Intended Target Audience for Microsoft AZ-104 Exam

The Microsoft AZ-104 exam is designed for those Azure enthusiasts who want to work with the platform. It is advisable for anyone going for this certification test to have at least 6 months of experience with the Microsoft Azure platform. The individuals should also have a good understanding of all the Azure concepts and workloads as well as have knowledge pertaining to Cloud infrastructure, operating systems, networking, storage structures, and virtualization. Other than that, you should be well-versed with ARM templates, PowerShell, Azure Portal, and Command Line Interface. If you don’t fulfill these criteria, you might not be able to get the required score in the AZ-104 exam.

Microsoft Azure Administrator Sample Questions (Q317-Q322):

You have an Azure subscription that contains the hierarchy shown in the following exhibit.

You create an Azure Policy definition named Policy1.
To which Azure resources can you assign Policy and which Azure resources can you specify as exclusions from Policy1? To answer, select the appropriate options in the answer NOTE Each correct selection is worth one point.



You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine Task2: Validate outbound connectivity from an Azure virtual machine to an external host Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.



Task 1: IP flow verify
The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.
Task 2: Connection troubleshoot
The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time.

You have Azure subscription that includes following Azure file shares:

You have the following on-premises servers:

You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.



Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group.
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?

  • A. Yes
  • B. No

Answer: B

Section: [none]
Only a global administrator can add users to this tenant.

Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of
You discover that Internet hosts are unable to resolve www.contoso.com to the IP address.
You need to resolve the name resolution issue.
Solution: You modify the name server at the domain registrar.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B



