Practice Free AZ-104 Exam Online Questions
HOTSPOT
You have Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following resource groups:
RG1 includes a web app named App1 in the West Europe location.
Subscription2 contains the following resource groups:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
App1 present in RG1 and in RG1 there is no lock available. So you can move App1 to other resource
groups, RG2, RG3, RG4.
Note:
App Service resources can only be moved from the resource group in which they were originally created. If an App Service resource is no longer in its original resource group, move it back to its original resource group.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-limitations/app-service-move-limitations
HOTSPOT
You need to generate a shared access signature (SAS).
The solution must meet the following requirements:
• Ensure that the SAS can only be used to enumerate and download blobs stored in container1.
• Use the principle of least privilege,
Which three settings should you enable? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
To generate a shared access signature (SAS) that meets the requirements, you should enable the following three settings:
Service: Blob
Allowed resource types: Container
Allowed permissions: Read and List
These settings will ensure that the SAS can only be used to enumerate and download blobs stored in container1, and not to perform any other operations on the storage account or the blobs. This follows the principle of least privilege, which means granting the minimum permissions necessary for a task.
You can use the Azure portal or Azure Storage Explorer to create a SAS token with these settings.
For more information, see Create shared access signature (SAS) tokens for storage containers and blobs – Azure AI services | Microsoft Learn.
HOTSPOT
You have an Azure subscription.
You need to deploy a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
– dependsON: resoureceID
– storageProfile: ImageReference
Reference:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-dependency#dependson https://learn.microsoft.com/en-us/javascript/api/@azure/arm-compute/storageprofile?view=azure-node-latest
HOTSPOT
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Statement 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for
these.
Statement 2: No
Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data.
Common uses of Table storage include:
HOTSPOT
You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains two users named User1 and User2.
The subscription contains the resources shown in the following table.
The subscription contains the alert rules shown in the following table.
The users perform the following actions:
• User1 creates a new virtual disk and attaches the disk to VM1.
• User2 creates a new resource tag and assigns the tag to RG1 and VM1.
Which alert rules are triggered by each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
In this case, you have two alert rules: Alert1 and Alert2. Alert1 has a scope of RG1, which means it applies to all the resources in the resource group named RG1. Alert1 has a condition of All Administrative operations, which means it triggers when any administrative operation is performed on the resources in RG1. An administrative operation is any operation that changes the configuration or state of a resource, such as creating, deleting, updating, or restarting.
Alert2 has a scope of VM1, which means it applies only to the virtual machine named VM1. Alert2 also has a condition of All Administrative operations, which means it triggers when any administrative operation is performed on VM1.
Now, let’s see which alert rules are triggered by each user.
User1 creates a new virtual disk and attaches the disk to VM1. This is an administrative operation on VM1, so it triggers Alert2. However, it does not trigger Alert1, because the new disk is not part of RG1. Therefore, the correct answer for User1 is C. Only Alert2 is triggered.
User2 creates a new resource tag and assigns the tag to RG1 and VM1. This is also an administrative operation on both RG1 and VM1, so it triggers both Alert1 and Alert2. Therefore, the correct answer for User2 is D. Alert1 and Alert2 are triggered.
HOTSPOT
You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2.
You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup.
What should you create first and what should you use to exclude Fokier2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal#create-a-custom-backup
In Storage account, select an existing storage account (in the same subscription) or select Create new. Do the same with Container. https://learn.microsoft.com/en-us/azure/app-service/manage-backup?tabs=portal#configure-partial-backups
Partial backups are supported for custom backups (not for automatic backups). Sometimes you don’t want to back up everything on your app. To exclude folders and files from being stored in your future backups, create a _backup.filter file in the %HOME%sitewwwroot folder of your app. Specify the list of files and folders you want to exclude in this file.
You have an Azure Storage account named storage1.
For storage 1. you create an encryption scope named Scope1.
Which storage types can you encrypt by using Scope1?
- A . file shares only
- B . containers only
- C . file shares and containers only
- D . containers and tables only
- E . file shares, containers, and tables only
- F . file shares, containers, tables, and queues
B
Explanation:
"Encryption scopes enable you to manage encryption at the level of an individual blob or container." https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account! from your on-premises network.
The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
• Ensure that you can upload the disk files to account1.
• Ensure that you can attach the disks to VM1.
• Prevent all other access to account1.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . From the Networking blade of account1, select Selected networks
- B . From the Service endpoints blade of VNet1, add a service endpoint.
- C . From the Networking blade of account11, add the 131.107.1.0/24 IP address range.
- D . From the Networking blade of account1. select Allow trusted Microsoft services to access this storage account
- E . From the Networking blade of account1, add VNet1.
A,E
Explanation:
To restrict access to account1, you need to enable the firewall and virtual network settings on the storage account. This allows you to specify which networks can access the storage account. By selecting Selected networks, you can block all access from the public internet and only allow access from the specified networks. By adding VNet1, you can allow access from the virtual network that contains VM1. You do not need to add the on-premises IP address range or enable the service endpoint option, as these are not required for uploading the disk files to the storage account. You do not need to allow trusted Microsoft services, as this is not relevant for the scenario.
Then, Reference: [Configure Azure Storage firewalls and virtual networks] [Upload a generalized VHD to Azure]
You have an Azure subscription that contains the resources shown in the following table.
You need to perform the tasks shown in the following table.
Which tasks can you perform by using Azure Storage Explorer?
- A . Task1 and Task3 only
- B . Task1, Task2, and Task3 only
- C . Task1, Task3, and Task4 only
- D . Task2, Task3, and Task4 only
- E . Task1, Task2, Task3, and Task4
HOTSPOT
You need to configure a new Azure App Service app named WebApp1.
The solution must meet the following requirements:
• WebApp1 must be able to verify a custom domain name of app.contoso.com.
• WebApp1 must be able to automatically scale up to eight instances.
• Costs and administrative effort must be minimized.
Which pricing plan should you choose, and which type of record should you use to verify the domain? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
