Practice Free AZ-104 Exam Online Questions
You have an Azure Storage account named storage1.
You need to enable a user named User1 to list and regenerate storage account keys for storage1.
Solution: You assign the Storage Account Key Operator Service Role to User1.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
No, this does not meet the goal. Unregistering the Microsoft.ClassicNetwork provider does not affect the creation of network security groups (NSGs) in the subscription. The Microsoft.ClassicNetwork provider is used for managing classic deployment model resources, such as virtual networks, network interfaces, and public IP addresses1. However, NSGs are only supported for Resource Manager deployment model resources2. Therefore, unregistering the Microsoft.ClassicNetwork provider will not automatically block TCP port 8080 between the virtual networks.
To meet the goal, you need to create a custom policy definition that enforces a default security rule for NSGs. A policy definition is a set of rules and actions that Azure performs when evaluating your resources3. You can use a policy definition to specify the required properties and values for NSGs, such as the direction, protocol, source, destination, and port of the security rule. You can then assign the policy definition to the subscription scope, so that it applies to all the resource groups and virtual networks in the subscription.
You create an Azure Storage account named Contoso storage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should be open between the home computers and the data file share?
- A . 80
- B . 443
- C . 445
- D . 3389
C
Explanation:
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
HOTSPOT
You have a hybrid deployment of Azure AD that contains the users shown in the following table.
You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the attributes from Azure AD? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: User1 and User3 only
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.
Box 2: User1, User2, and User3
Usage location is an Azure property that can only be modified from Azure AD (for all users including Windows Server AD users synced via Azure AD Connect).
Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal
HOTSPOT
You have an Azure subscription named Subscription1 that contains the following resource group:
– Name: RG1
– Region: West US
– Tag: "tag1": "value1"
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
– Exclusions: None
– Policy definition: Append a tag and its value to resources
– Assignment name: Policy1
– Parameters:
– Tag name: Tag2
– Tag value: Value2
After Policy1 is assigned, you create a storage account that has the following configuration:
– Name: storage1
– Location: West US
– Resource group: RG1
– Tags: "tag3": "value3"
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: "tag1": "value1" only
Box 2: "tag2": "value2" and "tag3": "value3"
Tags applied to the resource group are not inherited by the resources in that resource group.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You set Admin user to Enable for Registry1.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription that contains the resources shown in the following table.
You need to assign User1 the Storage File Data SMB Share Contributor role for share1.
What should you do first?
- A . Enable identity-based data access for the file shares instorage1.
- B . Modify the security profile for the file shares in storage1.
- C . Configure Access control (1AM) for share 1.
- D . Select Default to Azure Active Directory authorization in the Azure portal for storage1.
You have an Azure subscription that contains a resource group named RG26.
RG26 is sot to the West Europe location and is used to create temporary resources for a project.
RG26 contains the resources shown in the following table.
SQLD01 is backed up to RGV1.
When the project is complete, you attempt to delete RG26 from the Azure portal. The deletion fails.
You need to delete RG26.
What should you do first?
- A . Stop the backup of SQLDB01.
- B . Delete sa001.
- C . Delete VM1.
- D . StopVM1.
A
Explanation:
You can’t delete a vault that contains backup data. So in this case at first you have to delete the backup of ‘SQLD01’ before you attempt to delete the vault.
Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
HOTSPOT
You implement the planned changes for cont2.
What is the maximum number of additional access policies you can create for cont2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
- A . Floating IP (direct server return) to Enabled
- B . Idle Time-out (minutes) to 20
- C . Protocol to UDP
- D . Session persistence to Client IP and Protocol
D
Explanation:
https://learn.microsoft.com/en-us/azure/load-balancer/distribution-mode-concepts
Session persistence: Client IP and protocol – Traffic from the same client IP and protocol is routed to the same backend instance