New Page 1

Skills measured
Manage Azure identities and governance (15-20%)
Implement and manage storage (15-20%)
Deploy and manage Azure compute resources (20-25%)
Configure and manage virtual networking (25-30%)
Monitor and back up Azure resources (10-15%)


This exam was updated on September 24, 2021. Following the current exam guide, we have included a version of the exam guide with Track Changes set to “On,” showing the changes that were made to the exam on that date.

Audience Profile
Candidates for this exam should have subject matter expertise implementing, managing, and monitoring an organization’s Microsoft Azure environment.
Responsibilities for this role include implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, when needed.
An Azure administrator often serves as part of a larger team dedicated to implementing an organization’s cloud infrastructure.

A candidate for this exam should have at least six months of hands-on experience administering Azure, along with a strong understanding of core Azure services, Azure workloads, security, and governance. In addition, this role should have experience using PowerShell, Azure CLI, Azure portal, and Azure Resource Manager templates.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we assess that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Manage Azure identities and governance (15–20%)
Manage Azure Active Directory (Azure AD) objects

 create users and groups
 create administrative units
 manage user and group properties
 manage device settings
 perform bulk user updates
 manage guest accounts
 configure Azure AD join
 configure self-service password reset

Manage role-based access control (RBAC)

 create a custom role
 provide access to Azure resources by assigning roles at different scopes
 interpret access assignments

Manage subscriptions and governance

 configure Azure policies
 configure resource locks
 apply and manage tags on resources
 manage resource groups
 manage subscriptions
 manage costs
 configure management groups

Implement and manage storage (15–20%)

Secure storage
 configure network access to storage accounts
 create and configure storage accounts
 generate shared access signature (SAS) tokens
 manage access keys
 configure Azure AD authentication for a storage account
 configure access to Azure Files

Manage storage

 export from Azure job
 import into Azure job
 install and use Azure Storage Explorer
 copy data by using AZCopy
 implement Azure Storage replication
 configure blob object replication

Configure Azure files and Azure Blob Storage

 create an Azure file share
 create and configure Azure File Sync service
 configure Azure Blob Storage
 configure storage tiers
 configure blob lifecycle management

Deploy and manage Azure compute resources (20–25%)

Automate deployment of virtual machines (VMs) by using Azure Resource Manager templates
 modify an Azure Resource Manager template
 configure a virtual hard disk (VHD) template
 deploy from a template
 save a deployment as an Azure Resource Manager template
 deploy virtual machine extensions

Configure VMs

 configure Azure Disk Encryption
 move VMs from one resource group to another
 manage VM sizes
 add data disks
 configure networking
 redeploy VMs
 configure high availability
 deploy and configure virtual machine scale sets

Create and configure containers
 configure sizing and scaling for Azure Container Instances
 configure container groups for Azure Container Instances
 configure storage for Azure Kubernetes Service (AKS)
 configure scaling for AKS
 configure network connections for AKS
 upgrade an AKS cluster

Create and configure Azure App Service

 create an App Service plan
 configure scaling settings in an App Service plan
 create an App Service
 secure an App Service
 configure custom domain names
 configure backup for an App Service
 configure networking settings
 configure deployment settings

Configure and manage virtual networking (25–30%)

Implement and manage virtual networking
 create and configure virtual networks, including peering
 configure private and public IP addresses
 configure user-defined network routes
 implement subnets
 configure endpoints on subnets
 configure private endpoints
 configure Azure DNS, including custom DNS settings and private or public DNS zones

Secure access to virtual networks

 create security rules
 associate a network security group (NSG) to a subnet or network interface
 evaluate effective security rules
 implement Azure Firewall
 implement Azure Bastion

Configure load balancing
 configure Azure Application Gateway
 configure an internal or public load balancer
 troubleshoot load balancing

Monitor and troubleshoot virtual networking
 monitor on-premises connectivity
 configure and use Azure Monitor for Networks
 use Azure Network Watcher
 troubleshoot external networking
 troubleshoot virtual network connectivity

Integrate an on-premises network with an Azure virtual network

 create and configure Azure VPN Gateway
 create and configure Azure ExpressRoute
 configure Azure Virtual WAN

Monitor and back up Azure resources (10–15%)
Monitor resources by using Azure Monitor

 configure and interpret metrics
 configure Azure Monitor logs
 query and analyze logs
 set up alerts and actions
 configure Application Insights

Implement backup and recovery

 create a Recovery Services vault
create a Backup vault
 create and configure backup policy
 perform backup and restore operations by using Azure Backup
 perform site-to-site recovery by using Azure Site Recovery
 configure and review backup reports


QUESTION 1
Your company has serval departments. Each department has a number of virtual machines (VMs).
The company has an Azure subscription that contains a resource group named RG1.
All VMs are located in RG1.
You want to associate each VM with its respective department.
What should you do?

A. Create Azure Management Groups for each department.
B. Create a resource group for each department.
C. Assign tags to the virtual machines.
D. Modify the settings of the virtual machines.

Answer: C

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags


QUESTION 2
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor
Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings.
Does the solution meet the goal?

A. Yes
B. No

Answer: B


QUESTION 3
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor
Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?

A. Yes
B. No

Answer: B


QUESTION 4
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor
Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?

A. Yes
B. No

Answer: A


QUESTION 5
You are planning to deploy an Ubuntu Server virtual machine to your company’s Azure subscription.
You are required to implement a custom deployment that includes adding a particular trusted root certification
authority (CA).
Which of the following should you use to create the virtual machine?

A. The New-AzureRmVm cmdlet.
B. The New-AzVM cmdlet.
C. The Create-AzVM cmdlet.
D. The az vm create command.

Answer: C

Explanation:
Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, using the –customdata parameter to provide the full path to the cloud-init.txt file.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment

Examkingdom Microsoft AZ-104 Exam pdf, Certkingdom Microsoft AZ-104 PDF

MCTS Training, MCITP Trainnig

Best Microsoft Azure AZ-104 Certification, Microsoft AZ-104 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]