Microsoft - AZ-104: Microsoft Azure Administrator
Sample Questions
Question: 759
Measured Skill: Deploy and manage Azure compute resources (20–25%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You create a private endpoint connection for Registry1.
Does this meet the goal?Correct answer: BExplanation:
The ability to docker pull a non-quarantined image, or pull another supported artifact such as a Helm chart, from a registry. Requires authentication with the registry using the authorized identity.
The Azure Container Registry service supports a set of built-in Azure roles that provide different levels of permissions to an Azure container registry. Use Azure role-based access control (Azure RBAC) to assign specific permissions to users, service principals, or other identities that need to interact with a registry, for example to pull or push container images. You can also define custom roles with fine-grained permissions to a registry for different operations.
The Azure Container Registry service supports a set of built-in Azure roles that provide different levels of permissions to an Azure container registry.
When working with your registry directly, such as pulling images to and pushing images from a development workstation to a registry you created, authenticate by using your individual Azure identity. Subsequent Docker commands use the Azure role-based access control (Azure RBAC) permissions assigned to your indivudual account and do not require a username or password.
We need to assign a role that provides the Pull image permission to our individual user account.
Question: 760
Measured Skill: Deploy and manage Azure compute resources (20–25%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You assign the Reader role to your account.
Does this meet the goal?Correct answer: AExplanation:
The ability to docker pull a non-quarantined image, or pull another supported artifact such as a Helm chart, from a registry. Requires authentication with the registry using the authorized identity.
The Azure Container Registry service supports a set of built-in Azure roles that provide different levels of permissions to an Azure container registry. Use Azure role-based access control (Azure RBAC) to assign specific permissions to users, service principals, or other identities that need to interact with a registry, for example to pull or push container images. You can also define custom roles with fine-grained permissions to a registry for different operations.
The Azure Container Registry service supports a set of built-in Azure roles that provide different levels of permissions to an Azure container registry.
When working with your registry directly, such as pulling images to and pushing images from a development workstation to a registry you created, authenticate by using your individual Azure identity. Subsequent Docker commands use the Azure role-based access control (Azure RBAC) permissions assigned to your indivudual account and do not require a username or password.
We need to assign a role that provides the Pull image permission to our individual user account.
Question: 761
Measured Skill: Deploy and manage Azure compute resources (20–25%)
You have an Azure subscription that uses Azure Container Instances.
You have a computer that has Azure Command-Line Interface (CLI) and Docker installed.
You create a container image named image1.
You need to provision a new Azure container registry and add image1 to the registry.
Which command should you run for each requirement?
(To answer, select the options in the answer area. NOTE: Each correct answer is worth one point.)A | Provision a new container registry: az acr build
Add image1 to the registry: az acr create |
B | Provision a new container registry: az acr create
Add image1 to the registry: docker push |
C | Provision a new container registry: az acr create
Add image1 to the registry: az container create |
D | Provision a new container registry: az container create
Add image1 to the registry: az acr create |
E | Provision a new container registry: az container create
Add image1 to the registry: docker push |
F | Provision a new container registry: docker create
Add image1 to the registry: docker pull |
Correct answer: BExplanation:
Azure Container Registry is a private registry service for building, storing, and managing container images and related artifacts.
You can create an ACR instance using the Azure CLI command az acr create command. The registry name must be unique within Azure, and contain 5-50 lowercase alphanumeric characters. In the following example, mycontainerregistry is used. Update this to a unique value.
az acr create --resource-group myResourceGroup --name mycontainerregistry --sku Basic
The docker push command is used to push the image to the registry instance. Replace <login-server> with the login server name of your registry instance. This example creates the hello-world repository, containing the hello-world:v1 image.
docker push <login-server>/hello-world:v1
Reference: Quickstart: Create a private container registry using the Azure CLI
Question: 762
Measured Skill: Implement and manage virtual networking (15–20%)
You have an Azure subscription.
You create a routing table named RT1.
You need to add a route to RT1 that specifies the next hop IP address.
Which next hop type should you select?A | Internet |
B | Virtual network gateway |
C | Virtual network |
D | Virtual appliance |
Correct answer: DExplanation:
Each route contains an address prefix and next hop type. When traffic leaving a subnet is sent to an IP address within the address prefix of a route, the route that contains the prefix is the route Azure uses.
The question states that that we need to specify an IP address as the next hop. The virtual appliance next hop type is the only one that lets us specify an IP address.
A virtual appliance is a virtual machine that typically runs a network application, such as a firewall.
Reference: Virtual network traffic routing
Question: 763
Measured Skill: Implement and manage virtual networking (15–20%)
You have an Azure subscription that contains the resources shown in the following table.
You create a route table named RT1 in the East US Azure region.
To which resources can you associate RT1?A | VNet1 only |
B | Subnet1 only |
C | VNet1 and NIC1 only |
D | Subnet1 and NIC1 only |
E | VNet1, Subnet1, and NIC1 |
Correct answer: BExplanation:
To customize your traffic routes, you shouldn't modify the default routes but you should create custom, or user-defined(static) routes which override Azure's default system routes.
In Azure, you create a route table, then associate the route table to zero or more virtual network subnets. Each subnet can have zero or one route table associated to it.
When you create a route table and associate it to a subnet, the table's routes are combined with the subnet's default routes. If there are conflicting route assignments, user-defined routes override the default routes.
Reference: Virtual network traffic routing