You can translate the content of this page by selecting a language in the select box.

Microsoft Azure Administrator Certification Questions and Answers Dumps – AZ 104

AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence

Microsoft Azure Administrator AZ 104 is one of the most popular Microsoft Azure Administrator certification exams. To pass this exam, you need to have a good understanding of Microsoft Azure and its various components. The best way to prepare for this exam is to use this Microsoft AZ 104 dumps. These dumps will help you to understand the Microsoft Azure platform and its various features. In addition, you will also get an idea about the types of questions that are asked in this exam. With the help of these dumps, you can easily pass the Microsoft AZ 104 exam.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Microsoft Certified: Azure Administrator Associate Average Salary — $125,993

Microsoft Azure Administrator Certification Questions and Answers Dumps - AZ 104 — Microsoft Azure Administrator Certification Questions and Answers Dumps – AZ 104 – **2022-2023 Azure Administrator AZ104 Latest Practice Exam**

Candidates for the Azure Administrator Associate certification should have subject matter expertise implementing, managing, and monitoring an organization’s Microsoft Azure environment.

Responsibilities for this role include implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, when needed.

AZ-104 Microsoft Azure Administrator Exam Breakdown:

Manage Azure identities and governance (15-20%),
Manage Azure AD objects,
Manage role-based access control (RBAC),
Manage subscriptions and governance,
Implement and manage storage (10-15%),
Manage storage accounts,
Manage data in Azure Storage,
Configure Azure files and Azure blob storage,
Deploy and manage Azure compute resources (25-30%),
Configure VMs for high availability and scalability,
Automate deployment and configuration of VMs,
Create and configure VMs,
Create and configure containers,
Create and configure Web Apps,
Configure and manage virtual networking (30-35%),
Implement and manage virtual networking,
Configure name resolution,
Secure access to virtual networks,
Configure load balancing,
Monitor and troubleshoot virtual networking,
Integrate an on-premises network with an Azure virtual network,
Monitor and back up Azure resources (10-15%),
Monitor resources by using Azure Monitor,
Implement backup and recovery,

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Below are the top 50 Microsoft Azure Administrator Certification Questions and Answers Dumps.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Achieve AWS Solutions Architect Associate Certification with Confidence: Master SAA-C03 Exam with the Latest Practice Tests and Quizzes illustrated

Question 1: In our subscription, we have four different resource groups. They are RG1, RG2, RG3, RG4. RG2 has a Read-only lock at the resource group scope. RG3 has a Delete lock at the resource group scope. RG1 and RG4 do not have locks. We need to determine how we could move resources between resource groups during the lifecycle of these resources. Assuming all resources provisioned support moving between resource groups regardless of region. Which of the following statements are plausible?

A. We can move resources from RG1 to RG4.

"Become a Canada Expert: Ace the Citizenship Test and Impress Everyone with Your Knowledge of Canadian History, Geography, Government, Culture, People, Languages, Travel, Wildlife, Hockey, Tourism, Sceneries, Arts, and Data Visualization. Get the Top 1000 Canada Quiz Now!"

B. We can move resources between any of these resource groups.

C. We can move resources from RG2 to RG4.

D. We can move resources from RG4 to RG3.

E. We can move resources from RG2 to RG3.

ANSWER1:

Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!

Microsoft Azure AZ900 Certification and Training

Notes: We can effectively move resources from RG1 and RG4 because RG1 does not have a lock. We can move resources from RG4 and RG3 because RG4 does not have a lock. Also, while RG3 does have a Delete lock this does not stop resources from being moved into this resource group.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Azure Administrator Exam Prep App #Azure #AZ104 #AzureAdmnistrator #AzureDevOps #AzureAdmin #AzureTraining #AzureSysAdmin #AzureCloud #LearnAzure

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 2: Your company has recently added a few new users to your Azure Active Directory. You have already added them to an active directory group, and now you have asked them to add their devices to the domain. When they add their devices, you have to ensure they are prompted to use a mobile phone to verify their identity. How do you configure this?

A. Require multi-factor authentication to join devices

B. Configure a point-to-site VPN

C. Enable Conditional Access

D. You must sign up for Azure AD Premium

ANSWER2:

Notes: This setting in Azure Active directory will require multi-factor authentication for all devices under any conditions.

Question 3: Under your Azure Subscription, you are trying to identify VMs that are underutilized in order to shutdown all VMs with CPU utilization under 5%. Which blade should you use?

A. Customer Insights

B. Advisor recommendations

2023 Azure Fundamentals Exam Prep Book: Pass the AZ900 Cert

C. Monitor

D. Metrics

ANSWER3:

Notes: Advisor helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, high availability, and security of your Azure resources.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Unlock the Secrets of Africa: Master African History, Geography, Culture, People, Cuisine, Economics, Languages, Music, Wildlife, Football, Politics, Animals, Tourism, Science and Environment with the Top 1000 Africa Quiz and Trivia. Get Yours Now!

Question4: You have just purchased the domain name arseemagroup.com from a third party registrar. Using your Azure Active Directory domain, you’d like to create new users with the suffix @arseemagroup.com. Which three things must you do?

A. Access the custom domain names blade from Azure AD

B. Create a MX or TXT record from arseemagroup.com DNS

C. Verify that you own the domain name

D. Access the App registrations blade from Azure AD

ANSWER4:

A B and C

Notes: In order to add the domain “arseemagroup.com” to Azure AD, you must add the domain from the custom domain names blade.

When you add your custom domain to Azure AD, you must create an MX or TXT record with a destination address (provided) in order to verify that the domain does indeed belong to you.

When you add your custom domain to Azure AD, you must verify that this domain belongs to you by going through a verification process. Azure AD will provide the verification information.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Cloud Certification made simple. Ace your exams with Djamgatech.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 5: You have two subscriptions named Subscription1 and Subscription2. You are logged into Azure using Azure PowerShell from Computer1. How can you identify which subscription you are currently viewing and then switch from one subscription to the other for the current session at Computer1.

A. Set-AzContext -SubscriptionName

B. Get-AzContext

C. Select-AzContext

D. AzShow-Context

ANSWER5:

A and B

Notes: In Az PowerShell 3.7.0, Set-AzContext sets the tenant, subscription, and environment for cmdlets to use in the current session.

In Az PowerShell 3.7.0, ‘Get-AzContext’ gets the metadata used to authenticate Azure Resource Manager requests.

Reference: Azure Powershell CLI

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Question 6: You have two subscriptions named Subscription1 and Subscription2. You are currently managing resources in Subscription1 from Computer1 that has the Azure CLI installed. You need to switch to Subscription2. Which command should you run?

A. az set account –subscription “Subscription2”

B. az account set –subscription “Subscription2”

C. az subscription set “Subscription2”

D. Select-AzureSubscription -SubscriptionName “Subscription2”

ANSWER6:

Notes: You are accessing Azure from Computer1 with the Azure CLI installed; therefore, this command is the correct command.

Reference: Azure Powershell CLI

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Question 7: You work at the IT help desk for Consilium Corporation. You have been getting an influx of calls into the help desk about resetting users’ passwords. They keep reporting that they can’t seem to figure out how to reset their password in order to gain access to their Customer Relationship Management (CRM) software. What do you do?

A. Ensure that the users who are having problems are within the correct AD group

B. Make sure you have Azure Active Directory Free

C. Make sure they have their verification device (mobile app or access to email)

D. Verify that self-service password reset is enabled in Azure Active Directory

ANSWER7:

A C and D

Notes: Self-service password may not apply to those not in a specific Active Directory group. If the user is not in the group, they will not be able to reset their password.

In order to reset their password, the user will have to verify their identity using a mobile phone, mobile app, office phone or email.

Self-service password reset is an optional feature in Azure Active Directory, which may not apply to any and all users in the organization.

Reference: Self Service Password reset in Azure AD

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Question 8: In this scenario, we are working for Cloud Chase Support. We our the active administrator, and we have been tasked with determining how to ensure we do not incur costs in either our Prod-Subscription and our Dev-Subscription for virtual machine resources. We have a CloudChase management group where both subscription nested. We decide to use Azure Policy to enforce compliance on Virtual Machines. Our Policy definition states that virtual machines are not an allowed resource type at the scope of our CloudChase management group. There are some existing virtual machines in our Prod-Subscription at the time this policy is created. After the enforcement of our new policy which of the below statements is true?

A. We cannot create virtual machines in any subscription under the scope of our management group and our existing virtual machines will be deallocated.

B. Virtual machines can be created in our Prod-Subscription if they are compliant.

C. Virtual machines can be created in our Dev-Subscription.

D. We cannot create virtual machines in any subscription under the scope of our management group.

ANSWER8:

Notes: We created a policy that has a definition that defines that virtual machines are not a supported resource type at the scope of our management group. Any subscription under the scope of this management group will not support the provisioning of virtual machine resources.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Question 9: You recently signed up for Azure Active Directory Premium and need users to be able to reset their passwords if they are unable to login. What should you configure in Azure Active Directory?

A. Set “block sign-in” to off when creating the user

B. User password reset

C. User password change

D. Add user to sign-in group in Azure AD

ANSWER9:

Notes: With the password reset capability, the user will be able to click “forgot password” when trying to log in to the portal and reset their password on their own.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

Question 10: You have an Azure Pay-as-you-go Subscription named Subscription1. You have some concerns about cost for Subscription1, and you would like to spend less than $100.00 US per month on all resources in this subscription. If you spend more than $90.00 US, you would like to get an alert in the form of a text message. What should you do?

A. Shutdown VMs when you are not using them

B. Create an alert in Azure Monitor

C. Create a budget alert condition tied to an action group

D. Create a budget in the subscriptions blade

ANSWER10:

Notes: Creating an alert condition is available when setting your budget, it is not required that you create an action group, however in this case where we want to be notified via SMS (text message), it is required that we tie an action group to our budget alert.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 11: We want to be provide an Azure AD B2B guest user the ability to manage all resources inside of our DevRG resource group. We want to give them these abilities over managing all resources inside of this resource group and nothing more. What role would we assign to the user to accomplish this goal? Assume we are assigning the role to the DevRG scope.

A. User Access Administrator

B. Owner

C. Contributor

D. Global Admin

ANSWER11:

Notes: This role will allow us to give this guest user the ability to manage all resources inside of the DevRG resource group, and nothing more like manage role assignments. This is exactly what we need for our scenario. When assigning permissions we need to think the principle of least privilege.

Question 12: You have just created a General-purpose V2 storage account in Azure. From a VM located in your on-prem environment, you’ve logged into your Azure subscription using the Connect-AzConnect command from the PowerShell command line. Next, you need to retrieve the key, in order to access your storage account. Which PowerShell cmdlet will you use to retrieve the access key?

A. Get-AzStorageAccount

B. Get-AzStorageContainerKey

C. Get-AzStorageContainerStoredAccessPolicy

D. Get-AzStorageAccountKey

ANSWER12:

Notes: The Get-AzStorageAccountKey cmdlet gets the access keys for an Azure Storage account.

Question 13: You have been directed to copy all data from one storage account to another using the AzCopy tool. You need to report which storage services you can copy. Which of those services would it be?

A. Only Azure File Shares

B. Azure Queues and Blobs

C. Azure Blob and File Shares

D. Azure Table and File Shares

ANSWER13:

Notes: AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Question 14: You have a general purpose v1 storage account named consiliumstore that has a private container named container2. You need to allow read access to the data inside container2, but only within a 14 day window. How do you accomplish this using the Azure Portal?

A. Upgrade the storage account to general purpose v2

B. Create a shared access signatures

C. Create a service SAS

D. Create a stored access policy

ANSWER14:

B and D

Notes: A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access. A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).

Question 15: You have an existing Microsoft Enterprise Agreement (EA) Subscription. You need to ship 34TB of data from an on-premise Windows 2016 server to your Azure storage account. You need to ensure that the data transfer has zero impact on the network, preserves your existing drives and is the fastest and most secure method. What should be your first step to starting the import job?

A. Open a ticket with Microsoft Support

B. Order an Azure Databox via the Azure Portal

C. Start an Import Job via the Azure Portal

D. Prepare your hard drives using the WAImportExport tool

ANSWER15:

Notes: This option would be the best, as Azure Data box supports Windows 2016 servers, and is secure and reliable.

Question 16: You have data in an AWS S3 Bucket named myS3Bucket and you need to copy all of its contents to a container named container1 in an Azure storage account named companydata. Which command would be most efficient use of getting the data from the S3 bucket to the Azure storage container?

A. azcopy copy ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’ –recursive=true

B. aws s3 cp s3://mybucket/test.txt https://companydata.blob.core.windows.net/container1

C. azcopy blob copy ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’

D. azcopy copy sync ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’

ANSWER16:

Notes: The AzCopy tool can copy directly from an AWS S3 bucket to an Azure Storage Account. source

Question 17: You have the following Azure Storage Accounts in your Subscription: stor1 (BlockBlobStorage) stor2 (FileStorage) stor3 (StorageV2) Which of these storage accounts can be converted to Read-Access Geo-Redundant Storage (RA-GRS) based on their storage account kind? Please select the most appropriate answer.

A. stor1 and stor2

B. stor3

C. stor2

D. stor1, stor2, and stor3

ANSWER17:

Notes: StorageV2 does support read-access geo-redundant storage (RA-GRS) and is able to be converted.

Question 18: You create an Azure storage account named companystore with a publicly accessible container named container1. You upload a file to container1 named pic1.png. What will be the URL in order to access this blob?

A. https://companystore.blob.core.windows.net/container1/pic1.png

B. https://portal.azure.com/companystore.blob.core.windows.net/pic1.png

C. https://blob.core.windows.net/companystore/container1/pic.png

D. https://pic1.companystore.blob.core.windows.net

ANSWER18:

Notes: The URL of the blob, by default will be the storage account name, followed by blob.core.windows.net, the container name, then the name of the blob.

2022-2023 Azure Administrator AZ104 Latest Practice Exam

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 19: You have an Azure subscription named Subscription1. In Subscription1, you have an Azure virtual machine named VM1. Attached to VM1 are two network interface cards. You require a third network interface card with a network bandwidth above 1000 Mbps for your storage area network. What should you do?

A. Create an additional VM in the same subnet and connect to VM1 over the LAN

B. Create a new subnet with a sufficient number of available IP addresses

C. Create a new storage account to store data for VM1

D. Change the VM SKU to Standard_A4 or larger

ANSWER19:

Notes: The larger SKUs for Azure virtual machines allow for an increased number of NICs.

Question 20: You are trying to create a new Azure Kubernetes Service (AKS) cluster from your local workstation. The AKS cluster must contain three nodes and ensure access to the worker nodes in order to troubleshoot the kubelet. You have authenticated to Azure from your local workstation with the Azure CLI. What command will you use to create an AKS cluster named AKS1 with the necessary components inside of the resource group named RG1?

A. az aks create -g RG1 -n AKS1 –generate-ssh-keys –node-count 3

B. az kubernetes create –name AKS1 –group RG1 –nodes 3 –generate-keys

C. az aks create –name AKS1 –resource-group RG1 –nodes 3 –ssh-key-value ~/.ssh/id_rsa.pub

D. az kubernetes create –name AKS1 –resource-group RG1 –nodes 3 –generate-keys

ANSWER20:

Notes: The correct command to use for creating an AKS cluster is az aks create and the -g and -n values are abbreviated syntax for resource group and name respectively. The --generate-ssh-keys flag will create the SSH keys in order to access the worker nodes. The --node-count flag will ensure that there are three worker nodes in the cluster.

Question 21: VM1 is located in the West US region, and the OS disk is Premium SSD. The size of VM1 is currently Standard_D2s_v3, but you need to change the size to Standard_D2. You are able to select the size from the size blade, but you receive an error message. Why can’t you change the VM size?

A. You need to provide the username and password for the OS to upgrade

B. Standard_D2 does not support premium SSD disks

C. The size Standard_D2 is not available in the West US region

D. You did not shut down (deallocated) VM1 before you change the size

ANSWER21:

Notes: Standard_D2 does not support premium disks; therefore, you are unable to change VM1 to this size. A good way to remember which size is available is the s in the size, as the s indicates Premium SSD. See more here: dsv3-series

2022-2023 Azure Administrator AZ104 Latest Practice Exam

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 22: You have an Azure Kubernetes Service (AKS) cluster named AKS1 within the resource group named RG1. You are trying run the command kubectl get all from the Azure Cloud Shell (https://shell.azure.com) to view your cluster resources. You received the error Error from server (BadRequest): the server rejected our request for an unknown reason. You’ve verified that the resources exist and the command is correct. What do you need to do in order to view your cluster resources from the Azure Cloud Shell?

A. Retrieve the access credentials using the command az aks get-credentials --name AKS1 --resource-group RG1

B. Log into the cluster GUI from the Azure Portal

C. Install the kubectl tool

D. Access the Kubernetes Dashboard using the command az aks browse --name AKS1 --resource-group RG1

ANSWER22:

Notes: AKS does not have a cluster GUI that is accessible from the Azure Portal. You must use a machine with kubectl installed, or the Azure Cloud Shell.

The kubeconfig is required in order to access the Kubernetes API. You can retrieve the kubeconfig using the az aks get-credentials command.

Question 23: You have a subscription named Subscription1. You create a new Azure VM in your subscription named VM5 running Windows 2012 R2. You try to connect and login to VM5, but you get an error that says “We couldn’t connect to the remote PC. Make sure the PC is turned on and connected to the network, and that remote access is enabled.” You have verified that VM5 is running and has been assigned a public IP address. What change do you need to make in order to successfully connect and login to VM5?

A. Add a rule to the Network Security Group that will allow port 3389

B. Select Reset password from the VM blade

C. Use Network Watcher for detailed connection tracing

D. You need to access the VM from a computer that’s in the same subnet

ANSWER23:

Notes: A Network Security Group (NSG) is designed to filter traffic to and from Azure resources, including Azure VMs. Allowing port 3389 from your machine to the Azure VM will address the connection issue. You may reset the password, but being you received the error before attempting to enter your credentials says that it’s a connectivity problem, not a credentials problem.

Question 24: Subscription1 contains an Azure VM named VM1 with the following configuration:VM Size: Standard_D2s_v3

Public IP Address: 52.173.36.55

Resource Group: RG1

Availability Zone: None

Location: Japan East

Disk Type: Standard HDD

What are two things you can do to reduce data loss and achieve a 99.9% SLA?

A. Create a recovery services vault and enable replication for VM1

B. Move VM1 to a paired region

C. Place the VM in an availability zone

D. Change the disk type to Premium SSD

ANSWER24:

A and D

Notes: Creating a recovery services vault will allow you to back up the VM to a different region and location. You will enable replication to ensure that VM data and settings are continually replicated to the backup location for simple recovery.

Virtual machines with Premium SSD disks qualify for the 99.9% connectivity SLA.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 25: You have created an application that is to be run on Linux containers named ContainerApp1. You’ve created an Azure container instance with an FQDN, but you notice that when the container restarts, all application data is lost. What is the best solution to preserve the data associated with your application?

A. Create a public blob storage container and share the URI with the application

B. Create a storage account and share the SAS with the application

C. Mount an Azure file share as a volume in Azure Container Instances

D. Run the container on a VM, and use the managed disk attached to the VM

ANSWER25:

Notes: Azure Container Instances can mount an Azure file share created with Azure Files. Azure Files offers fully managed file shares hosted in Azure Storage that are accessible via Server Message Block (SMB) protocol. Using an Azure file share with Azure Container Instances provides file-sharing features similar to using an Azure file share with Azure virtual machines.

Question 26: You’ve created a Dockerfile that contains the necessary steps to build an image that you plan to use for your application running as a Web App in App Services named APP1. You have created an Azure Container Registry, which is where you plan to store your images to be used for APP1. What should your next step be?

A. Run the az acr build command

B. Create the App Service Plan

C. Run the docker push command

D. Run the docker login command

ANSWER26:

Notes: The az acr build command will build and push your image to an Azure Container Registry all in one command. You should use this if you don’t have docker installed, and/or if you don’t have the compute resources to build images on your local machine.

Question 27: You have an application that runs on instances in a Virtual Machine Scale Set. The number of instances in the VMSS is at three starting Monday. The minimum number of instances is one, and the maximum is 5 instances. There are two scaling rules for this VMSS:

Rule	Condition	Action
Rule1	CPU > 75%	+1 instance
Rule2	CPU < 25%	-1 instance

Based on the rules above and the chart below, on Wednesday how many instances will there be in our VMSS?

|CPU%|Time(UTC)|Day |:—|:—:|:—:|—:| |75|12:01|Tuesday| |20|13:36|Tuesday| |85|12:10|Wednesday| |20|19:07|Thursday|

A. 2 instances

B. 3 instances

C. 4 instances

D. 5 instances

ANSWER27:

Notes: We start with 3 instances on Monday. Based on the chart we will still be at 3 instances on Tuesday at 12:01 because we have not met a condition for any scaling actions to take place, but then at 13:36 on Tuesday we will scale down an instance due to the CPU% being below 25%. Now we have 2 instances. Then on Wednesday at 12:10 we will be scale-out by one instance because our CPU% has gone above 75%. This gives us three instances on Wednesday.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 28: Subscription1 contains an Azure VM named VM1. You have added a data disk to VM1, as well as a new network interface card. You need to create two more Azure VMs just like this one named VM2 and VM3. What is the most efficient way to create VM2 and VM3 that will minimize cost?

A. Backup the VM and recover to a different region

B. Redeploy VM1 with the new disk and NIC and deploy the template to VM2 and VM3

C. Select Export template from VM1 blade, then deploy VM2 and VM3 with that template

D. Create an image from VM1 and use the image to deploy VM2 and VM3

ANSWER28:

Notes: Exporting the template from a VM is a quick and easy way to take the existing VM settings and automate future deployments.

Question 29: You have an Azure subscription named Subscription1. You have created a web app named App1 in Subscription1 that is sourced from a git repository named Git1. You need to ensure that every commit to the master branch in Git1 triggers a deployment to a test version of the application before releasing it to production. What are two changes that you must make to App1 to fulfill this requirement?

A. Create a build server with the master branch of Git1 as the trigger

B. Configure custom domains for test and production versions of App1

C. Add a new deployment slot to App1 to release the test version of App1

D. Create a new web app and configure failover settings from test to production

ANSWER29:

A and C

Notes: You have the option of creating a build server natively in App Services by selecting Deployment Center in the App1 blade. This will trigger a build every time a commit is made to the master branch of Git1.

Deployment Slots allow greater flexibility within app services, providing a built-in staging environment for your app, allowing you access to your application without deploying it to production.

Question 30: You plan to create an Azure Web App in the East US region. You need to ensure that this web app scales out with demand, to prevent downtime. You also need to ensure that the data that resides inside of the application will remain secure and never become exposed to anyone outside of the organization. Which App Service plan SKU will you chose that will meet these requirements and also save on cost?

A. FREE

B. B1

C. SHARED

D. I1

ANSWER30:

Notes: The I1 SKU allows your app to run on dedicated hardware, and also provides network isolation on top of compute isolation to protect your app. It also provides the maximum scale-out capabilities.

Question 31: VM1 is located in the East US region. You have added a premium SSD data disk to VM1, but the IOPS are not satisfying the needs of your application, how can you change the speed of the disk?

A. Select the disk configuration and increase the size

B. Shut down (Deallocate) the VM

C. Export the disk and convert to VHD

D. Create a new disk and migrate the data

ANSWER31:

A and B

Notes: Premium disk performance increases based on the size of the disk, while standard disks have consistent performance for all disk sizes. Disks can be resized only when they are unattached or the owner VM is deallocated. Disks can be resized only when they are unattached or the owner VM is deallocated.

Question 32: The NoName Company has just deployed a number of Azure VMs into a specific subnet in an Azure virtual network. They have also implemented a network security plan which includes the use of Azure Firewall. From those newly deployed VMs, the company wants to deny access to the website https://www.microsoft.com. How can you achieve this using their current Azure resources?

A. A network rule

B. Create a route via Route Table to the firewall (as a virtual appliance hop)

C. Configure an application rule on the Azure Firewall that blocks FQDNS www.microsoft.com

D. An Application Gateway

E. A Subnet named AzureFirewallSubnet

F. A VPN Gateway

ANSWER32:

A B C

Notes: A network rule would allow access to an external public DNS service, to lookup the microsoft.com domain name. Creating a route via Route Table to the firewall is required to direct incoming traffic (from the firewall public IP address) to a specific destination.

An application rule allows or blocks an address by URL. This is necessary in order to block https://www.microsoft.com according to the requirements of the company.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 33: You need to create an Azure virtual machine named VM1 that requires a static private IP address configured inside the IP address space for the VNet in which the VM resides. How do you configure a static IP address for this Azure VM?

A. After the VM has been created, create a new network interface and configure a static IP address for that network interface

B. After the VM has been created, go to the network interface attached to the VM and change the IP configuration to static assignment

C. When creating a VM in the portal, select New next to private ip address and choose static after assigning the correct IP address

D. When creating the VM in the portal, change the setting from dynamic to static on the networking tab under private IP address

ANSWER33:

Notes: Changing the IP configuration on the network interface will achieve this goal.

Question 34: You have an Azure subscription named Subscription1. In Subscription1, you have a web server that has the IP address 10.1.0.83 and a database server that has the IP address 10.1.0.142. Instead of remembering the IP addresses of the servers, you’d like to connect to these servers using a DNS name. With no DNS server currently, and without having to create a new DNS server, how can you access your database server from your web server by the DNS name db.yourcompany.com?

A. Public DNS Zone

B. Promote Server to Domain Controller

C. Access the Domain Controller

D. Private DNS Zone

ANSWER34:

Notes: A private DNS zone is an easy way to register servers with a DNS name versus having to access them by their IP address

Question 35: You have an Azure subscription named Subscription1. In Subscription1 you have two VNets, one named VNet-Hub and one named VNet-Spoke. Within VNet-Hub, there is an Azure Firewall with a public IP address, configured as a Standard SKU. In VNet-Spoke, there is a Windows Server 2016 with no public IP address and no Network Security Group (NSG). Using which three items can you utilize the public IP address of the Azure firewall to connect to the Windows Server, without exposing the server to the public internet directly?

A. NAT Rule for the Firewall

B. Route Table

C. Virtual Network Gateway

D. Virtual Network Peering

E. ExpressRoute Gateway

ANSWER35:

A B D

Notes: You can configure a NAT rule on the firewall to translate and filter inbound Internet traffic to your subnets. You will need a route table to route ingress traffic to the firewall virtual appliance. In order for traffic to flow from the VNet-Spoke to VNet-Hub, you will need a peer connection between the virtual networks (Virtual Network Peering).

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 36: You have an on-premises environment as well as your Azure environment with a subscription named Subscription1. Subscription1 has a virtual network named VNET1 and you need to connect to the on-premises network securely using an ExpressRoute link and Site-to-site VPN. What Azure resources do you need in order to establish the connection while minimizing cost?

A. Azure VPN Gateway

B. Network virtual appliance

C. No resources needed, ExpressRoute is encrypted by default

D. A route table

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

ANSWER36:

B and D

Notes: VPN tunnels over Microsoft peering can be terminated either using VPN gateway, or using an appropriate Network Virtual Appliance (NVA) available through Azure Marketplace. We choose to use NVA because it accomplishes our goal, but for a lesser cost than Azure VPN Gateway. A route table is required to specify the next hop for traffic coming and going from the on-premises network.

Question 37: You have a Network Security Group (NSG) that is associated with a network interface that is attached to an Azure virtual machine named VM1 running Windows Server 2019. VM1 is in subnet named subnet1, in a virtual network named VNet1. A different NSG is attached to subnet1, but you notice that there is an inbound rule to allow port 3389. When you try to connect to VM1, you cannot connect. You reviewed the NSG and the source IP address and the protocol are correct. How can you connect to VM1 using best practices for NSGs in Azure?

A. The protocol on the NSG rule is set to UDP

B. The NSG attached to the network interface needs to be removed

C. The source IP address on the NSG rule is incorrect

D. You need to add an inbound rule for the NSG attached to the network interface

ANSWER37:

Notes: Removing the NSG from the network interface would allow the VM to use the NSG associated with the subnet, which is best practice.

Question 38: You have an Azure subscription named Subscription1. In Subscription1 you have an Azure VM named VM1 with Windows Server 2019 as the operating system. VM1 does not have a public IP address assigned to it. VM1 is located in a virtual network named VNet1, in subnet1. Attached to subnet1 is a Network Security Group (NSG) that has port 3389 open inbound. On your local machine, you do not have an RDP client installed, but you need to login into the VM. Without assigning a public IP address to the VM, what three things in combination can we use to log into VM1?

A. HTML5 supported Web Browser

B. Azure VPN Gateway

C. A subnet named AzureBastionSubnet

D. A Gateway Subnet

E. Azure Bastion Host

F. Inbound security rule to open port 443

ANSWER38:

A C E

Notes: The RDP connection to the virtual machine happens via Bastion host using the Azure portal (over HTML5) using port 443 and the Bastion service.

The subnet inside your virtual network to which the Bastion resource will be deployed must have the name AzureBastionSubnet. The name lets Azure know which subnet to deploy the Bastion resource to. This is different than a Gateway Subnet.

The Azure Bastion service is a new fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address.

[/bg_collapse]

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 39: You have a subscription named Subscription1. Subscription1 has two virtual networks named VNet1 and VNet2 in two different resource groups. VNet1 is located in the West US region and VNet2 is located in the East US region. You need to apply a network security group named NSG1 to a subnet in VNet1. NSG1 is located in the East US region. How do you attach NSG1 to the subnet in VNet1?

A. You can’t. Create a new network security group in the west us region

B. Move VNet1 into a resource group located in the east us region

C. Select the subnet and choose NSG1 from the network security group drop-down

D. Move NSG1 into the VNet1 resource group

ANSWER39:

Notes: In order for you to associate a network security group to a subnet, both the virtual network and the network security group must be in the same region.

Question 40: You have a subscription named Subscription1. Subscription1 has one Azure virtual machine named VM1 which is an Ubuntu server. You can’t seem to login to the server via SSH. What tool should you use to verify if the problem is the network security group?

A. IP flow verify tool in Azure Network Watcher

B. Azure Monitor VM metrics

C. Azure Traffic Manager traffic view

D. Azure Virtual Network logs

ANSWER40:

Notes: The IP Flow Verify tool checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned.

Question 41: You have two Azure virtual machines named VM1 and VM2. VM1 is using the Red Hat Enterprise Linux 8.1 (LVM) operating system and is located in VNet1, within subnet1. VM2 is using the Windows Server 2019 operating system, and is located in VNet1, within subnet2. VNet1 has custom DNS configured, pointing to a DNS server with the IP address 172.168.0.6. VM2 has 10.0.1.15 configured as the DNS server on its network interface. Which DNS server will VM2 use for DNS queries?

A. 8.8.8.8

B. 10.0.1.15 for primary, 172.168.0.6 as secondary

C. 10.0.1.15

D. 172.168.0.6

ANSWER41:

Notes: Since the network interface attached to VM2 is assigned to a specific DNS server, it takes precedence over the DNS configured on the VNet.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 42: You have created a new Azure virtual machine in a subnet named Subnet1 with an attached network interface card named NIC1. The NIC1, attached to Subnet1, has the following effective routes:

Source	State	Address Prefix	Next Hop
Default	Active	10.1.0.0/16	Virtual Network
Default	Invalid	0.0.0.0/0	Internet
Default	Active	10.0.0.0/8	None
Default	Active	100.64.0.0/10	None
Default	Active	192.168.0.0/16	None
Default	Active	25.33.80.0/20	None
Default	Active	25.41.3.0/25	None
User	Active	0.0.0.0/0	None

What will happen when the virtual machine tried to communicate with a VM on a different network?

A. Traffic will be sent successfully

B. Traffic will be forced out to the internet

C. Traffic will be forced internally

D. Traffic will be dropped and no connection will be established

ANSWER42:

Notes: The user-defined route in the table will override the default route, causing traffic to be directed to nowhere (next hope type of none).

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 43: You have a standard load balancer that directs traffic from port 80 externally to three different virtual machines. You need to direct all incoming TCP traffic on port 5000 to port 22 internally for connecting to Linux VMs. What do you need in order to connect to the VM via SSH?

A. A public IP address for all three VMs

B. A Route Table with at least one rule

C. A Network Security Group (NSG)

D. A Network Address Translation (NAT) Rule

ANSWER43:

C and D

Notes: The NSG rules work alongside the NAT rules to provide a connection to a VM that’s behind a load balancer. NAT rules work alongside NSG rules to provide a connection to a VM that’s behind a load balancer.

Question 44: You have a web application that serves video and images to those visiting the site. You start to notice that your web server is overloaded, and often crashes because the requests have consumed all of its resources. To combat this, you’ve added an additional web server and you plan to load balance these servers by serving images from the first server only and serving video from the second server only. Which Azure resource can you implement that will properly load balance (at OSI layer 7) with URL-based routing and secure with SSL at the lowest cost?

A. Azure Load Balancer

B. Azure Front Door

C. Azure Application Gateway

D. Web Application Firewall

ANSWER44:

Notes: Azure Application Gateway operates at layer 7 (the application layer), and is a web traffic load balancer that enables you to manage traffic to your web applications. Application Gateway can make routing decisions based on URI path and secure with SSL.

Question 45: You manage a virtual network named VNet1 that is hosted in the West US region. Two virtual machines named VM1 and VM2, both running Windows Server, are on VNet1. You need to monitor traffic between VM1 and VM2 for a period of five hours. As a solution, you propose to create a connection monitor in Azure Network Watcher. Does this solution meet the goal?

A. Yes

B. –

C. –

D. No

ANSWER45:

Notes: The connection monitor capability in Azure Network Watcher monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 46: You have an Azure subscription named Subscription1. You would like to connect your on-premises environment to Subscription1. You have to meet three requirements from the business. The first requirement is that the connection from the on-premises office and Azure must be a private connection. No network traffic is allowed to go over the public internet. The second requirement is that all traffic from the on-premises office and Azure must happen at layer 3 (network layer). The third requirement is that this connection from on-premises to Azure must be redundant to minimize the opportunity for failure. What type of connection fulfills these three requirements?

A. ExpressRoute with premium add-on

B. ExpressRoute

C. Site-to-Site VPN

D. Virtual WAN

ANSWER46:

Notes: ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. ExpressRoute connections do not go over the public Internet. An ExpressRoute Connection is a layer 3 connection between your on-premises network and Azure through a connectivity provider (e.g. Verizon).

Question 47: You have an Azure subscription as well as an on-premises environment that is connected via ExpressRoute circuit. You have two additional branch offices that you need to connect to the network, as well as ten remote employees that change locations frequently but still need access to Azure resources. What is the solution that will provide the quickest setup at the lowest cost?

A. Site-to-Site VPN

B. Point-to-Site VPN

C. Virtual WAN

D. Hub-and-Spoke Network Topology

ANSWER47:

Notes: The Virtual WAN architecture is a hub and spoke architecture for branches and users. It enables global transit network architecture, where the cloud-hosted network ‘hub’ enables transitive connectivity between endpoints that may be distributed across different types of ‘spokes’. All hubs are connected in full mesh in a Standard Virtual WAN making it easy for the user to use the Microsoft backbone for any-to-any (any spoke) connectivity. This satisfies the requirement to provide the quickest set up at the lowest cost.

Question 48: You have a small number of servers running a microservice, and you want to make sure that all the servers have connectivity to each other. You also need to calculate network performance metrics like packet loss and link latency. Which two Azure resources do you need to meet this requirement?

A. Log Analytics Workspace

B. Network Performance Monitor

C. Azure Monitor

D. Azure Traffic Manager

ANSWER48:

A and B

Notes: A Log Analytics workspace is a data repository for Azure Monitor log data. A pre-requisite in order to use Network Performance Monitor. Network Performance Monitor helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.

Question 49: You have two virtual networks named VNet1 and VNet2. VNet1 is located in the West US region, whereas VNet2 is located in the East US region. You need to configure a virtual machine that’s located in VNet1 to also communicate with VMs in VNet2. From the choices available how can we enable communication between resources in VNet1 and VNet2

A. Migrate the VNet1 VM to VNet2 and leave the other VM components on VNet1

B. Migrate the network interface card (NIC), the network security group (NSG) and the VM disks to VNet2

C. Just the VM disks will need to be migrated to VNet2

D. Configure a VNet-to-VNet VPN gateway connection to allow communication between VNets in different regions

ANSWER49:

Notes: VNet-to-VNet connections allow communication between virtual networks in different regions and from different subscriptions. Reference: Configure a VNet-to-VNet VPN gateway connection by using the Azure portal.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 50: You have two subscriptions, one named Subscription1 and the other named Subscription2. Both subscriptions are located within the same tenant. You have one Azure virtual machine located within Subscription1 and another Azure virtual machine within Subscription2 and you’d like to view CPU utilization metrics on both virtual machines. How can you achieve this while maintaining the minimum number of Azure resources and minimizing cost?

A. Create a Log Analytics Workspace for both VMs

B.Turn on VM Insights in Azure Monitor

C. Install the Log Analytics (OMS) Agent on the VMs

D. Enable guest-level monitoring on each VM

ANSWER50:

A and B

Notes: You can view metrics data (such as CPU utilization %) over time by sending your metrics data to a log analytics workspace. This workspace can collect metrics data from multiple VMs, no matter if they are located in the same or different subscriptions.

VM integration with Azure Monitor Logs delivers powerful aggregation and filtering, allowing Azure Monitor for VMs to analyze data trends over time. You can view this data in a single VM from the virtual machine directly, or you can use Azure Monitor to deliver an aggregated view of your VMs where the view supports Azure resource-context or workspace-context modes.

Question 51: You have created a new Azure virtual machine named VM1. You plan to use VM1 as a web server, which will require the VM to be accessible using HTTP/S (HTTP and HTTPS) protocol. A Network Security Group (NSG) is attached to the NIC of VM1 with the following rules:

Priority|Name|Port|Protocol|SRC|DEST|Action| |:—|:—:|:—:|:—:|:—:|:—:|—:| |300|Rule2|80|TCP|Any|Any|Deny| |400|Rule1|443|TCP|Any|Any|Deny| |500|Rule4|60-500|TCP|Any|Any|Allow| |600|Rule5|22|TCP|72.166.177.14/32|Any|Deny| |1000|Rule3|22|TCP|Any|Any|Allow|

What changes do you have to make to the NSG in order to meet the requirements for VM1?

A. Change the priority of Rule3 to 200

B. Change the action of Rule1 to Allow

C. Change the priority of Rule4 to 200

D. Change the port of Rule5 to 443

ANSWER51:

Notes: Lower priority rules take precedence over higher ones. Changing Rule4 to a lower number will negate all the other rules of a lesser priority, therefore allowing traffic on ports 60-500, which includes 80 and 443, the ports necessary for allowing traffic over HTTP/S. Remember the lower the priority the priority number the higher the priority in regards to reading the rules.

Question 52: You have an Azure virtual machine running Windows Server 2016. You need to collect OS level metrics on this virtual machine, including Windows event logs and performance counters. Which of the following items do you need in order to collect this metrics data?

A. Enable guest-level monitoring

B. Windows Diagnostics Extension

C. Log Analytics Agent

D. InfluxData Telegraf Agent

E. Storage Account for Diagnostic Data

ANSWER52:

A B E

Notes: In order to install the diagnostics extension on an Azure VM, you must enable guest-level monitoring from the VM settings in the portal. Windows Diagnostic Extension is an agent in Azure Monitor that collects monitoring data from the guest operating system and workloads of Azure virtual machines and other compute resources. In order to enable guest-level monitoring, you need to create a storage account for storing the metrics data.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 53: You have an Azure subscription with a virtual machine named VM1. You are using Recovery Services Vault (RSV) to backup VM1 with soft delete enabled. The backup policy is set to backup daily at 11 PM UTC, retain an instant recovery snapshot for 2 days, and retain the daily backup point for 14 days. After the initial backup of VM1, you are instructed to delete the vault and all of the backup data. What should you do?

A. Turn off soft delete in the vault security settings

B. Wait 14 days

C. Stop the backup of VM1 and delete backup data

D. Delete the backup policy

E. Delete Backup Jobs Workload

F. Wait 15 days

ANSWER53:

A and C

Notes: When you stop the backup and delete the backup data, because you have soft delete enabled, the backup data is still kept. Permanently delete the soft-deleted backup items that would remove the backup data indefinitely. If you stop the backup of VM1 and choose delete backup data from the dropdown menu, this will stop future backups and delete the existing backup data.

Question 54: You have a number of virtual machines and web applications running in your Azure environment. These Azure resources are critical for business operations, so you’ve locked the resources in order to prevent deletion. In addition, how can you alert on these actions in the portal, and notify your team via email and SMS when a user is trying to delete or create a new resource from within your Azure subscription?

A. Pin the activity log to your dashboard

B. Create a new alert rule

C. Query Administrative Events and Copy Link to Query

D. Create a new action group

ANSWER54:

B and D

Notes: Alert rules specify the conditions for which the alert is triggered. Activity log alerts are the alerts that get activated when a new activity log event occurs that matches the conditions specified in the alert. An action group is a collection of notification preferences defined by the owner of an Azure subscription. Azure Monitor and Service Health alerts use action groups to notify users that an alert has been triggered.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 55: You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?

A. Client-side monitoring

B. Live Metrics Stream in Application Insights

C. Application Insights Search

D. Log analytics workspace

ANSWER55:

Notes: Live metrics stream includes such information as the number of incoming requests, the duration of those requests, and any failures that occur. You can also inspect critical performance metrics such as processor and memory.

Question 56: You have an Azure subscription named Subscription1. In Subscription1 you have two Azure VMs named VM1 and VM2, both running Windows Server 2016. VM1 is backed up using Recovery Services Vault, with a backup policy of producing a daily backup and keeping that daily backup for seven days. Also, a snapshot is kept for 2 days. VM1 is compromised by a virus that infects the entire system, including the files. You need to restore the files from yesterday’s backup of VM1. Where can you restore the files to in the quickest manner?

A. A new Azure VM

B. Restore the VM1 snapshot

C. VM2

D. In-place

ANSWER56:

Notes: Using snapshots for VM backups, you speed up the recovery time considerably. The snapshots are stored with the disks in Azure, so the transfer speeds are optimal.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Question 57: You have a subscription named Subscription1. You would like to be alerted upon certain administrative events within Subscription1 to detect unauthorized access. Which of the following is the quickest method to setup these types of alerts?

A. Monitor > Alerts > New Alert Rule

B. Log Analytics Workspace > myWorkdspace > Advanced Settings

C. Policy > Assignments > Assign Policy

D. Subscriptions > mySubscription > Activity Log > New Alert

ANSWER57:

Notes: Alerts can be created from within Azure Monitor

Microsoft Azure Administrator Certification Q&A:

What does az vmss deallocate do?

The az vmss deallocate command will deallocate and remove the VMs within a VMSS. Azure Doc

A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure resource tags to separate the bills department wise. Would this fulfill the requirement?

– Yes, you can use resource tags to organize your Azure resources and also apply billing techniques department wise. The Microsoft documentation mentions the following.

– Reference: Azure resource tags

A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure rolebased access control to separate the bills department wise. Would this fulfill the requirement?

– No, This is used to control access to resources and can’t be used for billing purposes.

– Reference: Azure Role Based Access Control

A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure policies to separate the bills department wise. Would this fulfill the requirement?

– No, Azure policies are used from a governance perspective and can’t be used to create bills department wise.

– Reference: Azure Gov policies

A company is planning to use the Azure Import/Export service to move data out of its Azure Storage account. Which of the following service could be used when defining the Azure Export job?

– Only the BLOB service is supported by the Export job feature. This is also given in the Microsoft documentation.

– Reference: Azure Blob Storage

Suppose you have an application running on a windows virtual machine in azure. what is the best-practice guidance on where the app should store data files?

– Dedicated data disks are generally considered the best place to store application data files. They can be larger than OS disks and you can optimize them for the cost and performance characteristics appropriate for your data.

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Sources/References:

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

1- Exam AZ-104: Microsoft Azure Administrator

2- Linux Academy

3- Exam AZ-104: Microsoft Azure Administrator – Skills Measured

4- Whizlab

5- Udemy

6- Quora AZ 104

Azure Breaking News – Azure Certifications Testimonials

Scheduling a python script
by /u/scan-horizon (Microsoft Azure) on September 26, 2023 at 11:29 am
I have a Windows 10 on-premise VM with python installed. It uses Windows Task Scheduler to automatically run a small python script once a week (well it’s actually a .bat file which calls the .py script). The script downloads data from an FTP, extracts it, uploads to a SQL database. The script also archives previous week’s data to some .zip files on the C drive. As we migrate to Azure, I want to replace this setup with something simple, cheap & cloud-native. Keeping costs as low as poss as high performance isn’t required. As mentioned, The script does create some .zip files which need to exist in a cold/cool storage solution that the script can access & write to. We have an Azure environment to use. submitted by /u/scan-horizon [link] [comments]
Conditional access - guest users
by /u/arciere84 (Microsoft Azure) on September 26, 2023 at 11:23 am
I am trying to configure a new rule for conditional access for guest users in Azure. The rule is active in audit-mode but I am trying to check if it applies to specific guest users. Now, I can easily use the What if tool to test guest domains that already have an Entra ID, but I cannot see any way to test users that authenticate with email and OTP (let's say, testuser[at]gmail.com). What parameters do I use if I want to check whether the policy applies to testuser? submitted by /u/arciere84 [link] [comments]
[Teach Tuesday] Share any resources that you've used to improve your knowledge in Azure in this thread!
by /u/AutoModerator (Microsoft Azure) on September 26, 2023 at 11:00 am
All content in this thread must be free and accessible to anyone. No links to paid content, services, or consulting groups. No affiliate links, no sponsored content, etc... you get the idea. Found something useful? Share it below! submitted by /u/AutoModerator [link] [comments]
AAD/Entra ID: solutions to deal with volume alerts and stay compliant?
by /u/slewis_1972 (Microsoft Azure) on September 26, 2023 at 11:00 am
Hi As a org, we are now using SSO via AAd/Entra ID alot. Hence logs, issues grow. Same time, staying compliant, checking changes to reduce risk. As volume of skill IT staff dwindle, looking at solutions to help reduce manual work and use the like of AI etc to help. Have looked at Huntress 365 as we use them for EDR but it seems aimed at MFA logs, which could be fine. But risks are in miss configuration aswel and where I am using Microsoft score to reduce , looking at 3rd party options. Yes, Microsoft Defender Cloud is an option but like to a have a alternative that can counter the MS reason. Any pointers appreciated. We use Avanan for extra phishing which proves my point on using a 3rd party that does better than MS so will be checking with checkpoint . Thanks in advance submitted by /u/slewis_1972 [link] [comments]
Migrating from On-Prem AD to Azure Intra, what do I do with Servers?
by /u/MadHackerTV (Microsoft Azure) on September 26, 2023 at 9:49 am
Hi, Recently I started to plan my migration plan to Azure Entra (AD), and I don't understand how I'm going to manage my Servers. So, for endpoints - I understand I can join them to my Azure AD domain, and then manage them with Intune. But what about Windows Servers? right now I'm hybrid, I have some VMs on-prem and some on Azure. Looking around, I found out that I can't actually manage my servers with Intune? I can just manage the Windows Defender policy for Servers with Intune? What is the right approach then? I was planning on removing my DC, if I can't do that, do I need to use something like ADDS then? I think GPO is my biggest concern when it comes to "manage" my servers. I would love to hear what is the modern way to manage on-prem / Azure Windows Servers with Azure Intra. Thanks submitted by /u/MadHackerTV [link] [comments]
FREE CLOUD PRACTICE ENVIRONMENT
by /u/sogreat100 (Microsoft Azure) on September 26, 2023 at 9:17 am
Hello everyone. Where can I get a free practice environment to practice my cloud skills like cloud architecture and cloud security. Please assist by directing me to one or more. Thanks submitted by /u/sogreat100 [link] [comments]
Azure Application Gateway Rewrite rule
by /u/pictop (Microsoft Azure) on September 26, 2023 at 9:02 am
Hello, I have the following problem with the Azure Application Gateway where I am currently stuck I need to create a rewrite rule for an Application Gateway that does the following. When the website https://abcd.com/\* is accessed, the app gateway should call https://abcd.com/api/var\_uri\_path. So: https://abcd.com/test --> https://abcd.com/api/test https://abcd.com/xyz --> https://abcd.com/api/xyz This works so far. Now, however, I would also like to redirect to another page when someone accesses the site without a string. For example, https://abcd.com/ --> https://admin.abcd.com Do you have any idea how to build this with a rewrite rule? Thanks, pictop submitted by /u/pictop [link] [comments]
Windows servers should be configured to use secure communication protocols
by /u/ancient-Egyptian (Microsoft Azure) on September 26, 2023 at 8:57 am
This is flagging for Defender for Cloud for my Azure Arc machines. They all have TLS of 1.2 + 1.3 so it is not a TLS issue. .Net Framework is up to date. This recommendation only appeared yesterday and appeared for my entire arc environment. Azure Native servers are fine but I am struggling to find the difference. submitted by /u/ancient-Egyptian [link] [comments]
Any explanation on why a service would take too long to return a response
by /u/ASamir (Microsoft Azure) on September 26, 2023 at 8:39 am
We have our solution running on AKS and for some reason on of our deployment/service that uses postgres to fetch data and return it to an endpoint when it's visited on our portal. Checked the usage on the managed postgres we use on Azure and the most utilization it reached was 55% at some point and no more. Checked the resources on the nodepool that has the app running and it was all well. While troubleshooting I did try something that seemed like a long shot but for some reason it worked. I changed the nodeSelector of that app to be moved to another nodepool that we have on our cluster that has different kind of apps running and that nodepool uses a different machine type, after a couple of minutes from the app restarting it worked well. So I waited a bit and switched it back to its original nodepool it was running on and for over 16 hrs now it is working well now. Like nothing happened in the first place. Any idea why would something like that happen? submitted by /u/ASamir [link] [comments]
F32v2 compute - 8272CL Xeon Platinum - no turbo boost?
by /u/preciseman (Microsoft Azure) on September 26, 2023 at 7:35 am
Hi all, Does anyone know if within Azure there is a setting to enable turboboost for the F32v2 compute cores? The VM is recognized at a Xeon Platinum 8272CL CPU which according to online documentation can sustain 3.4ghz all core boost - but in my usage case it never goes above base clock speed of 2.59ghz. Pic of performance tab in task manager: https://imgur.com/a/uJk2UFr Documentation on the processor from azure's website: https://learn.microsoft.com/en-us/azure/virtual-machines/fsv2-series The Fsv2-series run on the 3rd Generation Intel® Xeon® Platinum 8370C (Ice Lake), the Intel® Xeon® Platinum 8272CL (Cascade Lake) processors, or the Intel® Xeon® Platinum 8168 (Skylake) processors. It features a sustained all core Turbo clock speed of 3.4 GHz and a maximum single-core turbo frequency of 3.7 GHz. Intel® AVX-512 instructions are new on Intel Scalable Processors. These instructions provide up to a 2X performance boost to vector processing workloads on both single and double precision floating point operations. In other words, they're really fast for any computational workload. submitted by /u/preciseman [link] [comments]
Azure data factory
by /u/Jay___Bee (Microsoft Azure) on September 26, 2023 at 7:29 am
Hey Guys, can we access (not create) a sftp server on a PRIVATE endpoint via azure data factory linked services? submitted by /u/Jay___Bee [link] [comments]
Postgresql flexible server and powerbi
by /u/carteroneil (Microsoft Azure) on September 26, 2023 at 6:21 am
Hi all, I bless you with another noob question. Aside from the normal costs of running the postgresql server... are there additional costs when doing a direct query connection from powerbi like there would be connecting to blob? I looked at the pricing page and I didn't see anything to explain. submitted by /u/carteroneil [link] [comments]
How to Perform Failback to the Primary Region in Azure After Site Replication?
by /u/keenshin2 (Microsoft Azure) on September 26, 2023 at 6:16 am
"I'm currently working with Azure Site Replication for disaster recovery, and I've successfully replicated my virtual machines to a secondary region. During a test failover, I noticed that it's relatively straightforward to clean up the replicated VMs. However, I'm wondering how to perform a failback to the primary region in a real disaster recovery scenario. What are the steps involved in this process? Any insights, tips, or best practices would be greatly appreciated. Thanks!" submitted by /u/keenshin2 [link] [comments]
AKS & application security groups
by /u/tsolodov (Microsoft Azure) on September 26, 2023 at 1:43 am
Is it even possible? How to add k8s nodes / pods to asg and use it in NSG rule as src/dst ? Docs have how-to do this for VMs, but not for k8s. submitted by /u/tsolodov [link] [comments]
(Europe) Do you feel that AZ-900 will boost my chances to get an IT entry-level job? (no experience, no CS degree)
by /u/Wolanif (Microsoft Azure Certifications) on September 26, 2023 at 1:08 am
As stated in the title. I have 2 degrees but in a humanities field, so no CS degree or anything related. Also this would be my first certification. I also have 0 work experience in IT. Keep in mind that I'm talking about finding an entry-level IT job in Europe, which I think it's fairly different from the US market currently. (afaik, at least) I'm considering AZ-900 over compTIA (eg. A+) for a number of reasons: it's much less expensive (if not down-right free), supposedly it takes less time to study for it, I like Azure and Microsoft environments (so I could potentially continue through the Azure certifications path). And compTIA isn't really huge/popular in EU as it is in US. Do you guys think that in my case it makes sense to go for AZ-900? (and potentially other Azure ones if I wanna specialize for cloud work) Even if it's just a "small boost to my (probably already very-low) chances to get hired" I think I'll still take that. If anyone from EU working in IT that went through a similar path, I'd like to hear about it! Thanks in advance! submitted by /u/Wolanif [link] [comments]
Azure Service Alert
by /u/Automatic-Housing706 (Microsoft Azure) on September 26, 2023 at 12:27 am
I have a few subscriptions that I keep receiving service health advisor emails for. Most are resource retirement alerts. How do I know who else receives the same alerts? I would like to see a list of all who accounts who receive the same alerts I do. submitted by /u/Automatic-Housing706 [link] [comments]
Wordpress on App Service - Email - Denied by the resource provider. Click here for more support.
by /u/Nexus_Explorer (Microsoft Azure) on September 26, 2023 at 12:18 am
I am trying to set up an SMTP connection between my WordPress website hosted on Azure App Service and my Exchange Online environment. However, I am encountering an error in WordPress stating 'Denied by the resource provider'. I have already connected my domains as per Microsoft's instructions. Despite this, I am unable to send emails and need assistance troubleshooting this issue. Could someone point me in the right direction? Am I missing something? When using the "TryEmail" feature from my Communication Service in Azure, the email gets sent and received. submitted by /u/Nexus_Explorer [link] [comments]
Azure Virtual Desktop -- Remote Desktop Connection -- Access to Local Resources
by /u/rwlib3 (Microsoft Azure) on September 25, 2023 at 11:55 pm
Does anyone know how to get the Remote Desktop app to prompt for "Access local resources" again, after an end user clicks Don't ask me again....? I tried .\msrdcw.exe /reset /f, but that doesn't seem to prompt again either. https://preview.redd.it/v82oe1kbnhqb1.png?width=400&format=png&auto=webp&s=c54d6743bc5e61bb70bdeee7475ef0c3c76d98c8 submitted by /u/rwlib3 [link] [comments]
Why do some Azure regions start with Cardinal Direction instead of region name?
by /u/podcast_frog3817 (Microsoft Azure) on September 25, 2023 at 11:22 pm
submitted by /u/podcast_frog3817 [link] [comments]
Possible to write data to an Excel sheet via Azure API?
by /u/no_counterplay (Microsoft Azure) on September 25, 2023 at 10:51 pm
tl;dr - Is it possible to write data to an Excel sheet from an iOS app by calling an Azure API? Context I am working on a small end-to-end personal project and have an iOS app that stores some JSON data. My goal is to that data from that iOS app to my Azure API and finally write to some backend. My current Azure POST API is run on Azure's API Management service, and it's inbound processing is a mocked "200 OK" response since I don't have a proper backend set up yet. The iOS app then calls the API's service URL with the proper query parameters/data and gets a "200 OK" response back. The communication between the app and API seem to work -- I just don't know how to save the data once the API receives it. Rather than setting up a complicated backend, I was wondering if I could just upload the data that the API receives to an Excel spreadsheet just as a temporary solution and proof of concept. Question Is that possible to do what I described via Azure's API Management service and use Excel as the backend? For example, through Azure Logic Apps or any other solution? I also saw some resources on Excel Services REST API but not sure if that would fit my use case. Lastly, on a side note, I just wanted to use Azure and the API Management service as a way to familiarize myself with those tools. I would prefer to continue using those, but if it's not possible, I'm fine with going with a different solution as long as the iOS app URL request can still hit it. submitted by /u/no_counterplay [link] [comments]

AZ104 Exam Prep on ios – AZ104 Exam Prep on android
AZ104 Exam Prep on windows 10/11 – AZ104 Exam Prep on web

Azure Certification Path 2022- 2023 for someone with no experience coding

This is what I would recommend as the path since you have no coding experience:

AZ900–>AZ104–>SC900–>AZ305 or AZ400 or AZ500 -> AI900

Azure Fundamentals –> Azure Administrator –> Microsoft Security, Compliance, and Identity Fundamentals –> Azure Solutions Architect Expert or Microsoft Azure Security Technologies

or Designing and Implementing Microsoft DevOps Solutions

That being said, I’d recommend learn scripting as that would come in handy for this admin path expert. If you passed SAA, I’m positive you can pass any cert with proper dedication.

FYI – I created this free tool to carve out your certification path. Give it a try here. Open to feedback on how it can be improved for everyone.

Certifications for Microsoft Azure

There’s a Microsoft certification for you, whether or not you’re thinking about what Microsoft Azure is and where to start, or where you should go next in your cloud job. There are around 16 Azure cloud assertions open. Here is an overview of current Microsoft Azure assertions.

Nuts and bolts Level Certifications

Microsoft Certified: Azure Fundamentals

Microsoft Certified: Azure Data Fundamentals

Microsoft Certified: Azure AI Fundamentals

Accomplice Level Certifications

Microsoft Certified: Azure Administrator Associate

Microsoft Certified: Azure Developer Associate

Microsoft Certified: Azure Database Administrator Associate

Microsoft Certified: Azure Security Engineer Associate

Microsoft Certified: Azure Data Scientist Associate

Microsoft Certified: Azure Data Engineer Associate

Microsoft Certified: Azure AI Engineer Associate

Microsoft Certified: Azure Stack Hub Operator Associate

Expert Level Certifications

Microsoft Certified: Azure Solutions Architect Expert

Microsoft Certified: DevOps Engineer Expert

Specialty Certifications

Microsoft Certified: Azure IoT Developer Specialty

Microsoft Certified: Azure for SAP Workloads Specialty

Microsoft Certified: Azure Virtual Desktop Specialty

There are also two other Microsoft assertions that are Azure-related. While we won’t cautiously depict them in this post, dependent upon your master way and limit, they might justify researching.

For security engineers responsible for peril the leaders, checking, and response, the Microsoft Certified: Security Operations Analyst Associate confirmation is required. It requires completing the SC-200 appraisal.

Test SC-300 is required for the Microsoft Certified: Identity and Access Administrator Associate, which is for heads who use Azure AD to manage IAM.

What might be prudent for you to do first?

In particular, you should make certain with regards to what a Microsoft Azure confirmation is and isn’t. Is simply clear? Phenomenal! Then, at that point, we ought to explore three circumstances that can assist you with picking where to start.

“I’m new to development. I’m essentially uninformed in regards to this ‘cloud’ that is quite serious.”

You can sort out some way to cloud in the event that you’re the kind of person who counts “Microsoft Word” as a specific capacity on your resume. On the off chance that you’re just beginning started, a section level certification will outfit you with the language and understanding you’ll need to all the more promptly analyze your ensuing stages. The AZ-900 Azure Fundamentals accreditation is your first stop on the Azure road.

The cloud might be alarming, yet the capacities you’ll get as you seek after this accreditation will help you with understanding it in a way that even an all out beginner can understand — especially if you have the right getting ready. (Look at me as a hotshot, yet I think our Azure Fundamentals getting ready is astonishing.)

“I have a fundamental cognizance of the cloud.”

Perhaps you’ve worked in the IT field beforehand. Perhaps you’ve attempted various things with AWS, GCP, or Azure. Do you accept you’re ready to make a dive? Press the brakes. Start with the Azure Fundamentals affirmation, if you haven’t at this point. In the best circumstance, you’ll see it to be a breeze. Regardless, paying little heed to how far you advance in Azure, this accreditation will give the establishment to future accomplishment. The accompanying crosspiece on the ladder (Azure Administrator Associate) can be an inconvenient one to ascend. Before dealing with it, you’ll need all of the Fundamentals data notwithstanding a huge load of Azure included knowledge.

Here are different Azure Certifications (Microsoft Certified)

AZ-900

For beginners, this is the best Microsoft Azure accreditation. It’s an unprecedented spot to start on the off chance that you’re new to appropriated processing or Microsoft Azure. This one would be Azure 101 if test names appeared to be okay and acceptable.

Test AZ-900: Microsoft Azure Fundamentals ($99 USD) is required.

There are no fundamentals.

For whom this is for?

In a general sense, everyone. Non-particular individuals with a cloud-related calling, similarly as new or cheerful designers or IT experts, could benefit from acknowledging what the cloud is and isn’t. Any person who needs to comprehend the Microsoft Azure environment should have the data expected to complete this evaluation.

Fundamentals DP-900 Microsoft Certified

For inescapable data focused cloud subject matter experts, this is a significant beginning advance assertion.

Test DP-900: Microsoft Azure Data Fundamentals ($99 USD) is required.

There are no fundamentals.

For whom this is for?

This helper is for informational collection draftsmen and data base administrators who are essentially starting with cloud data.

AI Fundamentals AI-900 Microsoft Certified

This Microsoft Azure affirmation exhibits that you appreciate the fundamentals of man-made mental ability (AI) and AI (ML) in Azure for amateurs with both particular and non-specific establishments.

Test AI-900: Microsoft Azure AI Fundamentals ($99 USD) is required.

There are no basics.

For whom this is for?

Reproduced insight Engineers, Data Scientists, Developers, and Solutions Architects with a working data on AL and ML, similarly as Azure organizations related with them. This affirmation, like the others in the Azure Fundamentals series, is normal for those with both specific and non-particular establishments. That proposes data science and PC programming experience aren’t required, but Microsoft recommends making them program data or experience.

Administrator Associate AZ-104 is a Microsoft attestation.

For the IT swarm, this is the rudiments of Azure organization. This takes you from a fundamental perception of the cloud to having the alternative to perform cloud tasks (and get repaid to do them).

Test AZ-104: Microsoft Azure Administrator ($165 USD) is required.

For whom this is for?

This affirmation is for IT specialists and administrators who screen cloud assets and resources and direct cloud system. This test is (mistakenly) seen as an entry level test, yet you’ll need to know an immense heap of anticipated that information should pass and do whatever it takes not to have your AZ denied.

Azure Certifications

Azure Container Apps:

Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integrated services like KEDA, Envoy proxy, and Dapr provide you with out-of-the-box auto-scaling, ingress, traffic splitting, and simplified microservice connectivity.

Container Apps service is built on top of Kubernetes. Container Apps are an Azure Resource Manager deployment object, meaning you can’t just use your existing Kubernetes object descriptions and migrate them to Container Apps. You need to rewrite your deployment stack using Bicep or ARM templates. Terraform is not yet supported.

Link to the full article

A Twitter List by enoumen