AZ 104 RENEWAL EXAM QUESTION AND ANSWER 2023 Version
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
1) You plan to deploy an Azure web app that
... [Show More] will have the
following settings:
• Name: WebApp1
• Publish: Docker container
• Operating system: Windows
• Region: West US
• Windows Plan (West US): ASP-RG1-8bcf
You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime
stack. Which setting should you modify?
Select only one answer.
Region Operating system Publish Windows Plan
2) You have the following Azure resources:
• Azure Key Vault named KeyVault1
• Azure App Service named WebApp1
You need to ensure that WebApp1 can access KeyVault1 by using
Azure Active Directory (Azure AD) authentication.
Which two settings can be used to configure WebApp1? Each correct
answer presents a complete solution.
Select all answers that apply.
User assigned managed identity Application settings TLS/SSL
bindings App Service Authentication System
assigned managed identity
3) You have an Azure web app named WebApp1.
You discover that backup options are unavailable for
WebApp1. You need to back up WebApp1.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
What should you do
first? Select only one
answer.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Modify the platform settings of WebApp1. Modify the Application
settings of WebApp1. Scale up the app service plan.Scale out the
app service plan.
4) You have an Azure web app named Contoso2023.
You add a deployment slot to Contoso2023 named Slot1.
You need to be able to perform a deployment slot swap with
preview. What should you modify?
Select only one answer.
application settings for Contoso2023 general settings for
Contoso2023 application settings for Contoso2023-Slot1
general settings for
Contoso2023-Slot1
5) You plan to create an Azure container instance named
container1 that will use a Docker image named Image1.
You need to ensure that container1 has persistent storage.
Which Azure resources should you deploy for the persistent
storage? Select only one answer.
an Azure container registry only an Azure Storage account and a
file
share an Azure Storage account and a blob container an
Azure SQL database only
6) You have an Azure container registry named Registry1.
You enable the admin user for Registry1.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Which username should you use to connect to Registry1 as an
admin user? Select only one answer.
root Admin Administrator Registry1 Registry1.azurecr.io
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
7) You have an Azure subscription that contains the following
resources:
• a storage account named storage123
• a container instance named AppContainer
The subscription contains a virtual network named VirtualNet4 that
has the following subnets:
• SubnetA- storage123 is connected to SubnetA.
• SubnetB- AppContainer is connected to SubnetB.
• SubnetC- No resources.
You plan to deploy an Azure container instance named container5 to
VirtualNet4.
To which subnets can you deploy
container5? Select only one answer.
SubnetB only SubnetC only SubnetB and SubnetC only
SubnetA, SubnetB, and SubnetC
8) You have an Azure Storage account named storage1.
You create the following encryption scopes for storage1:
• Scope1 that has an encryption type of Microsoft-managed keys
• Scope2 that has an encryption type of Customer-managed
keys
Which storage services can be used with
Scope2? Select only one answer.
blob only file only blob and file only table and queue only
blob, file, table, and queue
9) You have an Azure Storage account named storage1 that
contains a file share named share1.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
You also have an on-premises Active Directory domain that contains
a user named User1.
You need to ensure that User1 can access share1 by using the SMB
protocol. What should you do?
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Select only one answer.
Provide User1 with the shared access signature (SAS) for
storage1.
Configure the Access control (IAM) settings of storage1. Configure
the
Firewalls and virtual networks settings of storage1. Provide User1
with the access key for storage1.
10) You have an Azure Storage account named storage1
that is configured to use the Hot access tier.
Storage1 has a container named container1 and the lifecycle
management rule with following settings:
• Move blob to cool storage:
Selected
o Days after last modification: 3
• Move blob to archive storage: Selected
o Days after last modification: 5
On December 1, you create a file named File1 in container1.
On December 10, you rehydrate File1 and move the file to the Hot
access tier.
When will File1 be moved to archive
storage? Select only one answer.
within 24 hours on December 15 on December 18 on January 1
11) You have an Azure Storage account named storage1.
You need to provide time-limited access to
storage1. What should you use?
Select only one answer.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
an access key a role assignment an access policy a shared
access signature (SAS)
12) You have the following Azure virtual machines that run
Windows Server 2019:
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
• Server1- connected to VirtualNET1 and has a
Wingtiptoys.com DNS suffix configured in Windows Server
2019
• Server2- connected to VirtualNET1 and has a Fabrikam.com
DNS suffix configured in Windows Server 2019
• Server3- connected to VirtualNET2 and has a
Wingtiptoys.com DNS suffix configured in Windows Server
2019
• Server4- connected to VirtualNET2 and has a Fabrikam.com
DNS suffix configured in Windows Server 2019
You create a private DNS zone named fabrikam.com and add the
following virtual network links to fabrikam.com:
• Link1- connected to VirtualNET1 and has auto registration
enabled
• Link2- connected to VirtualNET2 and has auto registration
enabled
Which virtual machines will register a DNS record in
fabrikam.com? Select only one answer.
Server2 only Server1 and Server2 only Server2 and
Server4 only Server1, Server2, Server3, and Server4
13) A company named Contoso, Ltd. has an Azure
subscription that contains an Azure Active Directory (Azure
AD) tenant named contoso.com. The Azure subscription
contains the following virtual networks:
• VNET1- deployed in the East US location
• VNET2- deployed in the East US location
• VNET3- deployed in the West US location
Contoso purchases a company named A. Datum Corporation. A.
Datum has an Azure subscription that contains an Azure AD tenant
named adatum.com. Adatum.com contains the following virtual
networks:
• VNETA- deployed in the East US location
• VNETB- deployed in the West US location
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Which virtual networks can you peer to
VNET1? Select only one answer.
VNET2 only VNET2 and VNET3 only VNET2 and VNETA
only VNET2, VNET3, and VNETA only VNET2, VNET3,
VNETA, and VNETB
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
14) You have an Azure virtual machine named VM1 that
connects to a virtual network named VNET1.
You create a private DNS zone named contoso.com and add an A
record named host1 to the zone.
You need to ensure that VM1 can resolve
host1.contoso.com. What should you do?
Select only one answer.
Modify the Access control (IAM) settings of the zone. From the
zone,
add a virtual network link. From the properties of the network
interface,
modify the options of the DNS servers. From the properties of
VNET1, modify the options of the DNS servers.
15) You have a proximity placement group named Proximity1.
You plan to create the following Azure resources:
• a virtual machine named VM1
• a disk named Disk1
• a virtual network named VNET1
• a public IP address named IP1
Which resources can you place in
Proximity1? Select only one answer.
VM1 only VM1 and Disk1 only Disk1 and IP1 only VNET1,
Disk1, and IP1 only
16) You have an Azure virtual network named VNET1 has
and a network security group (NSG) named NSG1. NSG1
has the following inbound security rules:
• Rule1 has a priority of 100 and allows port 3389 on TCP
protocol from any source and to any destination
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
• Rule2 has a priority of 200 and allows ports 80 and 8080
on UDP protocol from any source and to any destination
• Rule3 has a priority of 300 and denies ports 1-2000 on TCP
protocol from any source and to any destination
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
• Rule4 has a priority of 400 and allows ports 50-500 on TCP
protocol from VirtualNetwork source and to any destination
• Rule5 has a priority of 500 and allows ports 80 and 443 on TCP
protocol from any source and to any destination
You need to allow http and https connections from the internet to
VNET1. What should you change for NSG1?
Select only one answer.
Priority for Rule4 to 250 Protocol for Rule2 to TCP Priority for
Rule3 to 450 Priority for Rule5 to 250
17) You have an Azure virtual machine named VM1 that
connects to a virtual network named VNET1.
A network security group (NSG) named NSG1 allows connections
to VM1 from VNET1 only.
You need to add an inbound security rule to NSG1 that meets the
following requirements:
• Allows Azure Backup to back up VM1
• Minimizes the types of allowed inbound traffic
What should you use as the source for the inbound
security rule? Select only one answer.
any IP address the IP address of VM1 a service tag for Azure
Backup an application security group
18) You have an Azure virtual network named VNET1 that
has an IP address space of 192.168.0.0/16 and the following
subnets:
• Subnet1- has an IP address range of 192.168.1.0/24 and is
connected to 15 VMs
• Subnet2- has an IP address range of 192.168.2.0/24 and does
not have any VMs connected
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
You need to ensure that you can deploy Azure Firewall to
VNET1. What should you do?
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Select only one answer.
Add a new subnet to VNET1. Add a service endpoint to
Subnet2.
Modify the subnet mask of Subnet2. Modify the IP address
space of VNET1.
19) You have an Azure subscription that contains a storage
account named storage1 and the following virtual machines:
• VM1 has a public IP address of 13.68.158.24 and is
connected to VNET1/Subnet1
• VM2 has a public IP address of 52.255.145.76 and is
connected to VNET1/Subnet1
• VM3 has a public IP address of 13.68.158.50 and is
connected to VNET1/Subnet2
The subnets have the following service endpoints:
• Subnet1 has a Microsoft.Storage service endpoint
• Subnet2 does not have any service endpoint
Storage1 has a firewall configured to allow access from the
13.68.158.0/24 IP address range only.
You need to identify which virtual machines can access
storage1. What should you identify?
Select only one answer.
VM1 only VM3 only VM1 and VM2 only VM1 and VM3 only
VM1, VM2, and VM3
20) You have an Azure virtual machine named Computer5
and a Recovery Services vault named Vault5. Computer5
contains the following data disks:
• DiskA has a size of 512 GB
• DiskB has a size of 30 TB
• DiskC has a size of 26 TB
• DiskD has a size of 2.0 TB
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Which data disks can you back up to Vault5?
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Select only one answer.
DiskA only DiskB only DiskC only DiskD only DiskA,
DiskB, DiskC, and DiskD
21) You have the following Azure resources:
• a virtual machine named VM1
• a Recovery Services vault named Vault1
On January 1, you configure backups for VM1 by using the following
backup policy:
• Frequency: Daily
• Time: 23:00
• Timezone: (UTC) Coordinated Universal Time
• Retain instant recovery snapshot(s) for: 2 Day(s)
• Retention of daily backup point: 7 Day(s)
• Azure Backup Resource Group: Backup1RG
How many restore point collections recovery points will be stored in
Backup1RG on January 10?
Select only one
answer.
2 7 9 10
22) You have a Recovery Services vault named Vault1 that
has soft delete enabled.
Vault1 stores backups for the following Azure resources:
• an Azure virtual machine named VM1
• an Azure file share named share1
• a SQL Server on Azure virtual machine named SQL1
Which backups are protected by soft delete?
Select only one answer.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
VM1 only share1 only VM1 and SQL1 only VM1, share1, and
SQL1
23) You have a Recovery Services vault named
Recovery1 that includes a backup policy named Policy1.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
You back up several Azure virtual machines to Recovery1 by using
Policy1. You need to view the Azure Backup reports.
What should you do first?
Select only one answer.
Create an Azure Log Analytics workspace. Modify the Backup
Configuration settings of Recovery1. Configure the Diagnostics
settings of Recovery1.
24) You have an Azure subscription that contains an Azure
container registry named Contoso2020.
You plan to create an Azure Kubernetes Service (AKS) cluster named
AKS1 that has the following settings:
• Kubernetes version: 1.16.10
• Node pools:1
• Virtual nodes: Disabled
• Authentication method: Service principal
• Network configuration: Basic
You need to ensure that you can integrate AKS1 and
Contoso2020. Which AKS1 settings should you modify?
Select only one answer.
Kubernetes version Virtual nodes Authentication method
Network configuration
25) You have the following containerized applications:
• App1 that runs in a Server Core installation of Windows
Server container
• App2 that runs in a Nano Server container
• App3 that runs in a Linux container
• App4 that runs in a Linux container
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
What is the minimum number of Azure Kubernetes Service (AKS)
node pools required to run all the applications?
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Select only one answer.
1 2 3 4
26) You have an Azure Active Directory (Azure AD) tenant
named contoso.com that contains a user named Ben
Smith.
You configure a Password protection for contoso.com that includes
the following Custom banned passwords settings:
• Enforce custom list: Yes
• Custom banned password list: Contoso
Which password can be used by Ben
Smith? Select only one answer.
FgRs01 C0nt0s0123 CONTOSO123 Conto123so
27) You have an Azure subscription that contains a user
named User1, a security group named Group1, and a virtual
machine named VM1.
You enable a system-assigned managed identity for
VM1. To which identities can you assign the Reports
reader role?
Select only one answer.
User1 only User1 and Group1 only
User1 and VM1 only User1, Group1, and VM1
28) You have an Azure Active Directory (Azure AD)
tenant that contains the following users:
• User1 has a Department set to Sales and a Country set to USA
• User2 has a Department set to Marketing and a Country set to
USA
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
• User3 has a Department set to Sales and a Country set to DE
• User4 has a Department set to Marketing and a Country set to
DE
You create a group named Group1 that has the following dynamic
membership rule.
user.country -eq "USA" -and user.department -eq "Marketing" -or
user.department -eq "Sales"
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Which users are members of Group1?
Select only one answer.
User1 and User2 onlyUser1 and User3 onlyUser2 and User3
only User1, User2, and User3 only User1, User2,
User3 and User4
You have an Azure web service named Contoso2022 that runs in
the Standard App Service plan. Contoso2022 has five deployment
slots in use.
A user named User1 has the Contributor role for Contoso2022.
You need to ensure that User1 can create additional deployment
slots to Contoso2022.
What should you
do? Select only one
answer.
Assign User1 the Owner role for Contoso2022. Assign User1
the Website Contributor role for Contoso2022. Scale up the
Contoso2022 App Service plan. Scale out the
Contoso2022 App Service plan.
You have a Docker image named Image1 that contains a corporate
app. You need to deploy Image1 to Azure and make the app
accessible to users.
Which two Azure services should you deploy? Each correct answer
presents part of the solution.
Select all answers that apply.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Azure App service a virtual machine Azure Container Registry
a virtual machine scale set
You have an Azure container registry named
Registry1. You enable the admin user for Registry1.
Which username should you use to connect to Registry1 as an
admin user? Select only one answer.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
root Admin Administrator Registry1 Registry1.azurecr.io
You plan to create an Azure container instance named container1
that will use a Docker image named Image1.
You need to ensure that container1 has persistent storage.
Which Azure resources should you deploy for the persistent
storage? Select only one answer.
an Azure container registry only an Azure Storage account and a
file
share an Azure Storage account and a blob container an
Azure SQL database only
You have an Azure Storage account named
storage1. You create the following encryption
scopes for storage1:
• Scope1 that has an encryption type of Microsoft-managed keys
• Scope2 that has an encryption type of Customer-managed
keys
Which storage services can be used with
Scope2? Select only one answer.
blob only file only blob and file only table and queue only
blob, file, table, and queue
You have an Azure Storage account named storage1 that
contains a file share named share1.
You also have an on-premises Active Directory domain that contains
a user named User1.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
You need to ensure that User1 can access share1 by using the SMB
protocol. What should you do?
Select only one answer.
Provide User1 with the shared access signature (SAS) for
storage1.
Configure the Access control (IAM) settings of storage1. Configure
the
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Firewalls and virtual networks settings of storage1. Provide User1
with the access key for storage1.
You have an Azure Storage account named
storage1. You need to provide time-limited
access to storage1. What should you use?
Select only one answer.
an access key a role assignment an access policy a shared
access signature (SAS)
You have an Azure virtual machine named VM1 that automatically
registers in an Azure private DNS zone named contoso.com.
VM1 hosts a website named Site1.
You need to ensure that Site1 can be resolved by using a URL of
htt p:// ww w. co nto s o. c o m. The solution must ensure that if the IP
address of VM1 changes, www.contoso.com will resolve to the
changed IP address.
Which DNS record type should you add to
contoso.com? Select only one answer.
A SVR TXT AAAA CNAME
You have an Azure virtual machine named VM1 that connects to a
virtual network named VNET1.
You create a private DNS zone named contoso.com and add an A
record named host1 to the zone.
You need to ensure that VM1 can resolve
host1.contoso.com. What should you do?
Select only one answer.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
Modify the Access control (IAM) settings of the zone. From
the zone, add a virtual network link. From the
properties of the network interface,
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
modify the options of the DNS servers. From the properties of
VNET1, modify the options of the DNS servers.
You have the following Azure virtual machines that run Windows
Server 2019:
• Server1- connected to VirtualNET1 and has a
Wingtiptoys.com DNS suffix configured in Windows Server
2019
• Server2- connected to VirtualNET1 and has a Fabrikam.com
DNS suffix configured in Windows Server 2019
• Server3- connected to VirtualNET2 and has a
Wingtiptoys.com DNS suffix configured in Windows Server
2019
• Server4- connected to VirtualNET2 and has a Fabrikam.com
DNS suffix configured in Windows Server 2019
You create a private DNS zone named fabrikam.com and add the
following virtual network links to fabrikam.com:
• Link1- connected to VirtualNET1 and has auto registration
enabled
• Link2- connected to VirtualNET2 and has auto registration
enabled
Which virtual machines will register a DNS record in
fabrikam.com? Select only one answer.
Server2 only Server1 and Server2 only Server2 and
Server4 only Server1, Server2, Server3, and Server4
You have an Azure subscription that contains a virtual network
named VNET1. VNET1 uses the following address spaces:
• 10.10.1.0/24
• 10.10.2.0/28
VNET1 contains the following subnets:
• Subnet1- has an address space of 10.10.1.0/24
• Subnet2- has an address space of 10.10.2.0/28
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
To Subnet1, you deploy a virtual machine named VM1 that runs
Windows Server 2019. VM1 has Remote Desktop enabled.
VM1 does NOT have a public IP address.
AZ 104 RENEWAL EXAM
QUESTION AND ANSWER
UPDATED 2022
You need to be able to deploy Azure Bastion, and then protect
VM1. What should you do first?
Select only one answer.
Add a new subnet to VNET1.Modify the address space of VNET1.
Add a public IP address to VM1. Add an extension to VM1. [Show Less]