top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
Search
  • Writer's pictureKaty Morgan
    • Sep 16, 2021
    • 6 min read

Introduction to Microsoft Certified - Azure Administrator Associate Exam

The Microsoft AZ-104 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the Azure Administrator certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guides for the Microsoft Azure Administrator will help guide you through the study process for your certification.

AZ-104 pdf, AZ-104 questions, AZ-104 exam guide, AZ-104 practice test, AZ-104 books, AZ-104 Syllabus, AZ-104

AZ-104 Microsoft Azure Administrator Exam Summary


Exam Name: Microsoft Azure Administrator

Exam Code: AZ-104

Exam Price: $165 (USD)

Duration: 120 mins

Number of Questions: 40-60

Passing Score: 700 / 1000

Schedule Exam: Pearson VUE


Exam Syllabus: AZ-104 Microsoft Certified - Azure Administrator Associate


1. Manage Azure identities and governance (15-20%)

Manage Azure AD objects

- create users and groups

- manage user and group properties

- manage device settings

- perform bulk user updates

- manage guest accounts

- configure Azure AD Join

- configure self-service password reset

- NOT: Azure AD Connect; PIM


Manage role-based access control (RBAC)

- create a custom role

- provide access to Azure resources by assigning roles

● subscriptions

● resource groups

● resources (VM, disk, etc.)

- interpret access assignments

- manage multiple directories


Manage subscriptions and governance

- configure Azure policies

- configure resource locks

- apply tags

- create and manage resource groups

● move resources

● remove RGs

- manage subscriptions

- configure Cost Management

- configure management groups

2. Implement and manage storage (10-15%)

Manage storage accounts

- configure network access to storage accounts

- create and configure storage accounts

- generate shared access signature

- manage access keys

- implement Azure storage replication

- configure Azure AD Authentication for a storage account


Manage data in Azure Storage

- export from Azure job

- import into Azure job

- install and use Azure Storage Explorer

- copy data by using AZCopy


Configure Azure files and Azure blob storage

- create an Azure file share

- create and configure Azure File Sync service

- configure Azure blob storage

- configure storage tiers for Azure blobs


3. Deploy and manage Azure compute resources (25-30%)

Configure VMs for high availability and scalability

- configure high availability

- deploy and configure scale sets


Automate deployment and configuration of VMs

- modify Azure Resource Manager (ARM) template

- configure VHD template

- deploy from template

- save a deployment as an ARM template

- automate configuration management by using custom script extensions


Create and configure VMs

- configure Azure Disk Encryption

- move VMs from one resource group to another

- manage VM sizes

- add data discs

- configure networking

- redeploy VMs


Create and configure containers

- create and configure Azure Kubernetes Service (AKS)

- create and configure Azure Container Instances (ACI)

- NOT: selecting an container solution architecture or product; container registry settings


Create and configure Web Apps

- create and configure App Service

- create and configure App Service Plans

- NOT: Azure Functions; Logic Apps; Event Grid


4. Configure and manage virtual networking (30-35%)

Implement and manage virtual networking

- create and configure VNET peering

- configure private and public IP addresses, network routes, network interface, subnets, and virtual network


Configure name resolution

- configure Azure DNS

- configure custom DNS settings

- configure a private or public DNS zone


Secure access to virtual networks

- create security rules

- associate an NSG to a subnet or network interface

- evaluate effective security rules

- deploy and configure Azure Firewall

- deploy and configure Azure Bastion Service

- NOT: Implement Application Security Groups; DDoS


Configure load balancing

- configure Application Gateway

- configure an internal load balancer

- configure load balancing rules

- configure a public load balancer

- troubleshoot load balancing

- NOT: Traffic Manager and FrontDoor and PrivateLink


Monitor and troubleshoot virtual networking

- monitor on-premises connectivity

- use Network Performance Monitor

- use Network Watcher

- troubleshoot external networking

- troubleshoot virtual network connectivity


Integrate an on-premises network with an Azure virtual network

- create and configure Azure VPN Gateway

- create and configure VPNs

- configure ExpressRoute

- configure Azure Virtual WAN


5. Monitor and back up Azure resources (10-15%)

Monitor resources by using Azure Monitor

- configure and interpret metrics

  • analyze metrics across subscriptions

- configure Log Analytics

  • implement a Log Analytics workspace

  • configure diagnostic settings

- query and analyze logs

  • create a query

  • save a query to the dashboard

  • interpret graphs

- set up alerts and actions

  • create and test alerts

  • create action groups

  • view alerts in Azure Monitor

  • analyze alerts across subscriptions

- configure Application Insights

- NOT: Network monitoring


Implement backup and recovery

- configure and review backup reports


- perform backup and restore operations by using Azure Backup Service


- create a Recovery Services Vault

  • use soft delete to recover Azure VMs

- create and configure backup policy


- perform site-to-site recovery by using Azure Site Recovery


- NOT: SQL or HANA


Microsoft AZ-104 Certification Sample Questions and Answers


To make you familiar with Microsoft Azure Administrator (AZ-104) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for MCA Azure Administrator AZ-104 Certification to test your understanding of Microsoft AZ-104process with real Microsoft certification exam environment.


AZ-104 Microsoft Azure Administrator Sample Questions:-


01. A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application. You create a new web app named WebAppl1 and deploy the web application to WebApp1.

You need to disable anonymous access to WebApp1. What should you configure?

a) Advanced Tools

b) Authentication/ Authorization

c) Access control (IAM)

d) Deployment credentials

02. You are building a custom Azure function app to connect to Azure Event Grid. You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.

What should you configure when you create the function app?

a) the Windows operating system and the Consumption plan hosting plan

b) the Windows operating system and the App Service plan hosting plan

c) the Docker container and an App Service plan that uses the Bl1 pricing tier

d) the Docker container and an App Service plan that uses the SI pricing

03. You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10.

Which outbound port should you open between the home computers and the data file share?

a) 80

b) 443

c) 445

d) 3389

04. You deploy an Azure Application Gateway. You need to ensure that all the traffic requesting https://adatum.com/internal resources is directed to an internal server pool and all the traffic requesting https://adatum.com/external resources is directed to an external server pool.

What should you configure on the Application Gateway?

a) URL path-based routing

b) multi-site listeners

c) basic routing

d) SSL termination

05. Your company has 53 offices distributed across the world. Your company uses Office 365 for all employees and an Active Directory Domain Services (AD DS) domain to manage identity for employees. The Azure AD tenant for Office 365 and the AD DS domain are not connected.

You are asked to implement multi-factor authentication (MFA). You need to ensure that users do not need to provide two-factor authentication when they are connected to the company's network from each of the 53 offices.

What two actions should you perform?

Each correct answer presents part of the solution.

a) Configure federation between your AD DS domain and the Azure AD tenant.

b) Configure a trusted IP address with the value: c:[Type== "http://schemas.microsoft.com/ws/2012/01 /insidecorporatenetwork'] => issue(claim = c);

c) Configure directory synchronization between the Azure AD tenant and the AD DS domain.

d) Configure a trusted IP address with an entry for each subnet in the company's network.

06. The development team asks you to provision an Azure storage account for their use. To remain in compliance with IT security policy, you need to ensure that the new Azure storage account meets the following requirements:

- Data must be encrypted at rest.

- Access keys must facilitate automatic rotation.

- The company must manage the access keys.

What should you do?

a) Configure the storage account to store its keys in Azure Key Vault.

b) Create a service endpoint between the storage account and a virtual network (VNet).

c) Require secure transfer for the storage account.

d) Enable Storage Service Encryption (SSE) on the storage account.

07. You are configuring Azure Active Directory (AD) Privileged Identity Management. You need to provide a user named Admm1 with read access to a resource group named RG1 for only one month. The user role must be assigned immediately.

What should you do?

a) Assign an active role.

b) Assign an eligible role.

c) Assign a permanently active role.

d) Create a custom role and a conditional access policy.

08. You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role. What should you do?

a) Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management.

b) Purchase Enterprise Mobility + Security E3 and configure conditional access policies.

c) Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.

d) Purchase Azure AD Premium PI and enable Azure AD Identity Protection.

09. You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.

You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

What should you create to store the password?

a) Azure Active Directory (AD) Identity Protection and an Azure policy

b) a Recovery Services vault and a backup policy

c) an Azure Key Vault and an access policy

d) an Azure Storage account and an access policy

10. Your company is developing a line-of-business (LOB) application that uses the Azure loT Hub for gathering information from Internet of things (loT) devices. The LOB application uses the loT Hub Service SDK to read device telemetry from the loT Hub.

You need to monitor device telemetry and be able configure alerts based on device telemetry values. Your solution should require the least administrative effort.

What should you do?

a) Use Azure Activity Logs.

b) Enable Azure Monitor resource diagnostics logs on the loT Hub.

c) Use Azure Resource Health.

d) Use Azure Application Insights with the LOB application.


Answers:-


Answer 1:- b

Answer 2:- a

Answer 3:- c

Answer 4:- a

Answer 5:- a, b

Answer 6:- a

Answer 7:- b

Answer 8:- a

Answer 9:- c

Answer 10:- b

4 views0 comments
bottom of page