Boa dia, sejam

todos bem-vindos!
INTENSIVÃO AZ-104
Um programa de
acompanhamento de
8 semanas

Simulado Pré-prova 8 encontros ao vivo

(BRINDE SURPRESA)

Acesso a grupo
exclusivo no Plano de estudos
WhatsApp

Tira dúvidas Dicas para preparação

Validação dos
Simulados principais assuntos
comentados cobrados no exame
AZ-104

Laboratórios práticos
 Cronograma Intensivão AZ-104

30/01 06/02 19/02 26/02 06/03 12/03 19/03 29/03

Start da Missão AZ104 Encontro 02 Encontro 03 Encontro 04 Encontro 05 Encontro 06 Encontro 07 Encontro 08
- Como iremos Revisão dos temas da Revisão dos temas da Revisão dos temas da Revisão dos temas da Revisão dos temas da Revisão dos temas da Revisão dos temas da
trabalhar aula 01 aula 02 aula 03 aula 04 aula 05 aula 06 aula 07
- Lógica de estudos - Módulo02 - Módulo04 - Módulo06 - Módulo07 - Módulo08 - Módulo10 - Revisão final e
- Módulo01 - Módulo03 - Módulo05 - Módulo09 - Módulo11 encerramento

AULA EXTRA: 05/02 – Rotina de estudos e gestão do tempo

Paula Payão
Detalhes sobre a prova:

Tempo de prova: 01:40h

Quantidade de questões: 50
- 41 questões “padrões”
- 4 questões “sem voltar ou revisar”
- 1 estudo de caso com 5 questões
1) You have an Azure subscription named Subscription1 and an on-premises deployment of
Microsoft System Center Service Manager.
Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available
memory on VM1 is below 10 percent.
What should you do first?

A. Create an automation runbook

B. Deploy a function app
C. Deploy the IT Service Management Connector (ITSM)
D. Create a notification
2) You have an Azure subscription that contains the virtual networks shown in the following table.

You have an Azure subscription that contains the virtual networks shown in the following table.

All the virtual machines have only private IP addresses.

You deploy an Azure Bastion host named Bastion1 to VNet1.

To which virtual machines can you connect through Bastion1?

A. VM1 only
B. VM1 and VM2 only
C. VM1 and VM3 only
D. VM1, VM2, and VM3
3) You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.

What should you do? To answer, select the appropriate options in the answer area.
4 - You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

Each virtual machine contains only a private IP address.

You create an Azure bastion for VNet1 as shown in the following exhibit.
Exhibit
The Remote Desktop Connection client (mstsc.exe) can be used to connect to VM1 through Bastion1. YES – NO
The Azure portal can use SSH to connect to VM2 through Bastion1. YES - NO
The Azure portal can use to connect to VM3 through Bastion1. YES - NO
5 - You have an Azure subscription named Subscription1. Subscription1 contains the
resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?

A. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.
B. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.
C. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.
D. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
6) You have an Azure subscription named Sub1 that contains two users named User1 and User2.

You need to assign role-based access control (RBAC) roles to User1 and User2. The users must be able to perform
the following tasks in Sub1:

• User1 must view the data in any storage account.

• User2 must assign users the Contributor role for storage accounts.

The solution must use the principle of least privilege.

Which RBAC role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each
role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to
view content.
7) You have an Azure subscription that contains 10 virtual machines, a key vault named
Vault1, and a network security group (NSG) named NSG1. All the resources are deployed to
the East US Azure region.

The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound
traffic to the internet.

You need to ensure that the virtual machines can access Vault1. The solution must use the
principle of least privilege and minimize administrative effort

What should you configure as the destination of the outbound security rule for NSG1?

A. an application security group

B. a service tag
C. an IP address range
8) You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD
tenant.
The tenant contains a user named User1, a security group named Group1, and a management group
named MG1. User is a member of Group1.

Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five
Azure functions.
You create the following role assignments for MG1:

• Group1: Reader
• User1: User Access Administrator

You assign User the Virtual Machine Contributor role for Sub1 and Sub2.

The Group1 members can view the configurations of the Azure Functions. YES - NO
User1 can assign the Owner role for RG1. YES - NO
User1 can create a new resource group and deploy a virtual machine to the new group. YES - NO
9 - You have an Azure Entra ID tenant.

You need to create a Microsoft 365 group that contains only members of a marketing department in
France.

How should you complete the dynamic membership rule? To answer, select the appropriate options in
the answer area.

NOTE: Each correct answer is worth one point.

10) You have a Microsoft Entra tenant that is linked to the subscriptions shown in the following table.

You have a Microsoft Entra tenant that is linked to the subscriptions shown in the following table.

You assign roles to users as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

User1 can resize VM1. YES – NO

User2 can create a new storage account in RG1. YES – NO
User3 can assing User1 the Owner role for RG3. YES - NO
11) You need to create an Azure Storage account that meets the following requirements:
✑ Minimizes costs
✑ Supports hot, cool, and archive blob tiers
✑ Provides fault tolerance if a disaster affects the Azure region where the account resides

How should you complete the command? To answer, select the appropriate options in the
answer area.

NOTE: Each correct selection is worth one point.

12) You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-
premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a
virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:

✑ Ensure that you can upload the disk files to account1.

✑ Ensure that you can attach the disks to VM1.
✑ Prevent all other access to account1.

Which two actions should you perform? Each correct answer presents part of the solution.

A. From the Networking blade of account1, select Selected networks.

B. From the Networking blade of account1, select Allow trusted Microsoft services to access this storage
account.
C. From the Networking blade of account1, add the 131.107.1.0/24 IP address range.
D. From the Networking blade of account1, add VNet1.
E. From the Service endpoints blade of VNet1, add a service endpoint.
13) You are configuring Entra ID tenant authentication for an Azure Storage account named storage1.
You need to ensure that the members of a group named Group1 can upload files by using the Azure
portal.
The solution must use the principle of least privilege.
Which two roles should you configure for storage1?

Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Storage Account Contributor

B. Storage Blob Data Contributor
C. Reader
D. Contributor
E. Storage Blob Data Reader
15) Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager
template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the VM1 Updates blade, select One-time update.

Does this meet the goal?

A. Yes
B. No
16) Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager
template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the resource group blade, move VM1 to another subscription.
Does this meet the goal?

A. Yes
B. No
14) Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager
template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the VM1 Redeploy + reapply blade, you select Redeploy.

Does this meet the goal?

A. Yes
B. No
17) You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the
System event log of VM1.

Which target resource should you monitor in the alert rule?

A. virtual machine extension

B. virtual machine
C. metric alert
D. Azure Log Analytics workspace
18) You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual
machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.

You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.

Which Azure Network Watcher feature should you use?

A. IP flow verify
B. Connection troubleshoot
C. Connection monitor
D. NSG flow logs
19) You manage two Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following virtual networks:

A Site-to-Site connection can be established between

Subscription2 contains the following virtual network: VNET1 and VNET2. YES – NO
✑ Name: VNETA
✑ Address space: 10.10.128.0/17 VNET1 and VNET2 can be peered. YES – NO
✑ Location: Canada Central
VNETA contains the following subnets: VNET1 and VNETA can peered. YES – NO
20) You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-
site VPN. VNet1 contains one subnet named
Sunet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load
balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.

You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries
from the Azure portal against the collected data.

What should you do? To answer, select the appropriate options in the answer area.
21) You have an Azure subscription that contains the resource groups shown in the following table.

VM1 is running and connects to NIC1 and Disk1. NIC1 connects to VNET1.
RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual
machine.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

You can move storage1 to RG2. YES – NO

You can move NIC1 to RG2. YES – NO
If you move IP2 to RG1, the location of IP2 will change. YES - NO
22) You need to configure a new Azure App Service app named WebApp1. The solution must meet the
following requirements:

• WebApp1 must be able to verify a custom domain name of app.contoso.com.

• WebApp1 must be able to automatically scale up to eight instances.
• Costs and administrative effort must be minimized.

Which pricing plan should you choose, and which type of record should you use to verify the domain?
To answer, select the appropriate options in the answer area.

NOTE: Each correct answer is worth one point.

23) You have an Azure subscription that contains the container images shown in the following table.

You plan to use the following services:

• Azure Container Instances

• Azure Container Apps
• Azure App Service

In which services can you run the images? To answer, select the options in the answer area.
24) You have the App Service plan shown in the following exhibit.

The scale out rule is configured with the same duration and cool down tile as the scale in rule.

If after deployment CPU usage is 70% for one hour and then reaches 90% for five minutes, at that time
the total number of instances will be: 1- 2 -3 -4 -5
If after deployment CPU maintains constant usage of 90% for one hours, and the average CPU usage is
below 25% for nine minutes, at that point the number of instance will be: 1- 2 -3 -4 -5
25) You have the App Service plans shown in the following table.

You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
26) You have an Azure Storage account named storage1 that contains a blob container. The blob container
has a default access tier of Hot. Storage1 contains a container named conainer1.
You create lifecycle management rules in storage1 as shown in the following table.

On October 10, you can read DepFile1.docx.

YES - NO

On October 10, you can read File2.docx.

YES – NO

On October 10, you can read File3.docx.

Yes - NO
27) You have an Azure subscription that contains an Azure Storage account named storageaccount1.
You export storageaccount1 as an Azure Resource Manager template. The template contains the following
sections.
A server that has a public address of 131.107.103.10 can
access storageaccount1. YES - NO

Individual blobs in storageaccount1 can be set to use the

archive tier. YES – NO

Global administrator in Azure Entra ID can access a file

share hosted in storageaccount1 by using their Entra ID
Credentials. Yes - NO
Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner
organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client
computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile
phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.

1) Question
You need to implement a backup solution for App1 after the application is moved.
What should you create first?

A. a recovery plan
B. an Azure Backup Server
C. a backup policy
D. a Recovery Services vault
2) Question
You need to move the blueprint files to Azure.
What should you do?

A. Generate an access key. Map a drive, and then copy the files by using File Explorer.
B. Use Azure Storage Explorer to copy the files.
C. Use the Azure Import/Export service.
D. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File
Explorer.
3) You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

4) Question
HOTSPOT -
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
5) Question
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.

What should you recommend?

A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet
that contains the web servers.
B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that
contains the web servers.
C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the
subnets.
D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the
subnets.
GABARITO
1-C
2-B
3 - Recovery Service Vault
A Backup policy
4 - NO , YES , NO
5-A
6 - Reader and data access
Owner
7-B
8 - YES, YES, NO
9 - user.department - and - -eq
10 - YES - NO - YES
11 - StorageV2 - Standard_GRS
12 - A e C
13 - Storage Blob Data Contributor e Reader
14 - YES
15 - NO
GABARITO
16 - NO
17 - D
18 - C
19 - NO - YES - YES
20 - Na Azure Log AAnalytics Workspace e ILB1
21 - YEs - YES - NO
22 - Standard - TXT
23 - Azure Container Instance e App Services only - Todos
24 - 2 - 4
25 - ASP1 and ASP3 only - ASP1 only
26 - NO - YES - YES
27 - YES - YES - NO
GABARITO

Estudo de caso:
1-D
2-B
3 - YES, NO, NO
4-1-3
5-A
BY