AZ-104 Practice test Questions with complete
Solutions
Your company's Azure environment consists of two virtual networks (VNets) with the
following topology:
• prod-vnet: 9 virtual machines (VMS)
• dev-vnet: 9 virtual machines (VMS)
The VMS in the prod-vnet should run continuously. The VMS in dev-vnet are used
only between 7:00 A.M. and 7:00 P.M. local time.
You need to automate the shutdown and startup of the dev-vnet VMS to reduce
the organization's monthly Azure costs. Which Azure feature should you use?
A-Azure Auto-shutdown
B-Azure Change Tracking
C-Azure Automation Desired State Configuration (DSC) D-
Azure Automation runbook - ANSWER ANSWER: D
Explanation:
You should create an Azure Automation runbook. Azure Automation is a management
solution that allows to publish PowerShell or Python scripts in Azure and optionally
schedule Azure to run them automatically. In this case, the best practice is to write a
PowerShell workflow script that automates VM startup and shutdown, and then bind
the script to two Azure Automation schedules: one to describe shutdown time, and the
other to describe startup time.
You should not use Azure Automation Desired State Configuration (DSC). DSC is a
PowerShell feature that prevents configuration drift on your Azure and/or on-premises
servers. For example, you could deploy a DSC configuration that prevents server
services from stopping.
You should not use Azure Auto-Shutdown_ This feature, part of Azure DevTest Labs,
allows to schedule Azure VMS to shut down at the same time every day or night.
However, this feature does not provide for automated VM startup.
You should not use Azure change tracking. Change tracking is an IT service
management (ITSM) feature that is part of the Azure Automation service and records
all configuration changes to your Azure VM resources.
You want to install SQL Server 2019 on an Azure Windows virtual machine (VM).
You need to ensure that the VM has a Service Level Agreement (SLA) of percent. Your
solution must minimize costs.
,Which value should you choose for each configuration option? To ANSWER, drag
the
appropriate value to each configuration property. A value may be used once, more than
once or not at all.
Configuration:
Size - (1)
OS disk Type - (2)
Data storage type - (3)
Choose the correct options:
(1) A-Standard D4_v2, B-Standard DS4_v2, C-Standard A4_v2, D-Standard A8_v2
(2) A-Premium SSD, B-Standard SSD, C-Standard HDD
(3) A-Premium SSD, B-Standard SSD, C-Standard HDD - ANSWER ANSWER: (1) B-
Standard DS4_v2 (2) A-Premium SSD (3) A-Premium SSD Explanation:
You should set the size to Standard_DS4 v2. For an Azure single instance VM, an
SLA of 99.9 percent connectivity will only be guaranteed if all disks are premium SSD
or Ultra Disk. Not all Azure VM sizes support premium storage. The Standard_DS4 v2
VM size supports premium storage.
Q Your company has an Azure subscription. You create a Recovery Services vault
named RSV1. You have a virtual machine (VM) named VM1 that is deployed in the
East US region. You create a backup policy for backing up VM1 to RSV1 on a
recurring schedule. You are preparing to run your first backup and find the Backup
Pre-Check status displays a status of Warning. You need to determine the possible
cause of this status.
Which condition would result in a Warning status?
A-The most recent VM agent is not installed on VM1.
B-VM1 has a non-premium storage account.
C-VM1 cannot communicate with the Azure Backup service.
D-VM1 is an unmanaged Azure VM encrypted with BitLocker encryption keys (BEKs).
-
ANSWER ANSWER: A
Explanation:
One possible reason for a Warning status during the Backup Pre-check is that the
most recent VM agent is not installed on VM1. A Warning status indicates that the
backup process might fail. The report status provides recommended steps to ensure
successful backups.
A status of Critical would be reported if VM1 cannot communicate with the Azure
Backup service. A Critical status indicates that the current VM configuration will result
in a backup failure.
,A situation where VM1 has a non-premium storage account will not report a Warning
status. This is a supported configuration.
Having VM1 as an unmanaged Azure VM encrypted with BEK will not result in a
warning status. Backups of managed and unmanaged VMS encrypted with BEK are
supported by Azure Backup.
You are preparing a private deployment template that will be saved to an Azure
Storage account. You need to make sure that access to the template is protected by a
shared access signature (SAS) token. How should you complete the command? To
ANSWER, select the appropriate parts from the drop-down menus.
$templateuri = (1) `
-Container private `
-Blob SAS.json `
-Permission r `
-ExpiryTime (Get-Date).AddHours(2.0) `
New-AzResourceGroup -Name RGI -Location "West US"
New-AzResourceGroupDeployment -ResourceGroupName RG1 (2) templateuri
Choose the correct options:
(1) A-New-AzStorageBlobSASToken, B-New-AzStorageShareSASToken, C-New-
AzSTorageContainerStoredAccessPolicy
(2) A-TemplateUri, B-TemplateParameterFile, C-TemplateFile - ANSWER
ANSWER: (1) A- New-AzStorageBlobSASToken (2) A-TemplateUri Explanation:
You should use the New-AzStorageglobSASToken cmdlet to generate the SAS token
for the storage account. The SAS token is valid for a specified time interval. You can
also specify permission level. Typically, this would be the read permission.
You should not use the New-AzStorageShareSASToken cmdlet. It is used to generate
a SAS token for Azure Share.
You should not use the New-AzStorageContainerStoredAccessPolicy cmdlet. It is
used to create a stored access policy for an Azure storage container.
You should use the TemplateUri parameter in the New-AzResourceGroupDeployment
cmdlet because the template is stored in an external resource.
You should not use the TemplateFile parameter because the template is stored in an
external resource. You would use the TemplateFile parameter if you attached the
template file from a local computer.
You should not use the TemplateParameterFile parameter because the template is
stored in an external resource. You would use the TemplateParameterFile parameter
to specify values for the template parameters.
Your company's Azure environment consists of the following resources:
• 4 virtual networks (VNets)
, • 48 Windows Server and Linux virtual machines (VMS)
• 6 general-purpose storage accounts
You need to design a universal monitoring solution that enables you to query across
all diagnostic and telemetry data emitted by resources. What should you do first?
A-Install the Microsoft Monitoring Agent. B-
Create a Log Analytics workspace.
C-Activate resource diagnostic settings. D-
Enable Network Watcher. - ANSWER
ANSWER: B Explanation:
You should create a Log Analytics workspace. Azure Log Analytics is the central
resource monitoring platform in Azure. The Log Analytics workspace is the data
warehouse to which associated resources send their telemetry data. Azure Log
Analytics has its own query language with which you can generate reports that stretch
across all your Azure deployments and management solutions.
You should not install the Microsoft Monitoring Agent (MMA). This agent is indeed
required to associate Windows physical and virtual servers (on-premises and in
Azure). However, Log Analytics automatically deploys the MMA to Azure virtual
machines when you onboard them to your Log Analytics workspace.
You should not enable Network Watcher. Network Watcher is a virtual network
diagnostics platform. While can link Network Watcher to Azure Log Analytics, you still
need to create the Log Analytics workspace first.
You should not activate resource diagnostic settings. Before Microsoft developed Log
Analytics, administrators were required to configure diagnostic settings on a per-
resource level. This is no longer necessary because Microsoft Monitoring Agent
configures nodes to send their diagnostics logs to a Log Analytics workspace.
You are asked to configure Azure DNS records for the root domain company1.com
and add two records to that zone for independently hosted websites on different
servers but using the same alias of "www". These servers will round-robin the DNS
requests for high availability of the service. The time to live for the records must also
be set to 1 hour. You need to configure Azure DNS to support the requirements. How
should you complete the Azure PowerShell script? To ANSWER, select the
appropriate options from the drop-down menus.
(1) -Name "@" -RecordType A -ZoneName "company1.com" `
-ResourceGroupName "MyResourceGroup" -Ttl (2) -DnsRecords `
( (3) -IPv4Address "1.2.3.4")
$aRecords @()
$aRecords += (4) -IPv4Address "2.3.4.5"
$aRecords += (5) -IPv4Address "3.4.5.6"
(6) -Name "www" -ZoneName "company1.com" `
Solutions
Your company's Azure environment consists of two virtual networks (VNets) with the
following topology:
• prod-vnet: 9 virtual machines (VMS)
• dev-vnet: 9 virtual machines (VMS)
The VMS in the prod-vnet should run continuously. The VMS in dev-vnet are used
only between 7:00 A.M. and 7:00 P.M. local time.
You need to automate the shutdown and startup of the dev-vnet VMS to reduce
the organization's monthly Azure costs. Which Azure feature should you use?
A-Azure Auto-shutdown
B-Azure Change Tracking
C-Azure Automation Desired State Configuration (DSC) D-
Azure Automation runbook - ANSWER ANSWER: D
Explanation:
You should create an Azure Automation runbook. Azure Automation is a management
solution that allows to publish PowerShell or Python scripts in Azure and optionally
schedule Azure to run them automatically. In this case, the best practice is to write a
PowerShell workflow script that automates VM startup and shutdown, and then bind
the script to two Azure Automation schedules: one to describe shutdown time, and the
other to describe startup time.
You should not use Azure Automation Desired State Configuration (DSC). DSC is a
PowerShell feature that prevents configuration drift on your Azure and/or on-premises
servers. For example, you could deploy a DSC configuration that prevents server
services from stopping.
You should not use Azure Auto-Shutdown_ This feature, part of Azure DevTest Labs,
allows to schedule Azure VMS to shut down at the same time every day or night.
However, this feature does not provide for automated VM startup.
You should not use Azure change tracking. Change tracking is an IT service
management (ITSM) feature that is part of the Azure Automation service and records
all configuration changes to your Azure VM resources.
You want to install SQL Server 2019 on an Azure Windows virtual machine (VM).
You need to ensure that the VM has a Service Level Agreement (SLA) of percent. Your
solution must minimize costs.
,Which value should you choose for each configuration option? To ANSWER, drag
the
appropriate value to each configuration property. A value may be used once, more than
once or not at all.
Configuration:
Size - (1)
OS disk Type - (2)
Data storage type - (3)
Choose the correct options:
(1) A-Standard D4_v2, B-Standard DS4_v2, C-Standard A4_v2, D-Standard A8_v2
(2) A-Premium SSD, B-Standard SSD, C-Standard HDD
(3) A-Premium SSD, B-Standard SSD, C-Standard HDD - ANSWER ANSWER: (1) B-
Standard DS4_v2 (2) A-Premium SSD (3) A-Premium SSD Explanation:
You should set the size to Standard_DS4 v2. For an Azure single instance VM, an
SLA of 99.9 percent connectivity will only be guaranteed if all disks are premium SSD
or Ultra Disk. Not all Azure VM sizes support premium storage. The Standard_DS4 v2
VM size supports premium storage.
Q Your company has an Azure subscription. You create a Recovery Services vault
named RSV1. You have a virtual machine (VM) named VM1 that is deployed in the
East US region. You create a backup policy for backing up VM1 to RSV1 on a
recurring schedule. You are preparing to run your first backup and find the Backup
Pre-Check status displays a status of Warning. You need to determine the possible
cause of this status.
Which condition would result in a Warning status?
A-The most recent VM agent is not installed on VM1.
B-VM1 has a non-premium storage account.
C-VM1 cannot communicate with the Azure Backup service.
D-VM1 is an unmanaged Azure VM encrypted with BitLocker encryption keys (BEKs).
-
ANSWER ANSWER: A
Explanation:
One possible reason for a Warning status during the Backup Pre-check is that the
most recent VM agent is not installed on VM1. A Warning status indicates that the
backup process might fail. The report status provides recommended steps to ensure
successful backups.
A status of Critical would be reported if VM1 cannot communicate with the Azure
Backup service. A Critical status indicates that the current VM configuration will result
in a backup failure.
,A situation where VM1 has a non-premium storage account will not report a Warning
status. This is a supported configuration.
Having VM1 as an unmanaged Azure VM encrypted with BEK will not result in a
warning status. Backups of managed and unmanaged VMS encrypted with BEK are
supported by Azure Backup.
You are preparing a private deployment template that will be saved to an Azure
Storage account. You need to make sure that access to the template is protected by a
shared access signature (SAS) token. How should you complete the command? To
ANSWER, select the appropriate parts from the drop-down menus.
$templateuri = (1) `
-Container private `
-Blob SAS.json `
-Permission r `
-ExpiryTime (Get-Date).AddHours(2.0) `
New-AzResourceGroup -Name RGI -Location "West US"
New-AzResourceGroupDeployment -ResourceGroupName RG1 (2) templateuri
Choose the correct options:
(1) A-New-AzStorageBlobSASToken, B-New-AzStorageShareSASToken, C-New-
AzSTorageContainerStoredAccessPolicy
(2) A-TemplateUri, B-TemplateParameterFile, C-TemplateFile - ANSWER
ANSWER: (1) A- New-AzStorageBlobSASToken (2) A-TemplateUri Explanation:
You should use the New-AzStorageglobSASToken cmdlet to generate the SAS token
for the storage account. The SAS token is valid for a specified time interval. You can
also specify permission level. Typically, this would be the read permission.
You should not use the New-AzStorageShareSASToken cmdlet. It is used to generate
a SAS token for Azure Share.
You should not use the New-AzStorageContainerStoredAccessPolicy cmdlet. It is
used to create a stored access policy for an Azure storage container.
You should use the TemplateUri parameter in the New-AzResourceGroupDeployment
cmdlet because the template is stored in an external resource.
You should not use the TemplateFile parameter because the template is stored in an
external resource. You would use the TemplateFile parameter if you attached the
template file from a local computer.
You should not use the TemplateParameterFile parameter because the template is
stored in an external resource. You would use the TemplateParameterFile parameter
to specify values for the template parameters.
Your company's Azure environment consists of the following resources:
• 4 virtual networks (VNets)
, • 48 Windows Server and Linux virtual machines (VMS)
• 6 general-purpose storage accounts
You need to design a universal monitoring solution that enables you to query across
all diagnostic and telemetry data emitted by resources. What should you do first?
A-Install the Microsoft Monitoring Agent. B-
Create a Log Analytics workspace.
C-Activate resource diagnostic settings. D-
Enable Network Watcher. - ANSWER
ANSWER: B Explanation:
You should create a Log Analytics workspace. Azure Log Analytics is the central
resource monitoring platform in Azure. The Log Analytics workspace is the data
warehouse to which associated resources send their telemetry data. Azure Log
Analytics has its own query language with which you can generate reports that stretch
across all your Azure deployments and management solutions.
You should not install the Microsoft Monitoring Agent (MMA). This agent is indeed
required to associate Windows physical and virtual servers (on-premises and in
Azure). However, Log Analytics automatically deploys the MMA to Azure virtual
machines when you onboard them to your Log Analytics workspace.
You should not enable Network Watcher. Network Watcher is a virtual network
diagnostics platform. While can link Network Watcher to Azure Log Analytics, you still
need to create the Log Analytics workspace first.
You should not activate resource diagnostic settings. Before Microsoft developed Log
Analytics, administrators were required to configure diagnostic settings on a per-
resource level. This is no longer necessary because Microsoft Monitoring Agent
configures nodes to send their diagnostics logs to a Log Analytics workspace.
You are asked to configure Azure DNS records for the root domain company1.com
and add two records to that zone for independently hosted websites on different
servers but using the same alias of "www". These servers will round-robin the DNS
requests for high availability of the service. The time to live for the records must also
be set to 1 hour. You need to configure Azure DNS to support the requirements. How
should you complete the Azure PowerShell script? To ANSWER, select the
appropriate options from the drop-down menus.
(1) -Name "@" -RecordType A -ZoneName "company1.com" `
-ResourceGroupName "MyResourceGroup" -Ttl (2) -DnsRecords `
( (3) -IPv4Address "1.2.3.4")
$aRecords @()
$aRecords += (4) -IPv4Address "2.3.4.5"
$aRecords += (5) -IPv4Address "3.4.5.6"
(6) -Name "www" -ZoneName "company1.com" `
