Welcome to the AZ-104 Official Practice Test – Part 3.
In this part, I have given my detailed explanations of the 10 official questions from Microsoft. Unlike on the Microsoft website, the explanations include screenshots to help you prepare for the AZ-104 exam.
That said, these tests are very simple, and they should only be used to brush up on the basics. The real exam would rarely be this easy. To get more rigorous practice and even in-depth knowledge, check out my AZ-104 practice tests.
Once done, check out the AZ-104 questions Part -4 and the accompanying AZ-104 Practice Test video.
Q21] Contoso, Ltd. has multiple Azure subscriptions and resources that need to be efficiently managed.
You need to manage access, policies, and compliance across all subscriptions in a unified manner.
What should you do? Each correct answer presents part of the solution. Select three.
a. Apply policies at the individual resource level.
b. Create individual resource groups for each subscription.
c. Create a management group and assign all subscriptions to it.
d. Apply necessary policies at the management group level.
e. Configure role-based access control at the management group level.
f. Configure role-based access control at the individual resource level.
Since applying policies and roles at the management group scope is inherited to all subscriptions and the resource groups within the management group, creating a management group & assigning all subscriptions to it allows for efficient management of access, policies, and compliance across all subscriptions.
So options C, D, and E are the correct answer choices.
Reference Link: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-resources#management-settings-scope
Managing each subscription individually or applying policies and access control at the individual resource level would not be as efficient or unified.
Q22] You have an Azure subscription that contains a resource group named RG1. RG1 contains an Azure virtual machine named VM1.
You need to use VM1 as a template to create a new Azure virtual machine.
Which three methods can you use to complete the task? Each correct answer presents a complete solution.
a. From Azure Cloud Shell, run the Get-AzVM and New-AzVM cmdlets.
b. From Azure Cloud Shell, run the Save-AzDeploymentScriptLog and New-AzResourceGroupDeployment cmdlets.
c. From Azure Cloud Shell, run the Save-AzDeploymentTemplate and New-AzResourceGroupDeployment cmdlets.
d. From RG1, select Export template, select Download, and then, from Azure Cloud Shell, run the New-AzResourceGroupDeployment cmdlet.
e. From VM1, select Export template, and then select Deploy.
In the Azure Cloud Shell, you can run the Save-AzDeploymentTemplate PowerShell command to save the deployment template to a JSON file.
But note that the PowerShell commands like Save-AzDeploymentTemplate and New-AzDeployment that do not have any indication of scope in their name, work at the subscription scope. So, the deployment that you need to save must already exist at the subscription scope.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.resources/save-azdeploymenttemplate
https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azdeployment
After saving the deployment file, you can run the New-AzResourceGroupDeployment command to deploy the saved JSON template at the resource group scope.
Option C is one of the correct answers.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroupdeployment
Go to the Export template section in the resource group where the VM is deployed and download the template file.
Once you have the template, you can run the same New-AzResourceGroupDeployment command to deploy the template to the resource group.
Option D is the other correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/export-template-portal#export-template-from-a-resource-group
You can also go to the virtual machine resource -> Export template and click Deploy to deploy a new virtual machine based on the existing VM’s template.
Reference Link:https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/export-template-portal#export-template-from-a-resource
Option E is the other correct answer.
Option A is incorrect as the Get-AzVM command gets only the properties of an existing virtual machine and the New-AzVM command will create a completely new virtual machine.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.compute/get-azvm
https://learn.microsoft.com/en-us/powershell/module/az.compute/new-azvm
The Save-AzDeploymentScriptLog command saves only the log of a deployment script execution to disk. You cannot use this log to create a new VM. Option B is incorrect.
Reference Link:https://learn.microsoft.com/en-us/powershell/module/az.resources/save-azdeploymentscriptlog
Q23] You plan to deploy an Azure virtual machine based on a basic template stored in the Azure Resource Manager (ARM) library.
What can you configure during the deployment of the template?
a. The disk assigned to virtual machine
b. The operating system
c. The resource group
d. The size of virtual machine
Well, if you use the Deploy a custom template service from the Azure portal, there are several built-in templates available like Create a Windows virtual machine, etc.,
In this template, one of the things that you can readily configure before deployment is the resource group, although the VM properties like the VM size can also be configured depending on the chosen template.
Further, when you use the PowerShell command New-AzResouceGroupDeployment, the resource group name is one of the required parameters for deploying the template.
So, option C is most likely the correct answer.
Reference Link: https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroupdeployment
Q24] You are creating an Azure virtual machine that will run Windows Server.
You need to ensure that VM1 will be part of a virtual machine scale set.
Which setting should you configure during the creation of the virtual machine?
a. Availability options
b. Azure Spot instance
c. Management
d. Region
If the individual VMs need to be part of the virtual machine scale set, ensure that you set the availability options to the virtual machine scale set.
Option A is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-machines/availability
Azure spot instance is used to add virtual machines at a discounted price. The Region and Management options do not allow VMs to be part of a scale set.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms
Q25] You have two Azure virtual machines named VM1 and VM2 that run Windows Server.
VM1 has a single data disk that stores backup files.
You need to move the data disk from VM1 to VM2 as quickly as possible.
What should you do first?
a. Detach the data disk from VM1.
b. Restart VM1.
c. Stop VM1.
d. Stop VM2.
You can hot remove a data disk, which means you can detach a disk from a running virtual machine. Also, you can attach a disk when a VM is running. So, there is no need to stop either of the VMs.
Option A is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/detach-disk#detach-a-data-disk-using-the-portal
Q26] You have an Azure virtual network that contains two subnets named Subnet1 and Subnet2. You have a virtual machine named VM1 that is connected to Subnet1. VM1 runs Windows Server.
You need to ensure that VM1 is connected directly to both subnets.
What should you do first?
a. From the Azure portal, add a network interface.
b. From the Azure portal, create an IP group.
c. From the Azure portal, modify the IP configurations of an existing network interface.
d. Sign in to Windows Server and create a network bridge.
A network interface connects a VM to a subnet. Since VM1 is connected to Subnet1, VM1 already has a network interface attached that is connected to Subnet1. To connect the VM to the other subnet, create a new network interface that is connected to that subnet.
Once done, attach the network interface to the VM. Now the VM has two NICs, each connected to two different subnets. One is a primary NIC and the other is a secondary NIC.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-network/network-overview#network-interfaces
So, option A is the correct answer.
An IP Group helps you manage IP addresses in bulk for simplifying network rules in Azure Firewall.
Reference Link: https://learn.microsoft.com/en-us/azure/firewall/ip-groups
Option B is incorrect.
If you change the IP configuration of the existing network interface, you move the NIC from one subnet to the other. It doesn’t ensure that a VM is connected to NICs in two subnets.
Option C is incorrect.
A network bridge is not related to Azure. It is a Windows feature that allows you to connect two or more network segments, allowing them to operate as a single network.
Reference Link: https://www.windowscentral.com/how-set-and-manage-network-bridge-connection-windows-10
Option D is incorrect.
Q27] You are deploying a virtual machine by using an availability set in the East US Azure region.
You have deployed 18 virtual machines in two fault domains and 10 update domains.
Microsoft performed planned physical hardware maintenance in the East US region.
What is the maximum number of virtual machines that will be unavailable?
a. 2
b. 8
c. 9
d. 18
Since the question is related to planned physical hardware maintenance, we can skip considering the fault domain and consider only the update domain.
Each availability set can be configured with up to 20 update domains. Here we have only 10 update domains. So, each of the first 10 VMs will be placed in a separate update domain in a round-robin way. The next 8 VMs will be distributed similarly across the first 8 update domains.
At any point in time, Microsoft will reboot only one update domain. So, at max 2 VMs will be unavailable.
Option A is the correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview#how-do-availability-sets-work
Q28] You have an Azure subscription that contains an Azure App Service web app named App1.
You have the following diagnostic logging configurations:
1] Application Logging (FileSystem): Error
2] Application Logging (Blob): Information
3] Detailed Error Message: Warning
4] Web Server Logging: Verbose
You need to configure diagnostic logging to store all warnings or higher.
Which types of diagnostic logging and severity should you enable?
a. Application Logging (Blob)
b. Application Logging (FileSystem)
c. Detailed Error Message
d. Verbose
e. Warning
So, this question is asking for two things: logging level and severity. Honestly, this question has a little ambiguity as both options A and B can be chosen for logging levels.
However, since the file system logging is only for temporary debugging, it is safer to go with option A where you can store the data in a blob container up to the retention period for analysis.
Each level of log includes other log categories that are above its severity level. For example, the information level includes Warnings and Errors, in addition to information. The warning level includes only error and warning. So to store all warnings and higher, set the level as a warning.
Option E is the other correct answer.
Reference Link: https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#enable-application-logging-windows
Q29] You have a Basic Azure App Service plan that contains a web app.
You need to ensure that the web app can scale automatically when the CPU percentage goes beyond 80 percent for a duration of 15 minutes.
Which two actions should you perform?
a. Configure a deployment slot.
b. Configure a scaling condition to scale based on a metric, and then add the rules.
c. Configure a scaling condition to scale based on an instance count, and then set the instance count.
d. Scale out the App Service plan.
e. Scale up the App Service plan.
With a Basic Azure App Service plan, you can only manually scale. i.e., you can only manually increase the instance count.
To ensure that the web app can scale automatically based on a metric, first, scale up the plan to any plan that supports autoscale. For example, the premium plan.
So option E is one of the correct answer choices.
Now, you can configure a scale-out condition based on rules. Set the Scale mode to Scale based on a metric and set the Metric name as CPU percentage, Metric threshold as 80, and duration as 15 minutes.
Option B is the other correct answer.
We need to scale based on a metric. Scale to a specific instance count cannot help with that.
Option C is incorrect.
Reference Link: https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started
Q30] You need to create an Azure App Service web app that runs on Windows. The web app requires scaling to five instances, 45 GB of storage, and a custom domain name. The solution must minimize costs.
Which App Service plan should you use?
a. Basic
b. Free
c. Premium
d. Standard
Of all the plans, only the Basic, Standard, and Premium plans support custom domains. So, we can ignore the Free plan.
Option B is incorrect.
The Basic plan comes with only 10 GB of storage. So, option A is also incorrect.
Reference Link:https://azure.microsoft.com/en-us/pricing/details/app-service/windows/#pricing
The Standard plan comes with 50 GB of storage.
Reference Link: https://azure.microsoft.com/en-in/pricing/details/app-service/windows-previous/
Further, you can scale the Standard plan up to 10 instances.
Between the Standard and Premium plans, the Standard plan is cheaper.
So, option D is the correct answer.
Check out my AZ-104 practice tests (with discount code).
Follow Me to Receive Updates on the AZ-104 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
