Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-104

Microsoft AZ-104 Exam (page: 7)
Microsoft Azure Administrator
Updated on: 02-Jan-2026

Viewing Page 7 of 69
AZ-104 PDF 553 Questions

HOTSPOT (Drag and Drop is not supported)
You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit:


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: 10 years
The yearly backup point occurs to 1 March and its retention period is 10 years.
Box 2: 36 months
The monthly backup point occurs on the first of every month and its retention period is 36 months.



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the vaults shown in the following table.


You deploy the virtual machines shown in the following table.


You have the backup policies shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Yes
VM1 is Windows Server, and uses Azure Disk Encryption.
Backup policy Policy1 is of Standard type, and resides in vault Recovery1. Recovery1 is a Recovery Services vault.
Note: You can back up and restore encrypted Azure virtual machines.
Azure Backup supports backup of Azure VMs that have their OS/data disks encrypted with Azure Disk Encryption (ADE).
Configure a backup policy
1. If you haven't yet created a Recovery Services backup vault, follow these instructions.
2. Navigate to Backup center and click +Backup from the Overview tab
Select Azure Virtual machines as the Datasource type and select the vault you have created, then click Continue.


4. Select the policy that you want to associate with the vault, then select OK.
5. Etc.
Box 2: No
VM2 is Linux, and uses Trusted launch. Backup policy Policy3 resides in vault Backup1. Backup1 is an Azure Backup vault.
Note: Backup of trusted launch VMs is supported through Enhanced policy. You can enable backup through a Recovery Services vault, the pane for managing a VM, and the pane for creating a VM.
Box 3: Yes
Policy2 is an enhanced policy (required) and resides in a Recovery Services vault.
Note: The Backup vault is a much leaner product than the Recovery Services vault and has a more specialized set of supported workloads. Specifically, the Backup vault protects only selected Azure resources: Azure VM disks. Azure Blob Storage in general-purpose storage accounts.


Reference:

https://learn.microsoft.com/en-us/azure/backup/backup-azure-vms-encryption https://learn.microsoft.com/en-us/azure/backup/backup-support-matrix-iaas



You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1. What should you create first?

  1. a data collection rule (DCR)
  2. a Log Analytics workspace
  3. an Azure Monitor Private Link Scope (AMPLS)
  4. a private endpoint

Answer(s): C

Explanation:

Use Azure Private Link to connect networks to Azure Monitor
With Azure Private Link, you can securely link Azure platform as a service (PaaS) resources to your virtual network by using private endpoints. Azure Monitor is a constellation of different interconnected services that work together to monitor your workloads. An Azure Monitor private link connects a private endpoint to a set of Azure Monitor resources to define the boundaries of your monitoring network. That set is called an Azure Monitor Private Link Scope (AMPLS).
Incorrect:
Data collection rule
When you enable VM insights on a machine with the Azure Monitor agent, you must specify a data collection rule (DCR) to use. The DCR specifies the data to collect and the workspace to use. VM insights creates a default DCR if one doesn't already exist.


Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security



HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the vaults shown in the following table.


You create a storage account that contains the resources shown in the following table.


To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Backup1 only Cont1, Blob container
Note: The Backup vault is a much leaner product than the Recovery Services vault and has a more specialized set of supported workloads. Specifically, the Backup vault protects only selected Azure resources:
Azure VM disks
Azure Blob Storage in general-purpose storage accounts Azure Database for PostgreSQL servers


Note 2:
Configure and manage backup for Azure Blobs using Azure Backup
Azure Backup allows you to configure operational and vaulted backups to protect block blobs in your storage accounts.
Vaulted backup of blobs is a managed offsite backup solution that transfers data to the backup vault and retains as per the retention configured in the backup policy. You can retain data for a maximum of 10 years.
Create a Backup vault
A Backup vault is a management entity that stores recovery points created over time and provides an interface to perform backup related operations. These include taking on-demand backups, performing restores, and
creating backup policies. Though operational backup of blobs is a local backup and doesn't "store" data in the vault, the vault is required for various management operations.
Box 2: Recovery1 only. Share1, File share
About Azure file share backup
The first step in configuring backup for Azure file shares is creating a Recovery Services vault. The vault gives you a consolidated view of the backups configured across different workloads.


Reference:

https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage?tabs=vaulted-backup https://learn.microsoft.com/en-us/azure/backup/azure-file-share-backup-overview



You have an Azure subscription that contains an Azure Stream Analytics job named Job1.
You need to monitor input events for Job1 to identify the number of events that were NOT processed. Which metric should you use?

  1. Out-of-Order Events
  2. Output Events
  3. Late Input Events
  4. Backlogged Input Events

Answer(s): D

Explanation:

Metrics available for Stream Analytics
Azure Stream Analytics provides the following metrics for you to monitor your job's health.
Backlogged Input Events
Number of input events that are backlogged. A nonzero value for this metric implies that your job can't keep up with the number of incoming events. If this value is slowly increasing or is consistently nonzero, you should scale out your job.
Incorrect:
Out-of-Order Events
Number of events received out of order that were either dropped or given an adjusted time stamp, based on the event ordering policy. This metric can be affected by the configuration of the Out-of-Order Tolerance Window setting.
Output Events
Amount of data that the Stream Analytics job sends to the output target, in number of events.
Late Input Events
Events that arrived later than the configured tolerance window for late arrivals.
* etc.


Reference:

https://learn.microsoft.com/en-us/azure/stream-analytics/stream-analytics-job-metrics



You have an Azure subscription that contains an Azure SQL database named DB1.
You plan to use Azure Monitor to monitor the performance of DB1. You must be able to run queries to analyze log data.
Which destination should you configure in the Diagnostic settings of DB1?

  1. Send to a Log Analytics workspace.
  2. Archive to a storage account.
  3. Stream to an Azure event hub.

Answer(s): A

Explanation:

Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor logs and interactively analyze their results. You can use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide various insights into your data.


Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial



You have an Azure subscription. The subscription contains virtual machines that run Windows Server. You have a data collection rule (DCR) named Rule1.
You plan to use the Azure Monitor Agent to collect events from Windows System event logs. You only need to collect system events that have an ID of 1001.
Which type of query should you use for the data source in Rule1?

  1. SQL
  2. XPath
  3. KQL

Answer(s): B

Explanation:

Filter events using XPath queries
You're charged for any data you collect in a Log Analytics workspace. Therefore, you should only collect the event data you need. The basic configuration in the Azure portal provides you with a limited ability to filter out events.
To specify more filters, use custom configuration and specify an XPath that filters out the events you don't need. XPath entries are written in the form LogName!XPathQuery. For example, you might want to return only events from the Application event log with an event ID of 1035. The XPathQuery for these events would be * [System[EventID=1035]]. Because you want to retrieve the events from the Application event log, the XPath is Application!*[System[EventID=1035]]


Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent



You have an Azure subscription that contains a virtual machine named VM1.
You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure.
You need to use Connection Monitor to identify network latency between VM1 and DC1. What should you install on DC1?

  1. the Azure Connected Machine agent for Azure Arc-enabled servers
  2. the Azure Network Watcher Agent virtual machine extension
  3. the Log Analytics agent
  4. an Azure Monitor agent extension

Answer(s): D

Explanation:

Configure Connection Monitor for ExpressRoute
Monitoring agents are installed on multiple servers, both on-premises and in Azure. The agents communicate with each other by sending TCP handshake packets. The communication between the agents allows Azure to map the network topology and path the traffic could take.
Install and configure agents on-premises Download the agent setup file
Navigate to the Log Analytics workspace and select Agents management under Settings. Download the agent that corresponds to your machine's operating system.


Next, copy the Workspace ID and Primary Key to Notepad.
3. Etc.
Note:
Connection Monitor is a cloud-based network monitoring solution that monitors connectivity between Azure cloud deployments and on-premises locations (Branch offices, etc.). Connection Monitor is part of Azure Monitor logs. The extension also lets you monitor network connectivity for your private and Microsoft peering connections. When you configure Connection Monitor for ExpressRoute, you can detect network issues to identify and eliminate.
With Connection Monitor for ExpressRoute you can:
Monitor loss and latency across various VNets and set alerts. Monitor all paths (including redundant paths) on the network.
Troubleshoot transient and point-in-time network issues that are difficult to replicate.
Help determine a specific segment on the network that is responsible for degraded performance.


Reference:

https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-connection-monitor



Viewing Page 7 of 69



Share your comments for Microsoft AZ-104 exam with other users:

Alex 5/24/2025 12:54:15 AM

Can I trust to this source?
Anonymous