Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Microsoft AZ-104 Exam
Microsoft Azure Administrator (Page 19 )

Updated On: 12-Jan-2026
Page 19 of 110
PDF with 553 Questions

You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
User named User1 has the following roles for Subscription1: Reader
Security Admin Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?

  1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
  2. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
  3. Assign User1 the Network Contributor role for VNet1.
  4. Assign User1 the User Access Administrator role for VNet1.

Answer(s): D

Explanation:

The User Access Administrator role enables the user to grant other users access to Azure resources.
Note:
There are several versions of this question in the exam. The question has three possible correct answers:
* Assign User1 the Access Administrator role for VNet1.
* Assign User1 the User Access Administrator role for VNet1.
Assign User1 the Owner role for VNet1.
Other incorrect answer options you may see on the exam include the following:
* Assign User1 the Contributor role for VNet1.
* Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
* Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.


Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/overview https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles



HOTSPOT (Drag and Drop is not supported)
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage. You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




You can provide authorization credentials by using Microsoft Entra ID, or by using a Shared Access Signature (SAS) token.
Box 1: Microsoft Entra ID and Shared Access Signature (SAS)
Both Microsoft Entra ID and Shared Access Signature (SAS) token are supported for Blob storage.
Box 2: Shared Access Signature (SAS) only
Only Shared Access Signature (SAS) token is supported for File storage.


Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft Entra tenant that contains a user named External User. External User authenticates to the tenant by using external195@gmail.com.
You need to ensure that External User authenticates to the tenant by using contractor@gmail.com.
Which two settings should you configure from the Overview blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct answer is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Identities
Key properties of the Microsoft Entra B2B collaboration user include:
* Identities
This property indicates the user’s primary identity provider. A user can have several identity providers, which can be viewed by selecting the link next to Identities in the user’s profile or by querying the identities property via the Microsoft Graph API.
Box 2: B2B collaboration B2B collaboration overview
Microsoft Entra B2B collaboration is a feature within External Identities that lets you invite guest users to
collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with external users, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Microsoft Entra ID or an IT department.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b



You have an Azure subscription that contains the resources shown in the following table.


You need to assign Workspace1 a role to allow read, write, and delete operations for the data stored in the containers of storage1.
Which role should you assign?

  1. Storage Account Contributor
  2. Contributor
  3. Storage Blob Data Contributor
  4. Reader and Data Access

Answer(s): C

Explanation:

Storage Blob Data Contributor
Read, write, and delete Azure Storage containers and blobs. Incorrect:
Storage Account Contributor
Permits management of storage accounts. Provides access to the account key, which can be used to access data via Shared Key authorization.
Reader and Data Access
Let's you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.
* Contributor
Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.


Reference:

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles



You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
A user named User1 has the following roles for Subscription1: Reader
Security Admin Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?

  1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
  2. Assign User1 the Contributor role for VNet1.
  3. Assign User1 the Owner role for VNet1.
  4. Assign User1 the Network Contributor role for RG1.

Answer(s): C

Explanation:

Owner
Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
Incorrect:
Not A, Not B: Contributor
Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
Not D: Network Contributor
Let’s you manage networks, but not access to them.


Reference:

https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles



Viewing page 19 of 110
Viewing questions 91 - 95 out of 553 questions



Post your Comments and Discuss Microsoft AZ-104 exam prep with other Community members:

Join the AZ-104 Discussion