Scroll down to see your responses and detailed results
Free Microsoft Azure Administrator Associate AZ-104 Practice Test
Prepare for the Microsoft Azure Administrator Associate AZ-104 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
- Questions: 15
- Time: 15 minutes (60 seconds per question)
- Included Objectives:Manage Azure identities and governanceImplement and manage storageDeploy and manage Azure compute resourcesConfigure and manage virtual networkingMonitor and maintain Azure resources
Which Azure feature allows you to expand the capabilities of an existing virtual machine by adding additional functionality after deployment?
Network Security Groups
Availability Sets
Resource Groups
Virtual Machine Extensions
Answer Description
Virtual Machine Extensions enable you to add features and configurations to an already deployed Azure virtual machine. They allow you to install software, run scripts, and perform management tasks directly on the VM. Resource Groups are used for organizing resources, Availability Sets are for managing VM availability, and Network Security Groups control network traffic. These do not provide the capability to add functionalities to a VM post-deployment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Virtual Machine Extensions in Azure?
How do Virtual Machine Extensions differ from Resource Groups in Azure?
Can you give examples of tasks that can be performed with Virtual Machine Extensions?
In Azure Entra ID, you need to set up a sign-in identifier for users that is in the format of an email address. Which user property should you configure?
Object ID
Employee ID
Display Name
User Principal Name
Answer Description
The User Principal Name (UPN) is the property in Azure Entra ID that uniquely identifies a user for authentication and is typically in the format of an email address (e.g., [email protected]). Configuring the UPN allows users to sign in using this identifier. Other properties like Object ID, Employee ID, and Display Name are not used as sign-in identifiers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is User Principal Name (UPN)?
Why is the UPN important for sign-in processes?
What are the other user properties in Azure Entra ID?
You are an Azure administrator at Contoso Ltd. The company has purchased Microsoft 365 E5 licenses and needs to assign them to users based on their department memberships. Users may belong to multiple departments due to cross-functional roles. What is the most efficient method to assign licenses to users while preventing duplicate license assignments and staying within the license quota?
Use a PowerShell script to assign licenses based on department.
Assign licenses to users using group-based license assignment.
Create a custom role to manage license assignments per department.
Assign licenses directly to each user individually.
Answer Description
Using group-based license assignment in Azure Entra ID allows administrators to assign licenses to security groups. When licenses are assigned to groups, Azure Entra ID automatically manages the license assignments to the members of the group, ensuring that each user receives the appropriate licenses without duplicates. This is especially efficient when users belong to multiple groups, as Azure Entra ID prevents duplicate license assignments and helps maintain compliance with license quotas. Assigning licenses directly to users or using scripts can be time-consuming and error-prone, particularly in dynamic environments. Creating a custom role does not address the need for efficient license assignment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is group-based license assignment in Azure Entra ID?
How does Azure Entra ID prevent duplicate license assignments?
What are the advantages of using group-based license assignment over individual assignments?
You are an Azure Administrator at Contoso Ltd. The company needs to add a new user who does not have an existing Microsoft account or email address. The user should be able to sign in and access resources assigned to them in the company's Azure environment. Which of the following actions should you take to create this user account?
Invite the user as a guest to the directory.
Use a synchronization tool to sync their account from on-premises.
Create an application registration for the user.
Create a new cloud user with a username and password.
Answer Description
Creating a new cloud-based user with a username and password allows you to set up an account without requiring an existing email address. The user will receive a unique User Principal Name (UPN) and can sign in using the credentials you provide. Inviting a guest user requires an email address to send the invitation. Using synchronization tools to sync an account from on-premises is not applicable since there is no on-premises account to synchronize. Creating an application registration is intended for application identities, not individual user accounts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a User Principal Name (UPN)?
What is the difference between a cloud user and a guest user in Azure?
What is the purpose of application registration in Azure?
You are an Azure administrator responsible for a hybrid cloud environment. Users in the on-premises network are experiencing intermittent connectivity issues when accessing resources in Azure. You need to monitor and diagnose these connectivity issues by analyzing communication between the on-premises network and Azure resources. Which tool should you use to achieve this?
Azure Network Watcher Connection Monitor
Azure Log Analytics
Azure Advisor
Azure Monitor Metrics
Answer Description
Azure Network Watcher Connection Monitor provides end-to-end monitoring of connectivity between Azure and on-premises resources. It enables you to analyze communication, measure latency, and diagnose issues, making it the appropriate tool for troubleshooting connectivity problems in a hybrid environment.
Azure Monitor Metrics collects and visualizes numerical data from Azure resources but does not specifically monitor communication between on-premises and Azure.
Azure Advisor offers recommendations to optimize Azure deployments but does not assist in monitoring network connectivity.
Azure Log Analytics collects and analyzes log data but does not actively monitor real-time communication between on-premises networks and Azure resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Network Watcher Connection Monitor?
How does the Azure Network Watcher help in diagnosing connectivity issues?
Can you explain what Azure Monitor Metrics is and how it differs from Azure Network Watcher?
A company wants to protect important Azure resources from accidental modification or deletion by users. Which feature should they use to set such protection on these resources?
Azure Blueprints
Azure Policies
Role-Based Access Control (RBAC)
Resource Locks
Answer Description
Resource Locks in Azure allow administrators to apply a lock at the subscription, resource group, or resource level to prevent accidental changes or deletion. This is essential for protecting critical resources from unintended modifications. Azure Policies enforce compliance rules on resources but do not prevent deletion or modification. Role-Based Access Control (RBAC) manages user access to resources but does not stop authorized users from modifying or deleting resources they have permissions for. Azure Blueprints are used to deploy and manage resource templates at scale but do not provide locking functionality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Resource Locks and how do they work?
How do Resource Locks differ from Azure Policies?
What is Role-Based Access Control (RBAC) and how does it relate to Resource Locks?
You are an Azure administrator for Contoso Ltd. The company requires that they manage the encryption keys used for data at rest in their Azure storage account named 'contosodata'. They have a key vault named 'contosokeyvault' with their keys. You need to configure 'contosodata' to meet the company's requirements.
What should you do?
Disable default encryption on 'contosodata' and re-enable it using keys from 'contosokeyvault'.
Enable Infrastructure Encryption on 'contosodata' and specify 'contosokeyvault' as the key provider.
Configure 'contosodata' to use a key from 'contosokeyvault' for encryption.
Implement client-side encryption using keys from 'contosokeyvault'.
Answer Description
To allow Contoso Ltd to manage the encryption keys for 'contosodata', you should configure the storage account to use a key from 'contosokeyvault' for encryption. This sets up customer-managed keys (CMK) using Azure Key Vault, giving the company full control over the keys used for encryption at rest. Enabling Infrastructure Encryption provides additional encryption but still uses Microsoft-managed keys. Client-side encryption is managed by the client application and does not change the encryption settings of the storage account. Default encryption on Azure storage accounts cannot be disabled.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are customer-managed keys (CMK) in Azure?
What is Azure Key Vault and how is it used with Azure storage?
What is the difference between Microsoft-managed keys and customer-managed keys?
You are an Azure administrator managing several virtual machines running Windows Server 2019 in your Azure environment. Your company wants to collect and analyze event logs from these virtual machines using Azure Monitor Logs. What should you do first to enable log collection from the virtual machines into Azure Monitor Logs?
Install the Azure Monitor agent on the virtual machines.
Create a Log Analytics workspace in your Azure subscription.
Enable diagnostic settings on the virtual machines to send logs to Azure Monitor Logs.
Configure an Azure Storage account to store the logs.
Answer Description
The first step is to create a Log Analytics workspace in your Azure subscription. A Log Analytics workspace serves as the central repository where Azure Monitor Logs stores collected data. Without it, there is nowhere to store or analyze the logs collected from the virtual machines. While installing the Azure Monitor agent on the virtual machines is necessary for data collection, the agent must be configured to send data to an existing Log Analytics workspace. Enabling diagnostic settings or configuring an Azure Storage account are not initial steps for collecting logs into Azure Monitor Logs; they are either subsequent steps or used for different purposes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Log Analytics workspace in Azure?
How does the Azure Monitor agent work?
What is Azure Monitor Logs used for?
You need to visualize the processor usage of an Azure virtual machine over the past week to identify trends and spikes. Which Azure Monitor tool should you use?
Metrics Explorer
Application Insights
Log Analytics
Azure Advisor
Answer Description
Metrics Explorer in Azure Monitor is designed for visualizing and analyzing time-series data collected from Azure resources, such as processor utilization of a virtual machine. It allows you to plot performance data over a specified time range, helping you identify trends and spikes in usage. Log Analytics is used for querying and analyzing log data, Application Insights monitors application performance, and Azure Advisor provides recommendations for optimizing your Azure resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Metrics Explorer and how does it work?
What are the main differences between Metrics Explorer and Log Analytics?
What other tools in Azure Monitor might be useful for performance monitoring?
Your company uses a custom monitoring system that needs to receive notifications when specific Azure metrics exceed their thresholds. You need to configure Azure alerts to send notifications to this system. Which action type should you choose to integrate with the custom monitoring system?
Webhook action
Email/SMS action
Logic App action
Automation Runbook action
Answer Description
To integrate Azure alerts with a custom monitoring system, you should use the Webhook action type in your action group. Webhooks allow you to send HTTP POST requests to an external endpoint when an alert is triggered, which is suitable for notifying custom systems.
The other options are not appropriate:
- Logic App action is used to trigger an Azure Logic App workflow.
- Automation Runbook action is for starting an Azure Automation runbook.
- Email/SMS action sends notifications via email or SMS, which are not suitable for integrating with a custom system programmatically.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Webhook action in Azure alerts?
How do I set up a Webhook action for Azure alerts?
What are the limitations of using Email/SMS actions for notifications?
A company wants to assign permissions to users for accessing data in a storage account without sharing account keys. Which method should they use to achieve this?
Integrate the storage account with Azure Active Directory
Use Shared Access Signatures
Distribute the storage account access keys to users
Use connection strings in application code
Answer Description
Integrating the storage account with Azure Active Directory (Azure AD) allows the company to assign permissions to users through role-based access control (RBAC) without sharing access keys. This enhances security by managing permissions centrally and reduces the risk associated with key distribution. Using Shared Access Signatures involves generating tokens that could be misused if shared improperly. Distributing access keys compromises the security of the entire storage account, and connection strings do not provide a method for assigning user-specific permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Azure Active Directory (Azure AD) and its benefits?
Can you explain what Role-Based Access Control (RBAC) is?
What are Shared Access Signatures, and why are they considered less secure?
Which action allows you to capture the configuration of existing Azure resources for redeployment?
Enable resource auditing in Azure Policy
Export the deployment as an ARM template
Record the deployment steps in Azure Monitor
Create a backup of the resource group
Answer Description
Exporting the deployment as an Azure Resource Manager (ARM) template captures the configuration of your resources in a JSON file. This template can be used to redeploy the resources consistently, aiding in automation and repeatability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ARM template?
How do I export a deployment as an ARM template?
What does 'redeployment' mean in the context of Azure?
An Azure administrator needs to add 500 new users to Azure Entra ID quickly and efficiently. The user data has been provided by the HR department. Which method should the administrator use to accomplish this task?
Use the bulk create users feature in Azure Active Directory.
Create the user accounts manually through the Azure portal.
Use PowerShell to script the creation of user accounts.
Set up Azure AD Connect to sync the accounts from an on-premises Active Directory.
Answer Description
The most efficient method is to use the bulk create users feature in Azure Entra ID. This feature allows the administrator to import multiple users at once by uploading a CSV file. Manually creating users through the portal is impractical for a large number of accounts. While a PowerShell script could automate the process, it requires scripting knowledge and additional time to develop and test. Syncing from an on-premises Entra ID is not applicable if the users are not present there.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the bulk create users feature in Azure Entra ID?
What kind of data needs to be included in the CSV file for bulk user creation?
How does Azure AD Connect work in relation to user accounts?
An Azure administrator needs to deploy an ARM template that creates multiple resources, including a virtual network, storage account, and several virtual machines. The template includes parameters and variables. The administrator wants to deploy the template using a script that can be easily integrated into existing CI/CD pipelines and run on Windows, Linux, or macOS.
Which command-line tool should the administrator use to deploy the template?
Azure Cloud Shell
Azure PowerShell
Azure CLI
Azure Portal
Answer Description
The Azure CLI is a cross-platform command-line tool that runs on Windows, Linux, or macOS, making it ideal for integrating into CI/CD pipelines regardless of the operating system. Using the 'az deployment group create' command, administrators can deploy ARM templates and supply parameters as needed. While Azure PowerShell can deploy templates, it relies on PowerShell, which may require additional setup on non-Windows systems. Azure Cloud Shell is a browser-based shell, which is not as suitable for automated scripted deployments. The Azure Portal is a graphical user interface and doesn't meet the requirement of using a script in a CI/CD pipeline.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ARM template?
What is Azure CLI and how does it work with CI/CD pipelines?
What are parameters and variables in ARM templates?
To enable disaster recovery of Azure virtual machines to a different region, which Azure resource must you configure?
Azure Recovery Services Vault
Azure Load Balancer
Azure Traffic Manager
Azure Virtual Network Peering
Answer Description
An Azure Recovery Services Vault is essential for configuring Azure Site Recovery, as it stores the replication and recovery data needed to replicate virtual machines to another region. The other options, such as Azure Virtual Network Peering, Azure Load Balancer, and Azure Traffic Manager, are used for networking and traffic management but are not involved in the replication process for disaster recovery.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Site Recovery and how does it work?
What exactly is an Azure Recovery Services Vault?
Why can't Azure Load Balancer or Azure Traffic Manager be used for disaster recovery?
Nice!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.