AZ-104 Exam Prep Free – 50 Practice Questions to Get You Ready for Exam Day
Getting ready for the AZ-104 certification? Our AZ-104 Exam Prep Free resource includes 50 exam-style questions designed to help you practice effectively and feel confident on test day
Effective AZ-104 exam prep free is the key to success. With our free practice questions, you can:
- Get familiar with exam format and question style
- Identify which topics you’ve mastered—and which need more review
- Boost your confidence and reduce exam anxiety
Below, you will find 50 realistic AZ-104 Exam Prep Free questions that cover key exam topics. These questions are designed to reflect the structure and challenge level of the actual exam, making them perfect for your study routine.
You have an Azure subscription that contains a virtual machine named VM1 and an Azure function named App1. You need to create an alert rule that will run App1 if VM1 stops. What should you create for the alert rule?
A. an application security group
B. a security group that has dynamic device membership
C. an action group
D. an application group
You have an Azure subscription that contains an Azure SQL database named DB1. You plan to use Azure Monitor to monitor the performance of DB1. You must be able to run queries to analyze log data. Which destination should you configure in the Diagnostic settings of DB1?
A. Send to a Log Analytics workspace.
B. Archive to a storage account.
C. Stream to an Azure event hub.
HOTSPOT - You have the web apps shown in the following table.You need to monitor the performance and usage of the apps by using Azure Application Insights. The solution must minimize modifications to the application code. What should you do on each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure subscription named Subscription1 that contains a virtual network VNet1. You add the users in the following table.Which user can perform each configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You manage two Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following virtual networks:The virtual networks contain the following subnets:
Subscription2 contains the following virtual network: ✑ Name: VNETA ✑ Address space: 10.10.128.0/17 ✑ Location: Canada Central VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have two Azure subscriptions named Sub1 and Sub2 that are linked to separate Microsoft Entra tenants.You have the virtual networks shown in the following table. Which virtual networks can you peer with VNet1?
A. VNet2 only
B. VNet2 and VNet3 only
C. VNet2 and VNet4 only
D. VNet2, VNet3, and VNet4 only
E. VNet2, VNet3, VNet4, and VNet5
HOTSPOT - You have an Azure subscription that contains the hierarchy shown in the following exhibit.You create an Azure Policy definition named Policy1. To which Azure resources can you assign Policy1 and which Azure resources can you specify as exclusions from Policy1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the VM1 Redeploy + reapply blade, you select Redeploy. Does this meet the goal?
A. Yes
B. No
Your company has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property?
A. 10
B. 20
C. 30
D. 40
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure?
A. Session persistence to None
B. a health probe
C. Session persistence to Client IP
D. Idle Time-out (minutes) to 20
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?
A. Get-Event Event | where {$_.EventType == “error”}
B. search in (Event) “error”
C. select * from Event where EventType == “error”
D. search in (Event) * | where EventType -eq “error”
Overview - General Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment - Existing Environment - Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table.Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table.
Requirements - Planned Changes - Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.
Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.
Associate NSG2 to VNET1/Subnet2. Technical Requirements - Contoso must meet the following technical requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. HOTSPOT - You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements. Which role should you assign to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Does this meet the goal?
A. Yes
B. No
You have an Azure subscription that contains a Standard SKU Azure container registry named ContReg1. You need to ensure that ContReg1 supports geo-replication. What should you do first for ContReg1?
A. Enable Admin user.
B. Add a scope map.
C. Add an automation task.
D. Create a cache rule.
E. Upgrade the SKU.
HOTSPOT - You need to create an Azure Storage account that meets the following requirements: ✑ Minimizes costs ✑ Supports hot, cool, and archive blob tiers ✑ Provides fault tolerance if a disaster affects the Azure region where the account resides How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure Active Directory (Azure AD) tenant. You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center. You need to create and upload a file for the bulk delete. Which user attributes should you include in the file?
A. The user principal name and usage location of each user only
B. The user principal name of each user only
C. The display name of each user only
D. The display name and usage location of each user only
E. The display name and user principal name of each user only
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?
A. Get-Event Event | where {$_.EventType == “error”}
B. Event | search “error”
C. select * from Event where EventType == “error”
D. search in (Event) * | where EventType ג€”eq ג€errorג€
You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job. What can you use as the destination of the imported data?
A. an Azure Cosmos DB database
B. Azure File Storage
C. Azure SQL Database
D. a virtual machine
DRAG DROP - You have a Microsoft Entra tenant. You need to ensure that when a new Microsoft 365 group is created, the group name is automatically formatted as follows:Which three actions should you perform in sequence in the Microsoft Entra admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a Microsoft Entra tenant configured as shown in the following exhibit.The tenant contains the identities shown in the following table.
You purchase a Microsoft Fabric license. To which identities can you assign the license?
A. User1 only
B. User1 and Group1 only
C. User1 and Group2 only
D. User1, Group1, and Group2
You have an Azure subscription that contains a storage account named storage1. You plan to create a blob container named container1. You need to use customer-managed key encryption for container1. Which key should you use?
A. an EC key that uses the P-384 curve only
B. an EC key that uses the P-521 curve only
C. an EC key that uses the P-384 curve or P-521 curve only
D. an RSA key with a key size of 4096 only
E. an RSA key type with a key size of 2048, 3072, or 4096 only
HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table.You create an Azure Compute Gallery named ComputeGallery1 as shown in the Azure Compute Gallery exhibit. (Click the Azure Compute Gallery tab.)
In ComputeGallery1, you create a virtual machine image definition named Image1 as shown in the image definition exhibit. (Click the Image Definition tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No, NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a container named container1. You need to create a lifecycle management rule for storage1 that will automatically move the blobs in container1 to the lowest-cost tier after 90 days. How should you complete the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the storage accounts shown in the following table.Which storage account can be converted to zone-redundant storage (ZRS) replication?
A. storage1 only
B. storage2 only
C. storage3 only
D. storage2 and storage3
E. storage1, storage2, and storage3
HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table.You have the peering options shown in the following exhibit.
You need to design a communication strategy for the resources on the virtual networks. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual networks shown in the following table.You need to ensure that all the traffic between VNet1 and VNet2 traverses the Microsoft backbone network. What should you configure?
A. a private endpoint
B. peering
C. Express Route
D. a route table
You have an Azure subscription that contains a virtual machine named VM1. You plan to deploy an Azure Monitor alert rule that will trigger an alert when CPU usage on VM1 exceeds 80 percent. You need to ensure that the alert rule sends an email message to two users named User1 and User2. What should you create for Azure Monitor?
A. an action group
B. a mail-enabled security group
C. a distribution group
D. a Microsoft 365 group
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit.You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You create an inbound security rule that allows any traffic from the AzureLoadBalancer source and has a cost of 150. Does this meet the goal?
A. Yes
B. No
You have an Azure subscription that contains the resources shown in the following table.You create a public IP address named IP1. Which two resources can you associate to IP1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. VM1
B. LB1
C. NIC1
D. VPN1
E. VNet1
You have an Azure subscription that contains a storage account named storage1 in the North Europe Azure region. You need to ensure that when blob data is added to storage1, a secondary copy is created in the East US region. The solution must minimize administrative effort. What should you configure?
A. operational backup
B. object replication
C. geo-redundant storage (GRS)
D. a lifecycle management rule
HOTSPOT - You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2. You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup. What should you create first, and what should you use to exclude Folder2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1. Solution: From Azure Cloud Shell, you run az aks. Does this meet the goal?
A. Yes
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?
A. Yes
B. No
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Container blade. Does the solution meet the goal?
A. Yes
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1. Solution: From Azure CLI, you run azcopy. Does this meet the goal?
A. Yes
B. No
HOTSPOT - You have peering configured as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?
A. Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.
B. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
C. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
D. Create a new management group and delegate User1 as the owner of the new management group.
Your company has a Microsoft Azure subscription. The company has datacenters in Los Angeles and New York. You are configuring the two datacenters as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements: ✑ Data must be stored on multiple nodes. ✑ Data must be stored on nodes in separate geographic locations. ✑ Data can be read from the secondary location as well as from the primary location. Which of the following Azure stored redundancy options should you recommend?
A. Geo-redundant storage
B. Read-only geo-redundant storage
C. Zone-redundant storage
D. Locally redundant storage
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier. Existing Environment - The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs) Requirements - Planned Changes - Litware plans to implement the following changes: Deploy Azure ExpressRoute to the Montreal office. Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical Requirements - Litware must meet the following technical requirements: Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. Connect the New York office to VNet1 over the Internet by using an encrypted connection. Create a workflow to send an email message when the settings of VM4 are modified. Create a custom Azure role named Role1 that is based on the Reader role. Minimize costs whenever possible. HOTSPOT - You need to meet the connection requirements for the New York office. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that contains a user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege. Which role-based access control (RBAC) role should you assign to User1?
A. Owner
B. Virtual Machine Contributor
C. Contributor
D. Virtual Machine Administrator Login
You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do?
A. Deploy five virtual machines. Modify the Availability Zones settings for each virtual machine.
B. Deploy five virtual machines. Modify the Size setting for each virtual machine.
C. Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode.
D. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.
DRAG DROP - You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks. The virtual networks have the address spaces and the subnets configured as shown in the following table.You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have an Azure subscription named Subscription1 that has the following providers registered: ✑ Authorization ✑ Automation ✑ Resources ✑ Compute ✑ KeyVault ✑ Network ✑ Storage ✑ Billing ✑ Web Subscription1 contains an Azure virtual machine named VM1 that has the following configurations: ✑ Private IP address: 10.0.0.4 (dynamic) ✑ Network security group (NSG): NSG1 ✑ Public IP address: None ✑ Availability set: AVSet ✑ Subnet: 10.0.0.0/24 ✑ Managed disks: No ✑ Location: East US You need to record all the successful and failed connection attempts to VM1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Enable Azure Network Watcher in the East US Azure region.
B. Add an Azure Network Watcher connection monitor.
C. Register the MicrosoftLogAnalytics provider.
D. Create an Azure Storage account.
E. Register the Microsoft.Insights resource provider.
F. Enable Azure Network Watcher flow logs.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal?
A. Yes
B. No
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable. What should you deploy?
A. all three virtual machines in a single Availability Zone
B. all virtual machines in a single Availability Set
C. each virtual machine in a separate Availability Zone
D. each virtual machine in a separate Availability Set
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1. The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1. What should you do first?
A. Enable Active Directory Domain Service (AD DS) authentication for storage1.
B. Grant share-level permissions by using File Explorer.
C. Mount share1 by using File Explorer.
D. Create a private endpoint.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Performance Monitor, you create a Data Collector Set (DCS). Does this meet the goal?
A. Yes
B. No
Overview - ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York. Existing Environment - Azure Environment - ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3. The subscription contains the storage accounts shown in the following table.The subscription contains the virtual machines shown in the following table.
The subscription has an Azure container registry that contains the images shown in the following table.
The subscription contains the resources shown in the following table.
Azure Key Vault - The subscription contains an Azure key vault named Vault1. Vault1 contains the certificates shown in the following table.
Vault1 contains the keys shown in the following table.
Microsoft Entra Environment - ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.
The tenant contains the groups shown in the following table.
The adatum.com tenant has a custom security attribute named Attribute1. Planned Changes - ADatum plans to implement the following changes: • Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4. • In storage1, create a new container named cont2 that has the following access policies: o Three stored access policies named Stored1, Stored2, and Stored3 o A legal hold for immutable blob storage • Whenever possible, use directories to organize storage account content. • Grant User1 the permissions required to link Zone1 to VNet1. • Assign Attribute1 to supported adatum.com resources. • In storage2, create an encryption scope named Scope1. • Deploy new containers by using Image1 or Image2. Technical Requirements - ADatum must meet the following technical requirements: • Use TLS for WebApp1. • Follow the principle of least privilege. • Grant permissions at the required scope only. • Ensure that Scope1 is used to encrypt storage services. • Use Azure Backup to back up cont1 and share1 as frequently as possible. • Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines. You need to configure encryption for the virtual machines. The solution must meet the technical requirements. Which virtual machines can you encrypt?
A. VM1 and VM3
B. VM4 and VM5
C. VM2 and VM3
D. VM2 and VM4
HOTSPOT - You need to configure a new Azure App Service app named WebApp1. The solution must meet the following requirements: • WebApp1 must be able to verify a custom domain name of app.contoso.com. • WebApp1 must be able to automatically scale up to eight instances. • Costs and administrative effort must be minimized. Which pricing plan should you choose, and which type of record should you use to verify the domain? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
HOTSPOT - You have an Azure subscription that contains the file shares shown in the following table.You have the on-premises file shares shown in the following table.
You create an Azure file sync group named Sync1 and perform the following actions: ✑ Add share1 as the cloud endpoint for Sync1. ✑ Add data1 as a server endpoint for Sync1. ✑ Register Server1 and Server2 to Sync1. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Access Full AZ-104 Exam Prep Free
Want to go beyond these 50 questions? Click here to unlock a full set of AZ-104 exam prep free questions covering every domain tested on the exam.
We continuously update our content to ensure you have the most current and effective prep materials.
Good luck with your AZ-104 certification journey!