Microsoft Certified Azure Administrator AZ-104 Free Exam Practice Questions

If you are preparing for the Microsoft AZ-104 Azure Administrator Associate exam and want to practice for the exam questions for better preparation. Welcome! you are in right place AZ-104 Free Exam Practice Questions. My name is Amandeep Singh and I have completed my Azure Administrator certification recently. So today I will share some important azure 104 questions to practice if you are also preparing for the AZ-104 exam. Microsoft AZ-104 Azure Administrator Free Dumps are collected from the authenticated sources.

AZ-104
AZ-104

Azure Administrator Associate Practice Questions

1. Question

A company has an Azure virtual network nameddemo-network”. It has a subnet nameddefault”. It has a set of virtual machines that have public IP addresses. The virtual machines host applications that are accessible over port 443 over the Internet. There is also a site-to-site VPN connection between the network and an on-premise data center.

You’ve noticed that one can also connect via the Remote desktop protocol to the virtual machines from the Internet and the on-premise network.

You need to prevent RDP access from the Internet. It should only be possible to RDP into the virtual machines from the on-premise network.

Which of the following should you do to implement this?

  • A. Change the address space of the local network gateway
  • B. Remove the public IP address from the virtual machines
  • C. Change the address space of the subnet
  • D. Create a deny rule in the network security group linked to the subnet

Answer:

D. Create a deny rule in the network security group linked to the subnet

Explanation:

The easiest way is to create a Deny rule in the Network Security Group. Create a Deny rule for port 3389 and ensure the source is mentioned as the Internet.

2. Question

You have a load balancer that sits in front of 3 virtual machines. The load balancer listens on ports 80 and 443 and redirects the requests to the backend virtual machines.

You need to direct all remote desktop protocol traffic to one of the virtual machines only.

Which of the following would you configure for this requirement?

  • A. A load balancing rule
  • B. An IP Configuration change
  • C. Create a new backend pool
  • D. Add an inbound NAT rule

Answer:

D. Add an inbound NAT rule

Explanation

You can use the NAT rules to control the inbound traffic for RDP to a virtual machine.

3. Question

You have to create and configure an Azure load balancer. The Azure Load balancer would listen on port 443 and redirect traffic to a backend pool of virtual machines.

You have to ensure that users are serviced by the same virtual machine for the requests they make

Which of the following should you configure for this request?

  • A. A health probe
  • B. A Floating IP
  • C. Session Persistence to client IP
  • D. Session Persistence to none

Answer:

C. Session Persistence to client IP

Explanation:

You need to enable “Session Persistence to Client IP”. This will ensure the client requests are serviced by the same virtual machine.

4. Question:

azure virtual network
Demo Setup

You need to establish virtual network peering connections with demo-network1. With which of the following networks can you configure a virtual network peering connection with demo-network1?

  • A. demo-network2 only
  • B. demo-network3 only
  • C. demo-network4 only
  • D. demo-network2 and demo-network3 only
  • E. demo-network3 and demo-network4 only

Answer:

E. demo-network3 and demo-network4 only

Explanation:

You can’t peer with demo-network2 , because the IP address range would clash with demo-network1

5. Question:

azure virtual network
Demo Setup

In the same subscription, a load balancer has been created with the following configuration

a) Name – demoload
b) SKU – Basic
c) Type – Internal
d) Subnet – SubnetA
e) Virtual Network – demo-network1

[Scenario Question 1:]
Is it possible for the load balancer to load balance traffic between demovm1 and demovm2?

  • A. Yes
  • B. No

Answer:

A. Yes

Explanation:

Since they are part of the same network and part of an availability set, they can be placed in the backend pool of the virtual machine

6. Question:

[Scenario Question 2: ]
Is it possible for the load balancer to load balance traffic between demovm3 and demovm4?

  • A. Yes
  • B. No

Answer:

B. No

Explanation:

You can only load balance traffic with a “Basic” SKU load balancer with either a single virtual machine, a scale set or an availability set. Since the virtual machines are NOT part of availability set, you can load balance the traffic.

7. Question:

[Scenario Question: 3]
Is it possible for the load balancer to load balance traffic between demovm5 and demovm6?

  • A. Yes
  • B. No

Answer:

B. No

Explanation:

Since the virtual machines are part of another network, you can’t load balance the traffic to these virtual machines.

8. Question:

azure storage account

[Scenario Question 1:]
Which of the following would go into Area 1?

  • A. blob
  • B. blob.core.windows.net
  • C. demostore3040
  • D. date
  • E. file
  • F. file.core.windows.net

Answer:

C. demostore3040

Explanation:

The first part of the storage account is the name of the storage account.

9. Question:

[Scenario Question 2:]
Which of the following would go into Area 2?

  • A. blob
  • B. blob.core.windows.net
  • C. demostore3040
  • D. date
  • E. file
  • F. file.core.windows.net

Answer:

F. file.core.windows.net

Explanation:

Here since we want to access the file service, it needs to be “file.core.windows.net”

10. Question:

[Scenario Question 3:]
Which of the following would go into Area 3?

  • A. blob
  • B. blob.core.windows.net
  • C. demostore3040
  • D. date
  • E. file
  • F. file.core.windows.net

Answer:

D. date

11. Question:

You have to deploy an Azure Ubuntu machine to Azure. The virtual machine needs to have some custom software installed during the deployment of the virtual machine.

Which of the following would you create to implement the installation of the custom software during the deployment of the virtual machine?

  • A. An unattend.xml file
  • B. An answer.ini file
  • C. A cloud-init.txt file

Answer:

C. A cloud-init.txt file

Explanation:

You can use the cloud-init file to install software components on the Linux virtual machine during the deployment of the virtual machine.

12. Question:

You have to deploy an Azure Ubuntu machine to Azure. The virtual machine needs to have some custom software installed during the deployment of the virtual machine.

Which of the following tool would you use to deploy the virtual machine?

  • A. The az vm create command
  • B. The New-AzVm command
  • C. The Set-AzVm command

Answer:

A. The az vm create command

Explanation:

When using the Azure command-line interface command of “az vm create”, you can also specify the “cloud-init file” for deployment.

13. Question:

You have a virtual machine defined in Azure. The virtual machine has the following Network Security Groups attached to the network interface which is attached to the virtual machine. There are no Network Security groups attached to the subnet which hosts the virtual machine

az 104 network security group
Demo Setup

From a local workstation, you are not able to connect to the Virtual machine via Remote Desktop. Which of the following must you do to establish a remote desktop connection to the virtual machine?

  • A. Attach a new network interface to the virtual machine
  • B. Delete the “DenyAllOutBound” outbound rule
  • C. Delete the “DenyAllInBound” inbound rule
  • D. Start the virtual machine

Answer:

D. Start the virtual machine

Explanation:

The machine is in the stopped status. This is the case because the public IP address is not assigned to the virtual machine. That is why you can’t connect to the virtual machine

14. Question:

You have to configure the backup of existing virtual machines defined in an Azure subscription. You have to ensure that the backups are created at 02:00 and stored for 30 days.

Which of the following is the location where the backups need to be stored?

  • A. A Blob container
  • B. A file share
  • C. A recovery services vault
  • D. A storage account

Answer:

C. A recovery services vault

Explanation:

All backups are stored in the recovery services vault

15. Question:

You have to configure the backup of existing virtual machines defined in an Azure subscription. You have to ensure that the backups are created at 02:00 and stored for 30 days.

Which of the following is used to configure the protection of the virtual machine?

  • A. A backup policy
  • B. A batch job
  • C. A batch schedule
  • D. A recovery plan

Answer:

A. A backup policy

Explanation:

The policy is used to define the time of the backup and the retention period of the other backups.

16. Question:

You have to deploy 5 virtual machines to Azure. These virtual machines will be part of a virtual network. Each virtual machine will need to have a public and a private IP address. Each virtual machine needs the same set of Inbound and Outbound Network Security Groups.

What is the minimum number of network interfaces required for this implementation?

  • A. 5
  • B. 10
  • C. 15
  • D. 20

Answer:

A. 5

Explanation:

Each network interface is assigned a private and public IP address. And since we have 5 virtual machines, we need to have 5 network interface cards.

17. Question:

You have to deploy 5 virtual machines to Azure. These virtual machines will be part of a virtual network. Each virtual machine will need to have a public and a private IP address. Each virtual machine needs the same set of Inbound and Outbound Network Security Groups.

What is the minimum number of network security groups required for this implementation?

  • A. 1
  • B. 2
  • C. 5
  • D. 10

Answer:

A. 1

Explanation:

Since the virtual machines all require the same set of Inbound and Outbound network security rules, we just need to have one network security group. The same group can be assigned to all of the virtual machines.

18. Question:

You have a virtual machine defined in Azure. This virtual machine is hosting a web server and a DNS server.

The network security group rules assigned to the virtual machine are shown below

azure admin exam questions
Demo Setup

Would it be possible for Internet based users to

  • A. Connect to only the DNS server hosted on the virtual machine
  • B. Connect to only the webserver hosted on the virtual machine
  • C. Connect to both the DNS server and web server hosted on the virtual machine
  • D. Not able to connect to either service

Answer:

B. Connect to only the webserver hosted on the virtual machine

Explanation:

The DNS server normally listens on port 53. Since there is a DENY Inbound rule (Name – Deny_50_60) and this is higher in priority to the rule (Name-Allow_50_500) , all requests to the DNS server will be denied. Since there is a rule to allow traffic on port 80 via the rule (Name-Allow_50_500) , that means it is possible to connect on port 80.

19. Question:

What happens if the rule (Name- Deny_50_60) is deleted?

  • A. Internet users would be able to connect to only the DNS server hosted in the virtual machine
  • B. Internet users would be able to connect to only the webserver hosted in the virtual machine
  • C. Internet users would be able to connect to both the DNS server and web server hosted in the virtual machine
  • D. Internet users would not be able to connect to either the DNS server and web server hosted in the virtual machine

Answer:

C. Internet users would be able to connect to both the DNS server and web server hosted in the virtual machine

Explanation:

With port 53 open by deleting this rule, this would allow users to connect to the DNS server.

20. Question:

You create an Azure storage account. You then create a file share in the storage account. You have to map a drive to the file share from your machine. Which of the following port number would you have to open in your firewall to access the file share?

  • A. 80
  • B. 443
  • C. 445
  • D. 3389

Answer:

C. 445

Explanation:

You need to open port 445 on your local machine to access the file share.

21. Question:

You have to deploy 10 Azure virtual machines by using Azure Resource Manager templates. The virtual machines have to use the latest version of Windows Server 2016 DataCenter as the underlying operating system.

You have to complete the below section for the resource manager template to fulfill this requirement

azure resource template
demo setup

Which of the following would go into Area 1?

  • A. “2016-Datacenter”
  • B. “WindowsClient”
  • C. “Windows-Hub”
  • D. “WindowsServer”

Answer:

D. “WindowsServer”

Explanation:

If you have an existing Azure windows virtual machine, you can just go to “Export template” and see the settings.

22. Question:

Which of the following would go into Area 2?

  • A. “2016-Datacenter”
  • B. “WindowsClient”
  • C. “Windows-Hub”
  • D. “WindowsServer”

Answer:

A. “2016-Datacenter”

Explanation:

If you have an existing Azure windows virtual machine, you can just go to “Export template” and see the settings.

23. Question:

You have an Azure Active Directory (Azure AD) tenant named cloudportalhub.onmicrosoft.com. You have a custom public domain name of cloudportalhub.com. You add the custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?   

  • A. RRSIG
  • B. PTR
  • C. DNSKEY
  • D. TXT

Answer:

D. TXT

Explanation:

You need to use the TXT record to verify a custom domain name.

24. Question:

You have an Azure Active Directory (Azure AD) tenant that has the cloudportalhub.onmicrosoft.com domain name. You have a domain name of cloudportalhub.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @techyguy.in. Which of the following steps would you carry out to fulfill this requirement? Choose 3 answers from the options given below  

  • A. Configure Company Branding
  • B. Add an Azure AD Tenant
  • C. Verify the domain
  • D. Create an Azure DNS Zone
  • E. Add a custom domain name
  • F. Add a record to the public techyguy.in DNS zone

Answer:

C. Verify the domain
E. Add a custom domain name
F. Add a record to the public techyguy.in DNS zone

Explanation:

Ensure to first add the custom domain to Azure AD. Then add a TXT record to the domain registrar and then verify the domain name from Azure.

25. Question:

You have two Azure Active Directory (Azure AD) tenants named cloudportalhub.com and commitmenthub.com. You have a Microsoft account that you use to sign in to both tenants. You need to configure the default sign-in tenant for the Azure portal. What should you do?

  • A. Configure the portal settings
  • B. Switch the directory
  • C. run Set-AzureRmContext
  • D. run Set-AzureRmSubscription

Answer:

B. Switch the directory

Explanation:

If you have multiple directories, you can switch directories and then choose your favorite directory. After you click on Switch directory, you can then set your default directory

26. Question:

A team currently has a storage account defined in Azure. For the storage account, they have created a shared access signature with the following details

azure storage account questions
demo setup

If one tries to access the storage account on 10th of June 2019 using Azure Storage Explorer from a computer with an IP address of 95.98.35.100, what would be the end result?

  • A. You will not be granted access
  • B. You will be prompted for credentials
  • C. You will have only read access to file shares
  • D. You will have read, write and list access for the file shares

Answer:

A. You will not be granted access

Explanation:

Since the IP address is not in the allowed range, you will get an authorization error.

27. Question:

If one tries to access the storage account on 10th of June 2019 using Azure Storage Explorer from a computer with an IP address of 92.98.35.232, what would be the end result

  • A. You will not be granted access
  • B. You will be prompted for credentials
  • C. You will have only read access to file shares
  • D. You will have read, write and list access for the file shares

Answer:

D. You will have read, write and list access for the file shares

Explanation:

Since the IP address is in the valid range, you will be able to access the storage account. And since the allowed permissions are Read, Write and List, this will be allowed via the SAS URI

28. Question:

Your company has an Azure subscription and an Azure AD tenant. They have a virtual network named “demo-network”. The following users have been defined in Azure AD

network security groups azure
Demo Setup

Which of the following user/users would be able to add a subnet to the virtual network?

  • A. demouser1 only
  • B. demouser2 only
  • C. demouser3 only
  • D. demouser1 and demouser2 only
  • E. demouser2 and demouser3 only
  • F. demouser1 and demouser3 only

Answer:

F. demouser1 and demouser3 only

Explanation:

Here both the Owner role and the Network Contributor role have the required privileges to add the subnet to the Virtual Network

29. Question:

Which of the following user/users would be able to add the Reader role to the virtual network?

  • A. demouser1 only
  • B. demouser2 only
  • C. demouser3 only
  • D. demouser1 and demouser2 only
  • E. demouser2 and demouser3 only
  • F. demouser1 and demouser3 only

Answer:

A. demouser1 only

Explanation:

Here only the owner would have the required privilege to add the Reader role. The Security Admin in-built role is used for the Azure Security Center resource and not for adding access to resources

30. Question:

Your company has a series of virtual machines created as part of their Azure subscription. They want to ensure the IT administrative team is notified if any of the virtual machines go into the “deallocated” state. Which of the following could you perform to fulfill this requirement?

  • A. Create an Azure policy using an in-built definition from the compute category
  • B. Assign a resource tag for the virtual machine and then create an alert based on that resource tag
  • C. Enable Diagnostics logs for the virtual machine
  • D. Create an alert based on the Activity log for the virtual machine

Answer:

D. Create an alert based on the Activity log for the virtual machine

Explanation:

The Activity Log records all the control place activities. This includes recording the event when the virtual machine goes into the deallocated state. You can then create an alert based on the activity log

GET ALL THE QUESTIONS – CLICK HERE

Source : Microsoft Learn

Check Out Our Other Premium Articles:

  1. Microsoft Azure Fundamentals AZ-900 Exam Study Material
  2. Windows Command Line Utilities Every Professional Should Know
  3. Windows Server Administrator Scenario Based Interview Questions And Answers
  4. Azure VMware Solution
  5. Top VMware Scenario Based Interview Questions And Answers

Leave a Comment