hello and welcome back to the tech blackboard today is our weekend exam tram of our az104 real exam question and answer series this consolidated video consists of 190 questions that will cover the length and breadth of az104 certification exam my objective here is to give you exposure to each kind of question during this coming weekend so that you can target to attempt easy104 certification exam in the coming days and pass the exam with flying colors and as you can see that this video is divided into 15 sub sections the first part which is the introduction part that will help you understand questions like what is az104 who should do it what is the exam duration question format and why it is so important to do easy104 and how can you prepare for az104 the aim of this video is not only to prepare you to pass easy104 certification but also to make you understand azure concepts that will go a long way to help you build azure career each answer is well supported by microsoft documentation and i have given proper explanation behind the logic to pick any answer additionally each part is supported by tips and tricks that will help you during the examination and as always if you want to learn in offline mode then here is a mega giveaway i will give a free pdf versions containing all 190 questions with their answers for that you have to give me correct answers for question number 4 20 36 54 68 83 101 124 151 and 188 so friends this is going to be a long video so sit back comfortably have some tea or coffee and enjoy the session and this is the introduction part and the agenda for this part is to understand what is az104 and who should do it then we will understand why it is so important to do az104 then the next topic we will discuss is exam details we will see what is the structure of the exam then what is the passing marks and lot of other details going forward we will understand question format so it's very important that you understand what kind of questions that you can expect during az104 if you have already done previous exams or certifications like az900 or dp900 then it's important that you also understand the question format of easy104 because it's kind of different from the previous fundamental exams like az900 or dp900 then after the question format we will understand how to prepare for az104 i will give you some resources where you can go and read and understand the basics or the fundamentals of az104 hello and welcome back to the tech blackboard before you even start with az104 it's very important to understand what is az104 and who should do it so let's start with understanding what is az104 so az104 is microsoft azure administrator exam in which you will be judged or tested as a subject matter expert implementing managing and monitoring organizations microsoft azure environment this means that you will be someone who will be responsible as administrator for the azure infrastructure now let's understand who should do easy104 simply putting it if you aspire to become azure solution architect then az104 is halfway through i will come back to this point when i explain why it is important to do az104 in next slide for now let's capture more detail on who should do it so this is the microsoft page which will be your one shop stop for all the details regarding exam az104 so microsoft says that if your role includes implementing managing monitoring identity governance storage compute and virtual network in the cloud environment plus provision size monitor and adjust resources when needed it also says that an azure administrator often serves as a part of larger team dedicated to implementing an organization's cloud infrastructure further microsoft says that a candidate for this exam should have at least six months of hands-on experience administrating azure along with strong understanding of core azure services azure workload security and governance in addition this role should have experience using powershell azure cli azure portal and azure resource manager templates from the microsoft site we understood that you will be responsible as an administrator for azure infrastructure and if you are stepping for ac 104 you need to understand it's a fairly difficult exam now let's understand why it is so important to do az104 now look at this slide it's very important that you know that the earlier certification az303 and az304 are retiring on 31st march 2022 which happens to be today so you won't be able to give az-303 or az-304 from now onwards the path for becoming azure solution architect has changed and now you have to do az104 and az305 to attain azure solution architect certificate and this is the reason why i mentioned that az104 is halfway through the journey towards azure solution architect if you want more details on these changes in the path to become azure solution architect or if you have questions like what happens if you have already done az303 or az304 then do check out this video which is now appearing on the screen the link for the same is now appearing on the i button on the top right corner and is also available in the description box now that you understand the basics of what who and why let's have a look on exam details coming to the microsoft page you can see the content of this exam was updated on september 24th 2021 and it's very important that you note that the passing score for this exam is 700 and if you want more details on passing score then you can check out this link here and if you are a college student then there is an interesting section that you should read it says that you may be eligible for the ace college credit if you pass this certification exam see is college credit for certification exam for more details so if you click on to this link then you come on to this page which says that after successfully earning certain certification apply for credit hours through ace member schools you can check out what are the schools which are eligible for this certification credit so just a very quick tip for the college students who aspire to do az104 now let's check out more details so here on this page you can check out that the fees for this certification is dollar 165. now you have lot of different languages in which you can give this examination certificate and from here you can schedule the exam if you want to know how to schedule microsoft exam then this is the video on your screen now which you can refer to then as we scroll down we come to this section which is very important and in this section microsoft has discussed more detail about the skills measure so you can see all the skills that you will be measured on during this exam certificate you see that the manage as your identity and governance and this comprises of 15 to 20 percent of the total exam questions then we have implement and manage storage comprising of 15 to 20 percent again and then we have deploy and manage azure compute resources which is 20 to 25 of the total percentage question then we have configure and manage virtual networking which has 25 to 30 and lastly we have monitor and backup azure resources which comprises of 10 to 15 percent if you're looking for more details on each of this topic and you want to know subtopics of all these topics then you can click here which says download exam skills outline and then you will reach to this pdf file and in this pdf file you can get the details of all the subtopics for the major topics that we discussed in the previous microsoft page so here you have manage azure active directory and you have subtopics for this and similarly you have implement and manage storage and lot of other details is given so on and so forth however i just want to scroll down a little so that i can show you a little more interesting part of this pdf and that is this one so if you will i will just zoom it so if you see there are some topics which are marked in red color which means that these are removed from this certification slabs so you must know what are the topics which are removed so that you can channelize your efforts in a correct way and similar to the earlier one we have create a backup board that is also being removed from the azure 104 syllabus so i strongly recommend that you keep this pdf with you all the time you prepare for the az104 and you should actually go and tick mark what topics that you have prepared and you are comfortable with before giving the certification exam it's not the fundamental exam which was fairly simple it is two star or associate level examination which is fairly tough and you need a lot of preparations before attempting this exam certificate so once again i highly recommend keep this pdf handy with you if you are new to the microsoft azure then i would strongly recommend that you first go for easy 900 which is azure fundamental certificate before you do az104 there is a lot common between az900 and az104 az 900 will give you a solid stepping stone to start your journey in microsoft azure and then you can level up with az104 and the best part is that you can do ac900 for free yes absolutely free if you want to know how to get free exam voucher for microsoft az 900 then do watch the video appearing on the left hand side of the screen and if you are interested in real exam question and answer on easy 900 which i am really sure you are then you have to check out the video on the right hand side i have made an entire playlist containing 191 questions and all of them are from this year 2022. the links for both the videos are available in the description box now let's understand the exam duration and the question format that you can expect in easy104 this is the microsoft page that talks about exam duration and question type not only for 104 if you want details on any other exam like fundamentals or expert level then also you can refer this page i will share the link for this page in the description box below so let's first understand how many questions can you expect in this exam certificate microsoft says that most of the exam certificate typically contains 40 to 60 questions however the number can vary depending on the exam moving on we are talking about ac104 which is a associate level exam so these are the two sections that relates to us please mind that there are two things that microsoft says one is associate and expert role level based exam without labs and associate an expert role based exam that may contain labs if you want to understand what does that mean you can read this section here which is marked by two stars it says that because labs can be removed at any time due to azure outages bandwidth issues etc microsoft does not provide a list of exam with labs when you register for the exam you will be provided with exam time when you launch the exam carefully review the overview page that provide information about what to expect on exam including if labs are available so keep this important point in mind now let's also read out the exam duration so without lab we have a exam duration of 100 minutes and the seed time is 120 minutes then if it contains lab then the exam duration would be 120 minutes and the seat time would be 140 minutes now let's check out what are the different questions that you can expect in easy104 so here are the sample of the question that microsoft has given and the good part is that microsoft has explained each type of question with the supporting video so you can see that we have active screen type of question we have best answer and then we have build a list case studies then you also have drag and drop hot area questions multiple choice question repeated answer choices short answer then you have labs mark review and then you have review screen so each type of question is well explained by microsoft by a supporting video so come on to this page and understand what are the different kind of questions that you should expect in a z104 it's fairly important to understand this different format of questions so that you are not surprised when you're giving the exam you have a feel of questions when you're sitting for the exam so really recommended that you come on this page and read more about the format of the questions now let's move to the last but very important topic on understanding how to prepare for az104 coming to the same microsoft page if you scroll a little then there is a section which says two ways to prepare and you can see that microsoft has given a learning path and this learning path is divided into lot of sections which are directly linked to the azure exam outline that we saw previously in this video so you can see you have azure prerequisites for azure administrator which mostly covers the things that we read or understand in easy 900 then we have az104 manage identities governance in azure then we have implement and manage storage in azure deploy and manage azure compute resources configure and manage virtual network for azure administrator we have monitor and backup azure resources so you can see there are five major sections and one is prerequisite for azure administrator and personally i feel it's very important that you come on this microsoft learn site and do all these modules and you can already note that i have already completed all these modules and this is marked as completed for me and friends it's not about the certificate only it's about that you understand the concept because after all you have to work in azure it's not about only earning the certificate it's more about making a career out of your certification knowledge so that's why i strongly recommend to do all these modules it's full of practical questions labs test cases and the best part is for all the practical questions and labs the sandbox that will get spin will be paid by microsoft you won't be charged even a single penny for that sandbox and these modules will give a very solid understanding of all the microsoft concepts that are important to clear az104 certification so here is the first question of our az104 real exam question and answer series let's read the question the question says that the custom script extension times out after 30 minutes 45 minutes 90 minutes or does it never times out now let's try to understand what is a custom script and then we will try to find out the correct answer so here i am on the microsoft documentation that talks more about custom script extension for windows the documentation says that the custom script extension downloads and runs scripts on azure virtual machine this extension is useful for post deployment configuration software installation or any other configuration or management task you can download scripts from azure storage or github or provide them to azure portal at extension runtime if you have still not understood what is a custom script then let me simplify it for you so let's say that you are booting a virtual machine for the first time and you want tools like iap server or chocolate also to get installed automatically when this virtual machine is booted then in this case it is often useful to run these custom scripts these custom scripts may install additional software configure the virtual machine or perform some other management tasks so with custom script extension it becomes possible to initialize a new virtual machine with almost any software that you need i hope this gives you a good idea what is a custom script and where to use it now let's find out the correct answer if you scroll down a little on this page then you will reach to a section which says tips and tricks in this section if you will read out this line it says that the custom script is allowed 90 minutes to run anything longer will result in a failed provision of the extension with that input from the microsoft documentation we can easily find out the answer and the correct answer is 90 minutes so a custom script extension times out after 90 minutes now let's read out the second question it says that you have an azure active directory as your ad tenant named the techblackboard.com multi-factor authentication mfa is enabled for all the users you need to provide users with ability to bypass mfa for 10 days on devices to which they have successfully signed in by using mfa what should you do your options are from the multi-factor authentication page configure the user's setting or from azure ready create a conditional access policy or from the multi-factor authentication page configure service setting or the last one is from the mfa blade in azure id configure mfa server setting now it's important that you are noting some important point in this question so essentially the question is asking you to provide the users with the ability to bypass multi-factor authentication for some n number of days it could be 10 20 25 on devices on which they have already signed in by using multi-factor authentication so now let's jump to the microsoft documentation and try to find the correct answer for this question now this is the microsoft documentation that will give you length and breadth about configuring azure ad multi-factor authentication setting now on this page you have to scroll down really deep and go almost to the bottom of this page and then you will reach to a section which will talk about remember multi-factor authentication so this section says that the remember multi-factor authentication feature let user bypass subsequent verification for a specified number of days after they have successfully signed into the device by using multi-factor authentication or mfa to enhance usability and minimize the number of times a user has to perform mfa on a given device select a duration of 90 days or more so i hope you can already relate this paragraph or these lines with the question so here we are talking about ability to bypass multi-factor authentication for some specified number of days on the devices on which user has already signed in by using multi-factor authentication so let's read it out more to find out the correct answer so if you scroll down a little more here then you will find out a section which says enable remember multi-factor authentication and in this you can find out it says the first step is in the azure portal search for and select azure active directory and then select users and then you have to select per user mfa and the third step says under multi-factor authentication at the top of the page select service setting remember this service setting and with that quick read from the microsoft documentation the correct answer for this question is from the multi-factor authentication page configure service settings i hope you can resonate this word that we read on the documentation page as well so now let's move on to question number three it says that you download an azure resource manager template based on an existing virtual machine the template will be used to deploy 100 virtual machine you need to modify the template to reference an administrative password you must prevent the password from being stored in plain text what should you create to store password your options are an azure keyword and access policy and as your storage account and access policy a recovery services world and a backup policy or azure active directory identity protection and azure policy now the important point that you should note in this question is that you are talking about administrative password and then you want to prevent this password from being stored as a plain text so basically you're talking about storing the administrative password in a secure way so whenever we are talking about storing the passwords in azure then the only service that should strike your mind is azure keyboard thus the correct answer for this question is an azure keyword and an access policy now coming to the question number four and it says which port would you open using inbound port rules to allow remote desktop access while you create windows virtual machine the options given are https ftp rdp and the port number is 3389 or ssh with port number 22. also it's important that you note that we are talking about windows virtual machine here and we want to connect a windows virtual machine so keep that point in mind so this is the microsoft documentation which tells you how to connect and sign in to an azure virtual machine running windows the documentation says that you will use connect button in azure portal to start a remote desktop rdp session from a windows desktop first you connect to a virtual machine and then you sign in now this makes it clear that when you want to connect an azure virtual machine running on windows then one good option is remote desktop or rdp before jumping to the answer here is a good rate for the mac users to connect a windows vm from a mac you will need to install rdp client for mac such as microsoft remote desktop so mac users can read out here and know how to connect a windows virtual machine using mac operating system so from the microsoft documentation we saw that the good option to connect a windows virtual machine is using rdp and just to tell you the default port for rdp is 3389 so the correct answer for this question is option c let's move to question number five the question says that your company has an azure active directory azure ad subscription you want to implement an azure ad conditional access policy the policy must be configured to require members of global administrator group to use multi-factor authentication and an azure ad joined device when they connect to azure ad from untrusted locations the solution given is you access the multi-factor authentication page to alter user setting does this solution meet the goal this is the microsoft documentation that talks conditional access it says the modern security parameter now extends beyond organizations network to include user and device identity organizations can use identity given signals as a part of their access control decisions a great video here explaining what is a conditional access policy and how to use it another quick way to learn about conditional access is to directly jump into your azure portal and here you are in conditional access policy if you come here you can read what is a conditional access conditional access gives you the ability to enforce access requirements when specific conditions occur let's take few examples so the condition is when any user is outside the company network and the controls are they are required to sign in with multi-factor authentication other condition is when users in the manager group sign in and the controls are they are required to be an in-tune compliant or domain joint device i will tell you how to reach to this conditional access page in just a short while now that you have some idea on what is the azure conditional access policy let's look some of the other variations of the same question the question number six and question number seven presents two more variation of the same question question is same however the answers are different the solution given in question number six is that you access the azure portal to alter the session control of the azure ad conditional access policy whereas in the question number 7 it says you access the azure portal to alter the grant control of azure ad conditional access policy so now out of these three variations you have to pick the correct answer now let's jump back to the microsoft documentation to find the correct answer so here i am on the microsoft documentation talking more about conditional access require mfa for all users here if you scroll a little down here there are the steps given to create a conditional access policy the steps are that you of course go to the azure portal sign in there and you should be a global administrator security administrator or conditional access administrator only then you can perform these steps so once you are in azure portal then you go to the azure active directory then you go to security and then you land up in conditional access and then you select new policy you can further read out all the steps and figure out how to implement conditional access policy jumping on to our azure portal now i have already signed in now let's come to the home page and on the home page you can directly jump to the azure active directory if you don't find it here you can look from the search bar and here you can find azure active directory when you come to the azure active directory then as per the documentation you have to go to the security so let's find out where is security here is it so press the security now you are in the security tab and now as the documentation suggested conditional access so click on conditional access and now we reach to the same page as we discussed before and now in this page you can press new policy and from here you can follow along the steps given in the documentation here so it said that we are in azure active directory then we are in security and then we are in conditional access so remember these steps here as always friends all the links that i'm sharing in this presentation will be shared in the description box now let's try to find out the correct answer for all these three questions i have pasted the small snippet from the microsoft documentation here so that it's easy to relate the answer so you can see in this small screenshot here that the correct steps were to reach out to azure active directory then security and then to the conditional access so we don't have conditional access here it says user setting does the correct answer for question number five is no then in question number six it says to alter session control of azure ad conditional access policy which again is no and then in question number seven it says to alter grant control of azure ad conditional access policy and that's what the documentation from microsoft also says so the correct answer for question number seven is yes now let's read question number eight the question says that your company has three virtual machine that are included in an availability set you try to resize one of the virtual machine which returns an allocation failure message it's imperative that the virtual machine is resized so microsoft is focusing that you should know that virtual machine is resized which of the following action should you take your options are you should only stop one of the virtual machine you should stop two of the virtual machine you should stop all of the three virtual machines or you should remove the necessary virtual machine from availability set now here is one microsoft documentation that i found which could help us answer this question so as i read through this page when i scroll down here and then here i found out this topic here which says resize to size not available in current hardware cluster and it says that additionally the same hardware cluster must be used to host all virtual machine in cloud service further it says that this means in some cases multiple virtual machine must be resized together remember this is what our question also says to resize the virtual machines together then further it says that if resource manager arm deployment model was used then the virtual machine can be resized if the virtual machine or any other virtual machine in same availability set are in stopped or de-allocated state so taking that microsoft documentation as a base the correct answer for this question is that you should stop all the three virtual machines now this brings to another interesting question question number nine let's read out it says that you have an azure subscription name subscription one you plan to deploy an ubuntu server virtual machine named vm1 to subscription one you need to perform a custom deployment of virtual machine a specific trusted root certification authority ca must be added during the deployment what should you do to answer the question select appropriate option in the answer area each correct selection is worth one point so basically you are given two steps the first one is why to create and the second one is tool to deploy a virtual machine for each of the step you have to figure out what is the correct option the important keywords here that you are deploying a ubuntu server virtual machine or you can also say a linux based virtual machine now as we always do let's go to the microsoft side to find out the correct answer so this is a microsoft site kind of a tutorial which says how to use cloud in it to customize a linux virtual machine in azure on first boot and as our question demand here also we're talking about linux virtual machine in azure now you can easily note the first step is create a cloud init config file so please note that the first step is cloud init config file now if you will scroll down a little more here then you can find how to create a cloud init config file come down more and then you can find create virtual machine and that was our second step in the question as well so you can see the correct command to do so is azvm create okay remember this azvm create so as we read in the microsoft documentation the first step to create the file was cloud init.txc and the second step to deploy a virtual machine the correct command for this one is azvm create command from this interesting question let's jump to the question number 10 which will be the last question for our az104 real exam question series part 2. the question says that your company has a microsoft azure subscription the company has data centers in los angeles and new york you are configuring the two data centers as jio cluster sites for site resiliency you need to recommend an azure storage redundancy option you have the following data storage requirements the first one is data must be stored on multiple nodes data must be stored on nodes in separate geographic locations the third one is data can be read from secondary location as well as from the primary location which of the following azure stored redundancy options should you recommend your options are geo-redundant storage read-only geo-redundant storage zone redundant storage and the last one is locally redundant storage if you have read the question very carefully you will find already good hints given by microsoft to figure out the correct answer so let me tell you what are those so the first great hint that microsoft gives is that the data must be stored on the nodes in separate geographic location so friends focus here that we are talking about geographic location so already we can rule out the option c because it's zone redundant and option d also because it's locally redundant now we are left with only two options jio redundant storage and read-only geo-redundant storage let's find out the second hint that will help us to figure out the correct option out of these two options so the second hint for us is that the data can be read from secondary location as well as from the primary location so both the location you should be able to read the data does the correct answer for question number 10 is read-only geo-redundant storage see both geo-redundant and read-only related storage are quite similar in fact read-only geo-redundant is based on geo-rated and storage only however the biggest difference between these both are that using read-only geo-redundant storage you can also read from secondary location as well as primary location however in geo-redundant you can only do that when microsoft initiates a failover from primary to secondary otherwise you cannot read from the secondary location when you are using geo-redundant storage however in case of read-only geo-redundant you can always read from a secondary location and that's the reason why i have chosen read-only geo-redundant storage as an answer for our question number 10. i hope you like this first set of our 10 questions on az104 real exam question and answer series what are your questions what are your doubts tell me in the comment section below and i will be happy to answer all of them so let's begin our part 3 with question number 11. the question says that you plan to deploy three azure virtual machines named vm1 vm2 and vm3 the virtual machines will host a web app named app1 you need to ensure that at least two virtual machines are available if a single azure data center becomes unavailable what should you deploy your options are all three virtual machines in a single availability zone or all virtual machine in a single availability set or each virtual machine in a separate availability zone or the fourth one is each virtual machine in a separate availability set now let's go to the microsoft documentation and understand how this azure region availability zone and data center comes together this is the microsoft documentation where you can read more about regions and availability zones you can read the definitions here however the important section where i want you to bring focus is this one so in this image you can see that this entire is a azure region which is further divided into availability zones so you can see that we have three availability zones here zone one zone two and zone three and each availability zone is further divided into data center and in the fine prints here it's written that one or more data center at least one data center will always be there in each availability zone so keep this image in mind and let's go back to the bpd to find out the correct answer so as you saw in the microsoft documentation each availability zone can have at least one data center or there can be more data centers as well however in our question the demand is that at least two virtual machine should always be available so now let's suppose you have an availability zone with only one data center and then you deploy all your virtual machines in this availability zone in case of trouble if this availability zone is gone then all your virtual machines are doomed so you won't be able to access any of your virtual machines so the correct answer for this question is that you must deploy each virtual machine in a separate availability zone so even if one availability zone is down you can still access the other virtual machines i hope you understood the logic behind choosing option c now let's move to the question number 12. the question says that your company has an azure subscription that includes a storage account a resource group a blog container and a file share a colleague named tom smith makes use of solitary azure resource manager arm template to deploy a virtual machine and an additional azure storage account you want to review the arm template that was used by tom smith the solution given here is that you access the virtual machine blade does this meet the goal so the question is asking you that if you go to the azure virtual machine blade can you see the arm template which contains the deployment for both virtual machine and additional storage account so the correct answer for this question is no you cannot access the arm template from the azure virtual machine blade which shows the deployment of virtual machine and azure storage account so what is the correct answer let's check out in the other two variations of the same question so now we have question number 13 and question number 14. both are same question however the solution given here is different so in question number 13 the solution is that you access the resource group blade and in question number 14 is you access the container wait so now out of these two questions which one do you think is suitable to access the arm template now let me take you to the azure portal and let's figure out the correct answer this is my azure portal and you can see i have one resource group named the tech blackboard let's click on this resource group now we are in the resource group and you can see on this blade we have lot of option related to resource group and out of all these options we have one options under the setting which is called deployment if you click on deployment then you can see a option called view template so if you have any deployment then you will see that deployment under the view template and it's very important that you are noting that we are under resource group and now from that quick demo we can easily answer question number 13 and the correct answer for question number 13 is yes so from the resource group blade you can access the arm templates and see all the deployments whether it is for azure virtual machine or azure storage account and then of course the answer for the question number 14 is no now let's jump to the question number 15. the question says that you have an azure virtual machine that has a single data disk you have been tasked with attaching this disk to another azure virtual machine you need to make sure that your strategy allows for the virtual machine to be offline for the least amount of time possible which of the following action should you take first your options are stop the virtual machine that includes the data disk stop the virtual machine that the data disk must be attached to then the third option is detach the data disk and the fourth one is delete the virtual machine that includes data disk so you have to choose an option that will ensure the least amount of offline time for the virtual machines it's very important that you're paying attention that the question is mentioning about data disk and why it is so important because in case it was just mentioned a single disk but not the data disk then it could mean that there is a single disk that can also contain operating system however in this question we are assuming that there is already a test with operating system and this is another disk with data on it and with that assumption the correct answer for this question is detach the data disk if you want to learn more about what are the differences between operating system test or os disk and the database then this is the microsoft documentation and in this documentation if you will scroll down then you will reach to this section which talks about data disk and operating system disk so please come on to this page and understand what are the key differences between data disk and operating system disk you can also read more about temporary disk as well the link for this microsoft documentation and all the other documentation that i am referring in this video will be available in the description box in addition to this if you want to know more about how to detach a data disk then this is the microsoft documentation and here you can learn how to detach a data disk using powershell and with that let's move to the question number 16. the question says that your company has virtual machines hosted in microsoft azure the virtual machines are located in a single azure virtual network named vnet1 the company has users that work remotely the remote workers require access to the vms on vnet1 you need to provide access for the remote workers what should you do should you configure a site-to-site vpn or configure a v-net to v-net vpn or should you configure a point to site or should you configure the last one multi-site vpn the correct answer for this question is configure a point to site vpn or p2s the reason being that point-to-side vpn gateway connection lets you create a secure connection to your virtual network from a individual client computer and that's exactly what our question is asking it says that company has users that work remotely so you have to join these remote users so that they can access companies vnet1 and that's the reason we have chosen configure point to site vpn now let's move to the question number 17. the question says that your company has several departments each department has a number of virtual machines the company has an azure subscription that contains a resource group named rg1 all vms are located in this resource group named rg1 you want to associate each virtual machine with its respective department what should you use your options are create azure management group for each department or should you create a resource group for each department or the other option is assign tags to the virtual machine or the fourth one is modify the setting of virtual machine and the correct answer for this question is that you should assign tags to the virtual machine and then you can easily associate each virtual machine with its respective department one more important fact about tags is that tags also help you track your billing on resource level so if you want to learn more about tags in azure then this is the microsoft documentation it says that use tags to organize your azure resources and management hierarchy the link for this page is also available in the description box and now let's move to the question number 18. the question says that you want to provide more cpu memory and disk space without adding more virtual machine which of the following solution should you choose should you go for scale up or scale out scale more or should you go for scale high the correct answer for this question is scale up to elaborate scale up gives you more cpu memory and disk space without adding any virtual machines you can scale up by changing the pricing tier of the app service plan scale out on the other hand means that whenever you want more power then you add more virtual machines but here in the question it's asking to add more cpu memory or disk space without adding any virtual machine and that's the reason we have chosen scale up just a quick point scale mode and scale high are not valid options they are just to distract you now let's quickly jump to the question number 19. the question says that your company has an azure subscription you need to deploy a number of azure virtual machines using azure resource manager or arm templates you have been informed that the virtual machines will be included in a single availability set you are required to make sure that arm template you configure allows as many as virtual machine possible to remain accessible in the event of fabric failure or maintenance which of the following is the value that you should configure for the platform for domain count property your options are 10 30 min value or max value now just to give you an idea the platform fault domain count property is a property that defines how many fault domains there can be in a availability set the upper limit for this property is two or 3 depending upon the region so 10 and 30 are anyways incorrect as the maximum value for the platform for domain count property is 3. so to stick to the maximum available fault domain we choose max as the correct answer so our correct answer is max value now let me show you another variation of this question and then i will show you the microsoft documentation to validate our answers and this brings to the question number 20 which will be the last question of our part 3 for our az104 real exam question and answer series and of course question is exactly the same however instead of platform for domain count property we are now talking about platform update domain count property and your options are 10 20 30 or 40 and the correct answer for this question is 20 so you have to choose 20 as a value of platform update domain count property so here is the microsoft documentation where you can read more about availability sets coming to the section which says how availability sets work if you read this first paragraph it says that each virtual machine in your availability sets is assigned an update domain and a fault domain by underlying azure platform and i am sure that you have associated update domain and fault domain with platform update domain count and platform fault domain count property respectively reading ahead it says that each availability set can be configured up to 3 for domains and 20 update domains and here lies our answer as well so we have a maximum of three fault domains and a maximum of 20 update domains each availability set and hopefully that clears out the reasoning behind choosing these answers friends do share your comments and feedback on the questions that we have covered so far in part two and part three i would love to hear your questions your thoughts and feedback anything related to azure so feel free to use the comment section below to share your hearts before moving ahead my humble request to all my viewers please like the video and subscribe to the channel so let's begin our part 4 with question number 21. the question says that your company has an azure active directory azure 80 tenant named the techblackboard.com the company has appointed user want to review all the setting of the tenant as an admin your job is to ensure that the user one can review all the settings of the tenant however user one must be prevented from changing any settings which role you can assign to the user one your options are directory reader security reader reports reader or global reader and the correct answer for this question is global reader it's important that you understand a user that is assigned a global reader role is prevented from making any modifications the role is a read-only version of global administrator that allows the users to read settings and administrative information across the services but cannot make any management actions now let me take you to the microsoft documentation where you can literally read about all the azure ready rules and this is the microsoft documentation which i think is the best page to come and read about any role related to azure ad and as you can see each role is listed with role description and template id so if you will scroll a little here on this page you will come across a reader which is called global reader user in this role can read settings and administrative information across microsoft 365 services but cannot make management actions so a global reader is essentially a read-only counterpart to the global administrator and that's exactly what our question is also demanding so the correct answer is global reader before i move to the next question here is a quick thanks to one of my viewers bala murugan who suggested to have less number of questions on each slide for a better viewing experience of videos on mobiles and tabs now let's check out our question number 22. the question says that your company's website is hosted on two different ip addresses the website requires two different a's record one for each ip address which record map should you use as you can see here we have one website called www and here we can see it has two different ip addresses and now you have to choose the record map and your options are cname aaa or soe and the correct answer for this question is aaa so aaa record maps an ip address to a domain and when we have multiple ip addresses then it is known as a record set and this is the microsoft documentation where you can read more about record maps that are available in microsoft azure it starts with overview of dns zones and records and if you will scroll down a little you can find a little case study and as i was mentioning about record sets so sometimes you need to create more than one dns record with the given name and type for example suppose that you have www.contoso.com website is hosted on two different ip addresses the website requires two different a records one for each ip address and they have also given a similar example that i gave so based on that documentation reference from microsoft we can be sure that our answer is correct moving ahead with question number 23 it says that in your azure subscription you have several hundred virtual machine you need to identify which virtual machines are under utilized what should you use and your options are as your advisor as your monitor and azure policies and the correct answer for this question is azure advisor so azure advisor can be used to quickly optimize the azure deployment it provides various dashboard to support cost reliability security and performance so in case you have any underutilized virtual machine you will see that in recommendations in the azure advisor section and this is a good page to start working on azure advisor if you scroll a little bit more then you can see what azure advisor can offer you for example it says advisor provides relevant best practices to help you improve reliability security and performance achieve operational excellence and reduce cost not only that you can also read here that advisor is designed to help you save time on cloud optimization and you can see the recommendation services included suggested action you can take right away postpone or dismiss so there is lot what you can do with azure advisor and it's an important azure service and lot of questions come from this service moving on with our question number 24 the question says that you have a production azure active directory azure ad tenant name contoso.com you deploy a development as your active directory tenant and then you create several custom administrative roles in the development tenant you need to copy the roles to the production tenant what should you do first so your options are from the development tenant export the custom roles to json or from the production tenant create a new custom role or the third option is from the development tenant perform a backup and the last one is from the production tenant create an administrative unit and the correct answer for this question is from the development tenant export the custom roles to json it's important to highlight that creating custom roles in azure can be really complex due to thousands of permission that might be included so custom roles can be exported as json and then imported into a new custom role the first step is to export the roles to a json format a json file can be imported into another tenant containing all the details in custom roles if you want to read more on custom roles or the other things like exporting the roles into a json format maybe using powershell or cli then this is the microsoft page for you and on this page you can read the steps to create custom roles then if you scroll down more you have how to determine the permissions you need following that you can also read about custom role example they have also given the example of the custom roles and below that they have also shown the process what you can use to create custom roles using powershell so here if you come you have this azure powershell that you can use for creating custom roles and then you also have a section which describes how to do it using cli then we also have rest api so there are different ways to deal with this custom roles so a good page to learn more about custom roles and how you can export json file and import the json file into another tenants before moving ahead i just wanted to say that friends if you are liking my efforts that goes in finding proper microsoft documentation to justify each answer and giving you explanation for each question then do encourage me by liking the videos and subscribing to the channel your each like will ensure that the videos are reaching to the greater audience your comments and feedbacks are very valuable for me and i make sure to read each one of them and answer them as well keep supporting me and i shall bring the very best of the content now let's quickly jump to the question number 25. the question says that you have an azure virtual machine named vm1 that runs on windows server 2019 you save vm1 as a template named template 1 to the azure resource manager library you plan to deploy a virtual machine named vm2 from template 1. what can you configure during the deployment of vm2 your options are operating system administrative username virtual machine size or resource group so basically question is asking you whenever you are deploying a virtual machine from a template then what are the configurable parameters now what better way to do it practically so let's jump to the azure portal so this is the microsoft side where you can get already existing template and which you can use to create your own virtual machine and now here you can click on this button which says deploy to azure if you click on this it will directly take you to the azure portal and once you are here you can see that it's ready for the deployment in here you can see there are a lot of information which is already filled however you still have to give some of the information for example you still have to give the resource group you still have to give the admin username and admin password and this clearly means that resource group username and password are configurable parameters now based on that practical implementation in azure portal i have chosen two options that are administrative username and resource group so these are two options which you have to configure whenever you are deploying a virtual machine through a template now let's move on to the question number 26. the question says that when assigning private ipv4 addresses in a subnet with address range 10.3.0.0.16 which of the following addresses are available for assignment dynamically so your options are 10.3.0.2 or 10.3.0.1 or the third option is 10.3.255.255. and the fourth one is 10.3.255.254. so you have to tell if you have this ip address range which of the ip addresses are available for you for assignment before answering this question let's understand what is a cidr now as you can see here that cidr stands for classless internet domain routing so a c idr looks like a normal ip address except it ends with the slash followed by a number you can also see it here that we have an ip address and there is a slash and then there is a number following the slash and the number that follows the slash represents the number of addresses in the ip range now it's very important for you to understand that azure actually reserves the first four addresses in each ip address range so these addresses cannot be assigned to any resource so for example we have this ib address here which is 10.3.0.0 starting 10.3.0.0 and then we have 10.3.0.1 then we have 10.3 0.2 and then 10.30.3 so these four ip address you as a user cannot use because these are reserved by azure not only this there is one more ip which is always reserved by azure as a subnet broadcast address so for example in this ip range the last one would be 10.3.2.5.2.55 so that ip address also cannot be consumed by the user because that's reserved by azure as a broadcast address does the correct answer for this question is option d 10.3.25 and as i explained that option a that is 10.3.0.2 and option b 10.3.0.1 they both are reserved by azure so you cannot use it similarly 10.3.255.255 is reserved as a broadcast address so always keep that in mind that five addresses are always reserved by azure if you want to learn more about this cidr notation then this is the microsoft documentation so here it says that understanding cid and notation when designing azure virtual network and subnets the links for all microsoft documentation that i'm using in this video is available in the description box friends this cidr notation block is very interesting topic and lot of microsoft questions also come from this area in fact it's a very practical thing and you would need it whenever you are working with azure virtual machines or azure networks subnetting so it's a very important topic so if you have any questions do ask me in the comment section below and i will happy to answer that so now let's quickly move to the question number 27 the question says that your company wants to have some post deployment configuration and automation tasks on azure virtual machines and the solution given is as an administrator you suggested to use arm templates does this meet the goal now before answering this question let's first understand a little bit more about arm templates so arm templates are a form of infrastructure as a code and you can use arm templates to define the infrastructure that needs to be deployed so these arm templates are javascript object notation or better known as json files and i have put a link in the description box that you can use to learn more about arm template it is surely an important concept so do check out that link to discover more about arm templates coming back to the question you understood that arm templates are primarily related to infrastructure as a code however they have nothing to do with post deployment configuration or automation of tasks on azure virtual machine and that's the reason the correct answer for this question is no so what is that azure service that you can use for post deployment configuration and automation of tasks on azure virtual machine let's find out in the next question our question number 28 is exactly the same as question number 27 however the solution given here is a little different here the solution says that as an administrator you suggested to use virtual machine extensions does this meet the goal now let's understand what is a virtual machine extension so here i am on the microsoft documentation that talks more about virtual machine extensions and features for windows and here you can read that azure virtual machine extensions are small application that provide post deployment configuration and automation tasks on azure virtual machines i am sure that you are already relating these lines with that of question moving ahead it says that for example if you have a azure virtual machine that requires software installation anti-virus protection or the ability to run a script inside it you can use virtual machine extension it's important that you also note that you can run azure virtual machine extension by using azure cli powershell azure arm templates and azure portal one more good reason to learn more about templates so as we understood from the microsoft documentation that azure virtual machine extension are small application that helps in post deployment configuration and automation tasks on azure virtual machine and that's the reason the correct answer for this question is yes our next interesting question is question number 29 the question says that you have an azure web app named app1 app1 has a deployment slots shown in the following table so you have two deployment slots here one is for production and another one is for staging and name of the deployment slots is web app prod and web app test moving ahead the question says that in web app test you test several changes to app one you backup app one and then you swipe web app one test for web app one prod and discover that app one is experiencing performance issues you need to revert to the previous version of app one as quickly as possible what should you do your options are redeploy app one swipe the slots clone app one or restore backup of app one the correct answer for this question is swap the slots so what happens is that when you swap the deployment slots azure swaps the virtual ip addresses of source and destination slots and thereby swiping the urls of the slots as well so we can easily reword the deployment by swapping the slots it's a very important and efficient way of rolling back your deployments and this is the microsoft site where you can read extensively on slots so if you scroll down a little you can find topics like how to add a slot it also shows you what happens during the swap so do read out this section and then the other interesting section is this one swap two slots so entire page is a very good read and i would recommend strongly to you to come on this page and understand more about deployment slots now quickly jumping to question number 30 which is our last question for part 4 of our az104 real exam question and answer exam series now let's read out the question the question says that you have an azure subscription named subscription 1 that is used by several departments at your company subscription 1 contains resources in the following table so you have resources here the names are given the names are storage one rg1 container one and share one and you can see exactly what these resources are on the right hand side of the tables so storage one is of course storage account then we have rg1 which is a resource group container one is a blob and share one is a file share further ahead the question says that another administrator deploys an azure virtual machine named vm1 and an azure storage account named storage2 by using a single azure resource manager template you need to view the template used for deployment so from which blade can you view the template that was used for deployment your options are vm1 rg1 storage one or container one now before straightaway jumping to the answer let's first understand what are the vital parts of this question the question says that another administrator has deployed two azure resources one is azure virtual machine and the other one is azure storage account and you want to see the template used for deployment for both of these azure resources virtual machine and azure storage as well so on what level you will go to see the templates for the deployment and the correct answer for this question is rg1 which essentially is a resource group you cannot go to vm1 because it won't show the template for azure storage account and similarly you cannot go to the storage or container because it won't show the deployment for the other resources now let me take you to the azure portal so now i am in the azure portal and as you can see i have one resource group which is called the tech blackboard and now i am inside the tech blackboard resource group and you can see that if you have any deployment inside this resource group be it a virtual machine or azure storage account then all the deployments will be available inside this resource group so you can see here deployments so if you have a successful deployment then it will be shown here and if you want to read more about deployments and a step-by-step guide then you can come on to this page which says create and deploy arm templates by using azure portal so all the steps around deployments and how to do that in azure portal are given on this page and as you can see here if you scroll down a little more and as i told you all the deployment inside your resource group will be available in the deployment section you will find the link for this page in the description box i hope you like these 10 interesting questions in part 4. earlier in this series we have already covered 30 very important questions with their answers these 30 questions were covered in part 2 part 3 and part 4 with each part containing 10 questions each in addition to this in part 1 we covered some very important topics around easy104 which you must know before attempting az104 exam certification so if you have missed watching any of these parts then do check them out so that you don't miss any important questions or concept on az104 the links for all the earlier parts are available in the description box if you are liking my videos then please press that like button as it motivates me and help my videos to reach to a larger audience do not miss to subscribe and share the channel as well so let's begin our part 5 with very interesting question 31 the question says that you have an azure subscription named subscription one that contains the resources shown in the following table now here you can see we have name of the resource we have type of the resource then we have region and then we have resource group what we have is we have one resource group called rg1 then again we have one more resource group rg2 and then we have a world one which is recovery service world moving ahead the question says that you create virtual machines in subscription one as shown in the following table so you can see here we have lot of virtual machines three of them are windows server base and the last three one are ubuntu based and you can see that all the virtual machines are distributed across these two resource group rg1 and rg2 and they are also spread across the regions west europe and north europe now let's move ahead to see what the question is really asking the question asks you that you plan to use world one for the backup of as many virtual machines as possible which virtual machines can be backed up to vault one your options are vm1 only vm3 and vmc vm1 vm2 vm3 vmware vmb or vmc then we have vm1 vm3 vma and vmc only and the last one is vm1 and vm3 only so which one of these combination of virtual machines do you think can be backed up in vault one before even answering the question let's first understand what is a recovery service world so this is the microsoft site that gives a overview on recovery services world you can read here that this article describes the features of a recovery service board a recovery service what is a storage entity in azure that houses data the data is typically copies of data or configuration information for virtual machines workloads servers and workstations you can use recovery service world to hold backup for data for various azure services like iis virtual machines linux or windows and azure sql databases so one point is already clear that we can use azure recovery service worlds for both linux and windows machine now that from the microsoft documentation it's already clear that both windows or linux based machines can be backed up using azure recovery services board so what is the correct answer the correct answer for this question is vm 1 3 a and c now let's understand why this is the correct answer so you can see here that vm1 vm 3 vma and vmc all of these virtual machines reside in west europe so we have vm1 west europe three also in west europe a also in west europe and then similarly c is also in west york so what does that mean that implies that when you have to take a backup using azure recovery services world both azure recovery service board and the virtual machines should always be in the same azure region and we saw that azure recovery service world is also in west europe and our virtual machines those who reside in west europe only those can be backed up using this azure service and that's the reason that we have chosen vm1 3 a and c moving ahead we have question number 32 the question says that you have an azure kubernetes service aks cluster name aks1 you need to configure cluster name auto scaler for aks1 which two tools should you use each correct answer presents a complete solution so it's very important that you understand that you have to choose two tools because only then it will make a complete solution your options are the cube ctl command az aks command set azvm cm delete azure portal or the last option is set ac aks cmdlet it's very important that you are noting in the question itself that we are talking about the auto scale in eks which essentially means that we are talking about nodes that's the reason the correct answer for this question is option b the az aks command and the azure portal reason being that you use az aks command for the auto scaling of the nodes and then you use azure portal to scale out the nodes in order to make this more clearer i have put across the details of all the commands that are listed here so let's read out each command so cubectl command is used for configuring kubernetes and not aks cluster and that's the reason we have not chosen this one moving ahead we have the az aks command is used for aks cluster configuration that's why this is one of the chosen option moving ahead the set ac vmc delete and that is used for the vms so we are not talking about vms here we are talking about the azure kubernetes services then the last command that we have is set az aks that creates or updates an aks cluster and the correct same delete is set az eks cluster now i hope that all these one liners on each of these commands will surely help you understand these commands better there is lot of great microsoft documentation available on each command but in case you still have any confusion on any of these commands do let me know in the comment section now let's move ahead with question number 33 the question says that you have an azure subscription named subscription one subscription one contains a resource group named rg1 now rg1 contains resources that were deployed using templates you need to view the date and time when the resources were created in rg1 and the solution given here is that from subscription blade you select subscription and then click on resource provider does this meet the goal the correct answer for this question is no this is not the valid option to see the date and time of the resources that were created in rj1 so what is the correct option let's check out the other variations of the same questions to find out the correct answer the other two variations are presented in question number 34 and question number 35. both the question 34 and 35 are exactly same as question number 33 however the solution given are different in question number 34 the solution is that from rg1 blade you click automation script does this meet the goal or in the question number 35 we have from the rg1 blade euclid deployments does this meet the goal so which one amongst all these three solution given here is a correct solution let's go to the microsoft site to find out the correct answer so here is the microsoft site which talks about create and deploy your first arm template and if you remember the question we deployed the resources using the template so you can read this page in detail however the section i want to bring your notice to is first this one that how you can create your first template but this is not where our answer is so we will scroll down a little more and then we come to a section which calls verify deployment and in the verified deployment you can see that you need to go to the azure portal and from the azure portal you have to go to the resource groups it's very important that you're noting that we are now in resource group so in the resource group you can see the default name of the resource group is my resource group which is shown here and then in the fourth step it says notice in the upper right corner of the overview the status of deployment is displayed which is here so you can see here we have deployments and we can also see one succeeded deployment and if you will click this deployment then you will be shown all the details related to this deployment the name of the deployment the status whether it succeeded or not last modified details and duration and the related events so the ask of the question was that we want to see date and time of deployment of all the resources using this template and you can see we have last modified details which shows all the date and time that we needed in our question as well and from that understanding from microsoft documentation we can easily say the correct answer for this question is the solution given in question number 35 which is from the rg1 blade you select deployments thus obviously the correct answer for question number 34 is no before moving ahead i just wanted to say that friends it takes considerable amount of time and effort to find microsoft documentation to justify each answer and give you an explanation for each question in our exam series please take a moment to like the video and subscribe to the channel your each like encourage me and ensures that the video is reaching to a greater audience do share the videos with everyone having interest in learning azure cloud technologies your comments and feedbacks give me a chance to understand what you want to see on this channel and help me improve my content i always make sure to read each of your comment and reply to them so keep supporting me and i promise to bring the content that helps you grow in your career now let's begin with question number 36 the question says that you need to deploy an azure virtual machine scale set that contains five instances as quickly as possible what should you do and your options are deploy five virtual machines modify the availability zone setting for each virtual machine the other option is deploy 5 virtual machine modify the size setting for each virtual machine or deploy one virtual machine scale set that is set to vm virtual machine orchestration mode and the last one is deploy one virtual machine skill set that is set to scale set vm orchestration mode the correct answer for this question is option d now let's understand why i chose option d as a correct answer so if you look at the question it says that you have to deploy 5 virtual machine as quickly as possible so what do you do so whenever you have to do it as quickly as possible the best option is let azure to do it because letting azure create virtual machine is much faster than doing it manually so the best option for azure to do this is either by arm template which of course is not a choice here or the other option could be virtual machine scale set now with this we can easily rule out option a and option d and then we are only left out with option c and option d now if you look at option c then in option c you can see it's like a it's like an unmanaged skill set where you will be adding manually the virtual machine to the scale set and this manual intuition makes this option slower but we want to do it as quickly as possible and that brings us to the option d which is a skill set which will be managed by azure or you can say option d is a managed skill set by azure where it is based on configuration set during the setup of virtual machine scale set and that's the reason behind choosing option d here now let's move to the question number 37 the question says that you plan to create azure web apps shown in the following table here you can see we have names of the web app we have web app one two three and four and then we have run time stack for each web app we have dotnet code 3.0 we have asp.net version 4.7 then we have php 7.3 and then we have ruby 2.6 the question says that what is the minimum number of app service plans you should create for the web apps and your options are 1 two three and four and the correct answer for this question is two so you have to create minimum of two app services now let's understand why i chose two as a correct option here so if you look at the runtime stack very carefully you will realize that dotnet core version 3.0 it can both run on windows and on linux then we have asp.net 4.7 which can also run both on windows and on linux php can also run both on windows and on linux and then we have ruby 2.6 which can only run on linux so if you read about app service plan you will know that you will always need a different app service plan for our operating system you cannot use same app service plan to run both windows and linux so at the minimum we would at least need one app service plan for the window based web apps and one app service plan for the linux based web apps and that's the reason i chose minimum number of app service is needed to here our next question question number 38 says that your company wants to share json file stored in a container inside a storage account so here you can see we have a storage account which is named as monthly reports then we have a container which is named as april2022 and then we have a file which is stored in this container and the file name is employeedata.json and you can see it here as well we have a storage we have a container and then we have a json file now the question says that what is the correct url of the file called employee data.json so here you can see the different options or the different urls given for the employeedata.json you have to tell which is the correct url to access this file now before answering this question let's understand the correct hierarchy and how the urls are built when we are talking about the azure storage account so here i am on the microsoft documentation that gives you introduction about azure blob storage and if you will scroll down a little on this page you can see a hierarchy given here so first of all you can see we have storage account on the top then we have container and then we have blob a blob is nothing but the file itself for example we can see here the image.jpg and the movie dot avi in our case it's a json file now a very important thing that you should note about storage account is that whatever is your storage account name so for example let's say your storage account name is my storage account then the url for the storage account will always be my storage account dot blog dot core dot windows dot net so microsoft will always suffix blob dot code.windows.net with your storage account name so this is a very important point whenever you are working with storage account and keep this hierarchy in mind when we go back to our ppt first we have account then we have container and then we have blob coming back to our presentation now we know that first of all in the url we should have storage account which should be followed by container name and then comes the file name and keeping this hierarchy in mind the correct answer for this question is option p so here you can see we have first of all the name of our storage account which is monthly reports and then it is followed by blob dot core.windows.net as we saw in the microsoft documentation as well then we have slash april2022 which is nothing but our container and followed by we have our file name which is employeedata.json and that's the reason for choosing b as a correct option now let's quickly jump to the question number 39 which looks very similar to our previous question number 38 however this is a little different so pay attention so here in this question it says that your company wants to share the json file stored in a container inside a storage account and as previously you can see that we have one storage account then we have a container inside this storage account and lastly we have a file which is called employeedata.json now the question asked that the company wants to give access to this file to the users in the previous question we were talking about the url however this time we are talking about the access of the file further it says that however the access to the azure storage file employeedata.json should only be provided for three days what should you choose your options are access to storage account access key shared access signature or ses or the last option is azure keyboard and the correct answer for this question is shared access signature now let's go to the microsoft documentation to validate our answer so this is the microsoft documentation titled as grant limited access to azure storage resources using shared access signature and in the very first paragraph you can read that a shared access signature provides secure delegated access to resources in your storage account with a ccs you have granule control over how a client can access your data for example what resources the client may access what permission they have to those resources and how long the sas is valid and this third option is exactly what we are looking for in our question also if you remember correctly it asked that you only want to give the access for the employeedata.json for only three days and that's what this option relates to how long the sas is valid so you have full control over how long this shared access signature or sas is valid so as our question asks you can set number of days for which this sas should be valid it could be one day it could be two days more days less days or it could be number of hours as well and thus shared access signature fits this business case very well and that brings us to the question number 40 which is our last question for part 5 of our az104 real exam question and answer exam series so let's read the question the question says that you have a general purpose v1 azure storage account named as storage1 that uses locally redundant storage or lrs you need to ensure that the data in storage account is protected if a zone fails the solution must minimize cost and administrative effort what should you do first so your options are create a new storage account configure object replication rules upgrade the account to general purpose v2 or upgrade the account to premium block blob 1 or upgrade the account to premium file shares so what is the correct answer to find out the correct answer this is the microsoft documentation that talks more about azure storage redundancy you can read quite a lot on storage redundancy on this page but you have to scroll down quite a little towards the bottom of the page and then finally you will arrive at the section which talks more about supported storage account types if you remember the question correctly it said that data should be protected in the storage account even if the zone fails so at the minimum we need zrs which is zone redundant storage because we want to protect the data against zonal failures so that's why the minimum redundancy need is zrs and you can clearly see that the zrs is in general purpose v2 or version 2. and with that understanding from microsoft documentation it's easy to answer this question so the correct answer for this question is upgrade the account to the general purpose version 2. i hope you like this set of very latest 10 questions in part 5. hello and welcome back to the tech blackboard this is our part 6 and today i have got 15 very exciting questions in our az104 real exam question and answer series we have already covered 40 questions and if you have missed watching any of these parts then you will find the links for all of these parts in the description box let's begin our part 6 with some interesting questions on azure kubernetes the question number 41 says that you deploy an azure kubernetes service cluster named aks1 you need to deploy a yaml file to aks1 the solution given here is that from azure cli you run azaks does this meet the goal to make you better prepared for the examination here i present two more variation of the same question the other two variations have exactly the same question however the solution is different in question number 42 it says that from azure cli you run easy copy and then question 43 says that from azure cli you run cube ctl client so out of these three options which one do you think is the correct solution to deploy a yaml file to the azure kubernetes service to find out the correct answer here i am on the microsoft documentation that talks more about how to deploy an azure kubernetes service cluster using azure cli it's a kind of voting application deployed on azure kubernetes all the steps are given here the prerequisites are also listed you can go step by step and find out more details on it so first of all you see that you have to create a resource group and then you have a azure kubernetes cluster creation and after that how to connect to the cluster that is also given here if you scroll down a little more then you will reach to a section which says run the application so all the steps to run the application are also given here so first step if you will see is create a file name azure vote.yaml and if you remember the question correctly this is what our question is also asking that you have to deploy a yaml file in azure kubernetes cluster so let's see what are the further steps so you can see that you have the second step as copy the following yaml so you can use this yaml file to practice on this application and then in the third step we will find our answer it says that deploy the application using cube ctl apply command and specify the name of the yaml manifest and you can see here that we are using cube ctl apply slash f and then you give the name of the yaml file so this is the correct way of deploying the yaml manifest file on azure kubernetes cluster so as we saw on the microsoft documentation the correct answer for this business case is presented in question number 43 and that is from azure cli you run the cube ctl client so that's a yes for question number 43 and then of course the other two questions are no i will give the link for that microsoft documentation in the description box it's a very interesting application and you must try before you get started on azure kubernetes service now let's talk about alerts and logging in azure and the same is presented in the question number 44 and question number 45. let's read the question 44 the question says that you have an azure virtual machine named vm1 that runs on windows server 2016. you need to create an alert in azure when more than two error events are locked to the system event log on virtual machine within an hour the solution given here is that you create an azure storage account and configured shared access signatures you install the microsoft monitoring agent on pm1 and then you create an alert in azure monitor and specify the storage as the source does this meet the goal now question number 45 is also exactly the same however the solution presented is a little different this one says that you create an azure log analytic workspace and configure the data setting you install the microsoft monitoring agent on vm1 then you create an alert in azure monitor and specify log analytic workspace as the source so does this beat the goal i have a third variation also for the same question that i will present later in this video it's very important that you carefully examine all these variations guys because you never know what variation will come in your exam so please pay careful attention whenever i'm presenting variations of the same question okay so the crux of the question is that you need to create alerts for the events that are locked in the system events of a virtual machine at regular intervals so do you think that azure account which is configured with shared access signature is the solution for this or do you think log analytic workspace is a better solution so this is the microsoft documentation which gives you an overview of azure monitor agents you can read more about azure monitor agents on this page however the section i want you to pay attention is this one which says log analytics agent and if you read through it says that legacy log analytic agent collects monitoring data from the guest operating system and workloads of virtual machine in azure other cloud providers and on premises machines so i hope that you can already relate the line workload of virtual machine in azure as this is the same what our question is also asking so going by the microsoft documentation we can now easily see the correct answer or the correct way of logging the events from the event log of a virtual machine is log analytic workspace and that's why the answer for the question number 44 is no however the answer for the question number 45 is yes now let's move to the question number 46 the question says that you have an azure subscription that contains a user named user1 you need to ensure that user 1 can deploy virtual machines and manage virtual networks the solution must use the principle of least privilege which role based access control or back role should you assign to user 1 and your options are owner virtual machine contributor contributor and virtual machine administrator login now two important things here that the user must be able to deploy virtual machines and he should also be able to manage virtual network and the second important thing is that whatever role you assign to the user one must use the principle of least privilege what that means is that the user should only be able to deploy virtual machine and manage virtual network he should not get any access more than needed to do this job so now let's understand the rpec roles listed here on the microsoft documentation and then we will come back to find out the correct answer so this is the microsoft documentation that talks more about azure building rules all the rbac roles in azure are listed here and you can see in this table we have all the accesses listed here so we have contributor we have owner we have reader and lot many more so let's understand the owner our back role so you can see the owner grants full access to manage all resources including the ability to assign role in azure are back so this could be one of the potential answer however if you remember we have to work on the principle of least privilege so owner is not the correct answer for this question then the second outback rule that was listed in the question was virtual machine contributor you can read it out that it create manage virtual machines manage this install and run software reset password of root user to the virtual machine using vm extension and manage local user account using vm extension however the only problem with this on our back rule is that this role does not grant you management access to virtual network and that was one of the ask in our question so we can easily eliminate this our back rule as well now let's look at the other our back role which was given and that was virtual machine administrator login so you can see that it enables you to view virtual machine in portal and login as administrator but this is also not a valid option so the only option that we are left with is contributor so the contributor lets you grant full access to manage all resources but it does not allow you to assign roles in azure are back however this is also not the ask of the question so we can ignore this part and then it lets you manage assignments in azure blueprints or share image galleries so contributor is the most suitable our back role that we need to fulfill this business case and thus as we read on the microsoft documentation the correct answer for this question is contributor because it fulfills all the requirement of the question it lets you deploy virtual machine it also lets you manage virtual network and it also adhere to the principle of least privilege i hope you understood the logic behind choosing the contributor before moving ahead i just wanted to say that friends it takes considerable amount of time and effort to find microsoft documentation to justify each answer and give you an explanation for each question in our exam series please take a moment to like the video and subscribe to the channel your each like encourage me and ensures that the video is reaching to a greater audience do share the videos with everyone having interest in learning azure cloud technologies your comments and feedbacks give me a chance to understand what you want to see on this channel and help me improve my content i always make sure to read each of your comment and reply to them so keep supporting me and i promise to bring the content that helps you grow in your career moving on with question number 47 which says that which two of the following are elements of template schema and your options are includes parameters scripts and outputs so this is the microsoft documentation and it makes you understand the structure and syntax of arm templates just a little scroll and then you can reach to the template format and here in this section you can see all the elements of a json file and if you will see here we have schema we have api profile then we have parameters variables functions resources and output here you can see that parameters and outputs are the two options that were also listed in our question so the correct answer for this question based on microsoft documentation is option b parameters and option d outputs our question number 48 says that working on modernization your company wants to move all services to azure kubernetes service which two of the following components contribute to the monthly azure charge and your options are master node or deployed mod networking resources or per node vm so what you need to tell is that out of these options which of the two will actually contribute to the monthly azure charge now it's important to understand with kubernetes service your organization only pay for the virtual machine instance storage and networking resource consumed by the cluster and based on that understanding we can easily answer this question and the correct answer is networking resources and per node vm now let's move to the question number 49 it says that you have an azure subscription named subscription one that contains an azure virtual machine named vm1 now vm1 is in a resource group named rg1 vm1 runs services that will be used to deploy resources to rg1 so you need to ensure that a service running on vm1 can manage resources in rg1 by using identity of vm1 what should you do first your options are from the azure portal modify the manage identity settings of vm1 or from the azure portal modify access control iam settings for rg1 the third option is from the azure portal modify the access control settings of vm1 and the fourth option is from the azure portal modify the policies setting of rg1 and the correct answer for this question is option a from the azure portal modify managed identity settings of vm1 to help you understand better manage identities for azure resources provides azure services with an automatically managed identity in azure active directory and you can use this identity to authenticate any service that supports azure id authentication without having any credentials in your code or you can also enable or disable system assigned manage identity for vm using azure portal and that's the reason why we have chosen option a as a correct answer to this question now let's move to the question number 50 which is a yes no kind of a question so for all the statements here you have to choose yes or no now all these statements are related to the azure import service you can see all these four statements all are related to azure import service so let me first take you to the microsoft documentation from where i will gather the answer for all these statements so this is the microsoft documentation that talks more about azure import export system requirements it also gives you the supported operating system and then if you will scroll down a little then this is the section where i want your focus to be on so this is the small table that gives the information about supported storage types so what i will do is i will capture the table this table here and we'll take it to the presentation and then we will answer our statements so now we are back in our presentation and i have captured that small table from the microsoft documentation and now let's read the first statement the first statement says that azure blob storage is supported with azure import service you can see here that we have azure blob storage here and it is supported in the import service so the correct answer for the first statement is yes then we have second statement which says azure data lake is supported with azure import service and you can see here that we do not have azure data lake mentioned here so the correct answer for the second statement is no moving on with the third statement we have azure file storage is supported with azure import service and you can very well see here we does have azure file storage and it is supported in azure import service so the correct answer for third statement is yes as well then moving towards the fourth statement it says that azure sql database is supported with azure import service however we can see that azure sql database is not listed here does the correct answer for this statement is no coming to question number 51 which again is a yes no kind of question and in the question number 50 the last question we discussed about azure import service and in this question we are going to discuss about azure export service now as we did in the question number 50 here i have pasted the documentation from microsoft to better facilitate the answers so let's read the first statement it says that azure blob storage is supported with azure export service and we can see here that yes azure blob storage is definitely supported in export service thus the correct answer for this statement is yes then moving on we have second statement which says azure data lake is supported with azure export service and we can very well see here we don't have azure data lake in export service so the correct answer for this statement is no then we have third statement which says azure file storage is supported with azure export service and we can very well see in this table we don't have azure file storage here in the supported service however if we check out this not supported part we can very well read that azure files not supported and thus the correct answer for the third statement is no moving on with the fourth one it says that azure sql database is supported with azure export service and definitely as we do not see azure sql database here with the export part then the correct answer for the for statement is no again now let's read the question number 52 the question says that you have an azure virtual machine named vm1 that runs windows server 2016. you need to create an alert in azure when more than two error events are logged to the system event log on virtual machine one within nr and the solution given here is that you use azure advisor to collect the error events on virtual machine does this meet the goal now just a while back in the question number 44 and question number 45 we discussed exactly the same question with other two variations of the solution and in the question number 45 i told you that azure log analytic agent is the correct option in these kind of business cases because it helps you collect monitoring data from the guest operating system and workloads of virtual machines in azure in fact you can use azure log analytic agent to collect monitoring data from other cloud providers as well not only that you can use it to collect the monitoring data from on premises as well does the correct answer for this question is no now let's read out our question number 53 the question says that you have an azure subscription named subscription one now subscription one contains resource group named rg1 and rg1 contains resources that were deployed by using templates you need to view the date and time when resources were created in rg1 the solution given here is that from the subscription blade you select the subscription and then click programmatic deployment does this meet the goal now friends in earlier part part 5 in question number 33 34 and 35 i presented three more variations of the same question and in question number 35 i explained that the correct way to view the date and time of the resources when they were created in a resource group is through the resource group blade so you need to go to the resource group blade and then you have to click deployments and then in the deployments you can see the history of date and time of the resources when they were created in any resource group and that's the correct way of doing it so if you want more understanding with correct microsoft documentation then please check out question number 33 34 and 35 of part 5 in our az104 exam series for now i can tell you that subscription blade is not the correct way of seeing the date and time of the resources deployed in any resource group thus the correct answer for this question is no now let's check out our question number 54. the question says that your azure subscription contains an azure storage account you need to create an azure container instance named container 1 that will use a docker image named image 1. now image 1 contains a microsoft sql server instance that requires persistent storage you need to configure a storage service for container one what should you use your options are azure files as your blob storage as your queue storage or azure table storage and the correct answer for this question is azure files now let me take you to the microsoft documentation to validate this answer now here we are on the microsoft documentation with the title mount and azure file share in azure container instances and in the highlighted part here you can read that azure files offer fully managed file shares hosted in azure storage that are accessible via industry standard server message block smp protocol then further it says that using an azure file share with azure container instances provides file sharing features similar to an azure file share with azure virtual machines and with that documentation from microsoft we can be sure that our answer azure files is the best answer for this business case now let's quickly jump to the question number 55 which is our last question for this part 6 of our az104 real exam question and answer exam series and the question says that your company want to move an entire solution to azure due to the security constraints the company wants to restrict creation of all resources in a particular region which as your service can restrict resource creation to a specific region and your options are azure monitor azure availability zone azure policy or azure web apps now the actual requirement of this question is that you have to tell an azure service that will restrict the creation of any resource in a particular region so let's say you have a particular requirement may be due to the security reasons or government policies because of which you have to create all azure resources in a particular region you cannot move out of that region so what is one azure service that can restrict creation of all resources across your solution in just one particular region and the correct answer for this question is azure policy now let's go back to the microsoft documentation and understand why azure policy fits this question so here i am on the microsoft page that talks more about azure policy you can read more about azure policy the overview is also given here but if you will scroll down a little then you will reach to a section which talks more about azure policy object and then you have a section called policy definition and there is a sub section which talks about allowed locations you can see its deny and it says that restricts the available location for new resources its effect is used to enforce your jio compliance requirement and that's exactly the need of our question is basis on microsoft documentation we can be sure that azure policy is the correct azure service to restrict the resources in a particular region i hope you like these 15 questions that we covered in part six if you have more questions doubts feedbacks then do let me know in the comment section below so let's get up for another 15 very important questions in this part 7 of our az104 real exam question and answer exam series earlier in this series i have already covered 55 very important questions spanning in six parts that you don't want to miss and if you did for any reason then links for all these six parts are available in the description box i strongly recommend watching all these six parts because each question is important from the exam point of view now let's begin our part 7 with question number 56. the question says that you have an azure subscription named subscription one that contains a resource group named rg1 in rg1 you create an internal load balancer named lb1 and a public load balancer named lp2 you need to ensure that an administrator named admin 1 can change lb1 and lb2 the solution must follow the principle of least privilege which role should you assign to admin 1 for each task to answer select appropriate option in the answer area now here you can see that you are given two tasks the first task is to add back and pool to lb one and the other task is to add health probe to lp2 which is nothing but load balancer now out of these options given here you have to choose the most appropriate solution that also complies with the principle of least privilege and the correct answer for this question is network contributor for rg1 that goes for the first task and similarly network contributor on rg2 that also goes for the second task now let's understand the reasoning behind choosing both of these options and then i will take you to the microsoft documentation to understand little bit more about network contributor starting with our back-end pool so you need to have network contributor on load balancer and on the virtual machines that will be part of the backend pool for this reason network contributor role must be assigned on the resource group level where the load balancer and virtual machines resides and that's the reason behind choosing network contributor on rg1 or resource group one now coming to the reason behind choosing network contributor on rg2 for the task health pro so similar to the back end pool in health probe also without having access to rg1 no health probe can be added so please understand that if only the network contributor is on the load balancer then the user would not be able to access the ip addresses of the member pools and that's the reason why i have chosen network contributor on the resource group level now let's go to the microsoft site and learn little bit more about network contributor role so this is the microsoft site that talks more about azure building rules we also touched upon this site in our previous video as well so if you will scroll down a little then you will come across a role which is called network contributor and where is it i think i left it above ah here it is so you can read here that network contributor role lets you manage network without having access to them and that's exactly what our question is also asking so we need a role or we need to enable the admin one with a role that can manage the network it doesn't necessarily need to access them and that also fits in the principle of least privilege so hopefully from the microsoft documentation you understood the reason behind choosing network contributor on arch one and network contributor on rg2 for both these tasks respectively coming to question number 57 and it says you are currently using network security groups or nsg to control how your network traffic flows in and out of your virtual network subnets and network interfaces you want to customize how your nsg work for all incoming traffic you need to apply your security rules to both virtual machine and subnet level which of the following options will let you accomplish this choose to and your options are delete the default rules create the allow v-net inbound security rules for all new nsgs create rules for both nic and subnets with an allow action and the last one is add rules with a higher priority than the default rules now let's examine all the options one by one the first one says delete the default rule so in azure you cannot delete the default rules so this option is already ruled out now coming to the second one which talks about allow we net inbound security rule which again is a default rule in azure and you cannot create a already default rule i will show you that in the microsoft documentation in just a while so this option is also not correct then moving on we have third options which says create rules for both nic and subnet now this is a correct option because to apply security both on nic and subnet level you have to create rules with allow action on both these nic and subnet level so this is a correct option similarly we have add rules with higher priority than default rule and that also is a correct option so our two correct options are option c and option d now let's jump to the microsoft documentation and understand these rules a little bit more now this is the microsoft documentation which talks more about network security groups i will zoom it a little more so that we can read it in a better way now if you will scroll a little you will reach to a section which calls security rules and in this one we have a sub section called priority and if you will read out it says a number between 100 and 4096. rules are processed in the priority order with lower number process before higher number because the lower number have higher priority and that's the reason i said that you need to create a rule with a high priority number one more thing i wanted to show is that if you will scroll down a little bit more here you can see we have allow vnet inbound which is a default azure role so you cannot explicitly create this rule and that was microsoft documentation the reason behind choosing these two options as a correct answer to this question reading out our question number 58 it says you create an azure storage account named storage1 you plan to create a file share named data1 users need to map a drive to the data file share from home computers that run on windows 10 which outbound port should you open between home computers and the data file share and your options are 80 443 445 or 3389 and the correct answer for this question is 445 now just for your understanding here i have shared a little more detail on each port so you can see port 80 is a http based port and this is for web 443 is also used for the web however this is https which is a secured version of http protocol then we have 445 which is our correct answer as well and this is the port for smb protocol to share files then we have 3389 which is a remote desktop protocol or rdp always keep in mind that whenever the question is asking about file share or it is asking about map a drive and you always have to select the port 445 before moving ahead i just wanted to say that friends it takes considerable amount of time and effort to find microsoft documentation to justify each answer and give you an explanation for each question in our exam series please take a moment to like the video and subscribe to the channel your each like encourage me and ensures that the video is reaching to a greater audience do share the videos with everyone having interest in learning azure cloud technologies your comments and feedbacks give me a chance to understand what you want to see on this channel and help me improve my content i always make sure to read each of your comment and reply to them so keep supporting me and i promise to bring the content that helps you grow in your career coming to question number 59 and here we have that you have deployed an application named app one in azure app one is deployed on two azure virtual machines named vm1 and vm2 you plan to implement an azure availability set for app one the solution must ensure that app one is available during planned maintenance of the servers hosting vm1 and vm2 what should you include in the availability set and your options are single fault domain single update domain two fault domains or two update domains now few important points in the question is that we are talking about planned maintenance whenever the question asked about planned maintenance then you can only focus on update domain and not the fault domain so that's the point number one that you have to keep in mind secondly here we want that the app want to be available during the planned maintenance of the server hosting vm1 and vm ii then the at least or the minimum number of update main we would need is two and thus our correct answer is we need at least two update to make now do just tell you about for domain as well so fault domains come into the picture when we talk about unplanned maintenance or other unplanned issues or problems so far domain does limit the impact of potential physical hardware or network outages or other reasons like power interruptions or any similar thing however in this question we are talking about plant maintenance and thus it only relates to update domains now let's move to the question number 60 and it says that you have microsoft 360 tenant and an azure active directory tenant named contesso.com you plan to grant three users name user one user two user three access to a temporary microsoft sharepoint document library named library one you need to create groups for the users the solution must ensure that the groups are deleted automatically after 180 days which two groups should you create each correct answer presents a complete solution and the options given are a microsoft 365 group that uses assigned membership type or a security group that uses assigned member type or a microsoft 365 group that uses dynamic user membership type or the fourth option is a security group that uses dynamic user membership type and the last one is a security group that uses dynamic device membership type and the correct answer for this question is option a and option c for the simple reason that only office 365 groups support automatic deletion after 180 days if you want to read more about microsoft 365 group expiration policy then this is the microsoft documentation page i will share the link for this page and all the other documentation that i have referred in this video in the description box our question number 61 says that triggering a web hook at 5 am on monday is an example of which of the following is it a metric based rule or a app inside rule or is it a time based rule and the correct answer for this question is time based rule because time-based rules allow scaling based on time patterns coming to question number 62 which says that which of the following rule would you apply to the network security group for the network interface attached to web server for the incoming secure traffic choose the best possible answer and your options are an outbound rule allowing traffic on port 80 then the outbound rule allowing traffic on port 443 and inbound rule allowing traffic on port 443 or the last one is an inbound rule allowing traffic on port 80. important points to note here that we are talking about web server which means that we are talking about the web traffic and then the question also says that it's a incoming secure traffic so whenever we have web traffic it also means that we are talking about the http or https but now that the question says it's a secured traffic then we can be sure it's a https protocol and that's the reason that the correct answer for this question is option c inbound rule allowing traffic on port 443 have the question only be talking about web traffic and not the secure part of it then it could have also be a inbound rule allowing traffic on port 80 because port 80 is the port for http and the port 443 is a port for https now let's quickly jump to the question number 63 and this one says that you need to ensure that an azure active directory azure id user named admin 1 is assigned the required role to enable traffic analytics for azure subscription the solution given here is that you assign reader role at the subscription level to admin 1. does this meet the goal now before answering this question let's see the other two variations that you can expect in the microsoft exam so the other variations are presented in question number 64 and 65. the questions are exactly the same however the solution given is little different in question number 64 it says you assign owner role at subscription level to admin 1 and in 65 it says you assign network contributor role at subscription level to admin 1. now let's look each of the option one by one coming to the first one in 63 it says that the reader role at subscription level to admin 1. now i am sure that even if you know little bit about the roles you can already make out that with reader roles you cannot do much so with reader roles you cannot enable admin 1 to enable the traffic thus the correct answer for question number 63 is no then moving on we have owner role but in this case if we stick to the fact that in azure we normally work with the principle of least privilege then we do not want to give admin 1 an owner role just to enable traffic analytics and that's why i have chosen a no for question number 64 as well then moving on we have network contributor role and for this question the answer is yes because it's network contributor role that lets you manage traffic but it does not lets you access it so it correctly fits on the principle of least privilege as well moving on our question number 66 says that you have an azure subscription named subscription one you have five tb of data that you need to transfer to subscription one you plan to use an azure import export job what can you use as a destination of the imported data and your options are as your file storage and azure cosmos db database or azure data factory or is it azure sql database so this is the microsoft documentation that talks more about azure import and export system requirements and if you will scroll a little on this page you will reach to a section which talks more about the supported storage time and in this one you can see that whenever you have import or export then you can see that there is azure file storage which is supported whenever we have a import job and that's the reason that why azure file storage is a correct answer for question number 66 moving on with question number 67 and it says that you have an azure subscription named as one that contains resources as shown in the following table now you can see we have name of the resources here and then we have type of the resources here so starting on we have storage one which is a azure storage account then we have vnet1 which is a virtual network moving on we have vm1 which is a azure virtual machine and then we have vm1 managed which is a manage disk for vm1 and then we have world one which is a recovery service world for the site recovery of vm1 moving ahead the question says that you create a new azure subscription named s2 you need to identify which resources can be moved to s2 which resources should you identify and your options are vm1 storage 1 vnet1 and vm1 managed only or vm1 and vm1 managed only or should you select vm1 storage1 vnet1 vm1 managed and vault 1. and the last option is world one only now it's very important that you understand that moving a resource only moves into new subscription or new resource group it does not change the location of the resource and when it comes to movement of resources you can move literally all type of resources from one subscription to another subscription the only catch is region because let's say if the question asks you that they want to move resources from one region to another region then in that case things can differ so assuming that the question is asking that movement of resources is within the same region the correct answer for this question would be vm1 storage one we net one vm one managed and world one so literally all the resources that are presented in the question can be moved from subscription one to subscription two but in case the question would have asked you that movement of resource is from one region to another region then moving the recovery service words for azure backup across region is not supported so just keep that important tip in mind our question number 68 says that what does application gateway use to route request to a web server your options are the ip address of the web server that is the target of the request or the ip address and subnet of web server hosting the web application the other option is the host name port path in the url of the request or the last one is the user's authentication information and the correct answer for this question is the host name port and the path in the url of the request quickly moving with our question number 69 and it says that your company's azure subscription includes azure virtual machines that run on windows server 2016. one of the virtual machine is backed up every day using azure backup instant restore when the vm becomes infected with the data encrypted ransomware you are required to restore the virtual machine which of the following actions should you take and your options are you should restore the vm after deleting the infected vm or you should resort the vm to any virtual machine within the company's subscription the third option is you should restore the vm to a new azure vm or the fourth one is you should restore the vm to an on-premise windows device there is one more variation of the same question that i'm gonna present in the question number 70 which is the very next question but for now the correct answer for this question is that you should restore the virtual machine to a new azure virtual machine we are now at question number 70 which is the last question for our part 7 in our easy 104 real exam question and answer exam series and this question is similar to one that we saw in question number 69 however this has much more details so let's read out the question it says that you have an azure subscription named subscription one and the subscription one contains two azure virtual machine named vm1 and vm2 now vm1 and vm2 runs on windows server 2016 and vm1 is backed up daily by azure backup without using the azure backup agent moving on it says that vm1 is affected by ransomware that encrypts data you need to restore the latest backup of vm1 to which location can you restore the backup to answer select the appropriate option in the answer area now in the answer area you are given two major activities the first one is that you can perform a file recovery of vm1 and the second one is that you can restore vm to so you have to choose one of these option that will justify this activity now the correct answer for the first activity is vm1 and vm 2 only and the second activity the correct answer is vm1 or a new azure virtual machine only before jumping to the microsoft documentation let me give you my justification why i have chosen these two options so coming to the first activity see whenever we are talking about recovering of files then you cannot restore files to a previous version or like a future version of the operating system you have to restore files from virtual machine to the same server operating system or you can say compatible client operating system therefore vm1 and vm2 is the best answer since both the virtual machines are running on the windows server 2016. now coming to the restore of virtual machine so whenever restoring a virtual machine you cannot replace existing virtual machine for a encrypted option or encrypted virtual machine so this option is actually only supported for a unencrypted managed disk also as i just mentioned before that you can only restore files from a virtual machine to the same operating system or like a compatible operating system hence the best option is to restore the virtual machine to the same vm one or you can choose a new virtual machine only so that's the reason behind choosing this option now let me give you some references of microsoft documentation that you can read and detail understand how this restoration of virtual machines work so this is the microsoft documentation that talks how to restore azure virtual machine data in azure portal there is a lot of details on this website you can see we have restore options and the options are create new virtual machine restore disk replace existing and lot of other details are given on this page so i would strongly recommend that you come to this page and understand this restoration process in tt there is one more page that i would like to point out is this one and on this page they have listed an easy way to bring back your virtual machine within in place restore so very good read from a virtual machine restoration process i will leave all the links to all these documentation that i am using in this video in the description box i hope you enjoyed this set of 15 questions in part 7 as much as i did presenting it to you hello and welcome back to the tech blackboard in part a today we are going to cover 15 very important questions of our az104 real exam question and answer series we have already covered 70 very important and latest questions in seven parts if you have missed any of these parts then the link is now appearing in the i button on the top right corner and in the description box so let's begin our part 8 with question number 71 the question says that you have an azure subscription that contains the storage accounts shown in the following table as you can see here you have different storage account the names are listed here one two three four and then you have different type of storage account so for example storage one is storage version two then we have blob storage block block storage for storage three and then for storage four we have file storage and then the performance here is also given we have standard for the first one and the premium for the last one then further the question says that you plan to manage the data stored in accounts by using lifecycle management rules to which storage account can you apply lifecycle management rules and your options are storage one only storage one and storage two only storage three and storage four only storage one two and three only or storage one two three and four which means all of the storage listed above so let's check out the microsoft website and find out the answer so this is the microsoft website that talks more about optimized cost by automatically managing the data life cycle if you will scroll down towards the bottom of the page you will reach to a section which talks about yeah this one so you will reach a section which talks more about feature support and in this section you can see this table out here and you can see that we have storage account type then we have blob storage or the default support and here you can see that we have standard general purpose version 2 and premium blog blogs are supported when we are talking about lifecycle management however you can also note that there is no mention of file storage here in this table so let's go back to the presentation and find out the correct answers so back to the presentation and the correct answer for this question is option d storage one storage two storage three only so as we saw on the microsoft website all these type of storage are supported except for the file storage and that's the reasoning behind choosing the option d our question number 72 says that you have an azure dns zone named thetechblackboard.com you need to delegate a sub domain named research.thetechblackboard.com to a different dns server in azure what should you do should you create a named server record for the techblackboard.com zone or should you create a ptr record named research in the tech blackboard dot com zone or modify the soa record for the tech blackboard dot com or should you create a record named star.research in the techblackboard.com zone so what is the correct answer and the correct answer for this question is option a create a named server record for the techblackboard.com now let's validate our answer on the microsoft website so here i am on the microsoft website which gives the process of delegating an azure dns sub domain if you will scroll down a little here then you can reach to a section which says create a ns record and here you can see all the steps first of all it gives that navigate to a zone for the parent domain then you have to select plus record set at the top of the overview page the third step is on the add record set page type engineering in the name text box instead of engineering here in our example it would be research because our sub domain is research.thetechblackboard.com and the fourth step is for type select ns or name server so you can come on to this page i will provide the link of this page and all the other documentation that i'm using in this video in the description box so i hope that documentation from microsoft makes it clear the reasoning behind choosing the option a question number 73 says that the team of a delivery company is configuring a virtual machine skill set friday night is typically the busiest time conversely 8 am on tuesday is generally the quietest time which of the following virtual machine scale set feature should be configured to add more machines during that time and your options are auto scale metric based rules or schedule based rules now need of the question is that you need to configure a scale set virtual machine skill set based on a time so you can see that friday night is usually the busiest time on the other hand the atm on tuesdays is the quietest time so the traffic is low on tuesday morning so you need to configure a virtual machine scale set which complies to this time management and the correct answer for this question is schedule based rules because with schedule based rule administrators proactively schedule the scale set to deploy one or any number of additional instances of virtual machine this will accommodate a spike in demand and then scale back down when the spike ends and that's exactly what our question is also asking so our virtual machine skill set should be able to scale up if the demand goes up and should be able to scale down when the demand goes down and that's the reason why i have chosen schedule based rule as the answer for question number 73 our question number 74 says that you want to deploy 10 azure web apps using deployment template named template one from the following option choose the one as the first step before you deploy template one the solution must minimize azure cost what should you identify as the solution and your options are five azure application gateways one app service plan ten app service plans or one azure traffic manager or one azure application gateway and the correct answer for this question is one app service plan and the reason behind is that you need to create azure web app in the app service plan now multiple web apps can be deployed in a single app service plan so this option is the most cost effective option you could have chosen 10 app service plans but that doesn't make sense because you need not to spend more cost when you can achieve the same results from a single app service plan and of course all the other options like gateways or traffic manager they don't even remotely relate to web app or deployment so the best option looking at the cost effectiveness is one app service plan now let's move with question number 75 and the question says that in azure what is the starting point of controlling any resource is it resource group or is it subscription or is it tenant and the correct answer for this question is subscription see whenever you create a new login in the azure portal then the tenant gets created automatically however to create any resource in azure you must first have a subscription it could be pay as you go it could be free subscription but there has to be a subscription on the other hand resource group is just like a placeholder or you can say like a folder which helps you organize the resources or you can say the related resources together so the correct answer for this question is subscription moving on with our next question 76 and it says that the infrastructure team needs to install iis on the local host they do not want to use custom script extension which of the following could be used instead and your options are desired state configuration virtual machine extension or windows update and the correct answer for this question is option a desired state configuration so desired state configuration is the best option to install iis on the local host when you do not want to use custom script extension now let's check out question number 77 and that says that you need to deploy two azure virtual machines named vm1 and vm2 based on windows server 2016. the deployment must provide service level agreement or sla of 99.95 availability the solution given here is that you propose a solution to create a skill set for the requirement does this meet the goal before jumping to the answer let's see one more variation of the same question and this one is presented in question number 78 the question is exactly the same however in this 78th question the solution given is that you propose a solution to put virtual machine in a availability set now if you understand the question well then the need of the question is providing a service level agreement of 99.95 which is nothing but the uptime of the application or you can also say that the question is asking you to provide the availability of the application up to 99.95 percent so basically the ask of the question is that you have to ensure the availability of the application to a 99.95 percent it's not asking you to scale up or scale down the application based on the demand so that's not the ask of the question and that's why scale set is not a valid option because scale set comes into picture whenever you want to ensure that your application is scaling up or scaling down depending upon the hike in demand or decrease in demand and that's the reason the answer for the question number 77 is no on the other hand the answer for the question number 78 is yes because availability set is the correct option whenever you want to increase your availability or sla of any virtual machine quickly moving to question number 79 and it says that you have an azure subscription named subscription one that contains resources as shown in the following table you can see here we have number of resources the name of the resources are given here then we have type of the resources so we have resource group we have virtual network and we have virtual machine along with that we are also given with the location of the resources you can check out them here and then we have resource group if applicable moving ahead the question says that the vm1 connects to a virtual network named vnet2 by using a network interface named nik1 you need to create a new network interface named nik2 for virtual machine one the solution given here is that you create nik2 in rg2 and central us does this meet the goal now the most important thing in these kind of question is that you carefully observe the location of the resources for example in this question it says that you want to create a nik2 in rg2 where is rg2 the rg2 or the resource group 2 locates in west europe further the question also says that you are creating nik 2 for the virtual machine 1 and where is virtual machine 1 located the virtual machine 1 is located in west u.s now it's very important that you understand that both west europe and west us are two different regions so what is the correct answer which resource group should you install net nek2 so that this business case or this business requirement is fulfilled we will check that in the very next question question number 80 but for now the answer for question number 79 is no in continuation from the question number 79 we have the exactly same question however this time the solution given is a little different the solution in this question says that you create nick2 in rg1 and this us does this meet the goal as i told you in the last question as well that whenever you have these kind of questions always look at the location of the resources in this question it says we are installing or creating nik 2 in rg1 where is rg1 again rg1 is in east us and where is the virtual machine one virtual machine one is in west u.s so both the location east u.s and west us are located in the same region and that's very important the virtual machine you attach a network interface to and the virtual network you connect it to should always be in a same region and here east u.s and west u.s both are in a same azure region and that's why the correct answer for this question is yes now coming to question number 81 which is very interesting and equally important question so the question says that in an azure subscription you need to use azure resource manager arm template to create a virtual machine that will have multiple data test how should you complete the template so you can see a json template or the arm template is given here and i'm not very sure if you can read the small fonts in this json template however things will be better when i will take you to the microsoft site for now just bear with me so this is the arm template and you can see two dots here the first one here the number one marked in blue color and the second one in this orange color now you have to fill these placeholders with some values and those values are reflected in these two tables so the first one blue one is related to this first table and the second one you have to choose the correct answer from this orange table now let's go to the microsoft website where i will show you this template and then we will figure out the correct answer so this is the microsoft website that shows that um template if you scroll down a little here then you will reach to a section which says iteration of properties and here you are given with a json template which is essentially a arm template i will just zoom a little bit more here now hopefully you can read the template so in the question this was already given until here we were given the arm template and after that this section was missing so the correct answer for this missing part is copy moving ahead this part was also given along with this part and then the data disk was also given you have to fill this part and you can see the correct option for this part is copy index so now we have first answer as copy and the second answer as copy index now let's move back to our presentation so as we saw on the microsoft documentation the answer for the first blue part is copy activity and the answer for the second orange one placeholder is copy index it's a very important question because microsoft will give you these kind of arm templates and you have to figure out the missing parts of the arm templates so please have a look at these arm templates very carefully i will leave the link of that page in the description box coming to question number 82 the question says that you plan to deploy a five virtual machine to a virtual network subnet each virtual machine will have a public ip and a private ip address each virtual machine requires the same number of inbound and outbound security rule what is the minimum number of network interfaces and network security groups that you require and your options are given here you have network interfaces and the options are 5 10 15 and 20 and then here you have network security group or nsg and the options are one two five and ten and the correct answer for the network interface is five so that's the bare minimum number of network interface that you would need and the correct answer for the nsg is one a quick tip on network security group is that the same network security group can be associated to as many subnet and network interfaces that you may choose hopefully that important tip will help you in answering the questions in your exams coming to question number 83 and that says that you need to configure a vpn connection for the network tnet2 which of the following would you need to configure in the virtual network and your options are appearing connection or an additional address space or should you do a gateway subnet or the last option is an express route connection the correct answer for question number 83 is option c a gateway subnet coming to question number 84 and the question says that you have an azure storage account named storage1 you plan to use ac copy to copy data to storage one you need to identify the storage services in storage one to which you can copy the data what should you identify and your options are blob file table and queue the second option is blob and file only the third one says file and table only or the fourth one is file only and the fifth one is blog table and queue only and the correct answer for this question is option b blob and file only and this is because a z copy does not support table or queue storage and that's why the options which has table or queue in it they are ruled out so all these options a c e are ruled out and then we have d which has only file but we need to choose all the services that are supported that's why the correct answer is blob and file only coming to question number 85 which is the last question for our part 8 of our az104 real exam question and answer exam series now let's read the question the question says that you have an azure storage account named storage one that uses azure blob storage and azure file storage you need to use az copy to copy the data to blob storage and file storage in storage one which authentication method should you use for each type of storage and here you can see we are given with blob storage and then we are also given with file storage and the options are listed below and the correct answer for the blob storage is that you can use azure active directory or azure ad and you can also use sas which is shared access signatures moving ahead the correct option for the file storage is shared access signature only because file storage only supports shared access signature i hope you like this 15 questions which are very latest and important from the perspective of az104 certification exam now let's kickstart our part 9 with question number 86 and question says that you have an azure subscription that contains an azure active directory tenant named contoso and an azure kubernetes service cluster named eks1 an administrator reports that she is unable to grant access to aks to the user in contoso.com you need to ensure that the access to a case 1 can be granted to contoso.com users what should you do first so your options are from contoso.com modify the organization relationship settings or the second option is from contoso.com create an oauth 2.0 authorization endpoint the third option is we create eks1 or the last one is from aks1 create a namespace and the correct answer for this question is option b which is from condeso.com create an oauth 2.0 authorization endpoint now let's go to the microsoft documentation and verify our answers so this is the microsoft documentation that talks more about access and identity options for azure kubernetes service if you will scroll a little almost towards the midway and then you will reach to a section here which is titled by azure ad integration and in this section if you will read through it says that azure ad authentication is provided to aks cluster with open id connect open id connect is an identity layer built on top of oauth 2.0 protocol so that quick read from microsoft documentation was the base for choosing option b as an answer to this question coming to question number 87 and it says that your organization needs a way to create application aware snapshots and backup linux virtual machines and vmware virtual machines you have files folders volumes and workloads to protect you recommend which of the following solution select one of the options and your options are azure backup agent azure backup server enable disk snapshot or enable backup for individual azure vms and the correct answer for this question is option b azure backup server up next our question number 88 says that your company has a series of virtual machines created as a part of their azure subscription they want to ensure that it administrative team is notified if any virtual machine go into the de-allocated state which of the following could you perform to fulfill this requirement and your options are create an azure policy using a inbuilt definition from the compute category the other option is assign a resource stack for the virtual machine and then create an alert based on that resource tag the third option is enable diagnostics log for the virtual machine or the fourth one is create an alert based on the activity log for the virtual machine and the correct answer for this question is option number d which is create an alert based on activity log for the virtual machine and the reason is that activity log records all the control place activities it includes recording the event when the virtual machine goes into the allocated state so you can create that alert based on the activity log before moving ahead i just wanted to say that friends it takes considerable amount of time and effort to find microsoft documentation to justify each answer and give you an explanation for each question in our exam series please take a moment to like the video and subscribe to the channel your each like encourage me and ensures that the video is reaching to a greater audience do share the videos with everyone having interest in learning azure cloud technologies your comments and feedbacks give me a chance to understand what you want to see on this channel and help me improve my content i always make sure to read each of your comment and reply to them so keep supporting me and i promise to bring the content that helps you grow in your career reaching out to question number 89 and that says that you have an azure subscription named subscription 1 containing following resources and here in this table you can see that we have number of resources for example we have rg1 which is a resource group we have rg2 which again is a resource group then we have virtual network 1 and 2. moving on the question says that vnet1 is in rg1 winner 2 is in rg2 there is no connectivity between vnet1 and vnet2 an administrator named admin 1 creates an azure virtual machine named vm1 in rg1 now vm1 uses a disk named disk one and connects to vnet1 further on it says that the admin one then install a custom application in virtual machine one then the question says that you need to move the custom application to vnet2 or virtual network two the solution must minimize administrative effort which two actions should you perform so what will be your first step to do it and what will be your second step and here are some of the options listed for both of the steps now it's quite a wholesome question a lot of information is given in this question which can make you really confused so let me dissect the question first so that we can understand it better and then we will be in a better position to answer the question so let's move on so the main task is to move this custom application you can see that the admin one has installed a custom application and this custom application needs to be moved to a another network which is called vnet2 also you need to understand where exactly is this custom application right now so right now it resides on vm one or virtual machine one and the vm one is residing on vnet1 which is a virtual network so essentially you want to move this custom application from virtual machine one residing on vnet1 to the vnet2 now the problem is that you cannot move virtual machines from one virtual network to another so what to do well the best and the easiest option is to move the disk attached to the virtual machine so please understand whenever we are talking about the custom application where is this custom application actually installed it's installed on virtual machine no i mean in one sense it is installed on virtual machine but under the hood it's actually residing on the disk so the disk that is attached to virtual machine this custom application is residing on that particular disk now the best option is rather than we fiddling around with the virtual machine we will take this disk to another virtual machine on another virtual network and the best option to move the disk is that we will detach the disk from the first virtual machine or virtual machine one and then we will just move this disk to the other virtual machine and once we have detached the disk from virtual machine one we will delete virtual machine one so the very first step that we will do is delete the virtual machine one and once you have deleted the virtual machine one then the next step would be that you create a new virtual machine and attach the disk to the new virtual machine in another virtual network as this was a little confusing question i will summarize it once again so you have a custom application on virtual machine which is residing on one virtual network called vnet1 you want to move this custom application to another virtual machine in another network the best way to do is that you detach the data disk from the virtual machine one residing on virtual network 1 and move this data disk to another virtual machine in another virtual network hope you understand if you still have some confusion around this question do let me know in the comment section moving ahead with question number 19 and that says that you have an azure subscription name subscription one that contains an azure log analytics workspace named as workspace one you need to view the error events from the table named event which query should you run in the workspace one and there are four options given for this question all are listed here however the correct answer for this question is the option b now friends there are many more ways in which microsoft can tweak these commands little bit here or little bit there however you know the correct answer is this one which i have highlighted in the green arrow moving towards our question number 91 and the question says that you have an azure directory tenant named tenant one and an azure subscription named subscription one tenant one contains a group named developers and the subscription one contain a resource group named dev now you need to provide developers group with the ability to create azure logic app in dev resource group and the solution given here is that on the dev you assign the logic app contributor role to the developers group does this meet the goal now there are two more variations of the same question presented in question number 92 and question number 93 however due to the space scarcity on one slide i will take question number 93 in the next slide for now let me show you question number 92 so the question is exactly the same however the solution is that on dev you assign contributor role to the developers group does this meet the goal now as i understand both these roles the logic app contributor and the contributor role both of these roles can fulfill this demand and the reason behind why these two roles logic app contributor or the contributor role can fulfill this demand that i will explain in the very next slide where i will explain each of this role in detail however for now the answer for the question number 91 is yes and answer for the question number 92 is also yes now let's jump to the next slide and in question number 93 where i will present you one more variation and also explain each role in detail now coming to question number 93 which is again a variation of question number 91 and 92 this one question being exactly the same however the solution is little different and this one says that on subscription one you assign dev test lab user role to the developer group does this meet the goal an answer for this question is no it doesn't meet the goal now let's understand each role in detail so that you can take a wise decision whenever this kind of question appears to you in the exam so here are all the rules that we encountered during this question the first one is logic app contributor now this rule lets you manage logic app but you cannot change access to them and as presented in this question we just want an ability to create logic app in the dev resource group so of course logic app contributor role fulfills that demand moving on i have presented one more rule that can also appear in microsoft questions however it was not listed in these variation but of course you can expect it to come so this role which is logic app operator lets you read enable or disable logic app but that does not let you edit or update them so keep that role also in mind because that may also come in the examination moving on the contributor role that we saw in question 92 and this contributor role it's a very wide role and it lets you do more or less all the things in azure but let's also read the definition so the contributor role grants full access to manage all resources but it does not allow you to assign roles in azure are back manage assignments in azure blueprints or share image galleries so this is a contributor role for you so hopefully this one line definitions will help you understand these rules better i will encourage you to go to the microsoft documentation and understand these rules well so that you are well prepared for az104 examination now here is question number 94 and it says that when you are creating an azure public load balancer which option allows you to set the load balancer as public and your option are sku subscription public ip address or types so which option do you set so that you can declare or define your load balancer as public and the correct answer for this question is type so you use type property in the load balancer so that you can define which load balancer you want whether you want a public load balancer or do you want a private load balancer moving on with question number 95 and it says that you have an azure storage account name storage one that contains a blog container named container one now you need to prevent new content added to the container one from being modified for one year what should you configure and your options are the access tier and access policy the access level or the access control iam setting and the correct answer for this question is an access policy and to support our answer this is the microsoft documentation and it talks about store business critical blob data with immutable storage and if you will read the very first property here it says time-based retention policies and that one details out that with a time based retention policy user can set policy to store data with a specified interval when a time based retention policy is said objects can be created and read but not modified or delete and that's the exact ask of our question as well i will give the link of this page and all the other documentation that i have referred in this video in the description box so please read them whenever you have some time and now in the next three questions i have got three rapid fire questions on azure kubernetes so here is the question number 96 and it says that aks cluster can be spread across multiple region and the answer for this question is no so you cannot spread eks cluster across region it's a very important point whenever you are working with azure kubernetes cluster moving quickly on to the next question and that says that aks cluster can spread across availability zone and the correct answer for this question is yes you can spread a case cluster across availability zones moving on with question number 98 we have that can you limit who access kubernetes api server so do you have that control of limiting the access onto the kubernetes api server so the correct answer is yes of course you can limit the access on kubernetes api server these are very quick questions that i thought will be really helpful not only from the exam perspective but also when you really go and work on azure kubernetes because kubernetes is one topic that is on fire in the entire industries you must give a hand on kubernetes containers and all these concepts now quickly jumping to question number 99 and it says that you download an azure resource manager template based on an existing virtual machine the template will be used to deploy 100 virtual machines and you need to modify the template to reference an administrative password now you want to prevent the password from being stored in a plain text so what should you create to store the password and your options are an azure keyboard and an access policy or an azure storage account and an access policy or a recovery service world and a backup policy or the last one is azure active directory identity protection and an azure policy and of course the correct answer for this question is azure keyword and access policy whenever in the question the ask is around password storage or encryption of password certificates then the very obvious answer that should always strike your mind is azure key vault coming to our question number 100 which will be the last question for our part 9 of our az104 real exam question and answer exam series now let's read the question the question says that what two fundamental type of data does azure monitor collect and your options are email notifications and mobile alerts does it collect username and password or the last option is metrics and logs and the correct answer for this question is of course matrix and logs so that's what azure monitor collects for you i hope you are liking the content and if you are give me a like and subscribe to the channel and press that bell icon so that you get all notifications whenever new videos are uploaded each week [Music] let's begin our part 10 with question number 101 and the question says that you have an azure active directory azure 80 tenant named contoso onmicrosoft.com that contains 100 user accounts you purchase 10 azure ad premium to licenses for the tenant you need to ensure that 10 users can use all the azure ad premium features what should you do and your options are from the licenses blade of azure ad assign a license or from the group's blade of each user invite the users to a group the third option is from the azure ad domain add enterprise application and the last one is from the directory role blade of each user modify the directory role so which one out of these four options should you choose now let me first give you the correct answer and then i will take you to the microsoft documentation and also show how to do this in azure portal so the correct answer for this question is option a from the licenses blade of azure ad assign a license now let's go to the microsoft documentation so this is the microsoft documentation that gives more details on assign or remove licenses in azure active directory so let's read it out in this section which says available license plans it says that there are several licenses planned available for the azure ad service including azure 83 azure ready premium one and azure ad premium two and that's what we are talking about in the question as well azure ad premium too and if you will scroll down a little more here you can see how to do it in azure portal you can see that we have to reach to azure portal of course and then as a second step go to the azure active directory and then you can select licenses and under the licenses you have to select all products to view all the product page and to see total assigned available and expiring soon numbers for your license plan now let me show you how to do the same in azure portal so on the home page of azure portal you have to reach out to azure active directory you can come on left hand side and here you have the option of azure active directory or you can also go to the recently used services where you also see this azure active directory if not then you can also search as your active directory from the search bar and then you can reach on the azure active directory so choose any option that suits you once you are in the azure active directory then on this side you can see this manage here and under the manage you have a option called licenses so if you click on the licenses then as the microsoft documentation also said you have to reach to all products and once you are in all products you have this option called here with the plus sign that says try or buy if you will click on this then you see all the options that are available and here you can see enterprise mobility or you can also see azure ad premium too so the documentation from microsoft and the actual practical doing on azure portal validates our answer let's move to the other question our question number 102 says that your users wants to sign in to devices apps and services from anywhere they want to sign in using an organizational work or school account instead of a personal account you must ensure that the corporate assets are protected and the devices meet standards for the security and compliance specifically you need to be able to enable or disable a device what should you do and your options are enable the device in azure 80 or should you join the device in azure ad or connect the device to azure ad or the last option is register the device with azure 80 the correct answer for this question is join the device to azure 80 so this is the microsoft documentation that gives you more detail around azure ad joint devices you can read about the definition the primary audience and lot more just a little scroll and you will reach to a section which says scenarios and here in the last point it says that you want to provide joining capabilities to workers who work from home or are in remote branch offices with limited on-premise infrastructure and that's exactly matches with the requirement of our question and that was the reasoning choosing option b joined the device to azure ad as a correct answer before moving ahead i just wanted to say that friends it takes considerable amount of time and effort to find microsoft documentation to justify each answer and give you an explanation for each question in our exam series please take a moment to like the video and subscribe to the channel your each like encourage me and ensures that the video is reaching to a greater audience do share the videos with everyone having interest in learning azure cloud technologies your comments and feedbacks give me a chance to understand what you want to see on this channel and help me improve my content i always make sure to read each of your comment and reply to them so keep supporting me and i promise to bring the content that helps you grow in your career moving on with question number 103 and it says that you have an azure subscription that contains an azure virtual machine named vm1 now vm1 runs a financial reporting app named app1 that does not support multiple active instances keep this in mind this is very important line at the end of each month cpu usage for vm1 peaks when app one runs you need to create a scheduled runbook to increase the processor performance of vm1 at the end of each month what tasks should you include in the runbook and your options are add the azure performance diagnostics agent to vm1 or modify the vm size property of vm1 add vm1 to the scale set or increase the vcpu quota for the subscription or the last option is add a desired state configuration extension to vm1 now the correct answer for this question that i have chosen is option b modify the vm size property of vm1 the reason is that question says that the app one does not support multiple active instances so that's the reason you cannot choose add vm1 to skill set because scale set will create multiple active instances and that's what we do not want similarly there could be another possible option which is desired state configuration however as i understand this desired state configuration adding it to the virtual machine would need a downtime every month and i don't think that would be a good solution to add a downtime to your virtual machine every month using this dse but this is a very good debate question if you have any other logic or reasoning behind choosing any of the other option for example if you think that option c is a viable option or option e is a viable option then put across your logic to choose other options in the comment section below and then surely we can have a good discussion around it now jumping to the question number 104 and that says that you have an azure subscription named subscription one that contains an azure log analytics workspace named workspace one you need to view the error events from a table named event so which query should you use in the workspace one and your options are listed here if you have been watching this series very carefully then you would remember that we discussed a similar question in the question number 90 of part nine there i presented one more variation of the same question however the command or the correct answer was little different because there can be two three variations and you can achieve the same results by using different variations so the correct answer for this question is search in event error also i highly recommend watching that part 9 question number 90 so that you know all the variations of the same question our question number 105 says that azure file supports identity based authentication over server message block through which to type of domain services and your options are microsoft active directory kerberos authentication active directory or on-premise active directory domain service or the last option is azure active directory domain service if you want to read more about server message block or smb that was mentioned in the question then you can come on to this microsoft documentation the link for this microsoft documentation is given in the description box but for now the correct answer for this question is option c and option d now one more question on server message block or smb is presented in question number 106 and the question says that you have an azure subscription containing a storage account named storage1 the subscription is linked to an azure active directory tenant named contoso.com that syncs to an on-premise active directory domain the domain contains the security principles as shown below so in this table you can see we have name we have like user one and computer one so user one is essentially a user and of course computer one is a computer type now moving on the question says that in azure ad you create a user named user2 the storage1 account contains a file share named share1 and has the following configuration and here you can see on this right hand side we are given a json file with kind storage we do and there are properties also listed here and then based on this description of the question we have some statements for which we have to give answer in yes or no now let's read out the first statement the first statement says that you can assign the storage file data smb share contributor role to user one for share one is it yes or is it no the correct answer for this question is yes that's possible then the second statement says that you can assign storage file data smb share reader rule to computer 1 for share 1. the correct answer for this statement is no because you cannot assign a role to a object you cannot assign it to a computer one it has to be a user right so that's why the correct answer for this one is no and then we have the third statement which says that you can assign the storage file data smb share elevated contributor role to user two for share one and the correct answer for this one as well is yes and if you want to read more on smb then you can use the same microsoft documentation that i showcased in question number 105 the link for that documentation is given in the description box in fact the links of all the microsoft documentation that i have used in this video will be there in description box our question number 107 says that you are a big logistics company with many offices and an azure subscription that contains an azure active directory tenant you need to grant user management permission to a local administrator in each office what should you use and your options are azure ad roles access packages in azure ad entitlement management or administrative units or the last option is azure roads key sections for this question is that you have many offices and you want to grant user management permission to a local administrator in each office so keep that in mind now let's jump to the microsoft documentation we will read a little and then we will try to find the correct answer for this question so this is the microsoft documentation that introduces you to the administrative units in azure active directory and if you will come down to this section which says deployment solution then you will read that it can be useful to restrict administrative support by using administrative units in organization that are made up of independent divisions of any kind so consider the example that a large university that's made up of many autonomous school school of business or school of engineering and so on each school has a team of i.t admin who control access manage user and set policy for their school so this scenario is very similar to our scenario in the question where we have a company and here we have a large universities we have many offices in different locations and in this example they also have many autonomous schools so very similar business scenarios and if you want to explore more you can also read that what are the capabilities of this central administrator at each location now let's jump back to our presentation so based on the microsoft documentation we can now easily find the answer and the correct answer for this question is option a azure a b rules coming to question number 108 the question says that a company has an ios subscription that contains a web app named the tech blackboard now the company needs to add a custom domain name www.thetechblackboard.com to the tech blackboard web app so what is the first step for the company and your options are upload ssl certificate stop the web app create a dns record or connect to a web app and i suppose this is rather a easy question and the correct answer for this question is create a dns record now moving on with question number 109 it says that your organization maintains media files of our online library overall hundreds of terabytes of data needs to be sent to azure considering the limited bandwidth of your data center you need to find a quick inexpensive and reliable way to transfer this data the data must be encrypted 256 bit what is your option select one and the choices given are upload using azure portal data box heavy or data box edge import or export the correct answer for this question is data box heavy now i am sure that many of you would not have even heard about data box heavy but not to worry i've got you covered with proper microsoft documentation so this is the microsoft documentation that will give you all the details that you need to know about data box heavy and it tells you that data box heavy allows you to send hundreds of terabytes of data to azure in a quick inexpensive and reliable way the data is transferred to azure by shipping your data box heavy device with one petabyte of storage capacity which you fill with your data and send back to microsoft the device has a rugged casing to protect and secure your data during transit to put it very simply you can consider or visualize data box heavy as a hard disk so you store all your data whatever you want to transfer to microsoft and then you can ship this hard disk to azure and azure will plug in this data device and then this data will be available to you the best part is that it offers a huge data capacity you can read it's one petabyte and also as our question asked that we need to secure this data so you can read here that it says that the data on the device is secured with an aes 256 bit encryption at all times so hopefully you understood that azure data box heavy is a very good option when you want to ship huge amount of data to azure coming to our question number 110 and that says that you have an azure active directory tenant name contoso cloud on microsoft.com your company has a public dns name for contoso.com you add contoso.com as a custom domain name to your azure ad you need to ensure that azure can verify the domain name which type of dns record should you create and your options are mx or nsec ptr or rrsig and the correct answer for this question is mx you have to create mx dns record to achieve this business case coming to our question number 111 and it says that you have an azure active directory tenant you plan to delete multiple users by using a bulk delete in azure active directory admin center now you need to create and upload a file for the bulk delete which user attribute should you include in the file and your options are the user principle name and usage location of each user only or the second option is the user principle name for each user the third option is the display name of each user or the display name and usage location for each user or the last option is the display name and the user principle name for each user only now let me take you to the microsoft documentation and there we will find the correct answer for this question so this is the microsoft documentation that tells you how to bulk delete users in azure active directory then here in this section you can see the csv template structure just a little scroll and you will reach to a section that says to bulk delete users and of course the first step is that you log in into your azure ad then the second step is that in azure ad select user bulk operation and then bulk delete the third option is that on bulk delete user page select download to download the latest version of csv template so basically first you have to download the correct template before you can put the information in and upload it back so now on the fourth step where we will also find our answer so pay good attention it says that open the csv file add a line for each user you want to delete then it says the only required value is user principle name so pay attention it says that the only required value is user principal name in order to save time i will give the link for this microsoft documentation in the description box you can read all the steps here but for now let's jump back to our presentation and as we read in the step 4 it said that we only need user principle name for each user and that's why option b is the correct answer for this question now let's take some quick question to check your knowledge on az104 question number 112 says that one or more apps can be configured to run on same app service plan is it a yes or is it a no the correct answer for this question is yes of course you can configure multiple apps on the same app service plan if you want to read more about service plan this is the microsoft documentation i hope you have already noted that i am in microsoft learn and i have picked this documentation from the az104 course from microsoft learn moving on with the next question 113 and that says that azure virtual machine extensions can be managed using azure cli powershell resource manager templates and azure portal so what is your answer do you think azure virtual machine extension can be managed by all the options listed here pause the video here and give the answer in the comment section now let's check out the answer the correct answer for this question is yes you can actually manage the virtual machine extensions with any of the option that suits you it could be azure cli power shell or resource manager template or it could also be azure portal if you want to read more about azure virtual machine extension and explore its features then this is the microsoft documentation the link as always will be available in the description box quickly jumping to the question number 114 and that says the azure portal the azure cli and azure powershell offers significantly different services so it is unlikely that all three will support the operations you need now i am not sure that if you have explored azure portal or azure cli or powershell in a detailed manner but if you are attempting az104 then i strongly recommend that you should have a hands-on on all these three options portal cli and powershell okay so now coming back to the question do you think that all these three options provide you different functionalities or do they provide more or less same capabilities so the correct answer for this question is no see you should be very clear that all these three tools offer almost the same services so same capabilities so this is not a deciding factor of what to choose it actually more of your convenience more of your style of working that you should choose normally people do start with azure portal however once they gain experience or they want to do more automation then they move to the options like azure cli or azure powershell moving on with the last question of our part 10 the question number 115 says that you have an azure subscription named subscription one and an on-premises deployment of microsoft system center service manager subscription one contains a virtual machine named vm1 you need to ensure that an alert is set in service manager when the amount of available memory of vm1 is below 10 what should you do first and your options are create a automation run book deploy a function app deploy the it service management connector or itsm or should you create a notification and the correct answer for this question is deploy the i t service management connector or itsm so this is the microsoft documentation that gives you an overview of it service management connector so it service management connector allows you to connect azure monitor to the supported itsm products or services using either itsm actions or secure webhook actions you can come on to this page and read more details on itsm but this was just an overview so hope you like these 15 questions in part 10 what are your questions what are your doubts i am waiting for those in the comment section below hello and welcome back to the tech blackboard in part 11 today we are going to discuss 15 very latest and important questions for az104 certification exam if my video adds any value to your learning please do not forget to like the video and subscribe to the channel and if you have already done thank you for that we have already covered 115 very important questions for easy104 certification exam for each part if you want a pdf version with all the questions and answer then you have to answer some simple questions which are asked in the respective parts beginning our part 11 with question number 116 the question says that you have an azure virtual machine named vm1 that runs on windows server 2019 the vm was deployed using default drive settings you sign into vm1 as a user named user1 and perform the following actions create files on drive c and then you create files on drive d you also modify the screen saver timeout and then you change the desktop background once you have performed all these actions after that you plan to redeploy the virtual machine which changes will be lost after you redeploy virtual machine one the choices given are the modified screen saver timeout the new desktop background the new files on drive d and the new files on drive c so which one of these you think will be lost once the virtual machine one is redeployed before answering the question let's first understand what exactly happens when you redeploy a virtual machine so in the process of redeployment of a virtual machine azure actually shuts down the virtual machine and then it moves the virtual machine to a new node within the azure infrastructure post that it actually power on the virtual machine once again and here comes the important part once the power on is done and the virtual machine is back then it actually retains all your configuration options and associated resources it means that you will still have modified screen saver timeout or your new desktop background moving ahead we have new files on drive d and new files on drive c now drive c is a permanent disk so all the files that are created on drive c will never be lost so they are permanent however that's not the case with drive d the drive d is a temporary drive so the new files stored on drive d will be lost and that's why the correct answer for this question is option number c the new files on drive d just a quick tip from my side is if the question is tweaked or changed from microsoft and instead of windows server 2019 the question contains a machine which is linux based then the files or the temporary files are not stored in drive d but they are stored mostly on slash dev slash sdb1 so in case the question is more around linux then you know that this is the correct answer to be chosen from that question now let's check out our question number 117 it says that you sign up for azure active directory premium 2 you need to add a user named admin 1 at the rate contoso.com as an administrator on all the computers that will be joined to azure ad domain what should you configure in azure 80 the choices given are device setting from the device blade or providers from the mfa server blade or the third option is user setting from the user blade or the last option is general setting from the groups plate the correct answer for this question is option a device setting from the devices blade now let me show you the exact steps how to do it and then i will show you all those steps in the azure portal also so here it goes it says that in azure portal you can manage the device administrator role on the devices page now to open the devices page first you have to log into the azure portal and you have to keep in mind that you must be global administrator or device administrator as a second step you have to go to the left hand side navigation bar and there you have to choose azure active directory the third step is that in a managed section then you have to reach out to the devices and once you are on the devices page then you have to click the device setting now let's go to the azure portal and let's do it ourself so here i am on the azure portal i'm already logged in and you can see this left hand side navigation bar i can reach to the azure active directory from here the other way to reach azure active directory is your recent services or the third way to reach azure active directory is this search bar you can search here azure active directory and it will be listed here so you can reach it from here as well however for now let's go back to the left hand side navigation side and click azure active directory now here once you are in the azure active directory as we saw in the ppt as well we have to go to the devices now once we are in the devices we have to click on this which says all devices and now that you are in all devices from here you can click to the device setting and all the settings that you want to do can be done here hopefully now you have understood how you have to do device setting from the device blade before moving ahead i just wanted to say that friends it takes considerable amount of time and effort to find microsoft documentation to justify each answer and give you an explanation for each question in our exam series please take a moment to like the video and subscribe to the channel your each like encourage me and ensures that the video is reaching to a greater audience do share the videos with everyone having interest in learning azure cloud technologies your comments and feedbacks give me a chance to understand what you want to see on this channel and help me improve my content i always make sure to read each of your comment and reply to them so keep supporting me and i promise to bring the content that helps you grow in your career now let's read our question number 118 it says that an i.t administrator creates an azure virtual machine skill set with 10 vms however vms are running at max capacity with cpu being fully consumed and additional vms are not deploying in the scale set now you need to ensure that additional vms are deployed when the cpu is 80 consumed what should you do select one option your options are enable auto scale option or increase the instance count or add the skill set automation script to the library or should you deploy the skill set automation script and the correct answer for this question is enable the auto scale option quickly moving ahead to question number 119 the question says a company needs to create a storage account that needs to have the following requirement the first requirement is that user should be able to add files such as images and videos in the primary location the second one is the data needs to be available even if a region goes down then the third requirement is the solution needs to be cost effective what is the type of replication that needs to be configured for the storage account and your options are geo-redundant storage locally redundant storage zone redundant storage and read access geo-redundant storage so which one do you think of these four is the correct answer for this question now let's understand the question before we jump into the answer so if you see the question there are few important hints that microsoft gives you in this question the first one is that user should be able to add files in primary location so this line is very important because if you understand it very carefully it says that only primary location should be writable we do not want to write files in the secondary location so that's very important now secondly you have to understand that the data must be available even if the region goes down so we are not talking about zonal redundancy or local redundancy we are already in the region redundancy and you know what that does is that helps you eliminate some of the options for example you can already eliminate option b and option c because they offer locally redundant or zone redundant so we are not into these two options because our question talks about region redundancy now another very important point is that the solution must be cost effective now looking at all these requirements the correct answer for this question is read access geo-redundant storage now you may ask that why i have not chosen geo-redundant storage because that can also offer the same functionality however you must understand the geodata storage is costlier when it's compared to read access geo-redundant storage and we do not want to spend more money because firstly the solution must be cost effective and secondly we do not have any requirement that says that we need to add files or write files in the secondary location so the best cost-effective answer to this question is option d now that we are talking about azure storage account let's take few more questions based around azure storage in the question number 120 it says that your company has an azure subscription with a storage account the storage account includes a queue service a table service azure files and a blob service you have created two apps that must be configured to store various types of data to all the storage services you need to configure the required number of end points for the apps and the solution given here is that you configure four endpoints per app does this solution meet the goal the correct answer for this question is yes it does meet the goal and you actually need to configure four end points per app to meet this business requirement now the logic of this question i will explain in the question number 121 which is the very next question because that also represents or gives you a variation of the same question it's a confusing question and you will find lot of variations on various sites which are giving a lot of different answers so do not skip the video and watch the next question very carefully if you want to understand this logic so this is our question number 121 exactly the same as question number 120 except for a small change in this question now we have two storage account instead of one storage account that we saw in question number 120. besides that the answer is also the same here also it says that you configure 4 endpoints per app so now does this meet the goal and the correct answer for this question is no in this case it does not meet the goal however in question 120 i picked the answer as yes now let me take you to the microsoft side and then i will validate why i pick a no for question number 121 and why i pick a yes for the previous question 120 okay so now i am at the microsoft documentation and this document gives you an overview of the storage account you can read a lot more about storage account what are the different types of storage account however the section that i want to show you is this one and this section reads out like construct of the url for assessing an object in a storage account by appending the object's location in the storage account to the endpoint for example the url of a blob will be similar to and you can see here is a construct of the url given i will zoom it a little more so that you can clearly see it now let's dissect the construct of the url so first of all in the url we always will have a storage account name so whatever is your storage account name that will be the first in the url and that will be followed by blob.co.windows.net so that's a protocol from microsoft azure to build the core url of any blob in the storage account now following this base url you will always have a container name and only after the container name you will have the actual blog file so what is the construct here that we are seeing we are seeing that we always will have a storage account and then inside a storage account we will have container and inside the container we will have the actual blob file so keep this construct in mind when we return to the presentation so now we are back in the presentation and as you saw that we first will have a storage account then we will have a container and then we will have our blog so what happens is now that we have two storage account so for every storage account this base url will always be different i hope you are getting my point listen it very carefully again so for every storage account we have two storage account we will always have a different url at this part of the hyperlink so you see that so we have a different url here then we will have a container so how many containers we will have we will have container for each of the storage accounts for example we have one queue then we have one table service then we have one azure files and then we also have a blob service so first of all we will have a storage account and then after that we will have the name of the container let's say we have a blob service here and once we have this blob service and then only we will have the actual blob name so that's the reason i am saying that four end points will not suffice because now we have two storage account and inside one storage account we have four other services so then as i understand we would at least need eight endpoints to fulfill this business case i hope you understand but if you have any other thoughts or if you have any other justification then please let me know in the comment section and then we can discuss it further now let's check out our question number 122 which again is a azure storage account related question let's read the question the question says that you have an azure storage account named storage1 and then you have an azure app service named app1 and an app named app2 that runs in an azure container instance each app uses a managed identity now you need to ensure that app 1 and app 2 can read blobs from storage one the solution must meet the following requirement the first requirement is that you minimize the number of secrets used and the second one is that you ensure that app2 can only read from storage one for next 30 days what should you configure in storage one for each app and here you can see that we are given with app one and we are given with app2 and there are some options given and you have to pick the right option for each app so the correct answer for app one is that we need to select access control or iam the reason being that since app1 uses manage identity app one can access the storage account via iam as per the requirement we need minimum number of secrets used and as per the requirement we need to use minimum number of secrets and that's why the best option here is to use access control moving on the correct answer for the app too is that we should use shared access signatures the clear reason for selecting sas as a solution for this option is because it says that app2 can only read from storage for the next 30 days so we need a conditional or we need a temporary access on storage one for next 30 days and the best way to do or achieve that is using shared access signatures now let's quickly jump to the question 123 it says that you have a general purpose v1 as your storage account named storage one that uses locally redundant storage or lrs you need to ensure that the data in the storage account is protected if a zone fails the solution must minimize cost and administrative effort what should you do first and your options are create a new storage account or configure object replication rules or should you upgrade account to the general purpose version 2 or v2 or modify the replication settings of storage one and the correct answer for this question is that you should upgrade the account to the journal purpose v2 or the version 2. our question number 124 says that you have an azure subscription named subscription 1 that contains a virtual network named vnet1 now we net1 is in a resource group named rg1 subscription1 has a user named user1 and the user1 has following rules now you need to ensure that the user1 can assign reader role for the vnet1 to other users what should you do so should you remove user 1 from the security reader and read the roles for subscription 1 or should you assign user 1 the user access administrator role for vnet1 or the other option is assign user one the network contributor role for we net one the last option is assign user one the network contributor role for the rg1 and the correct answer for this question is that you should assign user 1 the user access administrator role for vnet1 or virtual network question number 125 and that says that you have an azure subscription named subscription 1 that is used by several departments at your company now subscription one contains resources as shown in this table here you can see that we have lot of resources we have storage one rg1 container and share one and here you can also see that we are given with the type of the resource available so we have storage account then we have resource group we also have a container and then lastly we have a file share moving on the question says that another administrator deploys a virtual machine named vm1 and azure storage account named storage2 by using a single azure resource manager template now you need to view the template used for the deployments from which blade can you view the template that was used for the deployment and your options are storage one rg1 container one or share one in a nutshell the question is saying that the virtual machine and a storage account both are deployed using arm templates and you want to see which arm template was used to deploy both these resources now let's go to the microsoft documentation and find out the correct answer so this is the microsoft documentation that exactly shows where from in azure portal you can see the arm template and if you will come down to this section which says export template from a resource group you can already see in fact that we are talking about resource group so here you can see i know it's a little small but i will give the link for this documentation in the description box but for now just concentrate that we are here in this resource group you can see very small letters here but please try to concentrate it says my resource group so essentially it's a resource group and then in the resource group you can see the template so all the templates inside a resource group you can see it in the resource group blade and with that documentation from microsoft it's easy to answer this question the correct answer of course is rg1 or the resource group now we have question number 126 it says that you have an azure web app named app1 having deployment slots shown in the following table you can see we have two web app names we have web app one prod which is production and then we have web up one test which is a test environment further on the question says in web app one test you test several changes to app one so basically you are testing something in your test environment and then you backup app one you swap web app one test for web app one prod and discover that app one is experiencing some performance issues you need to revert to the previous version of app one as quickly as possible what should you do your options are redeploy app one or should you swipe the slots or should you clone app one or the last option is restore the backup of app1 now if you will read this question very carefully the answer is actually hidden in the question itself let me show you how so in the question it says that once you are done with some changes in app one which is essentially in a test environment then to deploy it in the production environment you just swap the web app one test with web app one prod so that's the easiest way whenever you have the slots if you are working if you have ever worked with the slots you just swap the slots and bring test environment to production once you have all the changes in test environment and production to the test environment so this is called swapping of slots now you can already think that when you are experiencing some performance issues with the production environment now what is the best way the best way is to go back to the previous version of your app and where is that previous version now that previous version is now in the test slot because you just did the swapping between these two slots so now you can do it again so the best answer for this question is that you just need to swap the slots now quickly moving to question number 127 the question says that azure backup has unlimited data transfer is that a yes or a no the correct answer for this question is yes it is correct because azure backup does not limit the amount of inbound or outbound data that is transferred so that's why the correct answer is yes moving on we have question 128 that says that azure backup requires which of the following does it require a dedicated backup server or a recovery service world or does it require an azure blob storage container and the correct answer for this question is option b a recovery service world and now we have question number 129 the question says that your company wants to backup files and folders to azure which of these steps should be completed first should it be download the agent and credentials file or configure the backup or should it be create the recovery service what and the correct answer for this question is that you should always create the recovery service world as a first step and just to tell you that download the agent and credential file is the very next step after you have created the recovery service world so keep that in mind maybe microsoft tweaked the question and it may ask you choose the first two steps so then you should know the first one is recovery service world and the second one is download the agent and credential file so friends in part 11 today we took lot of questions around azure storage account and that's the reason i wanted the last question for our part 11 to be also related to azure storage account so let's read our question number 130 the question says that you have an azure subscription named subscription one now you create an azure storage account named contesso storage and then you create a file share named data now which unc path should you include in a script that references files from the data file share and your options are listed here the correct answer for this question is option a contoso storage dot file dot co dot windows dot net slash data if you want the detailed understanding of why i picked option a as an answer then you should check question number 121 that i explained in this part itself i hope you like this set of 15 questions in part 11. let's begin our part 12 with an interesting question on resource deletion and recovery service world so here is the question number 131 the question says that you have an azure subscription that contains a resource group named rg1 now rg1 is set to west europe location and is used to create temporary resources for a project moving on rg1 contains the resources as shown in the following table now here you can see in this table we have lot of resources given we have vm1 a virtual machine that is located in north europe the rgb1 recovery service world that is also located in north europe and we have sqldb01 that is a sql server on azure virtual machine and this is also located in north europe and then at the last we have sa1 which is a storage account in west europe further the question says that sqldb01 is backed up to rgv1 and when the project is complete you attempt to delete rg1 from the azure portal however the deletion fails now you need to delete rg1 so what should you do first and your options are delete virtual machine or should you first stop the virtual machine or should you stop the backup of sqldb01 the last option given is delete sa-1 so which out of these four should you do the first now the correct answer for this question is option c stop the backup of sqldb01 now let me take you to the microsoft site where we will read more and validate our answer so this is the microsoft site that gives you detail on how to delete an azure recovery services world and before you even start the process microsoft has laid down some dependencies that you must consider before you delete a recovery services world so you can read this all the dependencies i will give the link for this page in the description box but now let's move ahead so if you scroll down a little a very nice video is given here which will make you understand the recovery service world and how to delete it then if you will move ahead this is the step-by-step process to delete a word so you can see that step one is given then they have given some screenshot and then step two step three and then step four in the step four if you will read out there are two parts first one is delete items in soft deleted state and the second one is go to the world dashboard backup items and click stop backup and this is where our answer is line it says click stop backup to stop all the backups of listed items and then click delete backup data to delete so this is where we have picked our answer from hopefully the microsoft document made it clear the logic behind picking this as an answer now let's move ahead question number 132 on log analytics says that log analytics agent can run on which of the following can they only run on physical computer or can they only run on cloud computer or can they run on many different platforms including other cloud providers and i am sure that you have already pinned the correct answer which is option c on many different platforms including the other cloud providers coming to an interesting question on azure kubernetes in question number 133 a question says that you deploy an azure kubernetes service cluster that has a network profile shown in the following exhibit you can see here that we have a port cidr and this here is given the cid and rotation you can see it's 10.244.0.0.16. similarly we are given service idr dns service ip and then docker bridge cidr now let me ask you a very quick question how many of you actually know what is a cidr notation let me know in the comment section moving ahead with the question it says that the container will be assigned an ip address in the subnet so out of these cid and rotation you have to tell which ip address will be assigned to the containers moving on the second thing that question asked that services in aks cluster will be assigned an ip address in the subnet so which ip address will be assigned to the aks cluster so now coming to the first part please note that this first ip given here is a ip of the pod c idr then the second one is the service c idr the third one here is the docker bridge c idea so the correct answer for the first one is the podc idea and the reason for choosing this option as an answer is very simple because we are talking about containers and containers always live inside the pods that's why the containers will be assigned the ip of the pod cidr moving towards the second question the correct answer is 10.0.0.16 which is the service cidr and the reason being because service cidr is actually used to assign internal services in the aks cluster and ip address and if you are working with azure kubernetes and port cidr then this is a cool tip for you so always remember that the porcy idea this address must be large enough to accommodate the number of nodes that you expect to scale up and why so because of the simple reason that you cannot change this address range once the cluster is deployed so if in case you want more addresses for the additional nodes so keep that important tip in mind our question number 134 says that you have an azure subscription that includes following resources so we have a container which is a blog container then we have db1 which is sql database we have share one which is a file share and then we have a table one which is a azure table further the question says that you plan to export data by using azure import export job named export one now you need to identify the data that can be exported using export one which data should you identify could it be db1 or container one or share one or table one let's find the answer on the microsoft documentation on this microsoft documentation which talks about azure import export system requirement just a little scroll and then you will reach to this section which says supported storage type and this section is further divided into two sub sections based on the job so you could have either import or export now that our question talks about the export jobs we can see the supported storage types for the export are block blobs page blobs append blobs are supported also note that in export azure files are not supported and you can also read about the import one the link for this page will be available in the description box so as we saw on the microsoft documentation the correct answer for this question is container i'm sure that you all understand what this container is but still to remove all the confusion this container is not related to azure kubernetes containers or dockers so this container is not from that area this is specifically a blob container our question number 135 says that a company has an azure directory tenant name abc.com containing the groups in the below table also given configuration of two user account now you have to tell to which groups user one and user to belong here you can see that we are given with the name of the group we have group one two and three then we have type of the group so we have security ms o 365 and this also is ms-0365 then we are given with the membership type we have dynamic dynamic and assign and then we have this membership rule and here you can see that we are given with the rules which says user dot department slash slash and this any means not equal to id then the second rule is user country starts with i now the third rule is not given let's see the other table which is given with user 1 user 2 and then we are given with the department of the user the country of the user and also given if they have the o365 license or not and from these two table you have to tell the user one belongs to which of the group and similarly user two belongs to which of the group the correct answer for user one is group one so user one will belong to group one the reason being that the membership rule says that the user dot department not equal to id here you can see that this is user1 and his department is revenue so this definitely is not equal to id so this user will be selected in group one however let's see why it is not selected in group 2 because the group 2 membership rule says that the user.country starts with i so we can see that for the user 1 the country name is united states which definitely does not starts with i that's why it will be only picked up in the group 1 moving towards user 2 and the correct answer for user 2 is group 1 and group 2. once again checking the membership rule we can see the user dot department is not equal to id and we can see the user 2 the department name is research so this will be picked up by group 1 and also picked up by group 2 because the country of the user starts with i and the country for user 2 is india so user 2 will be picked up both by group 1 and group 2. in case you want to learn more about the dynamic membership rules for the groups in azure active directory then this is the microsoft documentation you will scroll down a little and here you can see the usage of these kind of rules you can see the properties of type string we are given with the properties what are the allowed values and the usage if you want to learn about what this eq means then a little more scroll and you will reach to this table which says supported expressions operator and here you can read all about the operators for example we just saw not equals which is n e then we have equals which is eq and so on and so forth now let's move on with question number 136 the question says that you have an azure subscription users access the resources in the subscription from either home or from customer sites from home users must establish a point to site vpn to access the azure resources the users on the customer sites access the azure resources by using site-to-site vpns you have a line of business app named app1 that runs on several azure virtual machines the virtual machines run on windows server 2016. you need to ensure that the connections to app1 are spread across all the virtual machines what are the two possible azure services that can you use your options are an internal load balancer a public load balancer an azure content delivery network or cdn traffic manager or azure application gateway and the correct answer for this question is option a internal load balancer and option e and azure application gateway now let's check out the reasoning behind choosing option a and option e as a correct answer so this is the correct explanation of the answers so you can see the customer sides are connected through vpn so an internal load balancer is enough and that's why we have picked it as a correct answer now for option b it says that the customer sites are connected through vpns so there is no need of public load balancer and an internal load balancer is enough and that's exactly what we saw in option a similarly a cdn does not provide load balancing for application so that is also not relevant for this situation and for the traffic manager a traffic manager is a dns based solution to direct user request to the nearest instance and does not provide load balancing for this situation and coming to the option e we have azure application gateway is a valid option as it provides load balancing in addition to the routing and security functions i hope this clarifies the reasoning behind picking option a and option e as a correct answer our question number 137 says that you have an on premises server that contains a folder named d folder one you need to copy the contents of d slash folder one to the public container in the azure storage account name contoso data which command should you run and your options are given here and the correct answer for this question is option c where we have a z copy command with recursive keyword and the reason is simple whenever you have recursive then the easy copy command will pick all the contents of any folder in this case d folder one and put it in the destination folder so for example we have d folder one and let's say we have lot of files inside it and there are sub folders with more files in it then the recursive command will pick everything inside folder 1 and put it in the destination specified here and that's the reason behind choosing this as an answer are you ready for a rapid fire question round on azure kobility services i'm sure you are so here is the first one question number 138 and it says that can i move or migrate my cluster between azure tenants the correct answer for this one is no moving on we have question 139 and that says can i move or migrate my cluster between subscription the correct answer is no and then we have question number 140 and that says can i move my aks cluster or aks infrastructure resources to other resource group or rename them and the correct answer for this one as well is no if you want to discuss any aspect of these questions then do let me know in the comment section below and i will be happy to answer and discuss on azure kubernetes now let's move to the question number 141 but before that i just wanted to say that if you are liking the content of the video then please pause the video for a second and press that like button subscribe to the channel and click that bell icon so that you get notification for all such interesting videos now let's move on with the question our question says that you have an azure virtual machine named vm1 you use azure backup to create a backup of vm1 named backup1 after creating backup you perform all of the following changes to vm1 and the changes that you do are modify the size of vm1 copy a file named budget.xls to a folder named data and then you reset the password for the build in administrator account and after that you add a disk to virtual machine one further ahead an administrator uses the replace existing option to restore vm1 from backup one you need to ensure that all the changes to vm1 are restored which changes should you perform again should you modify the size of vm1 or reset the password for the building administrator account or should you add a test or should you copy budget.xls to the data and the correct answer for this question is you should copy the budget xls to data now the question number 142 says that you need to create an azure storage account that meets the following requirement it should minimize the cost support hot cool and archive blob tiers and provide fault tolerance if a disaster affect the azure region where the account resides how should you complete the command to answer select the appropriate options in the answer area so this is the base command that has been provided and you can see there are some missing values here that are denoted by these question marks so we have kind and you have to tell what kind and you have sku and you have to tell what sku and the values permissible values are to be selected from these two tables so the correct value that you have to fill here for this kind option is storage b2 and the correct value for sku is standard grs so once you have added these correct value to this command then the correct command becomes this one you can see i have fitted these correct option in this correct command so you can note down this correct command maybe take a screenshot or simply remember it if you want to dig more on all the available commands for easy storage account then this is the microsoft documentation if you will scroll down a little on this page you can see all the commands are listed here and then more scroll and you will reach to a section from where i have taken this question from so this is the section where microsoft has shown the command and what are the required parameters then optional parameter so very good page to read when you are actually start to work on this azure storage account and then rather using azure portal you want to mature yourself towards the cli command or the powershell command then i think this is a good startup page moving ahead with question number 143 and that says that you have an azure active directory azure the tenant name contoso dot on microsoft.com the user administrator role is assigned to a user named admin one an external partner has a microsoft account that uses the user one at the rate outlook.com sign in now admin one attempts to invite an external partner to sign in to the azure ed tenant and receives the following error message so the error message is unable to invite the user user one at the rate outlook.com generic authorization exception now you need to ensure that admin 1 can invite the external partner to sign in to azure ad tenant what should you do your options are listed here and the correct answer for this question is option a from the user setting plate modify the external collaboration settings and then we have question number 144 and that says that you have an azure subscription linked to an azure active directory tenant the tenant includes a user account named user1 you need to ensure that user one can assign a policy to the tenant root management group what should you do and these are the option from which you have to select the correct answer and the correct answer for this question is option c assign the azure ad global administrator role to user 1 and then instruct user 1 to configure access management for azure resources and this brings us to the question number 145 which is the last question of our part 12 of our az104 real exam question and answer exam series so let's read the question a company has a several azure vms that are currently running in production workload there is a mix of production windows servers and linux servers which of the following is the best choice for production backups should it be azure rappers manage snapshots azure backup or azure site recovery and the correct answer for this question is option number c azure backups just to make you familiar with the other options azure repos is related to the version control it has nothing to do with backups on the other hand azure site recovery helps your business ongoing even during major it outages so again not related to backups now if you are confused for the snapshot then here is the clarification for that so an azure snapshot is a read-only copy of the existing disk in the microsoft azure cloud this snapshot can be used as a backup or to create a virtual machine however the snapshot is only for a single point in time and is not the best choice for the production environment and that leaves us to the only correct option option number c azure backup and friends now that we have discussed 145 questions already i'm sure you have developed a good understanding on az104 and with good understanding better questions come in our thought process so a good way to spark a discussion and ask your questions is to leave your comments in the comment section below or you can also join me on other social media platform the links for the same are now appearing on your screen so let's begin our part 13 with question number 146. the question says that you have an azure virtual machine named vm1 vm1 was deployed by using a custom azure resource manager template named r1.json now you receive a notification that vm1 will be affected by maintenance you need to move vm1 to a different host immediately the solution given here is from the redeploy blade you click redeploy does this beat the goal before jumping to the answer let's see one more variation of the same question presented in question number 147 and the question is entirely the same however the solution given here is that from the update management blade you click enable does this meet the goal now friends if you have been following this series then you might remember that in part 11 also in question number 116 we discussed the redeployment of virtual machine i would once again like to reiterate the concept of what exactly happens when you re-deploy a virtual machine so when you redeploy the virtual machine azure moves the virtual machine to a new node within the azure infrastructure and then it powers on the virtual machine once again and in this process it retains all your configuration options and associated resources if you are looking for more details on configuration options and associated resources then check out question number 116 of part 11. now let's jump to the azure portal and find out the correct answer so here i am on the azure portal that talks about redeployment windows virtual machine to a new azure node there are many ways of redeployment of azure virtual machines for example you can use azure cli you can also use azure powershell however our question talks more about azure portal so this is the section more relevant for us now here you can see that microsoft says that select the virtual machine you wish to redeploy and then select the redeploy button in the settings blade you may need to scroll down to see support and troubleshooting section that contains redeploy button as shown in the following example so here you can see you have to select the virtual machine for example here it says test virtual machine and you can see the redeployment option here and then as a step 2 it says that to confirm the operation select the deploy button so once you select the redeploy button the virtual machine gets redeployed you can see here they have shown in this screenshot that the status of the virtual machine is now updating which means that the redeployment process has started and then it says starting so the virtual machine is now redeploying and it's getting started and then as a last step now you can see the status of the virtual machine is now running so of course the virtual machine is now available to you from the microsoft documentation now it's very easy to answer both of these questions so the answer for question number 146 is yes of course you can redeploy the virtual machine from redeploy blade and then you select redeploy as we just saw in the microsoft documentation and then the answer for question number 147 is no now let's take two more questions on azure virtual machine the question number 148 says that you have an azure subscription that contains resources shown in the following table now here you can see in this table we have two resource groups the location can be observed here then we have two storage account the location is here then we have one virtual machine with the location and then we have two virtual network with the location specified here then the question says that the vm1 connects to vnet1 and you need to connect vm1 to vnet2 the solution given here is that you move vm1 to rg2 and then you add a new network interface to vm1 does this meet the goal and the correct answer for this question is no i will give the detailed explanation in question number 149 so let's move ahead so this is the question number 149 the question is exactly the same however this time the solution is that you delete virtual machine one and then you recreate virtual machine one and then you create a new network interface for virtual machine one and connect it to the virtual network too does this meet the goal and the correct answer for this question is yes this meets the goal now let me tell you why to migrate a virtual machine from one virtual network to another virtual network the only option is to delete the virtual machine and then redeploy the virtual machine using a new nic nick means the network interface card and then you connect this newly created network interface card on nick to a new virtual network in this case virtual network 2 and that's why yes is the correct answer for this question now let me give you a very quick tip when you create an azure virtual machine you must create a virtual network or use an existing virtual network you can change the subnet of a virtual machine that the virtual machine is connected to after it's created however you cannot change the virtual network besides that you can also change the size of the virtual machine so keep these tips in mind whenever you are working with azure virtual machine or you have to solve a business scenario like this one now let's jump to the question number 150 this question is rather interesting but also a little confusing one so i want full attention from you in this question so let's read the question the question says that you have an azure subscription named subscription one containing the following quotas you can see that we have the quota we have standard bs family vcpu we also have a d family vcpu here you can observe the location and here are the usages given moving on the question says that you deploy virtual machines to subscription one as shown in the following table you can see here we have virtual machines named vm1 and vm 20 and the size of the virtual machine is given along with the vcpus and the location is also given and the status of virtual machine is also given please note that first virtual machine vm1 is in running state and the second virtual machine vm 20 is stopped or deallocated state this is very important to note so keep this point in mind then to the next section of the question it says that you deploy the virtual machines shown in the following table so we have vm3 we have vm4 and then we have vm5 you can see all the different sizes of all these virtual machines respectively along with the vc views for each of the virtual machine just as a side note the numbers that you observe in these circles one two and three all these numbers denotes the sequencing of the question so this is the first block of the question the second block and the third block so you can understand the flow of the question so just keep that in mind and then after that we have some yes and no kind of statements so first statement says that you have to deploy virtual machine to the west u.s now what you need to tell is looking at the virtual machine looking at its size and the vcpus you have to tell whether this virtual machine can be deployed in the west u.s location or not so this is basically the idea of the question okay so now let's see the answer to the first statement and side by side i will explain you the reasoning of each answer so the answer for the first statement is yes here you can see that we have to deploy virtual machine 3 to the location west us now let's go to the virtual machine three we have virtual machine three this is the size and we can see the vcpus for virtual machine three is one now let's go to the west u.s and understand the capacity of the west u.s location so we have this west u.s we can see the quotas here and we can see the usage of the west u.s so we have 0 to 20. so this is the capacity of the west u.s location now let's check out the virtual machines that are already running in the west u.s location so we can see we have already two machines virtual machine 1 and virtual machine 20 with two cpus for virtual machine 1 and 16 cpus for the virtual machine 20. now how many cpus are already occupied you can see 16 plus two so we have already occupied 18 cpu and what's the maximum limit the maximum limit is 20 and how much we have to deploy now we have to deploy virtual machine one with one cpu so you can see that we have chosen yes as an answer so as i said we have to add one cpu which comes from here this table on the right hand side top corner and then we see that two cpu this one and 16 cpu this one is already occupied so 20 the total capacity minus 18 which is the use capacity we get 2 which is the capacity that we can still utilize or deploy the virtual machines on so because our cpu size for the new virtual machine three is one we can definitely deploy this virtual machine on west u.s one very important point that many people make mistakes on that they do not count the capacity of the stopped virtual machine this is wrong because stopped virtual machine even if it's in de-allocated state the vcpu are still used the second statement says that you can deploy vm4 to best us the answer for this one is no and the logic is same that we cannot deploy because now we have to deploy four cpus we have already consumed 18 cpus here and 18 plus 4 gives us 22 which will outpass the maximum capacity of our location so that's why this is no coming to the third statement it says you can deploy vm5 to west us the answer for this one is no as well because for vm5 we have 16 we have already used up 18 so 18 plus 16 gives us 34 which is way beyond our maximum capacity and that's why the answer for this statement is no as well i hope you understood this very interesting question if you have some questions or doubts around this question do let me know in the comment section now let's check out question number 151 the question says that your company has an azure active directory tenant that is configured for hybrid coexistence with the on premise active directory domain the on premise virtual environment consists of virtual machines running on windows server 2012 are two hyper-v host servers you create some powershell scripts to automate the configuration of newly created vms now you plan to create several new virtual machines you need a solution that ensures the scripts run on the new virtual machine which of the following solution is best and the correct answer for this question is option e and in case you are looking for a full understanding on how to add a custom script to windows setup then this is the microsoft documentation and you can see on top of this page we have a section called windows setup script and here we are given with setupcomplete.cmd that's exactly what we saw in the question as well and this is the option that we selected as an answer you can read the entire page the link is available in the description box coming to the question 152 it says that your company has an azure active directory tenant that is configured for hybrid coexistence with on-premises active directory domain you plan to deploy several virtual machines in azure the virtual machine will have same operating system and custom software requirement you configure a reference virtual machine in on premise virtual environment you then generalize the virtual machine to create an image you need to upload the image to azure to ensure that it is available for the selection when you create new virtual machines which powershell commandlet should you use and your options are given here the correct answer for this question is add azbhd quickly coming to question number 153 and that says the deployment team ask you to provision an azure storage account for their usage to remain in compliance with it security policy you need to ensure that the new azure storage account meets the following requirement so these are the requirement the first one is data must be encrypted at rest access key must facilitate automatic rotation the company must manage access keys and the options to choose the answer from are listed here and the correct answer for this question is option a configure the storage account to store its key in azure keyboard if you want to learn more on automated key rotation in azure keyboard then you can check out this video on your screen to learn more the link for this video is available in the description box moving on our question number 154 says that you have web app in west us central u.s and east u.s azure regions you have the app plans shown in the following table you can see in this following table we have different app service plan and these are the name of the app service plan then we have operating system locations sku and different sizes then the question says that you plan to create an additional app service plan name esps that will use the linux operating system you need to identify in which of the currently used location you can deploy asps what should you recommend should you recommend central us only west u.s central u.s or east u.s basically all the locations or should you look forward for east u.s only or west u.s only the correct answer for this question is west u.s central u.s or east u.s it's a very straightforward question if you read the question you will not find that microsoft has specified any kind of restriction or condition in this question and that's why basically you can choose any location to deploy your app service plan and in case you are interested to learn more to manage app service plan in azure then this is the microsoft documentation that you can refer to moving ahead with question about 155 and it says the infrastructure team is responsible for managing a production web app the app requires scaling to five instances 40 gb of storage and a custom domain name a least cost solution is desired which app service plan would meet the requirements and your options are basic standard premium very simple question and the answer for this question is standard moving ahead with question number 156 that says that your company website is the techblackboard.com your marketing team wants to know which web pages are most popular at what times of the day and where the users are located which of the following should be recommended and your options are application insights azure monitor or application logging so you have to tell that out of these three azure services which service that you can use to track web pages that are most popular what times they are most popular or what times their maximum access and from where your users are accessing them so basically the location of the user and the correct answer for this question is application insights now let's check out some questions on azure kubernetes question number 157 says that can you have different virtual machine in a single cluster and the answer for the same is yes you can surely use different azure virtual machine sizes in your eks cluster by creating multiple node tools if you are interested to know how to create and manage multiple node pool for a cluster in azure kubernetes service then this is a very good microsoft documentation moving on with question number 158 it says that can you provide your own name for the aks node resource group and the correct answer for this question is yes and here i would like to mention that this is the default name that aks will give to the node resource group so you can see here this is your resource group then you have cluster name and then you have location however if you wish to give your own name as asked in the question you can always go ahead and give your own name moving on with question number 159 and that says that can you run windows server containers on aks the correct answer for this question is yes of course a quick explanation on this windows server containers are available on aks now to run the windows server containers in aks you create a node pool that runs on windows server as a guest os further ahead windows servers container can use only windows server 2019 this is as of now the things however can change very quickly and in case you want to know how to get started on creating a windows server container on azure kubernetes server cluster using azure cli this is the microsoft documentation for you and as i was just mentioning it says that it runs only on windows server 2019 coming to the last question of our part 13 here is question number 160 question says that suppose you are building a photo editing application that will offer online storage for user generated photo content you will store the photos in azure blobs so you need to create an azure storage account to contain the blobs now once the storage account is in place it's unlikely that you would remove or recreate it because this would delete all the user photos so which tool is likely to offer the quickest and easiest way to create the storage account your options are azure portal azure cli or azure powershell now it's very interesting to know that actually you can achieve this storage account by using azure portal azure cli and also with azure powershell so what exactly is the correct answer the correct answer for this question is azure portal and the reason being that the question says that once this storage account is in place it's unlikely that you would remove or recreate it so basically it's a one-time activity and the best place to do one-time activity is azure portal however if you're looking for the automation of resource creation then azure cli or powershell would be a better choice i hope you like these very interesting 15 questions in part 13. in case you have doubts or any questions related to az104 or anything related to azure do let me know in the comment section and i will be happy to answer and before you close this video please do not forget to like the video subscribe to the channel and share this video to as much as you can let's open our part 14 with the scenario based question question number 161 says that you have an azure subscription that contains the following resources a virtual network that has a subnet named subnet one two network security groups named nsgpm1 and nsg subnet 1 a virtual machine named vm1 that has the required windows server configuration to allow remote desktop connection now nsg subnet 1 has the default inbound security rules only nsg vm1 has the default inbound security rules and the following custom inbound security rule you can see we have the priority set to 100 then source is any and the source port range is estric which means any destination is also any and then we have destination port range 3389 protocol is udp and the action is allowed the question further says that the vm has a public ip address and is connected to subnet one nsg vm1 is associated to the network interface of vm1 nsg subnet 1 is associated to subnet 1. you need to be able to establish the remote desktop connections from the internet to vm1 the solution given here is that you add an inbound security rules to nhg subnet one that allows connections from the internet source to the virtual network destination for port range 3389 and uses the udp protocol does this meet the goal the correct answer for this question is no to find out the correct solution for this business case follow me to the next question question number 162 coming to question number 162 the question is exactly the same as that of 161 however the solution is little different so please pay attention the solution says that you add an inbound security rule to nsg subnet one that allows connection from any source to the destination for port 3389 and uses tcp protocol you remove nsg vm1 from the network interface of vm1 does this meet the goal and the correct answer for this question is yes the reason here is very simple you have to see that nsg subnet one this is now correctly modified with tcp protocol so earlier we had udp protocol and now we have tcp protocol and the port number is 3389 so always remember the port number 3389 should always be matching with tcp protocol and not with udp protocol and the change of protocol between two questions makes 162 ses and 161 as no and then we have question number 163 and it says that an administrator is deploying couple of new virtual machines in azure subscription via automation all virtual machines will be deployed in resource group rg07 based on arm template that is stored in github which two commands should the administrator use so you can see four commands are given here and out of these four commands you have to pick two commands that can be used for the deployment using our template correct answer for this question is option a and option c the reason is very simple because both option b and option d these commands are used to create virtual machines from either the marketplace images or custom images however none of the commands given in option b or option d can be used for the deployment using arm template and that's the reason i eliminated these two option and then we are only left with option a and option c so guys this is also one really good trick that i use in my examination certification and i personally call it selection by elimination so sometimes you are sure that some of the options are not valid options or not correct options so eliminating those will leave you with the correct answers or at least it will leave you with lesser options to choose from our question number 164 says that you have a computer named computer 1 that has a point-to-side vpn connection to an azure virtual network vnet1 now point-to-site connection uses a self-signed certificate from azure you download and install the vpn client configuration package on the computer name computer2 now you need to ensure that you can establish point to site vpn connection to vnet1 from computer2 the solution given here is you export the client certificate from computer one and install the certificate on computer two does this meet the goal the correct answer for this question is yes this solution does satisfy this business case now let's understand the reasoning behind it so this is the reason you can read that each client computer that connects to a virtual network or vnet using point to site must have a client certificate installed that's exactly what our solution also says that we install a client certificate further it says that you generate a client certificate from the self-signed root certificate and then export and install the client certificate if the client certificate is not installed the authentication fails however in our case we have installed the client certificate and thus you can establish point-to-side vpn connection to vnet1 from computer2 now there can be many variations of this question so microsoft can give you lot of different solution for the same question to confuse you so let me show you some more variations of the same question so that you are well prepared when this question comes so now in the question number 165 we have the exactly same question however this time the solution is different this time the solution says that you modified the azure active directory authentication policy and of course we know that this will not solve this business case so the correct answer is no and just to reinforce i have given the justification here as well a client computer that connects to a v-net using point to site must have a client certificate installed now showing you the third variation of the same question and this time the solution is that you joined computer 2 to azure active directory and of course we know the correct answer is no question number 167 says that you have an azure subscription that contains the following resources we have 100 azure virtual machines 20 azure sql database 50 azure file shares you need to create a daily backup for all the resources by using azure backup what is the minimum number of backup policies that you must create and your options are 1 2 3 120 or 170 and the correct answer is three the reason is that you should create a separate backup policy for each of the component so one for azure virtual machine one backup policy for sql database and one backup policy for file share if you have some questions around backup azure virtual machines then this is a great page this page will answer probably all the questions that you have around azure backup virtual machine and the best part is that all the information around this backup is gathered in the form of question and answer and i really love these kind of fact or frequently asked question and answer format of microsoft documentation you can find the link of this page in the description box moving on our question number 168 says that you are troubleshooting a performance issue for an azure application gateway you need to compare the total request to the failed request during the past 6 hours what should you use and your options are metrics in application gateway diagnostics log in application gateway nsg flow log in azure network watcher or connection monitor in azure network watcher and the correct answer for this question is option a matrix in application gateway moving on with question number 169 and it says that you create the following resources in a subscription an azure container registry instance name registry 1 and then you create an azure kubernetes service cluster name cluster one now you create a container image named app one on your administrative workstation you need to deploy app one to cluster one what should you do first and your options are should you create a host pool on cluster one or should you run the docker push command or run the cube ctl apply command or should you run the az aks create command the correct answer for this question is option b run the docker push command and here is a quick side note an azure container registering the container hsc we are talking also about container registry here so an azure container registry stores and manages private docker container images similar to the way docker hub stores the public images you can use the docker command line interface or docker cli for login push pull and other operations on your container registry now let's move to question number 170 the question says that you have an azure subscription that contains the resource groups as shown in the following table now here you can see we have two resource group rg1 located in west us then rg2 located in east u.s moving on the question says that rg1 contains resources shown in the following table so we have storage one we have virtual network named vnet1 nik1 which is a network interface card then we have disk one we have virtual machine and you can also observe the locations here further ahead the question says that vm1 is running and connects to nick one and disk one now nick one connects to v-net1 and rg2 contains a public ip address named ip2 and is in east us location ip2 is not assigned to a virtual machine you have to choose all what is applicable or possible your options are you can move storage 1 to rg2 or you can move nic 1 to rg2 or if you move ip2 to rg1 the location of ip2 will change so what according to you is possible and the correct answer for this question is option a you can move storage 1 to rg1 just to give you more details on the other two option you cannot move a neck or network interface card to a new resource group if it's already attached to a virtual machine coming to the third one it's very important that you understand that azure public ip are always region specific and you cannot move a azure public ip from one region to another moving on with question number 171 it says that your company wants to move all the services to azure kubernetes service which of the following component contributes to the monthly azure charge your options are master node or deployed pod or per node vm and the correct answer for this question is option c per node vm and this is because with kubernetes organizations only pay for the virtual machine instance storage and network resources consumed by the cluster moving ahead with question number 172 it says that you need to resolve the active directory issue what should you do your options are listed here and the correct answer for this question is option a run the idfix tool then use the update action just to tell you more about eye defects tool the idfix is used to perform discovery and remediation of identity objects and their attributes in an on-premises active directory environment in preparations for the migration to azure active directory idfx is intended for the azure active directory administrators responsible for directory synchronization with azure active directory for id fix i can just say that it's a lesser known azure service and you should read more about it and to help you further this is the microsoft documentation on id fix tool here you can understand what is a id fix tool and also you can understand how it works the link for this microsoft documentation is available in the description box quickly moving to question number 173 it says that which of the following is the kubernetes agent that processes the orchestration request and schedules running the requested containers your options are container node or cubelet the correct answer for this question is option c cubelet marching towards question number 174 you have an azure subscription you are deploying an azure kubernetes service cluster that will contain multiple ports the pods will use kubernetes networking you need to restrict network traffic between ports what should you configure on aks cluster and your options are the azure network policy the calico network policy or the port security policy and the last one is an application security group the correct answer for this question is option b the calico network policy and here i present question number 175 which is the last question for our part 14 of our easy 104 real exam question and answer series the question says that you are part of infrastructure team you need to configure networking for the azure kubernetes service which of the following servers would be the best for internal only application that support the other workloads within the cluster your options are load balancer cluster ip or node port and the correct answer for this question is option b cluster ip and here is some more details on cluster ip so cluster ip creates an internal ip address for the use within the eks cluster this is good for the internal only application that supports other workloads within the cluster and that's the reason we have chosen cluster ip as the answer for this question i hope you like the cluster of these 15 questions in our part 14. our part 15 begins with question number 176 the question says that you have an azure subscription that contains an azure storage account you plan to create an azure container instance named container one that will use a docker image name image one now image one contains a microsoft sql server instance that requires persistent storage you need to configure a storage service for container one what should you use your options are azure files azure blob storage or azure queue storage or azure table storage the correct answer for this question is option a azure files now let me give you a quick explanation for this so azure files can be used as a persistent volumes for stateful containers containers deliver build ones run anywhere capabilities that enable developers to accelerate innovation for the containers that access raw data at every start a shared file system is required to allow these containers to access the file system no matter which instance they run on so that explains the logic behind choosing azure files as the answer for this question moving on with question number 177 the question says that you have an azure subscription that contains a web app named web app one you need to add a custom domain name www.contoso.com to the web app one what should you do first should you create a dns record or add a connection string or should you upload a certificate or should you stop web app one the correct answer for this question obviously is option a create a dns record now let's do some scripting practice in our question number 178 the question says that suppose you have a script that creates several vms with different images when the script issues the command to create the first vm you don't want to block the script while the vm is created instead you want the script to immediately move on to the next command what is the best way to do this should you add async argument to your command or should you use ampersand to run the process in the background or should you add no weight argument to your create command it's very important that you're noting in between the lines the requirement of the question the question was that your script should not be waiting for the vm to be created and it should immediately move to the next command so even if the vm creation is in process your script should move to the next command so this is very important when you answer this question and the correct answer for this question is option c that you should add no wait argument to your create command a little more detail on novade so when you add no weight that will cause azure vm create to run immediately without waiting for the vm to be actually created and that's exactly what our question is also looking for now let's do some more scripting in question number 179 as well so this says that you create the following resources in an azure subscription you create an azure container registry instance name registry one and then an azure kubernetes service cluster name cluster one you create a container image named app one on your administrative workstation now you need to deploy app one to cluster one what should you do first should you run the docker push command or should you create an app service plan should you run the easy acr build command or should you run the easy aks create command and the correct answer for this question is option c run the azacr build command now here is some more detail on how to do it so you should actually sign in of course to the azure portal and then push the container image to the container registry and post that run the easy acr build command which is mentioned here to build and push the container image now let me give you a quick snippet of the actual code or the script so this is the code that you can use to do this task additionally let me take you to the microsoft site where not only you can find this code you can also do a entire hands-on practice so this is the documentation from microsoft learn and here you can see this exercise on how to deploy an application on your azure kubernetes service cluster you can follow all the steps given here it's a wonderful exercise i did it myself and enjoyed a lot the link for this documentation as usual is available in the description box moving on with question number 180 the question says that you plan to deploy three azure virtual machine named vm1 vm2 and vm3 the virtual machines will host a web app named app1 now you need to ensure that at least two virtual machines are available if a single azure data center becomes unavailable what should you deploy should you deploy all the three virtual machines in a single availability zone or all virtual machines in a single availability set or the third option is each virtual machine in a separate availability zone or the fourth one is each virtual machine in a separate availability set and i am sure that almost answering 180 questions already you should be able to answer this question very well the correct answer for this question is option c each virtual machine in a separate availability zone it's very important that you understand the difference between availability zone and availability set a lot of people get really confused between both of these so i have got some microsoft documentation where you can read on both of these in dt and this is the microsoft documentation where you can read more on availability zones you can also read more on virtual machine skill set availability set load balancer and much more all these sections contains a link where you can click and dwell more details on each topic coming to our question number 181 the question says that what needs to be installed on your machine to let you execute azure powershell cmd leds locally your options are the azure cloud shell or the base powershell product and easy module or the third option is the azure cli and azure powershell the correct answer for this question is option b the base powershell product and easy module moving on with question number 182 and it says that you have five azure virtual machine that runs on windows server 2016. the virtual machines are configured as web servers you have an azure load balancer named lb one that provides load balancing services for the azure virtual machines you need to ensure that the visitors are serviced by the same web server each request so what should you configure your options are floating ip to enabled floating ip to disable or a health probe or the last option is session persistence to client ip and protocol the correct answer for this question is session persistence to client ip and protocol just a quick side note here to help you further now when you read the question it says that you need to ensure that the visitors are serviced by same web server for each request that means we are talking about sticky sessions so with sticky sessions when a client starts a session on one of your web server session stays on the specific server important here that you are noting that the session stays on the specific server because this matches with the requirement given in the question further it says that to configure an azure load balancer for sticky session set session persistence to client ip and that's the reasoning behind choosing option d as an answer do you have any question or doubt in any of the questions that we have covered so far in these 15 parts if yes then do let me know in the comment section i will create a bonus part where i will cover all these questions and doubts and before moving ahead my humble request if you have liked the content so far then please give a like to this video your each like is much appreciated and really boost my confidence not only that it helps my videos to reach to the desired audience now let's move ahead moving ahead with question number 183 the question says that your company has three offices the offices are in miami los angeles and new york each office contains data center additionally you have an azure subscription that contains resources in east u.s and west u.s azure regions each region contains a virtual network the virtual networks are paired you need to connect the data centers to the subscription the solution must minimize the network latency between the data center what should you create your options are given here and very quickly jumping to the answer the correct answer for this question is option c three virtual van and one virtual hub in case you are interested to learn more about van then this is the microsoft documentation where you can drop in the link is available in the description box and here comes our question number 184 the question says that when assigning private ipv4 addresses in a subnet with addresses range 10.3.0.0.16 which of the following addresses are available for assignment dynamically so your options are 10.3.0.2 or 10.3.25 or 10.3.255.254 and the correct answer for this question is option number c 10.3.255.254 and in case you are already scratching your head why i have not picked option a or option b as an answer then here is the quick explanation so you can see that option a which was incorrect and the reason for that is that azure reserves the first four addresses in each subnet address range and that's the reason that these four addresses cannot be assigned to the resources so you can see our range starts from 10.3.0.0 so the four first addresses are 10.3.0.0 and then 10.3.0.1 and then 10.3.0.2 and 10.3.0.3 so these four addresses cannot be assigned to any of the resources whenever you are working with subnet please remember this point that the first four address of that subnet range will never be assigned to any of the azure resource moving on with option d this is also incorrect the reason is simple the last subnet address of any subnet range is always reserved by azure as a broadcast address so this last subnet address is also never available for assignment to azure resource this is very important not only from the exam perspective but also for your day-to-day working in azure networks now let's take a question around blob storage the question says that you are using a blob storage which of the following is true you have to select one option the options are the cool access tier is for frequent access objects in storage account the second option is the hot access tier is for storing large amount of data that is infrequently accessed the third option is the performance here you select does not affect pricing the fourth option is you can switch between hot and cool performance tiers at any time and the correct answer for this question is option d coming to question number 186 and the question says that you host a service with two azure virtual machines you discover that occasional outages cause your service to fail what two actions can you do to minimize the impact of outages select two your options are add a load balancer put the virtual machines in an availability set or should you put the virtual machines in a scale set or add a network gateway or should you add a third instance of a virtual machine and the correct answer to this question is option a you should add a load balancer and option b that you should put the virtual machines in an availability set the reason is very simple when you add virtual machine to an availability set and add a load balancer in front of them then even if one virtual machine is down or maybe it's experiencing some problems then the load balancer will divert the traffic or incoming request to another virtual machine in the availability set and that surely will bring down these occasional outages because one of the virtual machine will always be there to cater the incoming traffic let's quickly move to question number 187 the question says that how many resource groups are created for each aks deployment is it one two three or four and the correct answer for this question is two there are always two resource groups that are created for each aks deployment and if you are wondering what are those two resource group then here is the quick explanation so each aks deployment spans two resource group the first resource group this one is created by you and it contains only the kubernetes service resource and the second resource group known as the node resource group that contains all of the infrastructure resources associated with the cluster and in case you are really interested on azure kubernetes service then this is a brilliant page from microsoft that answered lot of your questions in a frequently asked question format and you can read a lot of interesting questions and answer on this page and also you can understand why are the two resource group created for each aks deployment the link for this page is available in the description box and here comes our question number 188 the question says that what is azure express route service and down here you are seeing three definitions given for the azure express route and you have to pick the correct one so tell me are you able to pick the right definition for azure express route if yes then pause the video and let me know your answer in the comment section but for now i will tell you the correct answer and the correct answer is option b so azure express route is a service that provides a direct connection from on premises data center to the microsoft cloud and i'm pretty sure that you also get the right answer now let's quickly move to the question number 189 the question says that you are currently using network security group or nsg to control how your network traffic flows in and out of your virtual network subnets and network interfaces you want to customize how your nsg works for all the incoming traffic you need to apply your security rules to both virtual machine and subnet level which of the following options will let you accomplish this and please note that you have to choose two options so your options given are that should you configure the allow v-net inbound security rule for all new nsg or create rules for both nic and subnets with an allow action the third option is delete the default rules and the fourth one is add rules with a higher priority than the default rules the correct answer for this question is option b and option d and friends as someone has rightly said there is the end for everything and the same is true with our easy 104 real exam question and answer series question number 190 is not only the last question for our part 15 but also the last question for our entire easy 104 real exam question and answer series so let's read the question the question says a company plans to copy and own premises vm image to a container named my images which command should you run in order to create the container for the plant image now here you can see there is a command given that starts with easy copy and you have to complete the command by picking the right answer from these two drop down menus and according to question you have to keep in mind that this command should be able to create a container or a file share so let me take you to the microsoft documentation and let's find the greater details on this command so this is the microsoft documentation that gives you more details on easy copy make command and on this page you can see the examples and in this example section you can see the correct command starts with easy copy and then the very next parameter is make going forward there is your account name and then you can select out of three options either blob file or dfs and then code.windows.net is always appended by microsoft azure and then you can see we have the top level azure resource name coming back to our presentation here you can see i have pasted the example command from microsoft documentation so that it's easier to answer the question and as we can see in the microsoft documentation the very next parameter to the easy copy command is make so this is what we will exactly pick from here this drop down menu and then moving on we have your account name this is also given here and then we can see we can choose either of the option we have blob file or dfs and here in our drop down menu we are given with table image and blob and we can very well see that out of these three options only one blob fits the documentation so the correct answer for the second drop down menu is block you can also note that there are other two valid options like file or tfs so in case the microsoft changes the options here you can still pick the correct answer friends we have come a long way we have covered 190 question and answer in this az104 series and it was a great experience for me not only to bring this series to you but also i learned a lot of things in this journey friends throughout the series i tried my best to cover all the areas of easy104 exam series and did my best endeavors to explain each question and provide you with the correct microsoft documentation but still in case you have more questions that could not be covered in this exam series or maybe you have some doubts then you can reach me through the comment section you can also connect with me on facebook twitter or instagram all the links for all the social media platform is provided in the description box i hope you liked this video with 190 questions and answers on easy104 certification exam and a great way to show your appreciation is to give a like to this video also do not forget to subscribe to the channel as a brand new series on much demanded ai 900 is to be launched next week if this video has added any value in your learning a like and subscribe is highly appreciated share this video in your family and friends to spread and expand their learning your comments and feedback give me a chance to interact with you and i look forward for them we will meet again in our next video till then stay fit keep learning and thanks for watching