scale Up VM action group is not required.
Tutorial - Create and manage Azure budgets - Microsoft Cost Management | Microsoft Learn
Configure subscriptions - Training | Microsoft Learn
You have an Azure subscription that contains hundreds of virtual machines that were migrated from a local datacenter.
You need to identify which virtual machines are underutilized.
Which Azure Advisor settings should you use?
Select only one answer.
A. Cost
B. Performance
C. High Availability
D. Operational Excellence
A. Cost
Explanation:
The Cost blade allows you to optimize and reduce your overall Azure spending. You can use this to identify the virtual machines that are underutilized. The Performance blade allows you to improve the speed of your applications. High availability is unavailable via Azure Advisor. Operational Excellence helps you achieve process and workflow efficiency, resource manageability, and deployment best practices.
Introduction to Azure Advisor - Training | Microsoft Learn
You have an Azure subscription that contains 25 virtual machines.
You need to ensure that each virtual machine is associated to a specific department for reporting purposes.
What should you use?
Select only one answer.
A, tags
B. administrative units
C. management groups
D. storage accounts
A, tags
Explanation:
Tags are metadata elements that can be applied to Azure resources. Tags can be used for tracking resources such as virtual machines and associating each resource to a department for billing and reporting purposes.
Administrative units are containers used for delegating administrative roles to manage a specific portion of Azure AD. Administrative units cannot contain Azure virtual machines.
Management groups are containers that can be used to manage access, policy, and compliance across multiple Azure subscriptions.
Azure Storage accounts contain Azure Storage data objects, including blobs, file shares, queues, tables, and disks. A storage account cannot contain virtual machines.
Tag resources, resource groups, and subscriptions for logical organization - Azure Resource Manager | Microsoft Learn
Configure virtual machines - Training | Microsoft Learn
You have an Azure subscription that contains 200 virtual machines.
You plan to use Azure Advisor to provide cost recommendations when underutilized virtual machines are detected.
You need to ensure that all Azure admins are notified whenever an Advisor alert is generated. The solution must minimize administrative effort.
What should you configure?
Select only one answer.
A. an Azure Automation account
B. an action group
C. an application security group
D. a capacity reservation group
B. an action group
Explanation:
Whenever Azure Advisor detects a new recommendation for resources, an event is stored in the Azure Activity log. You can set up alerts for these events from Azure Advisor. You can select a subscription and optionally a resource group to specify the resources for which you want to receive alerts. You also need to create an action group that will contain all the users to be notified.
Create action groups - Training | Microsoft Learn
Create Azure Advisor alerts for new recommendations using Azure portal - Azure Advisor | Microsoft Learn
You have an Azure subscription.
You plan to create an Azure Policy definition named Policy1.
You need to include remediation information to indicate when users use Microsoft Defender for Cloud Regulatory and Compliance.
To which definition section should you add remediation information for Policy1?
Select only one answer.
A. metadata
B. parameters
C. policyRule
D. mode
A. metadata
Explanation:
You must use the RemediationDescription field in the metadata section from properties to specify a custom recommendation. The remaining options are Azure policies, but do not allow specific custom remediation information.
You have an Azure subscription that contains a resource group named RG1. RG1 contains an Azure virtual machine named VM1.
You need to use VM1 as a template to create a new Azure virtual machine.
Which three methods can you use to complete the task? Each correct answer presents a complete solution.
Select all answers that apply.
A. From RG1, select Export template, select Download, and then, from Azure Cloud Shell, run the New-AzResourceGroupDeployment cmdlet.
B. From Azure Cloud Shell, run the Save-AzDeploymentTemplate and New-AzResourceGroupDeployment cmdlets.
C. From VM1, select Export template, and then select Deploy.
D. From Azure Cloud Shell, run the Save-AzDeploymentScriptLog and New-AzResourceGroupDeployment cmdlets.
A. From RG1, select Export template, select Download, and then, from Azure Cloud Shell, run the New-AzResourceGroupDeployment cmdlet.
B. From Azure Cloud Shell, run the Save-AzDeploymentTemplate and New-AzResourceGroupDeployment cmdlets.
C. From VM1, select Export template, and then select Deploy.
Explanation:
From RG1, selecting the Download option from the Export template page exports the Azure Resource Manager (ARM) template from the resource group properties. You can then deploy the ARM template by running the New-AzResourceGroupDeployment cmdlet.
By using the Save-AzDeploymentTemplate cmdlet, you can save the resource ARM template. You can then deploy the ARM template by running the New-AzResourceGroupDeployment cmdlet.
From VM1, selecting the Deploy option from the Export template page allows you to deploy a new Azure virtual machine and use the configuration of VM1 as the template.
The Save-AzDeploymentScriptLog cmdlet is used to save the log of a deployment script execution.
The Get-AzVM cmdlet generates a list of virtual machines that are created in the Azure subscription.
Export template in Azure portal - Azure Resource Manager | Microsoft Learn
Export template in Azure PowerShell - Azure Resource Manager | Microsoft Learn
Automate Azure tasks using scripts with PowerShell - Training | Microsoft Learn
You have an Azure subscription that contains a resource group named RG1.
You have an Azure Resource Manager (ARM) template for an Azure virtual machine.
You need to use PowerShell to provision a virtual machine in RG1 by using the template.
Which PowerShell cmdlet should you run?
Select only one answer.
A. New-AzVM
B. New-AzManagementGroupDeployment
C. New-AzSubscriptionDeployment
D. New-AzResourceGroupDeployment
D. New-AzResourceGroupDeployment
Explanation:
Virtual machines are deployed to resource groups, so you must run the New-AzResourceGroupDeployment cmdlet. You can deploy virtual machines to subscriptions or management groups directly, therefore, New-AzManagementGroupDeployment and New-AzSubscriptionDeployment cannot be used. New-AzVM can be used to provision a new virtual machine, but without using a template.
Deploy resources with PowerShell and template - Azure Resource Manager | Microsoft Learn
Deploy Azure infrastructure by using JSON ARM templates - Training | Microsoft Learn
Automate Azure tasks using scripts with PowerShell - Training | Microsoft Learn
You have an Azure Resource Manager (ARM) template named deploy.json that is stored in an Azure Blob storage container.
You plan to deploy the template by running the New-AzDeployment cmdlet.
Which parameter should you use to reference the template?
Select only one answer.
A. -Tag
B. -Templatefile
C. -TemplateUri
D. -TemplateSpecId
C. -TemplateUri
Explanation:
The PowerShell deployment cmdlets can be used to deploy JSON templates that are stored locally in a resources group as a template spec, or from a web-based location. You can use the -TemplateUri parameter to specify a web-based location, such as GitHub or an Azure Blob Storage account. You can use -Templatefile to specify a local file. You can use -TemplateSpecId to specify a template that was save to Azure as a template spec.
Deploy resources with PowerShell and template - Azure Resource Manager | Microsoft Learn
Deploy Azure infrastructure by using JSON ARM templates - Training | Microsoft Learn
Automate Azure tasks using scripts with PowerShell - Training | Microsoft Learn
Your company has a set of resources deployed to an Azure subscription. The resources are deployed to a resource group named app-grp1 by using Azure Resource Manager (ARM) templates.
You need to verify the date and the time that the resources in app-grp1 were created.
Which blade should you review for app-grp1 in the Azure portal?
Select only one answer.
A. Metrics
B. Deployments
C. Policy
D. Diagnostics setting
B. Deployments
Explanation:
Navigating to the Diagnostics settings blade provides the ability to diagnose errors or review warnings. Navigating to the Metrics blade provides metrics information (CPU, resources) to users. On the Deployments blade for the resource group (app-grp1), all the details related to a deployment, such as the name, status, date last modified, and duration, are visible. Navigating to the Policy blade only provides information related to the policies enforced on the resource group.
Azure AD deployment checklist - Microsoft Entra | Microsoft Learn
Configure Azure resources with tools - Training | Microsoft Learn
You are creating an Azure virtual machine that will run Windows Server.
You need to ensure that VM1 will be part of a virtual machine scale set.
Which setting should you configure during the creation of the virtual machine?
Select only one answer.
A. Azure Spot instance
B. Region
C. Availability options
D. Management
C. Availability options
Explanation:
You must configure the virtual machine scale set from the availability options. Azure spot instance is used to add virtual machines with a discounted price. Region will not affect the configuration of the availability options. The management setting allows you to configure the monitoring and management options for the virtual machine.
You have an Azure virtual machine.
You receive a notification that the virtual machine is going to be affected by an underlying maintenance activity on the physical infrastructure.
You need to move the virtual machine to a different host to avoid a service interruption.
What should you do?
Select only one answer.
A. Apply an Azure tag.
B. Move the virtual machine to another Azure subscription.
C. Apply an Azure policy.
D. Redeploy the virtual machine
D. Redeploy the virtual machine
Explanation:
You must redeploy the virtual machine, which can move the virtual machine to a different host. Azure will shut down the virtual machine and move the virtual machine to a new node within the Azure infrastructure.
Redeploy Windows virtual machines in Azure - Virtual Machines | Microsoft Learn
Configure virtual machines - Training | Microsoft Learn
You plan to deploy an Azure virtual machine.
You are evaluating whether to use an Azure Spot instance.
Which two factors can cause an Azure Spot instance to be evicted? Each correct answer presents a complete solution.
Select all answers that apply.
A. the time of day
B. the Azure capacity needs
C. the current price of the instance
D. the average CPU usages of the instance
B. the Azure capacity needs
C. the current price of the instance
Explanation:
Azure Spot instances allow you to provision virtual machines at a reduced cost, but these virtual machines can be stopped by Azure when Azure needs the capacity for other pay-as-you-go workloads, or when the price of the spot instance exceeds the maximum price that you have set. These virtual machines are good for dev, testing, or for workloads that do not require any specific SLA.
Use Azure Spot Virtual Machines - Azure Virtual Machines | Microsoft Learn
Configure virtual machine availability - Training | Microsoft Learn
Your company has an Azure subscription and an Azure AD tenant.
You need to limit access to the Kubernetes API server.
Which two components should you use? Each correct answer presents a complete solution.
Select all answers that apply.
A. API server authorized IP ranges
B. a public cluster
C. a private cluster
D. Azure tags
You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1. The autoscaling feature is enabled.
You need to configure the minimum and maximum node counts for AKS1.
Which cmdlet should you run?
Select only one answer.
A. Set-AzAksCluster
B. Start-AzAksCluster
C. Update-AzAksNodePool
D. Set-AzAksClusterCredential
A. Set-AzAksCluster
Explanation:
Set-AzAKsCluster: Configures minimum and maximum node values for AKS autoscaling
Start-AzAksCluster: Starts a stopped managed cluster
Update-AzAksNodePool: Updates a node pool in a managed cluster
Set-AzAksClusterCredential: Resets the service principal of an existing AKS cluster
Use the cluster autoscaler in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn
Set-AzAksCluster (Az.Aks) | Microsoft Learn
Configure Azure Kubernetes Service - Training | Microsoft Learn