Practice set
AZ-104 questions
Question 1mediummultiple choice
Full question →A route table contains these entries: 10.0.0.0/8 with next hop Virtual appliance, and 10.1.1.0/24 with next hop Virtual network gateway. Which next hop will Azure use for traffic to 10.1.1.5?
Question 2mediummultiple choice
Full question →You need to connect VNet-Hub and VNet-Spoke so that resources in both virtual networks can communicate privately over the Microsoft backbone. Both virtual networks are in the same region. What should you configure?
Question 3mediummultiple choice
Full question →You need to control inbound and outbound traffic to resources in a subnet by allowing or denying traffic based on IP address, port, and protocol. Which Azure feature should you use?
Question 4mediummultiple choice
Full question →You need to create a storage account that provides the lowest-cost redundant storage for non-critical data and only needs protection against local disk or server failure within a single datacenter. Which redundancy option should you choose?
Question 5mediummultiple choice
Full question →You need to deploy 20 identical Azure virtual machines for a web application and automatically scale the number of instances based on CPU demand. Which Azure feature should you use?
Question 6mediummultiple choice
Full question →You need to deploy 20 identical Azure virtual machines that host the same web application. The solution must support automatic scale-out based on CPU usage and should minimize administrative overhead. What should you deploy?
Question 7mediummultiple choice
Full question →You need to deploy 25 identical Azure virtual machines for a web application and scale the number of instances automatically based on CPU demand. Which Azure compute feature should you use?
Question 8mediummultiple choice
Full question →You need to deploy 30 identical Azure virtual machines for a web application and scale the instance count automatically based on CPU demand. Which Azure compute feature should you use?
Question 9mediummultiple choice
Full question →You need to deploy a group of identical Azure virtual machines and ensure they are distributed across fault domains and update domains to reduce the impact of host failures and planned maintenance. Which feature should you use?
Question 10easymulti select
Full question →Which two statements about Azure route tables and user-defined routes are correct? Select two.
Question 11hardmulti select
Full question →A 180-GB blob is in the Archive tier. A legal team needs the file available later today and expects to open it several times during review. Which two actions should the administrator take? Select two.
Question 12mediummultiple choice
Full question →You need to ensure that all newly created resource groups in a subscription automatically inherit the CostCenter tag with a fixed value, even if the creator forgets to add it. Which Azure Policy effect should you use?
Question 13hardmultiple choice
Full question →A 180-GB blob was moved to the Archive tier last week. A legal team now needs the file available later today for repeated review, and they are willing to pay more to shorten the wait. Which action should the administrator take first?
Question 14hardmulti select
Full question →A backend subnet contains 18 Linux VMs that must install updates from the internet. Security requires all outbound traffic to use one static public IP, and none of the VMs may have their own public IP addresses. Which two changes meet the requirement? Select two.
Question 15mediummultiple choice
Full question →A backend tier runs on three Azure VMs. The VMs are rebuilt frequently and receive new private IP addresses during redeployment. The administrator must allow inbound TCP 1433 from the app tier without rewriting the NSG rule each time the backend VMs change. What should be used?
Question 16hardmultiple choice
Full question →A backend VM belongs to AppASG and listens on TCP 8443. The subnet NSG has a deny rule at priority 200 that blocks TCP 8443 from VirtualNetwork to any destination. The backend VM's NIC NSG has an allow rule at priority 100 for TCP 8443 from WebASG to AppASG. Web VMs in WebASG still cannot connect. What should you change to allow only the web tier while keeping other virtual network traffic blocked?
Question 17mediummultiple choice
Full question →A backend VM must accept TCP 8443 only from the web tier. The subnet NSG already has a deny-all inbound rule at priority 200. The administrator adds an allow rule for the web tier at priority 300, but the connection still fails. What should be changed?
Question 18mediummatching
Full question →A backup administrator is learning how Azure VM backup actions map to their purpose. Match each Recovery Services or backup item to the best description.
Answer choices are not available in this preview. Open the full question page for the complete review.
Question 19hardmulti select
Full question →A backup administrator manages three Recovery Services vaults. They need a single place to review the latest job outcome across all vaults, and then drill into the failed job details for one VM. Which two Azure experiences should they use? Select two.
Question 20mediummulti select
Full question →A backup archive must survive a regional outage, and engineers need to read the secondary copy if the primary region is unavailable. Which two redundancy options meet both requirements? Select two.
Question 21mediummatching
Full question →A backup engineer is reviewing policy-related settings in a Recovery Services vault. Match each backup setting to the behavior it controls.
Answer choices are not available in this preview. Open the full question page for the complete review.
Question 22mediummultiple choice
Full question →A backup job from an Azure service must write to a storage account that has the network firewall set to deny all public traffic. The team does not want to create a private endpoint for this workload. What should the administrator enable?
Question 23hardmulti select
Full question →A backup operations team exports Recovery Services vault logs to Log Analytics. They need a query that returns only failed backup jobs from the last 24 hours and displays just the vault name, protected item name, and error description. Which two KQL operators should the query include? Select two.
Question 24easymulti select
Full question →