Practice Free AZ-104 Exam Online Questions
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
You plan to use an Azure key vault to provide a secret to appl.
What should you create for app1 to access the key vault, and from which key vault can the secret be used? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription linked to a hybrid Microsoft Entra tenant.
The tenant contains the users shown in the following table.
You create the Azure Files shares shown in the following table.
You configure identity-based access for contoso2024 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azur« subscription that contains a virtual machine named VM1 and an Azure key vault named KV1.
You need to configure encryption for VM1.
The solution must meet the following requirements:
• Store and use the encryption key in KV1.
• Maintain encryption if VM1 is downloaded from Azure.
• Encrypt both the operating system disk and the data disks.
Which encryption method should you use?
- A . encryption at host
- B . customer-managed keys
- C . Azure Disk Encryption
- D . Confidential disk encryption
C
Explanation:
Azure Disk Encryption is a service that helps you encrypt your Windows and Linux IaaS virtual machine disks1. It uses BitLocker for Windows and DM-Crypt for Linux to provide volume encryption for the OS and data disks2. Azure Disk Encryption requires that you use a key encryption key in Azure Key Vault to encrypt the volume encryption key, which is then stored on the disk. You can use either a service-managed key or a customer-managed key in Azure Key Vault3. Azure Disk Encryption also supports encrypting virtual machine disks that are downloaded from Azure4.
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe.
Box 2: Analytics1, Analytics2, Analytics3
https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault https://docs.microsoft.com/de-de/azure/backup/configure-reports
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
The tenant contains the groups shown in the following table.
Self-service password reset (SSPR) needs to be configured for the tenant.
Which users can configure SSPR, and for which group can SSPR be enabled? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Users: Admin1 and Admin2 only
Group: Group1, Group2, or Group3
HOTSPOT
You have an Azure subscription that contains a storage account named storage1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named contoso.com that syncs to an on-premises Active Directory domain.
The domain contains the security principals shown in the following table.
In Azure AD, you create a user named User2.
The storage1 account contains a file share named share1 and has the following configurations.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal
You have a Standard Azure App Service plan named Plan1.
You need to ensure that Plan1 will scale automatically when the CPU usage of the web app exceeds 80 percent What should you select for Plan1?
- A . Automatic in the Scale out method settings
- B . Rules Based m the Scale out method settings
- C . Premium P1 in the Scale up (App Service plan) settings
- D . Standard S1 in the Scale up (App Service plan) settings
- E . Manual in the Scale out method settings
HOTSPOT
You have the Azure resources shown on the following exhibit.
You plan to track resource usage and prevent the deletion of resources.
To which resources can you apply locks and tags? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Sub1, RG1, and VM1 only
You can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
Box 2: Sub1, RG1, and VM1 only
You apply tags to your Azure resources, resource groups, and subscriptions.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json
HOTSPOT
You have two Azure subscriptions named Sub1 and Sub2. Sub1 is in a management group named MG1. Sub2 is in a management group named MG2.
You have the resource groups shown in the following table.
You have the virtual machines shown in the following table.
You assign roles to users as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
User 1 can sign in to VMI. = YES
User 1 has the Virtual Machine User Login role assigned at the scope of RG1. This role allows the user to sign in to virtual machines in the resource group using Azure AD credentials. VMI is a virtual machine in RG1, so User 1 can sign in to it.
User 2 can manage disks and disk snapshots of VMI. = NO
User 2 has the Disk Snapshot Contributor role assigned at the scope of MG2. This role allows the user to manage disk snapshots in the management group. However, VMI is not in MG2, but in RG1, which is in MG1. Therefore, User 2 does not have the permission to manage disks and disk snapshots of VMI.
User 2 can manage disks and disk snapshots of VM3. = YES
User 2 has the Disk Snapshot Contributor role assigned at the scope of MG2. This role allows the user to manage disk snapshots in the management group. VM3 is a virtual machine in RG3, which is in Sub2, which is in MG2. Therefore, User 2 has the permission to manage disks and disk snapshots of VM3.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage account named storage1.
You need to enable a user named User1 to list and regenerate storage account keys for storage 1.
Solution: You assign the Reader and Data Access role to User1.
Does this meet the goal?
- A . Yes
- B . No