Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

🎁 Get 20% Off - Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Home » Others » AZ-104 Microsoft Azure Administrator Sample Exam Questions

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Last updated on December 12, 2024

Here are 10 AZ-104 Microsoft Azure Administrator practice exam questions to help you gauge your readiness for the actual exam.

Question 1

Your company has an Azure Storage account named TutorialsDojo1.

You have to copy your files hosted on your on-premises network to TutorialsDojo1 using AzCopy.

What Azure Storage services will you be able to copy your data into?

  1. Table and Queue only
  2. Blob, Table, and File only
  3. Blob, File, Table, and Queue
  4. Blob and File only

Correct Answer: 4

The Azure Storage platform is Microsoft’s cloud storage solution for modern data storage scenarios. Core storage services offer a massively scalable object store for data objects, disk storage for Azure virtual machines (VMs), a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store.

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data. 

Blob storage is designed for:

– Serving images or documents directly to a browser.

– Storing files for distributed access.

– Streaming video and audio.

– Writing to log files.

– Storing data for backup and restore disaster recovery, and archiving.

– Storing data for analysis by an on-premises or Azure-hosted service. 

Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. That means that multiple VMs can share the same files with both read and write access. You can also read the files using the REST interface or the storage client libraries.

One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token. You can generate SAS tokens; they allow specific access to a private asset for a specific amount of time.

File shares can be used for many common scenarios:

– Many on-premises applications use file shares. This feature makes it easier to migrate those applications that share data to Azure. If you mount the file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal, if any, changes.

– Configuration files can be stored on a file share and accessed from multiple VMs. Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them and that they use the same version.

– Diagnostic logs, metrics, and crash dumps are just three examples of data that can be written to a file share and processed or analyzed later.

Hence, the correct answers are: Blob and File only.

The option that says: Table and Queue only is incorrect because Table and Queue are not supported services by AzCopy. 

The option that says: Blob, Table, and File only is incorrect because Table is not a supported service by AzCopy. The AzCopy command-line utility can only copy blobs or files to or from a storage account.

The option that says: Blob, File, Table, and Queue is incorrect. Although Blob and File types are supported by AzCopy, the Table and Queue services are not supported.

References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Check out this Azure Storage Overview Cheat Sheet:
https://tutorialsdojo.com/azure-storage-overview/

Azure Blob vs. Disk vs. File Storage:
https://tutorialsdojo.com/azure-blob-vs-disk-vs-file-storage/

Question 2

Your organization has deployed multiple Azure virtual machines configured to run as web servers and an Azure public load balancer named TD1.

There is a requirement that TD1 must consistently route your user’s request to the same web server every time they access it.

What should you configure?

  1. Hash based
  2. Session persistence: None
  3. Session persistence: Client IP
  4. Health probe

Correct Answer: 3

A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Session persistence is also known session affinity, source IP affinity, or client IP affinity. This distribution mode uses a two-tuple (source IP and destination IP) or three-tuple (source IP, destination IP, and protocol type) hash to route to backend instances.

When using session persistence, connections from the same client will go to the same backend instance within the backend pool.

Session persistence mode has two configuration types:

– Client IP (2-tuple) – Specifies that successive requests from the same client IP address will be handled by the same backend instance.

– Client IP and protocol (3-tuple) – Specifies that successive requests from the same client IP address and protocol combination will be handled by the same backend instance.

Hence, the correct answer is: Session persistence: Client IP.

Hash based is incorrect because this simply allows traffic from the same client IP to be routed to any healthy instance in the backend pool. You would need session persistence if you need users to connect to the same virtual machine for each request.

Session persistence: None is incorrect because this will route the user request to any health instance in the backend pool.

Health probe is incorrect because this is only used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance is healthy and can receive traffic.

References:
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://learn.microsoft.com/en-us/azure/load-balancer/distribution-mode-concepts

Check out this Azure Load Balancer Cheat Sheet:
https://tutorialsdojo.com/azure-load-balancer/

Question 3

Your company has a Microsoft Entra ID tenant named tutorialsdojo.onmicrosoft.com and a public DNS zone for tutorialsdojo.com.

Tutorials dojo strip

You added the custom domain name tutorialsdojo.com to Microsoft Entra ID. You need to verify that Azure can verify the domain name.

What DNS record type should you use?

  1. A
  2. CNAME
  3. SOA
  4. MX

Correct Answer: 4

Microsoft Entra ID is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Microsoft Entra ID also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.

Every new Microsoft Entra ID tenant comes with an initial domain name, <domainname>.onmicrosoft.com. You can’t change or delete the initial domain name, but you can add your organization’s names. Adding custom domain names helps you to create user names that are familiar to your users, such as azure@tutorialsdojo.com.

You can verify your custom domain name by using TXT or MX record types.

Hence, the correct answer is: MX.

A, CNAME, and SOA are incorrect because these record types are not supported by the Microsoft Entra ID for verifying your custom domain. Only TXT and MX record types are supported.

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

Check out this Microsoft Entra ID Cheat Sheet:

https://tutorialsdojo.com/microsoft-entra-id/

Question 4

You have an existing Azure subscription that has the following Azure Storage accounts.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

There is a requirement to identify the storage accounts that can be converted to zone-redundant storage (ZRS) replication. This must be done only through a live migration from Azure Support.

Which of the following accounts can you convert to ZRS?

  1. tdaccount1
  2. tdaccount2
  3. tdaccount3
  4. tdaccount4

Correct Answer: 1

Azure Storage always stores multiple copies of your data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures.

When deciding which redundancy option is best for your scenario, consider the tradeoffs between lower costs and higher availability. The factors that help determine which redundancy option you should choose to include are:

– How your data is replicated in the primary region.

– Whether your data is replicated to a second region that is geographically distant to the primary region, to protect against regional disasters.

– Whether your application requires read access to the replicated data in the secondary region if the primary region becomes unavailable for any reason.

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers four options for how your data is replicated:

  1. Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option but is not recommended for applications requiring high availability.
  2. Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability.
  3. Geo-redundant storage (GRS) copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region.
  4. Geo-zone-redundant storage (GZRS) copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region.

You can switch a storage account from one type of replication to any other type, but some scenarios are more straightforward than others. If you want to add or remove geo-replication or read access to the secondary region, you can use the Azure portal, PowerShell, or Azure CLI to update the replication setting. However, if you want to change how data is replicated in the primary region, by moving from LRS to ZRS or vice versa, then you must perform a manual migration.

The following table provides an overview of how to switch from each type of replication to another:

AZ-104 Microsoft Azure Administrator Sample Exam Questions

To request a live migration to ZRS, GZRS, or RA-GZRS, you need to migrate your storage account from LRS to ZRS in the primary region with no application downtime. To migrate from LRS to GZRS or RA-GZRS, first switch to GRS or RA-GRS and then request a live migration. Similarly, you can request a live migration from GRS or RA-GRS to GZRS or RA-GZRS. To migrate from GRS or RA-GRS to ZRS, first switch to LRS, then request a live migration.

Live migration is supported only for storage accounts that use LRS or GRS replication. If your account uses RA-GRS then you need to first change your account’s replication type to either LRS or GRS before proceeding. This intermediary step removes the secondary read-only endpoint provided by RA-GRS before migration.

Hence, the correct answer is: tdaccount1.

tdaccount2 is incorrect because you need to first change your account’s replication type to either LRS or GRS before you change to zone-redundant storage (ZRS). The requirement states that you must only request live migration.

tdaccount3 is incorrect because a general-purpose V1 storage account type does not support zone-redundant storage (ZRS) as its replication option. Only General-purpose V2, FileStorage, and BlockBlobStorage support ZRS.

tdaccount4 is incorrect because a BlobStorage account type does not support zone-redundant storage (ZRS) as its replication option. Only General-purpose V2, FileStorage, and BlockBlobStorage support ZRS.

References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/redundancy-migration

Check out these Azure Cheat Sheets:
https://tutorialsdojo.com/azure-storage-overview/
https://tutorialsdojo.com/locally-redundant-storage-lrs-vs-zone-redundant-storage-zrs/

Question 5

A company has two virtual networks named TDVnet1 and TDVnet2. A site-to-site VPN, using a VPN Gateway (TDGW1) with static routing, connects your on-premises network to TDVnet1. On your Windows 10 computer, TD1, you’ve set up a point-to-site VPN connection to TDVnet1.

You’ve recently established a virtual network peering between TDVnet1 and TDVnet2. Tests confirm connectivity to TDVnet2 from your on-premises network and to TDVnet1 from TD1. However, TD1 is currently unable to access TDVnet2.

What steps are necessary to enable a connection from TD1 to TDVnet2?

  1. Enable transit gateway for TDVnet1.
  2. Restart TDGW1 to re-establish the connection.
  3. Download the VPN client configuration file and re-install it on TD1.
  4. Enable transit gateway for TDVnet2.

Correct Answer: 3

Point-to-Site (P2S) VPN connection allows you to create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client’s computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a helpful solution to utilize instead of S2S VPN when you have only a few clients that need to connect to a VNet. 

AZ-104 Microsoft Azure Administrator Sample Exam Questions

As part of the Point-to-Site configuration, you install a certificate and a VPN client configuration package which are contained in a zip file. Configuration files provide the settings required for a native Windows, Mac IKEv2 VPN, or Linux clients to connect to a virtual network over Point-to-Site connections that use native Azure certificate authentication and are specific to the VPN configuration for the virtual network.

Take note that after creating the point-to-site connection between TD1 and TDVnet1, there is already a change in network topology when you created the virtual network peering with TDVnet1 and TDVnet2. Whenever there is a change in the topology of your network, you will always need to download and re-install the VPN configuration file.

Hence, the correct answer is: Download the VPN client configuration file and re-install it on TD1.

The option that says: Restart TDGW1 to re-establish the connection is incorrect because restarting the VPN gateway is only done when you lose cross-premises VPN connectivity on one or more Site-to-Site VPN tunnels. In this scenario, TD1 can connect to TDVnet1 which implies that TDGW1 is working and running.

The options that say: Enable transit gateway for TDVnet1 and Enable transit gateway for TDVnet2 are incorrect. Transit gateway is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity. Since TDVnet2 can connect to the on-premises network, it means that the transit gateway is already enabled and as such, enabling the transit gateway is not necessary.

References:

https://azure.microsoft.com/en-us/services/vpn-gateway/

https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

 

Check out this Azure VPN Gateway Cheat Sheet:

https://tutorialsdojo.com/azure-vpn-gateway/

Question 6

You have a file share in your Azure subscription named Manila-Subscription-01.

You plan to synchronize files from your on-premises file server named TDFileServer1 to Azure.

You created an Azure file share and a storage sync service.

Which four actions should you perform in sequence to synchronize files from TDFileServer1 to Azure?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

 

Correct Answer: 

Deploy the Azure File Sync agent to TDFileServer1 

Register TDFileServer1 with Storage Sync Service 

Create a sync group and a cloud endpoint 

Create a server endpoint 

Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. That means that multiple VMs can share the same files with both read and write access. You can also read the files using the REST interface or the storage client libraries.

One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token. You can generate SAS tokens; they allow specific access to a private asset for a specific amount of time.

File shares can be used for many common scenarios:

1. Many on-premises applications use file shares. This feature makes it easier to migrate those applications that share data to Azure. If you mount the file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal, if any, changes.

2. Configuration files can be stored on a file share and accessed from multiple VMs. Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them and that they use the same version.

3. Resource logs, metrics, and crash dumps are just three examples of data that can be written to a file share and processed or analyzed later.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

You can use Azure File Sync to centralize your organization’s file shares in Azure Files while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

You can sync TDFileServer1 to Azure using the following steps in order:

1. Prepare Windows Server to use with Azure File Sync

– You need to disable Internet Explorer Enhanced Security Configuration in your server. This is required only for initial server registration. You can re-enable it after the server has been registered.

2. Deploy the Storage Sync Service

– Allows you to create sync groups that contain Azure file shares across multiple storage accounts and multiple registered Windows Servers.

3. Deploy the Azure File Sync agent to TDFileServer1

– The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share.

4. Register TDFileServer1 with Storage Sync Service

– This establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service.

– 5. Create a sync group and a cloud endpoint

– A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other.

6. Create a server endpoint

– A server endpoint represents a specific location on a registered server, such as a folder on a server volume.

Hence, the correct order of deployment are:

1. Deploy the Azure File Sync agent to TDFileServer1

2. Register TDFileServer1 with Storage Sync Service

3. Create a sync group and a cloud endpoint

4. Create a server endpoint

References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

Check out this Azure Files Cheat Sheet:
https://tutorialsdojo.com/azure-file-storage/

Question 7

You have an Azure subscription named Davao-Subscription1.

You will be deploying a three-tier application as shown below:

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Due to compliance requirements, you need to find a solution for the following:

  • Traffic between the web tier and application tier must be spread equally across all the virtual machines.

  • The web tier must be protected from SQL injection attacks.

Free AWS Courses

Which Azure solution would you recommend for each requirement?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

AZ-104 Microsoft Azure Administrator Sample Exam Questions

 

Correct Answer: 

Traffic between the web tier and application tier must be spread equally across all the virtual machines.: Internal Load Balancer

The web tier must be protected from SQL injection attacks.: Application Gateway WAF tier

Private (or Internal) Load balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). Private load balancer distributes traffic to resources that are inside a virtual network.

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. For example, you can route traffic based on the incoming URL. So if /images are in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits. This is done through rules that are defined based on the OWASP core rule sets 3.1, 3.0, or 2.2.9. These rules can be disabled on a rule-by-rule basis.

The WAF protects against the following web vulnerabilities:

– SQL injection attacks

– Cross-site scripting attacks

– Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion

– HTTP protocol violations

– HTTP protocol anomalies, such as missing host user-agent and accept headers

– Bots, crawlers, and scanners

– Common application misconfigurations (for example, Apache and IIS)

Take note that Internal load balancers distribute traffic within a VNET while public load balancers balance traffic to and from an internet-connected endpoint.

Therefore, you have to use the Internal Load Balancer to equally spread traffic between your web tier and application tier virtual machines.

Conversely, to protect your web tier from SQL injection attacks, you need to deploy the Application Gateway WAF tier.

Public Load Balancer is incorrect because you only use this if you want to load balance Internet traffic to your virtual machines. Public Load Balancer also does not support WAF protection for your web tier.

Traffic Manager is incorrect because Traffic Manager does not protect your application from SQL injection attacks. This service is mainly used for DNS-based traffic load balancing.

Application Gateway Standard tier is incorrect because the standard tier cannot protect your web tier from SQL Injection attacks. You have to use the Application Gateway WAF tier instead.

References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
https://docs.microsoft.com/en-us/azure/application-gateway/understanding-pricing

Check out these Azure Networking Services Cheat Sheets:
https://tutorialsdojo.com/azure-load-balancer/
https://tutorialsdojo.com/azure-application-gateway/

Question 8

You have the following resources deployed in Azure:

azure104-1-08 image

There is a requirement to connect TDVnet1 and TDVnet2.

What should you do first?

  1. Create virtual network peering.
  2. Change the address space of TDVnet2.
  3. Transfer TDVnet1 to TD2.
  4. Transfer VM1 to TD2.

Correct Answer: 1

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

There are two ways to connect two virtual networks, based on your specific scenario and needs, you might want to pick one over the other.

VNet Peering provides low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public Internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections.

VPN Gateways provide a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth restrictions are tolerable. In these scenarios, customers are also not latency-sensitive.

Hence, the correct answer is: Create virtual network peering.

The option that says: Change the address space of TDVnet2 is incorrect because the address spaces of TDVnet1(10.1.0.0/16) and TDVnet2(10.10.0.0/18) do not overlap. Therefore, you can directly connect the two VMs by creating two virtual network gateways without changing the IP address ranges.

The options that say: Transfer TDVnet1 to TD2 and Transfer VM1 to TD2 are incorrect because VNet-to-VNet connections that use VPN gateways work across Microsoft Entra Tenant. You can also connect two virtual networks that have different subscriptions.

References: 
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

Check out this Azure Virtual Network Cheat Sheet:
https://tutorialsdojo.com/azure-virtual-network-vnet/

Question 9

You have an Azure subscription that contains an Azure virtual network named TDVnet1 with an address space of 10.1.0.0/18 and a subnet named TDSub1 with an address space of 10.1.0.0/22.

You need to connect your on-premises network to Azure by using a site-to-site VPN.

Which four actions should you perform in sequence?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Correct Answer: 

Deploy a gateway subnet 

Deploy a VPN gateway 

Deploy a local network gateway 

Deploy a VPN connection 

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.

You can create a site-to-site VPN connection by deploying the following in order:

1. Deploy a virtual network

2. Deploy a gateway subnet

– You need to create a gateway subnet for your VNet in order to configure a virtual network gateway. All gateway subnets must be named ‘GatewaySubnet’ to work properly. Don’t name your gateway subnet something else. It is recommended that you create a gateway subnet that uses a /27 or /28.

3. Deploy a VPN gateway

– A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.

4. Deploy a local network gateway

– The local network gateway is a specific object that represents your on-premises location (the site) for routing purposes.

5. Deploy a VPN connection

– A VPN connection creates the link for the VPN gateway and local network gateway. It also gives you the status of your site-to-site connection.

Since you have deployed TDVnet1, the next step is to deploy a gateway subnet.

Hence, the correct order of deployment are:

1. Deploy a gateway subnet

2. Deploy a VPN gateway

3. Deploy a local network gateway

4. Deploy a VPN connection

References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Check out this Azure VPN Gateway Cheat Sheet:
https://tutorialsdojo.com/azure-vpn-gateway/

Question 10

Your company has an Azure subscription that contains the following resources:

 
AZ-104 Microsoft Azure Administrator Sample Exam Questions

You plan to create an internal load balancer with the following parameters:

  • Name: TDB1
  • SKU: Basic
  • Subnet: TDSub2
  • Virtual network: TDVnet1

For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Correct Answer: Yes, No, No

Private (or Internal) Load balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). A private load balancer distributes traffic to resources that are inside a virtual network. Azure restricts access to the frontend IP addresses of a virtual network that is load balanced. Front-end IP addresses and virtual networks are never directly exposed to an internet endpoint. Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources.

AZ-104 Microsoft Azure Administrator Sample Exam Questions

Take note that in this scenario, you need to determine if you can load balance traffic in between virtual machines according to the parameters of TDB1. TD1 and TD2 are the only virtual machines that are associated with an availability set. In the image above, it states that only virtual machines within a single availability set or virtual machine scale set can be used as backend pool endpoints for load balancers that use Basic as its SKU.

The backend pool is a critical component of the load balancer. The backend pool defines the group of resources that will serve traffic for a given load-balancing rule.

Hence, this statement is correct: Traffic between TD1 and TD2 can be load balanced by TDB1

The following statements are incorrect because TDB1 is using the Basic SKU. Since the virtual machines below do not have an availability set or a virtual machine scale set, it does not have the capability to load balance the traffic.

– Traffic between TD3 and TD4 can be load balanced by TDB1

– Traffic between TD5 and TD6 can be load balanced by TDB1

References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://docs.microsoft.com/en-us/azure/load-balancer/skus

Check out this Azure Load Balancer Cheat Sheet:
https://tutorialsdojo.com/azure-load-balancer/

For more practice questions like these and to further prepare you for the actual AZ-900 AZ-104 Microsoft Azure Administrator exam, we recommend that you take our top-notch AZ-104 Microsoft Azure Administrator Practice Exams, which simulate the real unique question types in the AZ-900 exam such as drag and drop, dropdown, and hotspot.

Also, check out our AZ-104 Microsoft Azure Administrator exam study guide here.

Get 20% Off – Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Follow Us On Linkedin

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?