Skills measured
Manage Azure identities and governance (15-20%)
Implement and manage storage (15-20%)
Deploy and manage Azure compute resources (20-25%)
Configure and manage virtual networking (25-30%)
Monitor and back up Azure resources (10-15%)
This exam was updated on September 24, 2021.
Following the current exam guide, we have included a version of the exam guide
with Track Changes set to “On,” showing the changes that were made to the exam
on that date.
Audience Profile
Candidates for this exam should have subject matter expertise implementing,
managing, and monitoring an organization’s Microsoft Azure environment.
Responsibilities for this role include implementing, managing, and monitoring
identity, governance, storage, compute, and virtual networks in a cloud
environment, plus provision, size, monitor, and adjust resources, when needed.
An Azure administrator often serves as part of a larger team dedicated to
implementing an organization’s cloud infrastructure.
A candidate for this exam should have at least six months of hands-on experience
administering Azure, along with a strong understanding of core Azure services,
Azure workloads, security, and governance. In addition, this role should have
experience using PowerShell, Azure CLI, Azure portal, and Azure Resource Manager
templates.
Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to
illustrate how we assess that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam
may contain questions on Preview features if those features are commonly used.
Manage Azure identities and governance (15–20%)
Manage Azure Active Directory (Azure AD) objects
create users and groups
create administrative units
manage user and group properties
manage device settings
perform bulk user updates
manage guest accounts
configure Azure AD join
configure self-service password reset
Manage role-based access control (RBAC)
create a custom role
provide access to Azure resources by assigning roles at different scopes
interpret access assignments
Manage subscriptions and governance
configure Azure policies
configure resource locks
apply and manage tags on resources
manage resource groups
manage subscriptions
manage costs
configure management groups
Implement and manage storage (15–20%)
Secure storage
configure network access to storage accounts
create and configure storage accounts
generate shared access signature (SAS) tokens
manage access keys
configure Azure AD authentication for a storage account
configure access to Azure Files
Manage storage
export from Azure job
import into Azure job
install and use Azure Storage Explorer
copy data by using AZCopy
implement Azure Storage replication
configure blob object replication
Configure Azure files and Azure Blob Storage
create an Azure file share
create and configure Azure File Sync service
configure Azure Blob Storage
configure storage tiers
configure blob lifecycle management
Deploy and manage Azure compute resources (20–25%)
Automate deployment of virtual machines (VMs) by using Azure Resource Manager
templates
modify an Azure Resource Manager template
configure a virtual hard disk (VHD) template
deploy from a template
save a deployment as an Azure Resource Manager template
deploy virtual machine extensions
Configure VMs
configure Azure Disk Encryption
move VMs from one resource group to another
manage VM sizes
add data disks
configure networking
redeploy VMs
configure high availability
deploy and configure virtual machine scale
sets
Create and configure containers
configure sizing and scaling for Azure Container Instances
configure container groups for Azure Container Instances
configure storage for Azure Kubernetes Service (AKS)
configure scaling for AKS
configure network connections for AKS
upgrade an AKS cluster
Create and configure Azure App Service
create an App Service plan
configure scaling settings in an App Service plan
create an App Service
secure an App Service
configure custom domain names
configure backup for an App Service
configure networking settings
configure deployment settings
Configure and manage virtual networking (25–30%)
Implement and manage virtual networking
create and configure virtual networks, including peering
configure private and public IP addresses
configure user-defined network routes
implement subnets
configure endpoints on subnets
configure private endpoints
configure Azure DNS, including custom DNS settings and private or public DNS
zones
Secure access to virtual networks
create security rules
associate a network security group (NSG) to a subnet or network interface
evaluate effective security rules
implement Azure Firewall
implement Azure Bastion
Configure load balancing
configure Azure Application Gateway
configure an internal or public load balancer
troubleshoot load balancing
Monitor and troubleshoot virtual networking
monitor on-premises connectivity
configure and use Azure Monitor for Networks
use Azure Network Watcher
troubleshoot external networking
troubleshoot virtual network connectivity
Integrate an on-premises network with an Azure virtual network
create and configure Azure VPN Gateway
create and configure Azure ExpressRoute
configure Azure Virtual WAN
Monitor and back up Azure resources (10–15%)
Monitor resources by using Azure Monitor
configure and interpret metrics
configure Azure Monitor logs
query and analyze logs
set up alerts and actions
configure Application Insights
Implement backup and recovery
create a Recovery Services vault
create a Backup vault
create and configure backup policy
perform backup and restore operations by using Azure Backup
perform site-to-site recovery by using Azure Site Recovery
configure and review backup reports
QUESTION 1
Your company has serval departments. Each department has a number of virtual machines (VMs).
The company has an Azure subscription that contains a resource group named RG1.
All VMs are located in RG1.
You want to associate each VM with its respective department.
What should you do?
A. Create Azure Management Groups for each department.
B. Create a resource group for each department.
C. Assign tags to the virtual machines.
D. Modify the settings of the virtual machines.
Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
QUESTION 2
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor
Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
QUESTION 3
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor
Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
QUESTION 4
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor
Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?
A. Yes
B. No
Answer: A
QUESTION 5
You are planning to deploy an Ubuntu Server virtual machine to your company’s Azure subscription.
You are required to implement a custom deployment that includes adding a particular trusted root certification
authority (CA).
Which of the following should you use to create the virtual machine?
A. The New-AzureRmVm cmdlet.
B. The New-AzVM cmdlet.
C. The Create-AzVM cmdlet.
D. The az vm create command.
Answer: C
Explanation:
Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, using the –customdata
parameter to provide the full path to the cloud-init.txt file.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment
Examkingdom Microsoft AZ-104 Exam pdf, Certkingdom Microsoft AZ-104 PDF
Best Microsoft Azure AZ-104 Certification, Microsoft AZ-104 Training at certkingdom.com