Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AZ-104Free trial

By microsoft

Verified

25Q per page

Question 101

You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?

A: Owner
B: Virtual Machine Contributor
C: Contributor
D: Virtual Machine Administrator Login

—

Question 102

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Access
Control tab.)

You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Tenant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 103

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?

A: From the Azure portal, modify the Managed Identity settings of VM1
B: From the Azure portal, modify the Access control (IAM) settings of RG1
C: From the Azure portal, modify the Access control (IAM) settings of VM1
D: From the Azure portal, modify the Policies settings of RG1

—

Question 104

You have an Azure subscription that contains a resource group named TestRG.
You use TestRG to validate an Azure deployment.
TestRG contains the following resources:

You need to delete TestRG.
What should you do first?

A: Modify the backup configurations of VM1 and modify the resource lock type of VNET1
B: Remove the resource lock from VNET1 and delete all data in Vault1
C: Turn off VM1 and remove the resource lock from VNET1
D: Turn off VM1 and delete all data in Vault1

—

Question 105

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table:

User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 106

You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do?

A: Create an NS record named research in the adatum.com zone.
B: Create a PTR record named research in the adatum.com zone.
C: Modify the SOA record of adatum.com.
D: Create an A record named *.research in the adatum.com zone.

—

Question 107

DRAG DROP -
You have an Azure Active Directory (Azure AD) tenant that has the contoso.onmicrosoft.com domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

—

Question 108

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?

A: Get-Event Event | where {$_.EventType == "error"}
B: Event | search "error"
C: select * from Event where EventType == "error"
D: search in (Event) * | where EventType ג€"eq ג€errorג€

—

Question 109

You have a registered DNS domain named contoso.com.
You create a public Azure DNS zone named contoso.com.
You need to ensure that records created in the contoso.com zone are resolvable from the internet.
What should you do?

A: Create NS records in contoso.com.
B: Modify the SOA record in the DNS domain registrar.
C: Create the SOA record in contoso.com.
D: Modify the NS records in the DNS domain registrar.

—

Question 110

HOTSPOT -
You have an Azure subscription that contains a storage account named storage1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named contoso.com that syncs to an on-premises Active Directory domain.
The domain contains the security principals shown in the following table.

In Azure AD, you create a user named User2.
The storage1 account contains a file share named share1 and has the following configurations.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 111

HOTSPOT -
You have an Azure subscription named Subscription1 that contains a virtual network VNet1.
You add the users in the following table.

Which user can perform each configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 112

HOTSPOT -
You have the Azure resources shown on the following exhibit.

You plan to track resource usage and prevent the deletion of resources.
To which resources can you apply locks and tags? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 113

You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete.
Which user attributes should you include in the file?

A: The user principal name and usage location of each user only
B: The user principal name of each user only
C: The display name of each user only
D: The display name and usage location of each user only
E: The display name and user principal name of each user only

—

Question 114

HOTSPOT -
You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.

You assign an Azure policy that has the following settings:
✑ Scope: Sub1
✑ Exclusions: Sub1/RG1/VNET1
✑ Policy definition: Append a tag and its value to resources
✑ Policy enforcement: Enabled
✑ Tag name: Tag4
✑ Tag value: value4
You assign tags to the resources as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 115

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.
Does this meet the goal?

A: Yes
B: No

—

Question 116

HOTSPOT -
You have the Azure management groups shown in the following table:

You add Azure subscriptions to the management groups as shown in the following table:

You create the Azure policies shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 117

You have three offices and an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You need to grant user management permissions to a local administrator in each office.
What should you use?

A: Azure AD roles
B: administrative units
C: access packages in Azure AD entitlement management
D: Azure roles

—

Question 118

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?

A: Yes
B: No

—

Question 119

HOTSPOT -
You have an Azure Load Balancer named LB1.
You assign a user named User1 the roles shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 120

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?

A: Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.
B: Assign User1 the Owner role for VNet1.
C: Assign User1 the Contributor role for VNet1.
D: Assign User1 the Network Contributor role for VNet1.

—

Question 121

HOTSPOT -
You configure the custom role shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 122

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do first?

A: Enable Active Directory Domain Service (AD DS) authentication for storage1.
B: Grant share-level permissions by using File Explorer.
C: Mount share1 by using File Explorer.
D: Create a private endpoint.

—

That’s the end of your free questions

You’ve reached the preview limit for AZ-104

Consider upgrading to gain full access!

Page 5 of 25 • Questions 101-125 of 606

←

3 4 5 6 7

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!