Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-104

Microsoft AZ-104 Exam (page: 13)
Microsoft Azure Administrator
Updated on: 02-Jan-2026

Viewing Page 13 of 69
AZ-104 PDF 553 Questions

You have an Azure subscription that contains the resources shown in the following table.


You need to create a network interface named NIC1. In which location can you create NIC1?

  1. East US and North Europe only
  2. East US only
  3. East US, West Europe, and North Europe
  4. East US and West Europe only

Answer(s): B

Explanation:

Before creating a network interface, you must have an existing virtual network in the same location and subscription you create a network interface in.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface



You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.


You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com. For controso.com, you create a virtual network link named link1 as shown in the exhibit. (Click the Exhibit tab.)


You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com. VM1 can resolve other hosts on the Internet.
You need to ensure that VM1 can resolve host names in adatum.com. What should you do?

  1. Update the DNS suffix on VM1 to be adatum.com
  2. Configure the name servers for adatum.com at the domain registrar
  3. Create an SRV record in the contoso.com zone
  4. Modify the Access control (IAM) settings for link1

Answer(s): B



HOTSPOT (Drag and Drop is not supported)
You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine. Task2: Validate outbound connectivity from an Azure virtual machine to an external host.
Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: IP flow verify
At some point, a VM may become unable to communicate with other resources, because of a security rule. The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which.
Box 2: Connection troubleshoot
Diagnose outbound connections from a VM: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does. Learn more about how to troubleshoot connections using connection-troubleshoot.


Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the Azure virtual machines shown in the following table.


You configure the network interfaces of the virtual machines to use the settings shown in the following table.


From the settings of VNET1 you configure the DNS servers shown in the following exhibit.


The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Yes
You can specify DNS server IP addresses in the VNet settings. The setting is applied as the default DNS server(s) for all VMs in the VNet.
Box 2: No
You can set DNS servers per VM or cloud service to override the default network settings.
Box 3: Yes
You can set DNS servers per VM or cloud service to override the default network settings.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#name-resolution-dns



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the resource groups shown in the following table.


RG1 contains the resources shown in the following table.


RG2 contains the resources shown in the following table.


You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: IP1, Storage1
IP addresses and storage accounts can be moved. Virtual networks cannot be moved.
There is no lock on RG1. Box 2: None
There is a delete lock on RG2.
Note: When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.
CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource. ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.


Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.


You deploy a load balancer that has the following configurations: Name: LB1
Type: Internal SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

A Backend Pool configured by IP address has the following limitations: Standard load balancer only


Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.


You deploy a load balancer that has the following configurations: Name: LB1
Type: Internal SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

A Backend Pool configured by IP address has the following limitations: Standard load balancer only


Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the virtual machines shown in the following table.


You deploy a load balancer that has the following configurations: Name: LB1
Type: Internal SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard SKU public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

A Backend Pool configured by IP address has the following limitations: Standard load balancer only


Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management



Viewing Page 13 of 69



Share your comments for Microsoft AZ-104 exam with other users:

Alex 5/24/2025 12:54:15 AM

Can I trust to this source?
Anonymous