AZ-104T00 - Microsoft Azure Administrator

ASSESSMENT GUIDE

Overview
This document provides information and guidance on how to develop formative and summative
assessments for AZ-104T00 Microsoft Azure Administrator.
This guide is intended to be a reference and starting point for instructors as you plan how to
assess your students. As you read through the guide, you may choose to tailor the assessment
strategies, including the assessment items and rubric, for your classroom.
You are free to use the questions as they are currently presented or modify as appropriate for
your classes. The open-ended questions do not appear in any other course materials and are
designed to supplement the formative assessment opportunities that are integrated directly into
Microsoft Learn and the Microsoft Official Course.
Assigning the module questions to students as an independent activity will enable you to collect
data about individual student progress. However, we recommend that you set aside class time to
review answers and address any common student misconceptions, as later modules depend on
knowledge and understanding gained earlier in the course.
Multiple choice questions
This course uses Microsoft Forms for the knowledge check questions. Microsoft Forms is free and
easy to use. If you aren’t familiar with the product, short support videos are available. Review
question quizzes have already been created for you, simply:

1. Select each of the following URLs, and then Duplicate it. This will create a personal copy of
the quiz, which you can edit. For example, you could add branding to the top.
2. Share the quizzes with the anyone with the link can respond option. This means sign-in to
complete the quiz is not required.
3. Provide the shared URLs to your students and use the Responses tab to review
the answers.

• Module 01, Identity

• Module 02, Governance and Compliance
• Module 03, Azure Administration
• Module 04, Virtual Networking
• Module 05, Intersite Connectivity
• Module 06, Network Traffic Management
• Module 07, Azure Storage
• Module 08, Azure Virtual Machines
MICROSOFT LEARN

• Module 09, Serverless Computing

• Module 10, Data Protection
• Module 11, Monitoring

As a best practice it is recommended you create a new quiz and delete the old quiz each class.
This will keep the response URLs from being circulated and responses continuing to come in
after class.
Open-ended questions
The open-ended questions present further challenges beyond single answer responses and include
scenario-based questions. These questions give students the opportunity to demonstrate critical
thinking through their responses. The open-ended questions at the end of each module are a
useful approach to help build student confidence and critical thinking to encompass a range of
potential solutions.
For their responses, students should be encouraged to explore multiple cloud service solutions
and adopt a design-first approach before settling on a potential solution. Exploring the official
Microsoft Azure documentation is a great place for students to research and investigate the
different cloud services that are available.
Module 1: Administer Identity
1. Describe the following concepts: identity, account, Azure AD account, Azure AD Account,
Azure AD tenant, and Azure subscription. How are these different?
Answer: Identity is an object that can be authenticated. An Account is an identity that has
data associated with it. An Azure AD account is an identity created through Azure AD or
another Microsoft cloud service. An Azure AD tenant is a dedicated and trusted instance of
Azure AD, A Tenant is automatically created when your organization signs up for a
Microsoft cloud service subscription. An Azure subscription is used to pay for Azure cloud
services.
2. How is Azure Active Directory different from Azure Active Directory Domain Services?
Answer: Azure AD is primarily an identity solution and designed for HTTP and HTTPS
communications. Azure AD can be queried with a REST API, instead of LDAP. Azure AD uses
federation services, and many third-party services (such as Facebook). Azure AD users and
groups are created in a flat structure. Azure AD does not have Organizational Units (OUs)
or Group Policy Objects (GPOs).
3. Describe Azure AD Join and the usage cases for it.
Answer: Azure AD Join provides single sign on to your Azure managed SaaS apps and
services. Joined devices have enterprise state roaming of user settings. AD Join provides
seamless access to on-premises resources. Restricts access to apps from only compliant
devices.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
2
MICROSOFT LEARN

4. Describe the Self-Service Password Reset authentication methods can be configured for
users.

Answer: Self-Service Password Reset authentication methods include mobile app

notification, mobile app code, email, mobile phone, office phone, and security questions. A
combination of authentication methods can be used.

5. List three features of a user account and two ways a user can be assigned to group.
Answer: All users must have a user account. The user account is used for authentication
and authorization. Each user account can have additional properties (user profile), like
phone number. You must be a Global Administrator or User Administrator to manage
users. Users can be assigned to groups either directly or dynamically. Dynamic assignment
lets you create complex attribute-based rules.
Module 2: Administer Governance and Compliance
1. Describe the steps for creating an Azure policy. What are the advantages of Azure policy?
Answer: Azure Policy is a service in Azure which allows you create polices which enforce
and control the properties of a resource. The advantages include enforcement and
compliance, applying policies at scale, and remediating non-compliant resources. The
creation steps are - create a policy definition, create a policy initiative, scope the initiative,
and determine compliance. A policy example is when company wants to implement
geographic compliance requirements to limit locations where services can be deployed.
2. List three RBAC roles and the associated permissions for each role.
Answer: Owner who has full access to all resources and can delegate access to others.
Contributor who can creates and manages all types of Azure resources but cannot grant
access to others. Reader who can only view Azure resources. User access administrator
who manages user access to Azure resources. Other roles are possible.
3. What is the purpose of role-based access control (RBAC) and why would you use it?
Answer: RBAC provides fine-grained access management of resources in Azure. RBAC can
be used to segregate duties within a team. RBAC can also grant just the amount of access
users need to perform their jobs. RBAC is an allow model granting access only as assigned.
4. What is resource tagging and why would you use it?
Answer: Resource tags provide metadata for your Azure resources. Tags are name-value
pairs that help logically organize resources into a taxonomy. Tags can be used to roll up
billing information, for example the costs on a new project. Tags can also be used by Azure
policy to determine when a policy should be applied.
5. Name several ways you can reduce costs in Azure.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
3
MICROSOFT LEARN

Answer: Azure Reservations helps you save money by pre-paying for services. Azure Hybrid
Benefits uses Windows Server and SQL Server on-premises licenses with Software
Assurance. Azure Credits provides a monthly benefit that allows you to experiment with,
develop, and test new solutions on Azure. Regional pricing can be explored to find the
most cost-effective location. You can implement Cost Management to conduct a cost
analysis, create a budget, and review cost recommendations.
Module 3: Administer Azure Resources
1. Name at least three tools an Administrator can use to create and manage Azure resources.
Answer: Azure Portal, Azure CLI, Azure PowerShell, and Azure templates.
2. What is an Azure resource group and what are some basic rules when creating resource
groups?
Answer: A resource group is a container of related resources for an Azure solution.
Resources can exist in only one resource group. Groups can have resources of many
different types (services) and from many different regions. Groups cannot be nested. Not
all resources can be moved between groups. It is best practice to add resources to the
group that share the same lifecycle.
3. What are Azure Resource Manager templates and what are the advantages of using them?
Answer: Templates are a programmatic way to define your infrastructure with code.
Templates let you create and deploy resources in a consistent manner. Templates improve
accuracy and reduce manual errors. Templates can be reused and simplify administration.
Templates have a defined schema and uses a declarative syntax.
4. Describe the Azure Cloud Shell and the two programming languages it supports.
Answer: The Azure Cloud Shell Interactive, browser-accessible shell. The shell offers coding
in either Azure CLI or Azure PowerShell. The shell Is temporary and provided on a per-
session, per-user basis. The shell requires a resource group, storage account, and Azure File
share. When you use the shell it authenticates automatically and times out after 20
minutes.
5. What are resource limits (quotas) and why are they important?
Answer: Resource quotas define the number of resources a user subscription can provision
or consume. For example, how many resource groups a subscription can have. It is
important to monitor your usage to avoid running up against the limits. Some services have
adjustable limits. If you want to raise the limit or quota above the default limit, open an
online customer support request at no charge. The limit can be raised above the default
limit but not above the maximum limit. It is helpful to track current usage, and plan for
future use.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
4
MICROSOFT LEARN

Module 4: Administer Virtual Networking

1. What is a virtual network and what things should you consider when creating a virtual
network?
Answer: A virtual network is a logical representation of your own network. Virtual
networks can be used in cloud and hybrid cloud scenarios. When creating a virtual
network, you will need to define the address space and create at least one subnet. Subnets
in the virtual network subnet must have a unique address range that does not overlap with
other subnets. Also consider traffic control, resource isolation, and topology.
2. What are the two types of virtual networking addresses?
Answer: Private IP addresses used within an Azure virtual network, and your on-premises
network. When you use a VPN gateway or ExpressRoute circuit to extend your network to
Azure, you are using private IP addresses. Public IP addresses are used for communication
with the internet, including Azure public-facing services. For example, a customer retail
website.
3. What is a Network Security Group (NSG) and when would you use it?
Answer: A NSG filters network traffic to and from Azure resources in an Azure virtual
network. An NSG lists the security rules that allow or deny inbound or outbound network
traffic. For example, limiting inbound traffic to only frontend web servers. Another
example, limiting outbound traffic from protect internal virtual machines.
4. What is an Azure Firewall and how would you use it?
Answer: Azure Firewall is a managed, cloud-based network security service that protects
your Azure virtual network resources. Firewalls are usually deployed in a hub-spoke
topology. Shared services (i.e., Bastion, VPN Gateways) are in the hub. Internal services are
isolated and protected in the spokes. Azure Firewall can be used to translate and filter
inbound internet traffic to your subnets. Azure Firewall can also be used to connect your
on-premises network to Azure. You can configure rules (source addresses, protocols,
destination ports, and destination addresses) to specific exactly what the firewall filters.
5. What is an Azure DNS domain, and can you change the name assigned to you?
Answer:. The domain name system (DNS) is a naming database in which internet domain
names are located and translated into Internet Protocol (IP) addresses. The domain name
system maps the name people use to locate a website to the IP address that a computer
uses to locate that website. Azure DNS is a hosting service for DNS domains that provides
name resolution. When you create an Azure subscription an Azure AD domain is created
for you. This initial domain takes the form domainname.onmicrosoft.com. You can change
or customize the domain name. However, you will need to verify ownership of the domain
name.
Module 5: Administer Intersite Connectivity
AZ-104T00: Microsoft Azure Administrator
© 2020 Microsoft. All rights reserved.
5
MICROSOFT LEARN

1. What is virtual network (VNet) peering and why would use it?
Answer: VNet peering connects two Azure virtual networks. Peering can be regional or
global. Peered networks use the Azure backbone which provides for privacy and isolation.
VNet peering is easy to configure and offers great performance.
2. Describe three uses of a VPN gateway.
Answer: A VPN gateway can be used for site-to-site connections that connect on-premises
datacenters to Azure virtual networks. A VPN gateway can be used for custom VNet-to-
VNet connections between virtual networks. A VPN gate way can be used for point-to-site
(User VPN) connections between individual devices and the Azure network.
3. Explain two ways VPN gateways could be used in a high availability scenario.
Answer: In a high availability scenario two VPN gateways are deployed. The configuration
can be either Active/Standby or Active/Active. In Active/Standby mode the second VPN
gateway does not establish a connection until there is a failure. In Active/Active mode both
gateway instances establish a connection.
4. Describe Azure ExpressRoute and at least three features.
Answer: Azure ExpressRoute creates private connections between Azure datacenters and
infrastructure on your premises or in a colocation environment. ExpressRoute connections
don't go over the public internet, instead connections use a partner network.
ExpressRoute offers reliability, faster speeds, and lower latencies than typical internet
connections. Bandwidth options are from 50 Mbps to 100 Gbps. Several billing options are
available including unlimited, metered, and premium.
5. Describe Azure Virtual WAN (VWAN) and at least three features.
Answer: Azure VWAN is a networking service that brings many networking, security, and
routing functionalities together. Azure VWAN can combine site-to-site, point-to-point, and
ExpressRoute connections. VWAN provides integrated connectivity with a hub-spoke
topology. VWAN makes it easy to connect workloads and visualize the end-to-end flow.
VWAN has two pricing options, basic and standard.
Module 6: Administer Network Traffic
1. What is the difference between system-defined routes and user-defined routes? Give an
example where each type of route would be used.
Answer: System-defined routes direct network traffic between virtual machines, on-
premises networks, and the internet. System-defined routes are the default behavior for
Azure routing. Examples include traffic between VMs in the same subnet, between VMs in
different subnets in the same virtual network, and data flow from VMs to the internet.
User-defined (custom) routes override the system routes or add routes to the routing
table. Examples include routing through gateways and virtual appliances.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
6
MICROSOFT LEARN

2. What is the difference between a service endpoint and a private endpoint?

Answer: A service endpoint limits network access to specific subnets and IP addresses. A
service endpoint is a web address (URL) at which clients of a specific service can gain
access to it. Service endpoints are supported for a variety of services including Storage, Key
Vault, and SQL. A private endpoint. A private endpoint is a network interface that uses a
private IP address from your virtual network. This network interface connects you privately
and securely to a service through a private link. Private link integrates with on-premises
and peered networks.

3. What is a load balancer and what two types of load balancer does Azure provide? Give an
example of where each type of load balancer would be used.
Answer: A load balancer distributes inbound and outbound traffic using load-balancing
rules and health probes. There are two types of load balancers: public and internal. Public
facing load balancers maps external IP addresses to internal IP addresses, and vice versa.
Public load balancers handle external requests to backend resources, like SQL servers.
Internal load balancers direct traffic only to resources inside a virtual network or that use a
VPN. Internal load balancers can be used for cross-premises virtual networks, for multi-tier
applications, and for line-of-business application balancing.
4. Your retail application allows customers to select and save items for purchase. It is
important if the customer returns to the website that they are connected to the same
virtual machine they previously used. What distribution methods does the Load Balance
have to handle these requests?
Answer: Session persistence specifies how client traffic is handled. The default is that
requests are handled by any machine. The Client IP requests will be handled by the same
virtual machine. Client IP and protocol specifies that successive requests from the same
address and protocol will be handled by the same virtual machine.
5. Your website uses static image and video. The images and video are located on different
backend servers. What solution would you put in place to handle the requests?
Answer: An Application Gateway manages web app requests. The Application Gateway can
route traffic to a pool of web servers based on the URL of a request. In this case path-
based routing can send URL images to one server and URL videos to another server.
Multiple-site routing is also available. For example, one set of servers for one organization
and another set of servers for a different organization.
Module 7: Administer Azure Storage
1. What are four types of Azure storage and what is each type is used for?
Answer: Azure Containers is a massively scalable object store for text and binary data.
Azure Tables is ideal for storing structured, non-relational data. Azure Queues is a

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
7
MICROSOFT LEARN

messaging store for reliable messaging between application components. Azure Files
provides managed file shares for cloud or on-premises deployments.
2. What are Azure blobs and what three access tiers are provided?
Answer: Azure blob storage stores unstructured data. Blob storage can store any type of
text or binary data. For example, images and video. The hot tier is optimized for frequent
access of objects in the storage account. The cool tier is optimized for storing large
amounts of data that is infrequently accessed and stored for at least 30 days. The archive
tier is optimized for data that can tolerate several hours of retrieval latency and will remain
in the Archive tier for at least 180 days.
3. List at least four ways you can secure your Azure storage.
Answer: Server-side encryption (SSE) to automatically encrypt your data when it is
persisted to the cloud. Use RBAC and Azure AD to restrict access. Use Shared Access
Signatures (SAS) for delegated access. Use a shared key for storage account access. Use
Azure disk encryption. Use client-side encryption, HTTPS, and SMB 3.0 for data in transit.
4. What is Azure File Sync and when would you consider using that product?
Answer: Azure File Sync is a service that allows you to cache several Azure file shares on an
on-premises Windows Server or cloud VM. You can use Azure File Sync to lift and shift files
from on-premises to the cloud. Azure File Sync can also be used to backup or archive files
to the cloud. You can mount and access the files, so you don’t need a NAS device or
traditional file server.
5. Name and describe at least three storage specific tools you could use to manage Azure
storage.
Answer: Azure Storage Explorer is an application that helps you to easily access the Azure
storage account through any device on any platform. The Import/Export service lets you
move large amounts of data to and from Azure storage. AzCopy is a command-line utility
that you can use to copy blobs or files to or from a storage account. Students may also
know of Data Box is a suite of offline and online storage device products. For simple
management tasks, you could also use the Azure portal.
Module 8: Administer Azure Virtual Machines
1. Describe at least three things you would need to consider before creating an Azure virtual
machine.
Answer: Locating the virtual machine in a region that is close to your users. Selecting the
best virtual machine size for your application. Determining how cost will be determined
and estimating the monthly cost. Deciding on disk storage including standard, premium, or
ultra. Selecting an operating system and version. How you will monitor and update the
virtual machine. If any additional scripts, configuration, or agents are required.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
8
MICROSOFT LEARN

2. Describe two ways to connect and sign-in to a virtual machine.

Answer: Bastion is the recommended way to connect to a virtual machine. For example, to
install required software. Bastion lets you access the virtual machine through the Azure
portal over SSL. You can also directly connect to a Windows server with the Remoted
Desktop Protocol. For Linux machines you can use Secure Shell Protocol (SSH).
3. What is the difference between virtual and horizontal scaling?
Answer: Vertical scaling (scale up and scale down) is the process of increasing
or decreasing power to a single instance of a workload. For example, selecting a virtual
machine with more memory or faster CPU performance. Horizontal scaling (scale out and
scale in) is the process of increasing or decreasing the number of instances of a workload.
For example, adding additional virtual machines as the workload increases. Vertical scaling
is usually a manual process. Horizontal scaling is usually automated.
4. What is a virtual machine scale set and when would you want to deploy them?
Answer: Azure virtual machine scale sets let you create and manage a group of load-
balanced VMs. Scale sets provide redundancy and improved performance, applications are
typically distributed across multiple instances. Each instance is identical, no pre-
provisioning is required. As demand goes up more VMs are added. As demand goes down
instances are removed. Scaling can be manual, automated, or a combination of both. To
control costs, you control the instance count.
5. What is a virtual machine extension and when would you use it?
Answer: Azure VM extensions are small applications that provide post-deployment
configuration and automation tasks on Azure VMs. For example, if a virtual machine
requires software installation, anti-virus protection, or to run a script inside of it, a VM
extension can be used. Azure VM extensions can be run with the Azure CLI, PowerShell,
Azure Resource Manager templates, and the Azure portal.
Module 9: Administer PaaS Compute Options
1. What is an App Service Plan and what will you consider in deciding which plan to choose?
Answer: An App Service Plan defines a set of compute resources for a web app to run. The
plan determines performance, price, and features for a web app. Considerations for which
plan to choose include how many web apps you can have, the disk space available to the
web apps, if the web app can autoscale, how many deployment slots are available, and
how many web app instances can be created.
2. What are web app deployment slots and how can they be used?
Answer: Deployment slots allow your app to run different instances. For example, a staging
instance and a production instance. Deployment slots are live apps with their own
hostnames. Deployment slots help you validate changes before making the app live. Slots

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
9
MICROSOFT LEARN

also avoid a cold start which eliminates downtime. Lastly, slots let you fall back to a known
good site.
3. How can you monitor your app and what data will you be interested in reviewing?
Answer: Application Insights can be used to monitor your live applications. It will
automatically detect performance anomalies and includes powerful analytics tools to help
you diagnose issues. Application Insights provides request rates, deny rates, response
times, failure rates, page views, load performance, user counts, session counts, and
performance counters. All these things would be of interest to an application developer.
4. Describe at least two differences between containers and virtual machines.
Answer: Containers provide only lightweight isolation, whereas VMs provide complete
isolation. VMs run the entire operating systems, but containers only run the OS services
that are needed. Containers are deployed with Docker and orchestrated with Azure
Kubernetes service. VMs are deployed and managed different tools with Azure. Containers
can use local disk storage or file shares. VMs use a virtual hard disk and file shares.
5. Describe how Azure Kubernetes service pools, nodes, and pods work together.
Answer: Kubernetes is an open-source system for automating deployment, scaling, and
management of containerized applications. Azure Kubernetes Service (AKS) makes it
simple to deploy a managed Kubernetes cluster in Azure. Nodes are the individual VMs
running the containerized applications. Pods are a single instance of an application. The
application can contain multiple containers. Pools are groups of nodes with identical
configurations. Both pools and nodes can be scaled.
Module 10: Administer Data Protection
1. What workloads can Azure Backup back up? Discuss both on-premises and Azure
workloads.

Answer: Azure Backup is the main tool to backup and restore workloads. On-premises
workloads include files and folders, Hyper-V virtual machines, VMware virtual machines,
Microsoft SQL Server, Microsoft SharePoint, Microsoft Exchange, System State, and Bare
Metal Recovery. Azure workloads include virtual machines, Azure file shares, SQL Server in
Azure VM, and SAP HANA in Azure VM.

2. You need to configure on-premises file and folder backups. What are basic steps to
configuring the backup?
Answer: First, you will need to create a recovery service vault. Next, download the agent
on the on-premises machine. The agent will need a credential certificate. Next, install and
register the agent with Azure. Lastly, configure the backup policies. The portal provides a
wizard to help with the agent steps.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
10
MICROSOFT LEARN

3. Name at least two ways you can protect virtual machine data.
Answer: Virtual machine snapshots provide a quick and simple option for backing up VMs
that use managed disks. Snapshots help capture information between formal backups.
Azure Backup supports application-consistent backups for both Windows and Linux VMs.
Azure Site Recovery protects your VMs from a major disaster scenario when a whole
region experiences an outage.
4. Several of your virtual machine backups have been accidentally deleted. Is there are any
way to recover the deleted backups?
Answer: Soft delete has the capability to protect cloud backups for IaaS virtual machines
from accidental as well as malicious deletion of backups. Soft delete provides 14 days of
extended retention, allowing recovery with no data loss. Soft delete is offered at no cost
and is natively built-in for all recovery service vaults. To recover the deleted backups, use
the undelete feature.
5. What is the difference between Azure Backup and Azure Site recovery?
Answer: Azure Backup allows for granular backups and restores specific data. Azure Site
Recovery (ASR) allows for the protection of an entire production site. ASR provides
automation and orchestration to make the failover and failback processes seamless.
Module 11: Administer Monitoring
1. Name at least three data sources that can be used by Azure Monitor.
Answer: Azure Monitor can ingest many different data sources. Sources include application
code, operating system, resource, subscription, and tenant data. You can even create your
own custom data source. Data sources generally fall into two categories metrics and logs.
Metrics are numerical values that describe some aspect of a system at a point in time. For
example, virtual machine CPU performance. Logs contain data organized into records with
different sets of properties for each type. For example, the activity log shows subscription-
level events. This includes such information as when a resource is modified or when a
virtual machine is started.
2. You need to configure several Azure alerts. How will you assign/notify the help desk
personnel when an alert is triggered? What methods can be used to notify them?
Answer: The help desk personnel should be added to an action group. An action group is a
collection of notification preferences. Alerts use action groups to notify users that an alert has
been triggered. Various alerts may use the same action group or different action groups
depending on the user's requirements. Notification methods include push notifications to the
Azure mobile app, email, SMS, and voice.

3. You are reviewing the Azure Monitor alerts page. What alert states (statuses) are possible?

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
11
MICROSOFT LEARN

Answer: There are three alert states New, Acknowledged, and Closed. New indicates an
issue has been detected and hasn’t been reviewed. Acknowledged indicates an
administrator has reviewed the alert and started working on it. Closed indicates the issue
has been resolved. You can reopen a closed alert if the issue returns.
4. You would like to structure queries against the Windows Event log. Specifically, you would
like to identify any errors. What product should you use? What query language is available
to construct the query?
Answer: You should use a Log Analytics workspace. The workspace can receive data from
the Windows Event log. The event records can then be visualized or queried. Azure uses
the Kusto query language. Windows Event logs are stored in the Event table. to query the
event table for errors, use this command:
Event
| where (EventLevelName == "Error")

5. Name at least three ways to use Network Watcher to troubleshoot and diagnose network
problems.
Answer: Network Watcher is a regional service that provides various network diagnostic
and monitoring tools. IP Flow Verify diagnoses connectivity issues. Next Hop determines if
traffic is being correctly routed. VPN Diagnostics troubleshoots gateways and connections.
NSG Flow Logs maps IP traffic through a network security group. Connection Troubleshoot
shows connectivity between source VM and destination. Topology generates a visual
diagram of resources that might be helpful.

AZ-104T00: Microsoft Azure Administrator

© 2020 Microsoft. All rights reserved.
12