AZ-104 Real Azure Administrator Practice Test Set 1

You have an Azure subscription that contains the resources shown in the following table.

The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters:

Microsoft.Network/virtualNetworks

Microsoft.Compute/virtualMachines

In RG1, you need to create a new virtual machine named V2, and then connect VM2 to VNET1. What should you do first?


Options are :

  • Remove Microsoft.Compute/virtualMachines from the policy. (Correct)
  • Remove Microsoft.Network/virtualNetworks from the policy.
  • Add a subnet to VNET1.
  • Create an Azure Resource Manager template.

Answer :Remove Microsoft.Compute/virtualMachines from the policy.

AZ-203 Microsoft Certified Azure Developer practice exams Set 15

You have an Azure Active Directory (Azure AD) tenant.

All administrators must enter a verification code to access the Azure portal.

You need to ensure that the administrators can access the Azure portal without entering a verification code when they are connecting from your on-premises network.

Consider that some IP restrictions are included inside the sign in risk policy.

What should you configure?


Options are :

  • the default for all the roles in Azure AD Privileged Identity Management
  • an Azure AD Identity Protection sign-in risk policy (Correct)
  • an Azure AD Identity Protection user risk policy

Answer :an Azure AD Identity Protection sign-in risk policy

You set the multi-factor authentication status for a user named [email protected] to Enabled.Admin1 accesses the Azure portal by using a web browser.Which additional security verifications can Admin1 use when accessing the Azure portal?


Options are :

  • a phone call, an email message that contains a verification code, and a text message that contains an app password
  • an app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app
  • a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app (Correct)
  • an app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app

Answer :a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app

You manage a virtual network named VNet1 that is hosted in the West US Azure region.VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.Solution: From Azure Network Watcher, you create a connection monitor.Does this meet the goal?


Options are :

  • No
  • Yes (Correct)

Answer :Yes

AZ-104 Real Azure Administrator Practice Test Set 6

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain. The tenant contains the users shown in the following table.

Whenever possible, you need to enable Azure Multi-Factor Authentication (MFA) for the users in contoso.com.

Which users should you enable for Azure MFA?


Options are :

  • User1 and User2 only
  • User1, User2, and User3 only
  • User2 only
  • User1, User2, User3, and User4 (Correct)
  • User1 only

Answer :User1, User2, User3, and User4

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.

Your company has a public DNS zone for contoso.com.

You add contoso.com as a custom domain name to Azure AD.You need to ensure that Azure can verify the domain name.

Which type of DNS record should you create?


Options are :

  • TXT (Correct)
  • RRSIG
  • SRV
  • PTR

Answer :TXT

Your company has a main office in London that contains 100 client computers.Three years ago, you migrated to Azure Active Directory (Azure AD).The company's security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.A remote user named User1 is unable to join a personal device to Azure AD from a home network.You verify that other users can join their devices to Azure AD.You need to ensure that User1 can join the device to Azure AD.What should you do?


Options are :

  • From the Device settings blade, modify the Maximum number of devices per user setting. (Correct)
  • From the Device settings blade, modify the Users may join devices to Azure AD setting.
  • Create a point-to-site VPN from the home network of User1 to Azure.
  • Assign the User administrator role to User1.

Answer :From the Device settings blade, modify the Maximum number of devices per user setting.

Ms Azure Administrator - Mock Test Set 8

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network.Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.

You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.

You need to ensure that the users can use single-sign-on (SSO) to access Azure resources.

What should you do first?


Options are :

  • From the on-premises network, request a new certificate that contains the Active Directory domain name.
  • From the server that runs Azure AD Connect, modify the filtering options.
  • From Azure AD, add and verify a custom domain name. (Correct)
  • From the on-premises network, deploy Active Directory Federation Services (AD FS).

Answer :From Azure AD, add and verify a custom domain name.

Azure Log Analytics has many management solutions that help administrators gain value out of complex machine data. These solutions contain pre-built visualizations and queries that help surface insights quickly.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.Your company has a public DNS zone for contoso.com.You add contoso.com as a custom domain name to Azure AD.You need to ensure that Azure can verify the domain name.Which type of DNS record should you create?


Options are :

  • MX (Correct)
  • DNSKEY
  • NSEC
  • SRV

Answer :MX

AZ-203 Microsoft Certified Azure Developer practice exams Set 3

Storage accounts must specify a replication mode. Options are locally redundant, zone-redundant, geo-redundant and read-access georedundant storage.


Options are :

  • TRUE (Correct)
  • FALSE

Answer :TRUE

You have an Azure subscription named Subscription1 and two Azure Active Directory (Azure AD) tenants named Tenant1 and Tenant2.

Subscription1 is associated to Tenant1. Multi-factor authentication (MFA) is enabled for all the users in Tenant1.

You need to enable MFA for the users in Tenant2. The solution must maintain MFA for Tenant1.

What should you do first?


Options are :

  • Create and link a subscription to Tenant2. (Correct)
  • Configure the MFA Server setting in Tenant1.
  • Change the directory for Subscription1.
  • Transfer the administration of Subscription1 to a global administrator of Tenant2.

Answer :Create and link a subscription to Tenant2.

You can configure alerts based on metric alerts (captured from Azure Metrics) to Activity Log alerts that can notify only with an Azure Automation Runbook (and not by email).


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

AZ-104 Real Azure Administrator Practice Test Set 4

You have an Azure Active Directory (Azure AD) tenant.All administrators must enter a verification code to access the Azure portal.You need to ensure that the administrators can access the Azure portal only from your on-premises network.What should you configure?


Options are :

  • the default for all the roles in Azure AD Privileged Identity Management
  • an Azure AD Identity Protection user risk policy.
  • the multi-factor authentication service settings. (Correct)

Answer :the multi-factor authentication service settings.

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected] need to ensure that the vendor can authenticate to the tenant by using [email protected] should you do?


Options are :

  • From Windows PowerShell, run the New-AzureADUser cmdlet and specify the "UserPrincipalName [email protected] parameter.
  • From the Azure portal, add a new guest user, and then specify [email protected] as the email address. (Correct)
  • From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the "UserPrincipalName [email protected] parameter.
  • From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.

Answer :From the Azure portal, add a new guest user, and then specify [email protected] as the email address.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.Solution: From Azure Network Watcher, you create a packet capture.Does this meet the goal?


Options are :

  • No (Correct)
  • Yes

Answer :No

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 1

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.

From Azure, you download and install the VPN client configuration package on a computer named Computer2.

You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.

Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic.

Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (Network Security Groupss) in the subscription.

You need to ensure that when an Network Security Groups is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.

Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

Azure storage accounts provide ___________________ .


Options are :

  • blobs (Correct)
  • queues (Correct)
  • tables (Correct)
  • files (Correct)

Answer :blobs queues tables files

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 4

A resource group template is a JSON file that allows you to declaratively describe a set of resources. These resources can then be added to a new or existing resource group. For example, a template can contain the configuration necessary to create two API App instances, a Mobile App instance, and a Document DB instance.


Options are :

  • TRUE (Correct)
  • FALSE

Answer :TRUE

Queries in Log Analytics can be saved for quick access and visualized and shared using Azure Dashboards. To analyze data outside of Log Analytics you can export the data to Excel and Power BI.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (Network Security Groupss) in the subscription.

You need to ensure that when an Network Security Groups is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?


Options are :

  • No
  • Yes (Correct)

Answer :Yes

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 3

A template can simplify orchestration because you only need to deploy the template to deploy all of your resources.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VM1. VM1 is in a resource group named RG1.VM1 runs services that will be used to deploy resources to RG1.You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.What should you do first?


Options are :

  • From the Azure portal, modify the Policies settings of RG1.
  • From the Azure portal, modify the value of the Managed Service Identity option for VM1. (Correct)
  • From the Azure portal, modify the Access control (IAM) settings of VM1.
  • From the Azure portal, modify the Access control (IAM) settings of RG1.

Answer :From the Azure portal, modify the value of the Managed Service Identity option for VM1.

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected] sign in.Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] " Generic authorization exception."

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?


Options are :

  • From the Organizational relationships blade, add an identity provider.
  • From the Roles and administrators blade, assign the Security administrator role to Admin1.
  • From the Custom domain names blade, add a custom domain.
  • From the Users blade, modify the External collaboration settings. (Correct)

Answer :From the Users blade, modify the External collaboration settings.

AZ-203 Microsoft Certified Azure Developer practice exams Set 9

Azure Monitor is a single-pane of glass for accessing Azure metrics, tenant and resource diagnostic logs, Log Analytics, service health, and alerts.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit. What caused AlexW to be blocked?


Options are :

  • The user entered an incorrect PIN four times within 10 minutes.
  • The user reported a fraud alert when prompted for additional authentication.
  • An administrator manually blocked the user. (Correct)
  • The user account password expired.

Answer :An administrator manually blocked the user.

You have an Azure subscription that contains the resources in the following table.

To which subnets can you apply Network Security Groups1?


Options are :

  • the subnets on VNet2 and VNet3 only
  • the subnets on VNet1 only
  • the subnets on VNet1, VNet2, and VNet3
  • the subnets on VNet3 only (Correct)
  • the subnets on VNet2 only

Answer :the subnets on VNet3 only

AZ-900 Microsoft Azure Fundamentals Original Practice Tests Set 3

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.

From Azure, you download and install the VPN client configuration package on a computer named Computer2.

You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.

Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Does this meet the goal?


Options are :

  • No
  • Yes (Correct)

Answer :Yes

Role-based access control allows you to grant users, groups, and service principals access to Azure resources at the subscription, resource group, or resource scopes with RBAC inheritance. The three core roles are Owner, Administrator, and Guest.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions