1. Home
  2. AZ-104 Free Questions
Free Demo Questions

Test Online Free Microsoft AZ-104 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free AZ-104 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Nov 19, 2025 212 Questions 15 Pages
Get AZ-104 Full Access
Page 12 of 15
Previous Page
Next Page
Question 166 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet 1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You join Computer2 to Azure Active Directory (Azure AD)
Does this meet the goal?

Answer:
Explanation:
A client computer that connects to a VNet using Point-to-Site must have a client certificate installed.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 167 Written Answer
You have an Azure subscription that contains the Azure virtual machines shown in the following table.



You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.



You run Azure Network Watcher as shown in the following exhibit.



You run Network Watcher again as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: No
It limits traffic to VM2, but not VM1 traffic.
Box 2: Yes
Yes, the destination is VM2.
Box 3: No
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Question 168 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS 1.
You need to deploy a YAML file to AKS 1.
Solution: From Azure Cloud Shell, you run az aks.
Does this meet the goal?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

45 1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS 1.
You need to deploy a YAML file to AKS 1.
Solution: From Azure Cloud Shell, you run the kubectl client.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
Question 169 Written Answer
You have an Azure subscription named Subscription 1.
In Subscription1, you create an alert rule named Alert 1.
The Alert1 action group is configured as shown in the following exhibit.



Alert1 alert criteria triggered every minute.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: 60
One alert per minute will trigger one email per minute.
Box 2: 12
No more than 1 SMS every 5 minutes can be send, which equals 12 per hour.
Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable.
The rate limit thresholds are:
SMS: No more than 1 SMS every 5 minutes.
Voice: No more than 1 Voice call every 5 minutes.
Email: No more than 100 emails in an hour.
Other actions are not rate limited.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-rate-limiting
Question 170 Selectable Answer
You have an Azure subscription named Subscription 1. Subscription1 contains a virtual machine named VM 1.
You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.
You add a network interface named vm1173 to VM1 as shown in the exhibit. (Click the Exhibit tab.)



From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.
You need to establish a Remote Desktop connection to VM 1.
What should you do first?

Answer:
Explanation:
Incorrect Answers:
A: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. RDP already has the lowest number and thus the highest priority.
B: The network interface has already been added to VM.
C: The Outbound rules are fine.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 171 Written Answer
You have Azure subscription that includes following Azure file shares:



You have the following on-premises servers:



You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group 1.
Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync 1. You add D:\Folder1 on Server1 as a server endpoint of Group 1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: No
Group1 already has a cloud endpoint named Share 1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group.
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
Question 172 Written Answer
You have an Azure Active Directory (Azure AD) tenant named adatum.com.
Adatum.com contains the groups in the following table.



You create two user accounts that are configured as shown in the following table.



To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: Group 1 only
City starts with M, but their department is excluded for Group 2.
Box 2: Group1 and Group2 only
City starts with M, no restrictions for Group 2. Also, can belong to O365 Group regardless if user has O365 assigned or not. (Note: there might be a typo in the question about “Human resources” and “human resource”. If there is no typo, then the answer should be Group1 only)
References: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/datatypes-string-operators

12 1. You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
A. Idle Time-out (minutes) to 20
B. Floating IP (direct server return) to Disabled
C. Floating IP (direct server return) to Enabled
D. Session persistence to Client IP and protocol
Answer: D
Explanation:
You can set the sticky session in load balancer rules with setting the session persistence as the client IP and protocol. Client IP and Protocol specifies that successive requests from the same client IP address and protocol combinations will be handles by the same VM.
References: https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions
Question 173 Selectable Answer
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)



No devices are connected to VNet 1.
You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?

Answer:
Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet 1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq
Question 174 Written Answer
You have Azure Storage accounts as shown in the following exhibit.



Use the drop-down menus to select the answ er choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: storageaccount1 and storageaccount2 only
Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
✑ General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
✑ Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
✑ General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
Question 175 Selectable Answer
You have two Azure virtual machines named VM1 and VM2.
You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV 1.
You need to use RSV2 to protect VM2.
What should you do first?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

15 1. You have an Azure virtual machine named VM1 that you use for testing.
VM1 is protected by Azure Backup.
You delete VM 1.
You need to remove the backup data stored for VM 1.
What should you do first?
A. Modify the backup policy.
B. Delete the Recovery Services vault.
C. Stop the backup.
D. Delete the storage account.
Answer: C
Explanation:
Stop backup and delete recovery services vault, if no other backups. https://docs.microsoft.com/en-us/azure/backup/tutorial-backup-vm-at-scale
Question 176 Selectable Answer
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.
After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.
To achieve this, the Per Enabled User setting must be set for the usage model.
Solution: You reconfigure the existing usage model via the Azure portal.
Does the solution meet the goal?

Answer:
Explanation:
Since it is not possible to change the usage model of an existing provider as it is right now, you have to create a new one and reactivate your existing server with activation credentials from the new provider.
Reference: https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-authentication-server/
Question 177 Written Answer
You have an Azure subscription.
You need to use an Azure Resource Manager (ARM) template to create a virtual machine that will have multiple data disks.
How should you complete the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:

Question 178 Written Answer
You have an Azure subscription named Subscription1 that contains the resources in the following table.



VM1 and VM2 run the websites in the following table.



AppGW1 has the backend pools in the following table.



DNS resolves site 1. contoso.com, site2.contoso.com, and site3.contoso.com to the IP address of AppGW 1.
AppGW1 has the listeners in the following table.



AppGW1 has the rules in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Vm1 is in Pool 1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com
Question 179 Written Answer
You have two Azure virtual machines as shown in the following table.



You create the Azure DNS zones shown in the following table.



You perform the following actions:
- To fabrikam.com, you add a virtual network link to vnet1 and enable auto registration.
- For contoso.com, you assign vm1 and vm2 the Owner role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worm one point.


Answer:

Question 180 Selectable Answer
You have an Azure subscription that contains a resource group named RG 1. RG1 contains 100 virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance.
You need to associate each virtual machine to a specific cost center.
What should you do?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

14 1. You have an Azure policy as shown in the following exhibit.



Which of the following statements are true?
A. You can create Azure SQL servers in ContosoRG 1.
B. You are prevented from creating Azure SQL servers anywhere in Subscription 1.
C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
D. You can create Azure SQL servers in any resource group within Subscription 1.
Answer: A
Explanation:
You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1
Showing page 12 of 15
Previous Page
Next Page

All copyrights reserved 2026 PassQuestion NETWORK CO.,LIMITED. All Rights Reserved.

Passquestion doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All Passquestion content is sourced from the Internet.