AZ 104 Study Set 1 Exam Questions with
complete answers
You use it to add on-premises applications to your instance of Azure AD. you create
secure remote access for your on-premises applications. - Answer-AD Application
Proxy
The scratch image is an empty container image that doesn't create a filesystem layer.
This image assumes that the application you're going to run can directly use the host
OS kernel. - Answer-base image
is a text file that contains the instructions we use to build and run a Docker image -
Answer-Dockerfile
Which storage option is the best choice that allows the host and container to share a file
to manage name server resolution, for example the resolve.conf file on Linux? -
Answer-bind mount
container is launched using the --publish 80:8080 flag. Which of the following options is
the most likely network configured used for the container? - Answer-bridge
The status of VM1 is Running.You assign an Azure policy as shown in the exhibit. (Click
the Exhibit tab.) You assign the policy by using the following
parameters:Microsoft.ClassicNetwork/virtualNetworksMicrosoft.Network/
virtualNetworksMicrosoft.Compute/virtualMachines
1) An administrator can move VNET1 to RG2
2)the state of vm1 changed to deallocated
3) an administrator can modify the address space of vnet2 - Answer-1)no
2)yes
3)no
You have an Azure subscription named Subscription1 that contains a resource group
named RG1.In RG1, you create an internal load balancer named LB1 and a public load
balancer named LB2.You need to ensure that an administrator named Admin1 can
manage LB1 and LB2. The solution must follow the principle of least privilege. Which
role should you assign to Admin1 for each task? To answer, select the appropriate
options in the answer area. - Answer-To add a backend pool to LB1:
Network contributor to LB1
To add a health probe to LB2:
Network contributor to LB2
You have an Azure subscription that contains an Azure Active Directory (Azure AD)
tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named
, AKS1.An administrator reports that she is unable to grant access to AKS1 to the users
in contoso.com.You need to ensure that access to AKS1 can be granted to the
contoso.com users.What should you do first? - Answer-From contoso.com, create an
OAuth 2.0 authorization endpoint.
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant
named contoso.com.You plan to grant three users named User1, User2, and User3
access to a temporary Microsoft SharePoint document library named Library1.You need
to create groups for the users. The solution must ensure that the groups are deleted
automatically after 180 days.Which two groups should you create? Each correct answer
presents a complete solution - Answer-an Office 365 group that uses the Assigned
membership type
an Office 365 group that uses the Dynamic User membership type
1) User3 can perform an access review of user1
2) User3 can perform an access review of UserA
3) User3 can perform an access review of UserB - Answer-1) No
2) No
3) Yes
Overall: User3 is a member and can only review guest accounts
Management groups, subscriptions, and virtual networks allow - Answer-Box 1: No -
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.Box
2: Yes -Virtual Machines can be created on a Management Group provided the user
has the required RBAC permissions.Box 3: Yes -Subscriptions can be moved between
Management Groups provided the user has the required RBAC permissions.
What does the scope subscription do? - Answer-You can create Azure SQL servers in
contosoRG1 only
To RG6, you apply the tag: RGroup: RG6.You deploy a virtual network named VNET2
to RG6.Which tags apply to VNET1 and VNET2? To answer, select the appropriate
options in the answer area.NOTE: Each correct selection is worth one point. - Answer-
VNET1: Department: D1, and Label:Value1 only.Tags applied to the resource group or
subscription are not inherited by the resources.Note: Azure Policy allows you to use
either built-in or custom-defined policy definitions and assign them to either a specific
resource group or across a wholeAzure subscription.VNET2: Label:Value1
only.Incorrect Answers:RGROUP: RG6 -Tags applied to the resource group or
subscription are not inherited by the resources.
You have an Azure subscription named AZPT1 that contains the resources shown in
the following table:
You create a new Azure subscription named AZPT2.You need to identify which
resources can be moved to AZPT2.Which resources should you identify? - Answer-
VM1, storage1, VNET1, VM1Managed, and RVAULT1
complete answers
You use it to add on-premises applications to your instance of Azure AD. you create
secure remote access for your on-premises applications. - Answer-AD Application
Proxy
The scratch image is an empty container image that doesn't create a filesystem layer.
This image assumes that the application you're going to run can directly use the host
OS kernel. - Answer-base image
is a text file that contains the instructions we use to build and run a Docker image -
Answer-Dockerfile
Which storage option is the best choice that allows the host and container to share a file
to manage name server resolution, for example the resolve.conf file on Linux? -
Answer-bind mount
container is launched using the --publish 80:8080 flag. Which of the following options is
the most likely network configured used for the container? - Answer-bridge
The status of VM1 is Running.You assign an Azure policy as shown in the exhibit. (Click
the Exhibit tab.) You assign the policy by using the following
parameters:Microsoft.ClassicNetwork/virtualNetworksMicrosoft.Network/
virtualNetworksMicrosoft.Compute/virtualMachines
1) An administrator can move VNET1 to RG2
2)the state of vm1 changed to deallocated
3) an administrator can modify the address space of vnet2 - Answer-1)no
2)yes
3)no
You have an Azure subscription named Subscription1 that contains a resource group
named RG1.In RG1, you create an internal load balancer named LB1 and a public load
balancer named LB2.You need to ensure that an administrator named Admin1 can
manage LB1 and LB2. The solution must follow the principle of least privilege. Which
role should you assign to Admin1 for each task? To answer, select the appropriate
options in the answer area. - Answer-To add a backend pool to LB1:
Network contributor to LB1
To add a health probe to LB2:
Network contributor to LB2
You have an Azure subscription that contains an Azure Active Directory (Azure AD)
tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named
, AKS1.An administrator reports that she is unable to grant access to AKS1 to the users
in contoso.com.You need to ensure that access to AKS1 can be granted to the
contoso.com users.What should you do first? - Answer-From contoso.com, create an
OAuth 2.0 authorization endpoint.
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant
named contoso.com.You plan to grant three users named User1, User2, and User3
access to a temporary Microsoft SharePoint document library named Library1.You need
to create groups for the users. The solution must ensure that the groups are deleted
automatically after 180 days.Which two groups should you create? Each correct answer
presents a complete solution - Answer-an Office 365 group that uses the Assigned
membership type
an Office 365 group that uses the Dynamic User membership type
1) User3 can perform an access review of user1
2) User3 can perform an access review of UserA
3) User3 can perform an access review of UserB - Answer-1) No
2) No
3) Yes
Overall: User3 is a member and can only review guest accounts
Management groups, subscriptions, and virtual networks allow - Answer-Box 1: No -
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.Box
2: Yes -Virtual Machines can be created on a Management Group provided the user
has the required RBAC permissions.Box 3: Yes -Subscriptions can be moved between
Management Groups provided the user has the required RBAC permissions.
What does the scope subscription do? - Answer-You can create Azure SQL servers in
contosoRG1 only
To RG6, you apply the tag: RGroup: RG6.You deploy a virtual network named VNET2
to RG6.Which tags apply to VNET1 and VNET2? To answer, select the appropriate
options in the answer area.NOTE: Each correct selection is worth one point. - Answer-
VNET1: Department: D1, and Label:Value1 only.Tags applied to the resource group or
subscription are not inherited by the resources.Note: Azure Policy allows you to use
either built-in or custom-defined policy definitions and assign them to either a specific
resource group or across a wholeAzure subscription.VNET2: Label:Value1
only.Incorrect Answers:RGROUP: RG6 -Tags applied to the resource group or
subscription are not inherited by the resources.
You have an Azure subscription named AZPT1 that contains the resources shown in
the following table:
You create a new Azure subscription named AZPT2.You need to identify which
resources can be moved to AZPT2.Which resources should you identify? - Answer-
VM1, storage1, VNET1, VM1Managed, and RVAULT1
