AZ-104 EXAM SCRIPT 2025/2026 QUESTIONS WITH
ANSWERS GRADED A+
✔✔You would like to implement a hub-and-spoke VNet peering connection between two
of your virtual networks, VNet1 in the East US region and VNet2 in the East US-2
region, using a network virtual appliance (NVA).You have deployed VNet3 to serve as
the network hub, and a custom Linux virtual machine in VNet3 to serve as the NVA.How
should you configure the peering connections between the VNets with this particular
hub-and-spoke architecture?
a. Configure all peering connections to allow forwarded traffic.
b. Configure peering connections directed to the hub network (VNet3) to allow gateway
transit.
c. Configure peering connections directed to the spoke networks (VNet1 and VNet2) to
use remote gateways.
d. Configure peering connections directed to the hub network (VNet3) to use remote
gateways. Configure all other peering connections to allow gateway transit. - ✔✔a.
Configure all peering connections to allow forwarded traffic.
If you require connectivity between spokes, consider deploying an Azure Firewall or
other network virtual appliance. Then create routes to forward traffic from the spoke to
the firewall or network virtual appliance, which can then route to the second spoke. In
this scenario, you must configure the peering connections to allow forwarded traffic.
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-
networking/hub-spoke?tabs=cli
To allow gateway traffic to flow from spoke to hub and connect to remote networks, you
must:
Configure the peering connection in the hub to allow gateway transit.
Configure the peering connection in each spoke to use remote gateways.
Configure all peering connections to allow forwarded traffic.
✔✔What is not a requirement to deploy Azure AD Join?
a. An Azure AD subscription
b. An Azure AD Premium subscription
c. Mobile device management
d. A deployment of Azure AD Connect - ✔✔To deploy Azure AD Join for any set of
users you need the following:
An Azure AD subscription.
An Azure AD Premium subscription, such as mobile device management auto-
enrollment, if you require more capabilities.
,Mobile device management--for example, a Microsoft Intune subscription, mobile device
management for Office 365, or any of the partner mobile device management vendors
that integrate with Azure AD.
✔✔You are building a group of 10 virtual machines and putting them into an availability
set to ensure high availability. You configure the maximum number of fault domains
available in your desired region, which is three. How many of your virtual machines will
end up in the first fault domain?
a. 4
b. 3
c. 5
d. 10 - ✔✔a. 4
The maximum number of fault domains available are 3, but depends on the region.
When the number of virtual machines exceeds the number of fault domains, and their
number is for example 3, the 4th VM will be placed into the first fault domain, while the
5th VM will be placed into the second domain, etc. Hence the 10th VM will end up in the
first fault domain.
https://docs.microsoft.com/en-us/azure/virtual-machines/availability
✔✔Your expenses have increased as you've expanded international operations. It is
critical to sort expenses for Azure resources deployed for specific international markets
by the Azure product, resource type, and global region. What Azure service or tool
should you use to organize your expense reports?
a. Azure Advisor
b. Azure Cost Management tool
c. Azure Price Calculator
d. Azure Resource Tags - ✔✔d. Azure Resource Tags
Another way to track Azure costs is by using tags. Tags can be applied to Azure
resources as a means of grouping them for things like cost tracking. Tags can be
applied based on department, project, environment, or any other purpose.
Each tag is a name/value pair where the name defines the type, or category of the tag,
and the value identifies a specific instance of that type. For example, a tag name could
be a department, and values could then be IT and Development
✔✔You are a start-up company currently hosting two small web applications, Web App
1 and Web App 2, on Azure Web Apps. Your Web Apps run on three instances on a
Basic app service plan. You need to manage both web apps to meet the following
requirements:Allow Web App 1 to scale from 5-8 instances based on application
workload, as traffic for this web app is growing.Maintain Web App 2 on three separate
instances, as this application is also growing more popular. However, Web App 2 does
, not require scaling capabilities yet.What steps would be most cost-effective and meet
your application requirements?
a. Move Web App 1 to a separate Standard app service plan. Configure auto scaling for
Web App 1 between a range of 5 to 8 instances based on application metrics. Keep
your existing Basic app service plan for Web App 2.
b. Scale up to a Premium app service plan. Leave Web App 2 as it is currently
configured. Configure auto - ✔✔a. Move Web App 1 to a separate Standard app service
plan. Configure auto scaling for Web App 1 between a range of 5 to 8 instances based
on application metrics. Keep your existing Basic app service plan for Web App 2.
App Service plans are containers for the apps that you deploy in App Service. App
Service plans are offered in different tiers, with more functionality provided by higher,
more expensive tiers. The following list highlights some of the distinctions between the
available tiers:
Free (Windows only): Run a small number of apps for free
Shared (Windows only): Run more apps and provides support for custom domains
Basic: Run unlimited apps and scale up to three instances with built-in load balancing
Standard: The first tier that is recommended for production workloads. It scales up to
ten (10) instances with Autoscaling support and VNet integration to access resources in
your Azure virtual networks without exposing them to the internet
Premium: Scale up to 20 instances and additional storage over the standard tier
Isolated: Scale up to 100 instances, runs inside of an Azure Virtual Network isolated
from other customers, and supports private access use cases
✔✔Your team is spending too much time recovering from unplanned events, specifically
when small resource updates occur that disrupt service operations, or noncompliant
resources are created. You want to automate a process to review log data related to
resource updates, to detect anomalies within the updates. You would like to utilize live
dashboards to evaluate the log data quickly. What type of logs would you analyze, and
with what Azure service?
a. Process activity logs with Azure Event Hub.
b. Process diagnostic logs with Log Analytics.
c. Process application logs with tables in Azure Storage.
d. Process diagnostic logs with Power BI. - ✔✔a. Process activity logs with Azure Event
Hub.
ANSWERS GRADED A+
✔✔You would like to implement a hub-and-spoke VNet peering connection between two
of your virtual networks, VNet1 in the East US region and VNet2 in the East US-2
region, using a network virtual appliance (NVA).You have deployed VNet3 to serve as
the network hub, and a custom Linux virtual machine in VNet3 to serve as the NVA.How
should you configure the peering connections between the VNets with this particular
hub-and-spoke architecture?
a. Configure all peering connections to allow forwarded traffic.
b. Configure peering connections directed to the hub network (VNet3) to allow gateway
transit.
c. Configure peering connections directed to the spoke networks (VNet1 and VNet2) to
use remote gateways.
d. Configure peering connections directed to the hub network (VNet3) to use remote
gateways. Configure all other peering connections to allow gateway transit. - ✔✔a.
Configure all peering connections to allow forwarded traffic.
If you require connectivity between spokes, consider deploying an Azure Firewall or
other network virtual appliance. Then create routes to forward traffic from the spoke to
the firewall or network virtual appliance, which can then route to the second spoke. In
this scenario, you must configure the peering connections to allow forwarded traffic.
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-
networking/hub-spoke?tabs=cli
To allow gateway traffic to flow from spoke to hub and connect to remote networks, you
must:
Configure the peering connection in the hub to allow gateway transit.
Configure the peering connection in each spoke to use remote gateways.
Configure all peering connections to allow forwarded traffic.
✔✔What is not a requirement to deploy Azure AD Join?
a. An Azure AD subscription
b. An Azure AD Premium subscription
c. Mobile device management
d. A deployment of Azure AD Connect - ✔✔To deploy Azure AD Join for any set of
users you need the following:
An Azure AD subscription.
An Azure AD Premium subscription, such as mobile device management auto-
enrollment, if you require more capabilities.
,Mobile device management--for example, a Microsoft Intune subscription, mobile device
management for Office 365, or any of the partner mobile device management vendors
that integrate with Azure AD.
✔✔You are building a group of 10 virtual machines and putting them into an availability
set to ensure high availability. You configure the maximum number of fault domains
available in your desired region, which is three. How many of your virtual machines will
end up in the first fault domain?
a. 4
b. 3
c. 5
d. 10 - ✔✔a. 4
The maximum number of fault domains available are 3, but depends on the region.
When the number of virtual machines exceeds the number of fault domains, and their
number is for example 3, the 4th VM will be placed into the first fault domain, while the
5th VM will be placed into the second domain, etc. Hence the 10th VM will end up in the
first fault domain.
https://docs.microsoft.com/en-us/azure/virtual-machines/availability
✔✔Your expenses have increased as you've expanded international operations. It is
critical to sort expenses for Azure resources deployed for specific international markets
by the Azure product, resource type, and global region. What Azure service or tool
should you use to organize your expense reports?
a. Azure Advisor
b. Azure Cost Management tool
c. Azure Price Calculator
d. Azure Resource Tags - ✔✔d. Azure Resource Tags
Another way to track Azure costs is by using tags. Tags can be applied to Azure
resources as a means of grouping them for things like cost tracking. Tags can be
applied based on department, project, environment, or any other purpose.
Each tag is a name/value pair where the name defines the type, or category of the tag,
and the value identifies a specific instance of that type. For example, a tag name could
be a department, and values could then be IT and Development
✔✔You are a start-up company currently hosting two small web applications, Web App
1 and Web App 2, on Azure Web Apps. Your Web Apps run on three instances on a
Basic app service plan. You need to manage both web apps to meet the following
requirements:Allow Web App 1 to scale from 5-8 instances based on application
workload, as traffic for this web app is growing.Maintain Web App 2 on three separate
instances, as this application is also growing more popular. However, Web App 2 does
, not require scaling capabilities yet.What steps would be most cost-effective and meet
your application requirements?
a. Move Web App 1 to a separate Standard app service plan. Configure auto scaling for
Web App 1 between a range of 5 to 8 instances based on application metrics. Keep
your existing Basic app service plan for Web App 2.
b. Scale up to a Premium app service plan. Leave Web App 2 as it is currently
configured. Configure auto - ✔✔a. Move Web App 1 to a separate Standard app service
plan. Configure auto scaling for Web App 1 between a range of 5 to 8 instances based
on application metrics. Keep your existing Basic app service plan for Web App 2.
App Service plans are containers for the apps that you deploy in App Service. App
Service plans are offered in different tiers, with more functionality provided by higher,
more expensive tiers. The following list highlights some of the distinctions between the
available tiers:
Free (Windows only): Run a small number of apps for free
Shared (Windows only): Run more apps and provides support for custom domains
Basic: Run unlimited apps and scale up to three instances with built-in load balancing
Standard: The first tier that is recommended for production workloads. It scales up to
ten (10) instances with Autoscaling support and VNet integration to access resources in
your Azure virtual networks without exposing them to the internet
Premium: Scale up to 20 instances and additional storage over the standard tier
Isolated: Scale up to 100 instances, runs inside of an Azure Virtual Network isolated
from other customers, and supports private access use cases
✔✔Your team is spending too much time recovering from unplanned events, specifically
when small resource updates occur that disrupt service operations, or noncompliant
resources are created. You want to automate a process to review log data related to
resource updates, to detect anomalies within the updates. You would like to utilize live
dashboards to evaluate the log data quickly. What type of logs would you analyze, and
with what Azure service?
a. Process activity logs with Azure Event Hub.
b. Process diagnostic logs with Log Analytics.
c. Process application logs with tables in Azure Storage.
d. Process diagnostic logs with Power BI. - ✔✔a. Process activity logs with Azure Event
Hub.
