{"id":81612,"date":"2022-03-25T02:22:25","date_gmt":"2022-03-25T07:52:25","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=81612"},"modified":"2025-08-26T13:26:50","modified_gmt":"2025-08-26T07:56:50","slug":"azure-administrator-az-104-exam-questions","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/azure-administrator-az-104-exam-questions\/","title":{"rendered":"Sample Questions on Microsoft Azure Administrator (AZ-104) Exam"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In this blog, you will be trying out AZ-104 exam questions<\/span> <span style=\"font-weight: 400;\">and answers, which will help in your preparation for the actual exam. The <\/span><a href=\"https:\/\/www.whizlabs.com\/microsoft-azure-certification-az-104\/\"><strong>AZ-104: Microsoft Azure Administrator<\/strong><\/a><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.whizlabs.com\/microsoft-azure-certification-az-104\/\"><strong> Certification<\/strong><\/a> exam evaluates your understanding of the implementation, monitoring, and management of the Microsoft Azure Environment in any organization. Read through to Validate!<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 1<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Microsoft Entra users and groups<\/span><\/p>\n<p><b>Sub Topic:<\/b><span style=\"font-weight: 400;\"> Create users and groups<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Your organization wants to enforce naming conventions for Microsoft Entra groups to ensure consistency and avoid duplication. For example, all group names should start with the department name, such as &#8220;HR-&#8220;, &#8220;Finance-&#8220;, or &#8220;IT-&#8220;. How can you achieve this?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Group Naming Policy in Microsoft Entra ID and configure prefix\/suffix rules based on department<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manually rename each group as they are created<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement a PowerShell script that runs daily to enforce the naming convention<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Azure Policies to define naming rules for groups<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> A<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> Microsoft Entra ID provides a Group Naming Policy feature to enforce group naming conventions. An Azure Administrator can configure rules to automatically apply prefixes and\/or suffixes based on user attributes like department or other organizational needs. This is the recommended and automated approach for achieving consistent group naming without manual intervention.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/groups-naming-policy\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/groups-naming-policy<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 2<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Microsoft Entra users and groups<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Manage licenses in Microsoft Entra ID<\/span><\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0 A user in your organization reports that they cannot access certain Microsoft 365 services despite having an assigned license. Upon investigation, you find that the user\u2019s license is disabled. What is the most likely cause?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The user\u2019s account has been disabled in Microsoft Entra ID<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The license was assigned to the user through a group, but the service plan for that license is disabled<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The user\u2019s role does not permit them to use the licensed services<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The license was assigned but has not yet been synchronized with the Microsoft 365 portal<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> B<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> when licenses are assigned via group-based licensing, An Azure administrator can enable or disable specific service plans within the license. If the relevant service plan is disabled, the user will not have access to those specific services, even though the license itself is assigned. This is a common scenario when managing license assignments using groups.<\/span><\/p>\n<p><b>References:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/licensing-groups-assign\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/licensing-groups-assign<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/licensing-group-advanced\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/licensing-group-advanced<\/span><\/a><\/p>\n<h2><\/h2>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/azure-administrator-az-104-exam-questions\/#Multiple_Answer_Question\" >Multiple Answer Question<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/azure-administrator-az-104-exam-questions\/#Multiple_Answer_Question-2\" >Multiple Answer Question<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/azure-administrator-az-104-exam-questions\/#Case_Study_Question_No_7_to_Question_No_13\" >Case Study (Question No. 7 to Question No. 13)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/azure-administrator-az-104-exam-questions\/#Drag_and_Drop_%E2%80%93_Ordering_Arranging\" >Drag and Drop &#8211; Ordering (Arranging)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/azure-administrator-az-104-exam-questions\/#Conclusion\" >Conclusion:\u00a0<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Multiple_Answer_Question\"><\/span><b>Multiple Answer Question<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 3<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Microsoft Entra users and groups<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Manage external users<\/span><\/p>\n<p><b>Question Text: <\/b><span style=\"font-weight: 400;\">You are configuring external collaboration settings for your organization in Microsoft Entra ID. The security team has requested the following requirements for external guest access:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Guest users should only access their own directory objects, such as their profiles, and should not be able to see other users, groups, or memberships.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only administrators with specific roles should have permission to invite guest users.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">What should you configure to meet these requirements? <\/span><b>(Select two options)<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set &#8220;Guest user access is restricted to properties and memberships of their own directory objects&#8221; under Guest user access<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set &#8220;Guest users have the same access as members&#8221; under Guest user access<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set &#8220;Anyone in the organization can invite guest users including guests and non-admins&#8221; under Guest invite settings<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set &#8220;Guest users have limited access to properties and memberships of directory objects&#8221; under Guest user access<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set &#8220;Only users assigned to specific admin roles can invite guest users&#8221; under Guest invite settings<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answers:<\/b><span style=\"font-weight: 400;\"> A and E<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> this setting ensures that guest users can only access their own profiles and directory objects, such as their own memberships. It restricts them from seeing other users, groups, or memberships, which satisfies the requirement that guests cannot view other directory objects. This is the most restrictive setting available for guest access and directly addresses the security team&#8217;s requirement for limiting guest access.<\/span><\/p>\n<p><b>Option E is CORRECT because<\/b><span style=\"font-weight: 400;\"> this setting limits the ability to invite guest users to administrators with specific roles, such as the User Administrator or Guest Inviter roles. This directly addresses the requirement that only certain administrators should have permission to invite external users, ensuring tighter control over external collaboration.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/external-id\/external-collaboration-settings-configure#configure-settings-in-the-portal\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/entra\/external-id\/external-collaboration-settings-configure#configure-settings-in-the-portal<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Multiple_Answer_Question-2\"><\/span><b>Multiple Answer Question<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 4<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Microsoft Entra users and groups<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Configure self-service password reset (SSPR)<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You are an Azure Administrator for your organization, tasked with enhancing security for self-service password reset (SSPR). The IT security team mandates that users must verify their identity using two different authentication methods before they can reset their passwords. This policy aims to ensure compliance with company security standards.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">What three configurations should you apply to meet this requirement?<\/span><\/p>\n<p><b>(Select three options)<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enable SSPR for all users<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set &#8220;Number of methods required to reset&#8221; to 2<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Configure SSPR to use &#8220;Security questions&#8221; as the only authentication method<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Add &#8220;Mobile app notification&#8221; and &#8220;Email&#8221; as authentication methods<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Limit SSPR registration to selected groups<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> A, B, and D<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> enabling SSPR for all users ensures that the self-service password reset feature is available across the organization. Without this step, users will not have the capability to reset their passwords using SSPR, even if other configurations are correct.<\/span><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> setting the &#8220;Number of methods required to reset&#8221; to 2 enforces the policy requiring users to verify their identity using two different authentication methods before resetting their passwords. This configuration is essential to meet the company\u2019s security requirements.<\/span><\/p>\n<p><b>Option D is CORRECT because<\/b><span style=\"font-weight: 400;\"> configuring authentication methods such as &#8220;Mobile app notification&#8221; and &#8220;Email&#8221; ensures users have secure and reliable options to verify their identity. At least two methods must be available to satisfy the requirement for two-factor authentication during password reset.<\/span><\/p>\n<p><b>References:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/concept-sspr-howitworks#authentication-methods\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/concept-sspr-howitworks#authentication-methods<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/concept-sspr-howitworks#change-authentication-methods\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/concept-sspr-howitworks#change-authentication-methods<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 5<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Azure subscriptions and governance<\/span><\/p>\n<p><b>Sub Topic: <\/b><span style=\"font-weight: 400;\">Implement and manage Azure Policy<\/span><\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0 Your organization has multiple Azure subscriptions managed under a single management group. A new security compliance mandate requires all storage accounts across these subscriptions to have secure transfer enabled. As an Azure Administrator, you need to ensure this requirement is enforced uniformly across all subscriptions with minimal administrative effort. What is the best way to achieve this?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assign the policy to each resource group individually<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assign the policy to a single subscription and replicate the setup<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assign the policy at the management group level<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Azure Monitor to track storage accounts without secure transfer<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> C<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option C is CORRECT because<\/b><span style=\"font-weight: 400;\"> assigning the policy at the management group level applies the policy to all subscriptions under the management group. This approach ensures uniform enforcement of the compliance mandate across all storage accounts in multiple subscriptions and minimizes administrative effort, making it the most efficient solution.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/tutorials\/create-and-manage#implement-a-new-custom-policy\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/tutorials\/create-and-manage#implement-a-new-custom-policy<\/span><\/a><\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 6<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Azure subscriptions and governance<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Configure resource locks<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Your organization has applied a Delete lock to a storage account containing critical business data. A developer tries to delete a container within this storage account to free up space but encounters an error. What is the most likely reason for the error?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Delete lock applies to all sub-resources of the storage account, including containers<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Delete lock is incorrectly configured and should only apply to the storage account itself<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The developer lacks Azure RBAC permissions to delete the container<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Containers are not affected by resource locks<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> a Delete lock applied to a storage account affects the storage account itself as well as its sub-resources, including containers. This ensures that no deletions can occur at any level under the locked storage account, which is why the developer encounters an error when attempting to delete a container.<\/span><\/p>\n<p><b>Reference:<\/b> <a title=\"Protect your Azure resources with a lock - Azure Resource Manager\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/lock-resources?tabs=json#lock-inheritance\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">Protect your Azure resources with a lock &#8211; Azure Resource Manager\u00a0<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Case_Study_Question_No_7_to_Question_No_13\"><\/span><b>Case Study (Question No. 7 to Question No. 13)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.<\/b><\/p>\n<p><b>Overview:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Contoso Inc. is a multinational company specializing in cloud-based enterprise solutions. They have recently migrated several of their workloads to Microsoft Azure to streamline operations and improve security. Contoso has multiple departments, including finance, sales, and HR, which require different resources across several regions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The company has an Azure environment with several subscriptions for different projects and departments. These subscriptions are governed by various access policies and management practices to ensure compliance with both corporate standards and regulatory requirements.<\/span><\/p>\n<p><b>Existing Environment:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Azure Subscriptions: Contoso Inc. has three main Azure subscriptions:<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Finance Subscription: Hosts finance-related workloads.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sales Subscription: Hosts workloads for the sales department.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">HR Subscription: Hosts HR applications and employee data.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Resource Groups: Each department has resource groups assigned to specific applications.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Finance has resource groups like Finance-Dev, Finance-Prod.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sales has resource groups like Sales-Dev, Sales-Prod.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">HR has resource groups like HR-Dev, HR-Prod.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Tagging Policy: Contoso uses tags for cost allocation, resource management, and compliance auditing. For instance, the tag Environment is applied to each resource with values such as Dev, Prod, or Test.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Management Groups: The organization follows a hierarchical structure to manage resources:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Top-level Management Group: Contoso-Main<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sub-management groups for each department: Finance, Sales, HR.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Cost Management: Contoso has implemented Azure cost management solutions, using budgets to monitor and control costs across departments. The Finance department has exceeded its budget for the last quarter, while other departments are within their budget limits.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Compliance and Security: Contoso has set up policies to ensure that no resources are deployed without necessary tags and that resource locks are enforced to prevent accidental deletion of critical resources.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Requirements:<\/b><\/p>\n<p><b>Technical Requirements:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Contoso has the following technical requirements:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tagging: The Finance team has requested that all resources within the Finance-Prod resource group should automatically inherit a Compliance tag with the value High to ensure compliance reporting is accurate.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cost Management: The Sales department has requested a solution to alert them when their monthly Azure spend exceeds $50,000 to prevent overspending.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Resource Group Management: The HR department wants to ensure that all resources in the HR-Prod resource group are protected with a Delete Lock to avoid accidental deletion during system updates.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Subscription Management: The management needs a strategy to enforce consistent governance across all Azure subscriptions while maintaining autonomy at the department level.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Management Groups: Contoso wants to set up a policy for all resources under the Sales management group to automatically use a specific SKU for all virtual machines (VMs) to standardize resource provisioning.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>User Requirements:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Contoso has the following user requirements:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Finance Team: Ensure all resources in the Finance subscription are tagged for reporting and budgeting.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sales Team: Monitor and manage Azure cost alerts efficiently to avoid exceeding budget limits.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">HR Team: Ensure critical resources are locked to prevent accidental deletion.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">IT Governance Team: Establish consistent resource management policies across subscriptions while maintaining departmental autonomy.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 7<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Azure subscriptions and governance<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Manage resource groups<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Contoso wants to implement a policy that automatically ensures no resources in the HR-Prod resource group can be deleted. What is the most efficient way to achieve this?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Apply a Delete lock on each individual resource within the HR-Prod resource group<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Apply a Delete lock to the entire HR-Prod resource group to prevent deletion of any resources<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assign a Role-Based Access Control (RBAC) policy that prevents the deletion of resources in the HR-Prod resource group<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Azure Automation to periodically check the resources in the HR-Prod group and manually apply locks<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> B<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> a Delete lock applied at the resource group level ensures that all resources within the group are protected against deletion, regardless of when they were created. This includes any existing resources and any resources added to the resource group in the future. The Delete lock is an in-built Azure feature that overrides permissions, meaning even users with elevated roles, such as Owners or Contributors, cannot delete resources within the group unless the lock is removed. This approach is efficient because it eliminates the need for manual intervention and ensures consistent protection across the resource group. Additionally, locks provide transparency and are visible in the Azure portal, helping organizations enforce strict governance policies. This solution aligns with best practices for managing resources in Azure and reduces the risk of accidental or unauthorized deletions, which could lead to downtime or data loss.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/lock-resources?tabs=json\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/lock-resources?tabs=json<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 8<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Azure subscriptions and governance<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Manage subscriptions<\/span><\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Contoso Inc. has three Azure subscriptions: Finance, Sales, and HR. The organization wants to ensure that the Finance team can manage all resources within their subscription, while the Sales and HR teams only have limited access to their respective subscriptions. Additionally, the Finance team needs to be able to manage billing across all subscriptions. What is the most efficient approach to implement this scenario?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assign the Finance team as subscription owners for all three subscriptions and restrict the Sales and HR teams to Contributor roles within their respective subscriptions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a management group for each department and assign the Finance team as a Global Administrator at the management group level while assigning the Sales and HR teams as Owners within their respective subscriptions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Microsoft Entra Privileged Identity Management to elevate access for the Finance team when needed and assign the Sales and HR teams as Readers in their subscriptions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set up Azure Lighthouse and delegate control of the subscriptions to the Finance team for billing and assign the Sales and HR teams appropriate roles within their subscription<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> A<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> assigning the Finance team as Subscription Owners for all subscriptions provides them with full administrative control, including the ability to manage billing across all subscriptions. At the same time, restricting the Sales and HR teams to the Contributor role within their respective subscriptions ensures they can manage resources but are limited to actions within their designated scope. This solution ensures a clear separation of responsibilities while fulfilling the requirement for Finance to manage billing and other resources across subscriptions. It is straightforward and does not involve unnecessary complexity, making it efficient and scalable for governance.<\/span><\/p>\n<p><b>References:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/role-based-access-control\/role-assignments-portal-subscription-admin\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/role-based-access-control\/role-assignments-portal-subscription-admin<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/role-based-access-control\/role-assignments-steps#privileged-administrator-roles\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/role-based-access-control\/role-assignments-steps#privileged-administrator-roles<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 9<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Azure subscriptions and governance<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Manage costs by using alerts, budgets, and Azure Advisor recommendations<\/span><\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Sales department has a monthly budget of $50,000 for Azure services. The department wants to receive an alert when their spend approaches 80% of the budgeted amount. Which of the following actions should you take to achieve this?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create an Azure Monitor alert based on the subscription&#8217;s total spend<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Azure Cost Management to set up a budget and configure an alert for when the spend exceeds 80% of the budget<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Configure Azure Advisor recommendations to alert the Sales team when costs are nearing the budget limit<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set up an automatic scale rule to scale down the resources when the budget exceeds 80%<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> B<\/span><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> Azure Cost Management provides the functionality to create budgets and set spending thresholds. You can configure a budget specific to the Sales department&#8217;s subscription or resource group and set an alert for 80% of the allocated budget ($50,000 in this case). This approach is aligned with the requirement, as it directly tracks spending and provides proactive notifications when nearing the defined threshold. This method is efficient, automated, and purpose-built for cost governance in Azure.<\/span><\/p>\n<p><b>References:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/cost-management-billing\/costs\/tutorial-acm-create-budgets?tabs=psbudget\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/cost-management-billing\/costs\/tutorial-acm-create-budgets?tabs=psbudget<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/cost-management-billing\/costs\/tutorial-acm-create-budgets?tabs=psbudget#configure-forecasted-budget-alerts\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/cost-management-billing\/costs\/tutorial-acm-create-budgets?tabs=psbudget#configure-forecasted-budget-alerts<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 10<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Manage Azure identities and governance<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Manage Azure subscriptions and governance<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Configure management groups<\/span><\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Contoso wants to enforce a policy that ensures all virtual machines deployed under the Sales management group use a specific SKU (e.g., Standard_D2_v2) to standardize VM deployment. What is the most efficient way to enforce this policy?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Define a custom role within the Sales management group at the resource group level to enforce limitations on the available virtual machine (VM) SKUs<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Apply an Azure Policy at the Sales management group level to enforce the specific SKU for all virtual machines<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manually configure the SKU for each virtual machine deployed in the Sales management group<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assign a policy at the subscription level to enforce the VM SKU for all resources within the subscription<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> Azure Policy is specifically designed to enforce compliance and standardization for Azure resources, including virtual machines. By applying a policy at the Sales management group level, you can define a rule that ensures all VMs deployed under this group use the required SKU (e.g., Standard_D2_v2). This policy propagates automatically to all subscriptions and resource groups within the Sales management group, ensuring uniform enforcement with minimal administrative effort. Azure Policy also provides auditing and compliance reporting, allowing Azure administrator to track and remediate non-compliant resources if needed.<\/span><\/p>\n<p><b>References:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/overview\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/overview<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/tutorials\/create-and-manage\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/tutorials\/create-and-manage<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 11<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files<\/span><\/p>\n<p><b>Sub Topic:<\/b><span style=\"font-weight: 400;\"> Modify an existing Azure Resource Manager template<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You are modifying an ARM template to include a new Azure Storage account. The storage account must be created before a virtual machine in the same template, as the virtual machine depends on the storage account for disk storage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Which action ensures that the storage account is created before the virtual machine?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Add the dependsOn property to the virtual machine resource and reference the storage account<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Reorder the resources in the template so the storage account is defined before the virtual machine<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use a condition to deploy the storage account only if the virtual machine exists<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Add the storage account to a nested template and call it before the virtual machine<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> the dependsOn property explicitly specifies a dependency between resources in an ARM template. By referencing the storage account in the dependsOn property of the virtual machine, Azure ensures that the storage account is fully provisioned before the virtual machine is deployed. This is the most reliable and recommended method for defining dependencies between resources.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/templates\/resource-dependency\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/templates\/resource-dependency<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 12<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Modify an existing Bicep file<\/span><\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are managing an application deployment project where different environments (development, testing, production) require varying Azure App Service plan SKUs. The current Bicep file deploys the App Service plan with the SKU hard coded as P1v2. This has caused issues because the production environment needs P3v2, while development and testing require F1 and S1, respectively.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">How should you modify the Bicep file to make the SKU configurable during deployment?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Add a new parameter for the SKU and update the App Service plan resource to reference this parameter<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Add a new variable for the SKU and update the App Service plan resource to reference this variable<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Update the SKU property directly in the resource definition to include all possible SKU values<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Add a new output for the SKU to display the selected value after deployment<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> A<\/span><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> using a parameter makes the SKU value configurable during deployment. Parameters allow you to supply values specific to the environment (e.g., F1 for development, S1 for testing, and P3v2 for production) without modifying the Bicep file. This approach ensures flexibility, reusability, and alignment with best practices for infrastructure as code.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/file#parameters\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/file#parameters<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Drag_and_Drop_%E2%80%93_Ordering_Arranging\"><\/span><b>Drag and Drop &#8211; Ordering (Arranging)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 13<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Deploy resources by using an Azure Resource Manager template or a Bicep file<\/span><\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are tasked with deploying Azure resources using a local Bicep file. You need to ensure the deployment follows the required steps to create a resource group and deploy the resources. Arrange the steps in the correct order to complete the deployment using Azure CLI.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">[options on the left side]<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Validate the Azure CLI installation and ensure it is updated to its latest version<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create the resource group using the az group create command<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Verify successful deployment in the Azure portal<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use the az deployment group create command with the Bicep file and parameters<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Log in to Azure and set the appropriate subscription using az login and az account set<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prepare the local Bicep file with the required resource definitions<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answer<\/b> <span style=\"font-weight: 400;\">(to be dragged to the right side)<\/span><\/p>\n<p><b>Correct Sequence<\/b><span style=\"font-weight: 400;\"> &#8211; 1, 5, 6, 2, 4, 3<\/span><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Validate the Azure CLI installation<\/b><b>:<\/b><span style=\"font-weight: 400;\"> Before starting any deployment, it is imperative to confirm that the Azure Command-Line Interface (CLI) is installed and functioning correctly. This involves running a command like az &#8211;version to check the current version of the Azure CLI. Keeping the CLI updated is crucial because newer versions may introduce new features, improvements, fixes, and support for the latest Azure features, including enhancements related to Bicep, which is a domain-specific language (DSL) for deploying Azure resources. Ensuring that the Azure CLI is up to date helps avoid compatibility issues during deployment.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Log in to Azure and set the subscription<\/b><b>:<\/b><span style=\"font-weight: 400;\"> The next step is to authenticate to Azure by running the command az login. This command opens a new browser window prompting for Azure credentials, allowing you to sign in securely. Once authenticated, it&#8217;s essential to specify which subscription to use if your account has access to multiple subscriptions. This is accomplished with the command az account set &#8211;subscription &#8220;YourSubscriptionName&#8221;. This step ensures that subsequent commands for resource group creation and resource deployment will target the correct Azure subscription, making the deployment process organized and eliminating potential errors related to targeting the wrong subscription.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Prepare the local Bicep file<\/b><b>:<\/b><span style=\"font-weight: 400;\"> With the Azure CLI set and authenticated, you will need to prepare your Bicep file. The Bicep file is where you define all the Azure resources you want to deploy, such as virtual machines, storage accounts, networking components, etc. This file uses a clear, concise syntax, making it easier to read and maintain compared to traditional JSON ARM templates. Ensure that your Bicep file includes the necessary parameters and resource definitions to meet your deployment needs. This step is crucial because any misconfiguration or missing parameters in the Bicep file can lead to deployment failures.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Create the resource group<\/b><b>:<\/b><span style=\"font-weight: 400;\"> Before deploying resources, it is essential to ensure that the target resource group exists. A resource group is a logical container for Azure resources, providing a way to manage and organize related resources. Use the command az group create &#8211;name YourResourceGroupName &#8211;location YourLocation to create a new resource group. If the resource group already exists, you can skip this step. However, if it does not exist, this command ensures a suitable environment is ready for deploying your defined resources.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Deploy resources using Bicep<\/b><b>:<\/b><span style=\"font-weight: 400;\"> Once you have the resource group set up, the next step is to execute the deployment using the command az deployment group create. This command takes several parameters, including &#8211;resource-group, the name of the resource group where you want to deploy the resources, and &#8211;template-file pointing to your Bicep file. Optionally, if your Bicep file requires parameters, you can supply these using the &#8211;parameters flag. This step is where the actual deployment happens, and Azure starts provisioning the resources as defined in your Bicep file.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Verify the deployment<\/b><b>:<\/b><span style=\"font-weight: 400;\"> After initiating the deployment, it is important to verify that everything was deployed successfully. You can either monitor the output in the CLI, which provides immediate feedback on the deployment status or log into the Azure portal and navigate to the resource group to visually confirm that the resources are created as expected. Checking the deployment status helps ensure that all resources are provisioned correctly, and if any issues arise, it allows you to troubleshoot or investigate errors accordingly.<\/span><\/li>\n<\/ol>\n<p><b>References:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/deploy-cli#deploy-local-bicep-file\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/deploy-cli#deploy-local-bicep-file<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 14<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are working as an Azure Administrator for a company that heavily uses ARM templates to deploy and manage Azure resources. The development team recently decided to transition to using Bicep files for better readability and easier resource management. The team has shared an existing ARM template that defines the infrastructure for a web application, including virtual networks, storage accounts, and app services. They request your assistance in converting this ARM template into a Bicep file to align with the new approach.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Which action should you take to convert the ARM template into a Bicep file?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use the az bicep build command to convert the ARM template into a Bicep file<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use the az bicep decompile command to convert the ARM template into a Bicep file<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the ARM template in Visual Studio Code and use the &#8220;Convert to Bicep&#8221; extension<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Rewrite the ARM template manually in Bicep syntax<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> the az bicep decompile command is specifically designed to convert an existing ARM template (JSON format) into a Bicep file. It simplifies the transition from ARM templates to Bicep by automatically generating the equivalent Bicep code from a JSON file. This is the most efficient and accurate way to achieve the stated objective.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/decompile?tabs=azure-cli\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/decompile?tabs=azure-cli<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.: <\/b><span style=\"font-weight: 400;\">15<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Create and configure virtual machines<\/span><\/p>\n<p><b>Sub Topic:<\/b><span style=\"font-weight: 400;\"> Configure Azure Disk Encryption<\/span><\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are configuring Azure Disk Encryption for a new Linux-based virtual machine (VM). The VM will be deployed using a custom image, and you must ensure that the disk encryption process is performed automatically during the deployment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Which of the following actions will ensure that the VM&#8217;s OS disk is encrypted automatically during deployment?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use the az vm encryption enable command after the VM is deployed<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ensure that the Key Vault and encryption key are configured in the VM&#8217;s deployment template<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Configure the VM to use managed disks and enable encryption at rest through the Azure portal<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manually create an encryption script and run it after the VM is deployed<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> B<\/span><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> to enable encryption automatically during deployment, the Key Vault and encryption key need to be configured in the VM&#8217;s deployment template (either an ARM template or a Bicep file). By specifying the Key Vault and encryption key in the template, Azure will automatically encrypt the OS disk during the VM&#8217;s creation process. This approach is fully automated and eliminates the need for manual steps after deployment. The encryption happens as part of the VM deployment lifecycle.<\/span><\/p>\n<p><b>References:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/disks-enable-host-based-encryption-portal?tabs=azure-powershell\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/disks-enable-host-based-encryption-portal?tabs=azure-powershell<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/disk-encryption-linux?tabs=azcliazure%2Cenableadecli%2Cefacli%2Cadedatacli\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/disk-encryption-linux?tabs=azcliazure%2Cenableadecli%2Cefacli%2Cadedatacli<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 16<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Create and configure virtual machines<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Move a virtual machine to another resource group, subscription, or region<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are managing an Azure environment and have been tasked with moving a virtual machine (VM) to a new resource group to align with updated organizational policies. While operating the Azure portal, you encounter an error indicating that some dependent resources cannot be moved along with the VM. The error prevents the move operation from completing. Which of the following resources are likely causing the issue?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Virtual network and network security group<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Azure Key Vault associated with the VM<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Azure Policy assignments linked to the VM<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Azure Monitor alerts configured for the VM<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> A<\/span><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option A is CORRECT because<\/b><span style=\"font-weight: 400;\"> dependent resources such as virtual networks (VNets) and network security groups (NSGs) are tightly bound to the VM. When moving a VM to a new resource group, all associated resources must either already exist in the target resource group or be moved simultaneously. If these resources are not in the same resource group or cannot be moved, the operation will fail. Azure enforces this dependency to maintain resource integrity and connectivity.<\/span><\/p>\n<p><b>References:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/move-support-resources\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/move-support-resources<\/span><\/a><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/move-limitations\/virtual-machines-move-limitations?tabs=azure-cli\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/move-limitations\/virtual-machines-move-limitations?tabs=azure-cli<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 17<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Create and configure virtual machines<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Manage virtual machine sizes<\/span><\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are using a VM with the size Standard_D16s_v3 for testing purposes.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The testing is complete, and you want to reduce costs by resizing the VM to a smaller size, Standard_B2s. The VM has managed disks and an associated public IP.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Which of the following is the best and optimal method to perform the resizing operation?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Change the VM size directly in the Azure portal without stopping it<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Stop the VM, resize it to the smaller size, and then start the VM<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Delete the VM, select the new size, and recreate it with a new public IP<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a snapshot of the disk, deploy a new VM with the desired size, and attach the disk to it<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option B is CORRECT because<\/b><span style=\"font-weight: 400;\"> this is the optimal method for resizing a VM to a smaller size. Stopping (deallocating) the VM ensures that the resizing operation can be completed successfully. Azure allows resizing to smaller sizes (like Standard_B2s) only if the VM is deallocated. This method is best for ensuring a seamless operation without any compatibility issues. Resizing a stopped VM also avoids potential disruptions during the resize operation. Deallocating the VM also helps release resources, allowing for the new size to be applied correctly. Once the resize is complete, you can start the VM again.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/sizes\/resize-vm?tabs=portal\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/sizes\/resize-vm?tabs=portal<\/span><\/a><\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 18<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Create and configure virtual machines<\/span><\/p>\n<p><b>Sub Topic:<\/b> <span style=\"font-weight: 400;\">Deploy virtual machines to availability zones and availability sets<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Your organization wants to deploy 10 virtual machines into an Availability Set. You need to distribute these VMs across fault domains and update domains. Based on Azure&#8217;s limitations, what is the maximum number of fault domains Azure will assign within an Availability Set?<\/span><\/p>\n<p>&nbsp;<\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">2<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">10<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">5<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">3<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> D<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Option D is CORRECT because<\/b><span style=\"font-weight: 400;\"> Azure Availability Sets support 3 fault domains per region. When you place virtual machines in an Availability Set, Azure automatically distributes them across these fault domains to reduce the impact of potential hardware failures or outages within a specific rack.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/availability-set-overview#how-do-availability-sets-work\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-machines\/availability-set-overview#how-do-availability-sets-work<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 19<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Provision and manage containers in the Azure portal<\/span><\/p>\n<p><b>Sub Topic:<\/b><span style=\"font-weight: 400;\"> Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps<\/span><\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You are managing a logistics application deployed in Azure Container Apps. The app processes incoming shipment data sent via an Azure Service Bus queue. To ensure timely processing during high traffic, the app must automatically scale out when more than five messages are waiting in the queue. Which scaling rule type should you configure to achieve this?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">HTTP scaling rule<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">TCP scaling rule<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Custom scaling rule<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Default scaling rule<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> C<\/span><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option C is CORRECT because<\/b><span style=\"font-weight: 400;\"> custom scaling rules allow you to configure scaling for scenarios like Azure Service Bus, where specific metrics (e.g., the number of messages in a queue) trigger scaling. In this case, you can use a KEDA (Kubernetes-based Event Driven Autoscaler) scaler to monitor the queue length and scale out the app when there are more than five messages.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/container-apps\/scale-app?pivots=azure-portal#scale-rules\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/container-apps\/scale-app?pivots=azure-portal#scale-rules<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>Question No.:<\/b><span style=\"font-weight: 400;\"> 20<\/span><\/p>\n<p><b>Domain:<\/b><span style=\"font-weight: 400;\"> Deploy and manage Azure compute resources<\/span><\/p>\n<p><b>Main Topic:<\/b><span style=\"font-weight: 400;\"> Create and configure Azure App Service<\/span><\/p>\n<p><b>Sub Topic:<\/b><span style=\"font-weight: 400;\"> Configure scaling for an App Service plan<\/span><\/p>\n<p><b>Question Text:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Your App Service is hosted in a B1 App Service Plan. It has started encountering frequent HTTP 500 errors during peak hours due to resource exhaustion. You decide to scale up to a higher pricing tier. What limitation should you be aware of when scaling up?<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Scaling up will require recreating the App Service Plan<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">App Service scaling up is not supported in the Basic tier<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Scaling up will change the available features and pricing of the App Service Plan<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Scaling up is only allowed during non-peak hours<\/span><\/li>\n<\/ol>\n<p><b>Correct Answer:<\/b><span style=\"font-weight: 400;\"> C<\/span><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option C is CORRECT because<\/b><span style=\"font-weight: 400;\"> when scaling up an App Service Plan to a higher pricing tier, you unlock additional features and resources such as higher CPU, memory, and storage, along with different pricing. This change in features and cost is a key consideration before scaling up.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/app-service\/manage-scale-up\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.microsoft.com\/en-us\/azure\/app-service\/manage-scale-up<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><b>Conclusion<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As read, these free practice questions would help you understand the big game. Practice and test yourself consistently to excel in your Microsoft Azure Administrator examination. Hands-on experience also plays a crucial part, get it with the Whizlabs <\/span><strong><a title=\"Hands-on labs\" href=\"https:\/\/www.whizlabs.com\/hands-on-labs\/?&amp;sortedBy=popularCourse&amp;page=0\" target=\"_blank\" rel=\"noopener\">Hands-on labs<\/a><\/strong><span style=\"font-weight: 400;\"> and <\/span><strong><a title=\"Sandboxes\" href=\"https:\/\/www.whizlabs.com\/cloud-sandbox\/?&amp;sortedBy=popularCourse&amp;page=0\" target=\"_blank\" rel=\"noopener\">Sandboxes<\/a><\/strong><span style=\"font-weight: 400;\">. Feel free to contact us in case of queries.<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this blog, you will be trying out AZ-104 exam questions and answers, which will help in your preparation for the actual exam. The AZ-104: Microsoft Azure Administrator Certification exam evaluates your understanding of the implementation, monitoring, and management of the Microsoft Azure Environment in any organization. Read through to Validate! &nbsp; Question No.: 1 Domain: Manage Azure identities and governance Main Topic: Manage Microsoft Entra users and groups Sub Topic: Create users and groups &nbsp; Question Text:\u00a0 Your organization wants to enforce naming conventions for Microsoft Entra groups to ensure consistency and avoid duplication. For example, all group names [&hellip;]<\/p>\n","protected":false},"author":439,"featured_media":82103,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15],"tags":[3285],"class_list":["post-81612","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-azure","tag-az-104-exam"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam-300x158.webp",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-AZ-104-Microsoft-Azure-Administrator-Certification-Exam.webp",150,79,false]},"uagb_author_info":{"display_name":"Suneel Moopanar","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/suneel-moopanar\/"},"uagb_comment_info":662,"uagb_excerpt":"In this blog, you will be trying out AZ-104 exam questions and answers, which will help in your preparation for the actual exam. The AZ-104: Microsoft Azure Administrator Certification exam evaluates your understanding of the implementation, monitoring, and management of the Microsoft Azure Environment in any organization. Read through to Validate! &nbsp; Question No.: 1&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/439"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=81612"}],"version-history":[{"count":29,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81612\/revisions"}],"predecessor-version":[{"id":99984,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81612\/revisions\/99984"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/82103"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=81612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=81612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=81612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}