The entire database of sample questions for the AZ-104 Microsoft Azure Administrator Certification Exam certification exam is accessible on the SPOTO website. Visit our Frequently Asked Questions section to explore the database of Microsoft certification practice exam questions and answers.

QUESTION 1

You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated with Subnet1. NSG1 only contains the default rules. You need to create a rule in NSG1 to prevent the hosts on Subnet1 from connecting to the Azure portal. The hosts must be able to connect to other internet hosts. To what should you set Destination in the rule?

1. A. Application security group
2. B. Any
3. C. Service Tag
4. D. IP Addresses

Correct Answer: C

QUESTION 2

You have an Azure subscription that contains a virtual machine named VM1. You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure. You need to use Connection Monitor to identify network latency between VM1 and DC1. What should you install on DC1?

1. A. the Azure Network Watcher Agent virtual machine extension
2. B. an Azure Monitor agent extension
3. C. the Log Analytics agent
4. D. the Azure Connected Machine agent for Azure Arc-enabled servers

Correct Answer: A

QUESTION 3

You have an Azure Storage account that contains 5,000 blobs accessed by multiple users. You need to ensure that the users can view only specific blobs based on blob index tags. What should you include in the solution?

1. A. a shared access signature (SAS)
2. B. just-in-time (JIT) VM access
3. C. a role assignment condition
4. D. a stored access policy

Correct Answer: A

QUESTION 4

You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable. What should you deploy?

1. A. all three virtual machines in a single Availability Zone
2. B. all virtual machines in a single Availability Set
3. C. each virtual machine in a separate Availability Zone
4. D. each virtual machine in a separate Availability Set

Correct Answer: C

QUESTION 5

You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic. Which two resources should you create? Each correct answer presents part of the solution. (Choose two.)

1. A. an Azure Monitor workbook
2. B. a Log Analytics workspace
3. C. a storage account
4. D. an Azure Sentinel workspace
5. E. an Azure Monitor data collection rule

Correct Answer: BC

QUESTION 6

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2. VM2 is backed up to RSV1. You need to back up VM2 to RSV2. What should you do first?

1. A. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.
2. B. From the RSV1 blade, click Backup items and stop the VM2 backup.
3. C. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup.
4. D. From the RSV1 blade, click Backup Jobs and export the VM2 job.

Correct Answer: B

QUESTION 7

You have an Azure subscription that contains a storage account named storage1 in the North Europe Azure region. You need to ensure that when blob data is added to storage1, a secondary copy is created in the East US region. The solution must minimize administrative effort. What should you configure?

1. A. operational backup
2. B. object replication
3. C. geo-redundant storage (GRS)
4. D. a lifecycle management rule

Correct Answer: B

QUESTION 8

You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK). You need to prepare Vault1 for Azure Disk Encryption. Which two actions should you perform on Vault1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. Create a new secret.
2. B. Create a new key.
3. C. Select Azure Virtual machines for deployment.
4. D. Select Azure Disk Encryption for volume encryption.
5. E. Configure a key rotation policy.

Correct Answer: BD

QUESTION 9

You have an Azure subscription. You need to receive an email alert when a resource lock is removed from any resource in the subscription. What should you use to create an activity log alert in Azure Monitor?

1. A. a resource, a condition, and an action group
2. B. a resource, a condition, and a Microsoft 365 group
3. C. a Log Analytics workspace, a resource, and an action group
4. D. a data collection endpoint, an application security group, and a resource group

Correct Answer: A

QUESTION 10

You have a registered DNS domain named contoso.com. You create a public Azure DNS zone named contoso.com. You need to ensure that records created in the contoso.com zone are resolvable from the internet. What should you do?

1. A. Create NS records in contoso.com
2. B. Modify the NS records in the DNS domain registrar.
3. C. Create the SOA record in contoso.com
4. D. Modify the SOA record in the DNS domain registrar

Correct Answer: A

Think again if you think Microsoft test study materials are out of your financial range; SPOTO gives you the most affordable edge over your rivals. Additionally, we put together extensive study materials that cover everything. It is not necessary to spend a lot of time sifting through multiple textbooks and course materials because everything has been compiled with test relevance in mind. As a result, it is feasible to fast study for the certification exams while continuing to work.