Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Microsoft AZ-104 Exam
Microsoft Azure Administrator (Page 14 )

Updated On: 12-Jan-2026
Page 14 of 110
PDF with 553 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in a Microsoft Entra tenant named contoso.onmicrosoft.com:


User1 creates a new Microsoft Entra tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts. Does that meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Only a global administrator can add users to this tenant.


Reference:

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad



You have two Azure subscriptions named Sub1 and Sub2 that are linked to the same Microsoft Entra tenant.
An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1.
You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2. The solution must minimize administrative effort.
What should you do?

  1. Select the custom role and add Sub1 and Sub2 to the assignable scopes. Remove RG1 from the assignable scopes.
  2. Create a new custom role for Sub1. Create a new custom role for Sub2. Remove the role from RG1.
  3. Create a new custom role for Sub1 and add Sub2 to the assignable scopes. Remove the role from RG1.
  4. Select the custom role and add Sub1 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub2.

Answer(s): A

Explanation:

Can be used as:
"AssignableScopes": [ "/subscriptions/{Sub1}", "/subscriptions/{Sub2}",
Note: Custom role example:
The following shows what a custom role looks like as displayed using Azure PowerShell in JSON format. This custom role can be used for monitoring and restarting virtual machines.
{
"Name": "Virtual Machine Operator",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "Can monitor and restart virtual machines.", "Actions": [
"Microsoft.Storage/*/read", "Microsoft.Network/*/read", "Microsoft.Compute/*/read", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Authorization/*/read", "Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Insights/alertRules/*", "Microsoft.Insights/diagnosticSettings/*", "Microsoft.Support/*"
],
"NotActions": [],
"DataActions": [], "NotDataActions": [], "AssignableScopes": [ "/subscriptions/{subscriptionId1}", "/subscriptions/{subscriptionId2}",
"/providers/Microsoft.Management/managementGroups/{groupId1}"
]
}


Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles



You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.


Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  1. Assign roles to User2 for storageacct1234.
  2. Upload blob data to storageacct1234.
  3. Modify the firewall of storageacct1234.
  4. View blob data in storageacct1234.
  5. List files in file shares in storageacct1234.

Answer(s): B,D



You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?

  1. select * from Event where EventType == "error"
  2. Event | search "error"
  3. Event | where EventType is "error"
  4. Get-Event Event | where {$_.EventType == "error"}

Answer(s): B

Explanation:

The search operator provides a multi-table/multi-column search experience.
The syntax is:
Table_name | search "search term"
Note:
There are several versions of this question in the exam. The question has three possible correct answers:
1. search in (Event) "error"
2. Event | search "error"
3. Event | where EventType == "error"
Other incorrect answer options you may see on the exam include the following:
1. Get-Event Event | where {$_.EventTye –eq "error"}
2. Event | where EventType is "error"
3. select * from Event where EventType is "error"
4. search in (Event) * | where EventType –eq "error"


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries



You have an Azure App Services web app named App1. You plan to deploy App1 by using Web Deploy.
You need to ensure that the developers of App1 can use their Microsoft Entra credentials to deploy content to App1. The solution must use the principle of least privilege.
What should you do?

  1. Assign the Owner role to the developers
  2. Configure app-level credentials for FTPS
  3. Assign the Website Contributor role to the developers
  4. Configure user-level credentials for FTPS

Answer(s): C



Viewing page 14 of 110
Viewing questions 66 - 70 out of 553 questions



Post your Comments and Discuss Microsoft AZ-104 exam prep with other Community members:

Join the AZ-104 Discussion