AZ-104 Free Practice Test

- (Exam Topic 4)
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.

Solution:
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs Windows but it won't block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or wh Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
on-failure : Restart the container if it exits due to an error, which manifests as a non-zero exit code. As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest https://docs.docker.com/config/containers/start-containers-automatically/

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?

1. A. From contoso.com, modify the Organization relationships settings.
2. B. From contoso.com, create an OAuth 2.0 authorization endpoint.
3. C. Recreate AKS1.
4. D. From AKS1, create a namespace.

Correct Answer: B
With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-credentials command. When a user then interacts with the AKS cluster with kubectl, they're prompted to sign in with their Azure AD credentials. This approach provides a single source for user account management and password credentials. The user can only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation. From inside of the Kubernetes cluster, Webhook Token Authentication is used to verify authentication tokens. Webhook token authentication is configured and managed as part of the AKS cluster.

Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/ https://docs.microsoft.com/en-us/azure/aks/concepts-identity

- (Exam Topic 4)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com. You configure 60 users to connect to mailboxes in Microsoft Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes.
What should you do?

1. A. From the multi-factor authentication page, configure the Multi-Factor Auth status for each user
2. B. From Azure Active Directory admin center, create a conditional access policy
3. C. From the multi-factor authentication page, modify the verification options
4. D. From the Azure Active Directory admin center, configure an authentication method

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

- (Exam Topic 6)
You have an Azure subscription named Subcription1 that contains the storage accounts shown in the following table.

You plan 10 use the Azure Import/Export service to export data from Subscription1.

1. A. storage1
2. B. storage2
3. C. storage3
4. D. storage4

Correct Answer: D
Azure Import/Export service supports the following of storage accounts:
Standard General Purpose v2 storage accounts (recommended for most scenarios)
Blob Storage accounts
General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments), Azure Import/Export service supports the following storage types
Import supports Azure Blob storage and Azure File storage
Export supports Azure Blob storage
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-requirements

- (Exam Topic 6)
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1. The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You need to gram Group! the Storage File Data SMB Share Elevated Contributor role for share1. What should you do first?

1. A. Enable Active Directory Domain Service (ADDS) authentication for storage1.
2. B. Grant share-level permissions by using File Explorer.
3. C. Mount share1 by using File Explorer.
4. D. Create a private endpoint.

Correct Answer: C