Welcome to the AZ-104 Official Practice Test – Part 6.
In this part, I have given my detailed explanations of the 10 official questions from Microsoft. Unlike on the Microsoft website, the explanations include screenshots to help you prepare for the AZ-104 exam.
That said, these tests are very simple, and they should only be used to brush up on the basics. The real exam would rarely be this easy. To get more rigorous practice and even in-depth knowledge, check out my practice tests (click below button).
Once done, check out the AZ-104 questions Part -7 and an accompanying YouTube video to be published soon.
Q51] You have a Log Analytics workspace that collects data from various data sources.
You create a new Azure Monitor log query.
You plan to view data pinned as a chart to a shared dashboard.
What is the maximum number of days for which data can be pinned as a chart on the dashboard?
a. 14
b. 30
c. 90
d. 180
You can pin the chart output by an Azure Monitor log query either to a Private or a Shared dashboard.
Although there are no references in Microsoft docs as to the maximum number of days for which data can be pinned as a chart on the shared dashboard, I personally tested it and the chart disappeared after 14 days.
Option A is the correct answer.
Q52] You have a Kusto query that returns 1,000 events from the SecurityEvent table in Azure Monitor.
You need to configure the query to aggregate the results by the Account column.
Which operator should you use?
a. Extend
b. Project
c. Summarize
d. Where
The operators in Kusto are very much like the ones in SQL queries. The summarize operator is used to group records from one or more columns of data.
Reference Link: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries#use-summarize-to-aggregate-groups-of-rows
Option C is the correct answer.
The where operator is used to filter the rows.
Reference Link: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries#the-where-operator-filter-on-a-condition
Option D is incorrect.
The project operator is similar to the SELECT keyword in SQL. Use this operator to rename and select columns. Option B is incorrect.
The extend operator is used to add columns to a result set. Option A is incorrect.
Reference Link: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries#use-project-and-extend-to-select-and-compute-columns
Q53] You have multiple Azure virtual machines and an Azure recovery services vault. Virtual machines are configured with the default backup policy.
What is the retention period of virtual machine backups in the default backup policy?
a. 7 days
b. 14 days
c. 30 days
d. 90 days
For an Azure VM backup, two types of policy sub types are available: Enhanced and Standard.
For each policy sub type, the default retention of daily backup point is 30 days. However, you can increase or decrease this retention period.
Option C is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm#back-up-from-azure-vm-settings
Q54] You have an Azure virtual machine named Server1 that runs Windows Server.
You need to configure Azure Backup to back up files and folders.
What should you install on Server1?
a. Microsoft Azure Backup Server (MABS)
b. Microsoft Azure Site Recovery Provider
c. The Azure Connected Machine agent
d. The Microsoft Azure Recovery Services (MARS) agent
Microsoft offers two primary Azure-based backup solutions: Microsoft Azure Backup Server (MABS) and the Microsoft Azure Recovery Services (MARS) agent. Both solutions help protect your data, but they cater to different needs.
Microsoft Azure Backup Server (MABS) is a more comprehensive and feature-rich backup solution than MARS. It is essentially a version of System Center Data Protection Manager (DPM) without the need for a System Center license.
MABS is generally used when you need to protect specific workloads like Microsoft Exchange or SharePoint.
Whereas Microsoft Azure Recovery Services (MARS) agent, also known as the Azure Backup agent, is a simpler, lightweight solution compared to MABS. Use this to backup files and folders on Windows machines.
So, option A is incorrect. Option D is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/training/modules/intro-to-azure-backup/3-how-azure-backup-works#what-data-is-backed-up-and-how
https://learn.microsoft.com/en-us/azure/backup/backup-azure-about-mars
https://learn.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup
Microsoft Azure Site Recovery Provider prepares your source environment for disaster recovery of on-premises Hyper-V VMs to another Hyper-V site or Azure.
Reference Link: https://learn.microsoft.com/en-us/azure/site-recovery/hyper-v-vmm-azure-tutorial#set-up-the-source-environment
Option B is incorrect.
The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure
Reference Link: https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-overview
Option C is incorrect.
Q55] You have an Azure virtual machine that you back up by using Azure Backup.
The backup policy subtype is Standard, and the backup policy has the following configurations:
1] Backup schedule frequency: Weekly
2] Retain instant recovery snapshot(s) for: 5 days
3] Retention of weekly backup point: On Sunday at 8:00 AM for 12 weeks
You plan to reduce the amount of storage used by Instant Restore.
You need to instance recovery snapshots to be retained for only two days.
What should you do first?
a. Change Policy subtype to Enhanced.
b. Change the Retention of weekly backup point to 1 week.
c. Change the backup schedule frequency to **Daily**.
d. Provision an additional blob storage container.
A backup job consists of 2 steps: Taking a VM snapshot and transferring the snapshot to the Recovery Services Vault.
The instant restore feature allows you to use snapshots taken as part of this backup job for recovery without waiting for data transfer to the vault to finish thereby reducing the wait time for snapshots to copy to the vault before triggering restore.
Reference Link: https://learn.microsoft.com/en-us/azure/backup/backup-instant-restore-capability#how-instant-restore-works
So, while creating an Enhanced policy sub type, you can retain the instant recovery snapshot for 1 to 30 days for Daily backups. But this value must be at least 5 days for Weekly backups.
While creating a Standard policy sub type, you can retain the instant recovery snapshot for 1 to 5 days for Daily backups. But this value must be 5 days for Weekly backups.
So changing the backup schedule frequency to Daily will allow you to reduce the number of days the instant recovery snapshot is retained, thereby reducing the storage used by Instant restore.
Option C is the correct answer.
Q56] You plan to create an alert in Azure Monitor that will have an action group to send SMS messages.
What is the maximum number of SMS messages that will be sent every hour if the alert gets triggered every minute?
a. 4
b. 5
c. 12
d. 60
In production, no more than one SMS message can be sent every 5 minutes. So, even if the alert is triggered every minute, a maximum of 12 messages can be sent in an hour.
Option C is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/azure-monitor/service-limits#action-groups
Q57] You migrate a web app from on-premises to an Azure virtual machine. The web app was configured by using load balancing in Azure.
Users experience issues when accessing the web app. You suspect an issue with the web server and must check whether the server is listening on port 80.
Which command should you run?
a. `Get-AzVirtualNetworkUsageList `
b. `nbtstat -c `
c. netstat -an
d. Test-NetConnection localhost
The netstat is a networking tool that displays network status and protocol statistics. If you run the netstat -an command, it will list all active TCP connections and the TCP and the UDP ports the server is listening to. Below, the State is LISTENING on several ports.
So, you need to check the State for port 80 to diagnose the issue.
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
Option C is the correct answer.
The Test-NetConnection command will perform a ping/ICMP test for the given parameter.
Option D is incorrect.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/nettcpip/test-netconnection
NBTStat stands for NetBIOS over TCP/IP Statistics. It is a utility to query a machine’s NetBIOS information. The parameter c displays the contents of the NetBIOS cache names and IP addresses.
Reference Link: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat
The Get-AzVirtualNetworkUsageList PowerShell command outputs the total available IPs and the used IPs for each subnet in the virtual network.
Option A is incorrect.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.network/get-azvirtualnetworkusagelist
Q58] You have an Azure subscription that contains a resource group named RG1. RG1 has a virtual network named VNet3, a virtual machine named VM1, and a public IP address named PubIP1. All the resources are in the West US Azure region.
You plan to create and configure a network security group (NSG) named NSG1 for the following types of traffic:
1] Remote Desktop Management
2] HTTP
NSG1 will be used on the subnets of multiple virtual networks.
Which two cmdlets should you run? Each correct answer presents part of the solution.
a. Add-AzLoadBalancerFrontendIpConfig
b. Add-AzNetworkInterfaceTapConfig
c. New-AzNetworkSecurityGroup
d. New-AzNetworkSecurityRuleConfig
From the PowerShell command names, their functionality can be easily guessed. First, we need to create a network security group. The New-AzNetworkSecurityGroup PowerShell command creates a network security group. Option C is one of the correct answers.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.network/new-aznetworksecuritygroup
Next, we need to configure NSG for certain types of traffic, i.e., add security rules in an NSG that open ports for specific traffic. The New-AzNetworkSecurityRuleConfig PowerShell command creates a network security rule in an NSG. Option D is the other correct answer.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.network/new-aznetworksecurityruleconfig
The Add-AzLoadBalancerFrontendIpConfig PowerShell command adds a frontend IP configuration to a load balancer. Option A is incorrect.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.network/add-azloadbalancerfrontendipconfig
The Add-AzNetworkInterfaceTapConfig PowerShell command creates a TapConfiguration resource associated with a Network interface. Option B is incorrect.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.network/add-aznetworkinterfacetapconfig
Q59] You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
You need to ensure that the resources on both VNet1 and VNet2 can communicate seamlessly between both networks.
What should you configure from the Azure portal?
a. Connected devices
b. Firewall
c. Peerings
d. Service endpoints
If you peer VNet1 with VNet2, you connect the two virtual networks. This allows resources on either VNets to communicate with each other.
Option C is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-powershell
Service endpoints allow you to secure critical Azure service resources only to your VNet. They enable private IP addresses in your VNet to reach the public endpoint of an Azure service.
For example, below I try to enable access to the storage account only from a specific subnet. As you can see, this functionality is made possible by enabling the service endpoint on the subnet.
Option D is incorrect.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#secure-azure-service-access-from-on-premises
In the fundamental sense, a Firewall is used to filter traffic to a VNet. Option B is incorrect.
Q60] You have an Azure subscription that contains four virtual machines. Each virtual machine is connected to a subnet on a different virtual network.
You install the DNS Server role on a virtual machine named VM1.
You configure each virtual network to use the IP address of VM1 as the DNS server.
You need to ensure that all four virtual machines can resolve IP addresses by using VM1.
What should you do?
a. Configure a DNS server on all four virtual machines.
b. Configure network peering.
c. Create and associate a route table to all four subnets.
d. Create Site-to-Site (S2S) VPNs.
Since we need VMs to communicate with a VM connected to other virtual networks, you must configure network peering.
Option B is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-powershell
A route table contains routes that route a network traffic within a VNet. Without peering, the traffic is still limited to a single virtual network. Option C is incorrect.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#default
Configuring a Site-to-Site (S2S) VPN is unnecessary as you are not connecting on-premises virtual machines to the cloud. Option D is incorrect.
Configuring a DNS server in each VM is an unnecessary waste of resources when you can just deploy in one VNet and peer the VNet with other VNets.
Check out my AZ-104 practice tests (with a discount code).
Follow Me to Receive Updates on the AZ-104 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
