00:15:00

Free Microsoft Azure Administrator Associate AZ-104 Practice Test

Prepare for the Microsoft Azure Administrator Associate AZ-104 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 15 minutes (60 seconds per question)
  • Included Objectives:
    Manage Azure identities and governance
    Implement and manage storage
    Deploy and manage Azure compute resources
    Configure and manage virtual networking
    Monitor and maintain Azure resources
Change
Question 1 of 15

An IT administrator needs to assign Microsoft 365 licenses to all users in the Sales department. The administrator wants to ensure that as users join or leave the department, the license assignments are updated automatically without manual effort. What is the BEST way to achieve this?

  • Assign licenses to a static security group containing the Sales department users.

  • Use Privileged Identity Management (PIM) to assign licenses to users.

  • Create a dynamic group based on the department attribute and assign licenses to that group.

  • Manually assign licenses to each user in the Sales department.

Question 2 of 15

You manage virtual machines (VMs) in Azure that reside within a private virtual network and are not accessible from the internet. Administrators need to connect to these VMs remotely for maintenance purposes. You need to provide secure, seamless remote connectivity to these VMs without exposing them to the internet or requiring a virtual private network connection.

What should you implement?

  • Deploy an Azure Bastion host in the virtual network

  • Implement Azure Firewall to permit remote management traffic

  • Set up a site-to-site connection for administrators to access the VMs

  • Assign public addresses to the VMs and restrict access using Network Security Groups (NSGs)

Question 3 of 15

Your company is deploying a new cloud-based application that requires licenses for a large number of employees. You want to ensure that when users join or leave the company, the license management process is efficient and requires minimal administrative effort. What should you configure to achieve this?

  • Assign licenses to individual users manually.

  • Enable self-service licensing for users.

  • Use administrative units for license distribution.

  • Utilize group-based licensing.

Question 4 of 15

Users report they cannot access the web application hosted on your Azure virtual machine from the internet, even though it was working previously. The virtual machine is running, and the web server is operational. What should you check first to resolve the connectivity issue?

  • Verify if a Network Security Group is blocking inbound traffic to the application.

  • Verify that the Azure Load Balancer is configured correctly.

  • Ensure that the application has an outbound internet connection.

  • Check if the private IP address of the server has changed due to a restart.

Question 5 of 15

As an Azure administrator, you receive a report that a user named Alex cannot assign roles to other users in the 'Operations' subscription. You verify that Alex has been assigned the 'User Access Administrator' role at the resource group level for the 'Networking' resource group.

Which of the following explains why Alex cannot assign roles in the 'Operations' subscription?

  • The 'Operations' subscription has a deny assignment preventing role assignments.

  • Alex needs the 'Owner' role to assign roles at the subscription level.

  • The 'User Access Administrator' role does not grant permissions to assign roles.

  • Alex does not have the required role assignment scope to assign roles at the subscription level.

Question 6 of 15

An organization needs to delegate administrative permissions so that certain administrators can manage users and groups within their own department without affecting other departments. Which Azure feature should you implement to achieve this?

  • Azure Entra ID Administrative Units

  • Azure Entra ID Privileged Identity Management

  • Azure Role-Based Access Control (RBAC)

  • Azure Management Groups

Question 7 of 15

An organization with multiple departments wants to delegate password reset permissions to department-specific administrators so they can manage user passwords only within their own department. How can this be accomplished in Azure Entra ID?

  • Assign roles to administrators scoped to users in each department using Administrative Units

  • Apply Conditional Access Policies to restrict password reset operations

  • Use Azure AD Privileged Identity Management to assign roles

  • Create security groups for each department and assign administrators to manage those groups

Question 8 of 15

An organization needs to have full control over the encryption keys used to protect their data stored in an Azure Storage account. They decide to use their own keys instead of the default keys provided by Azure. Which action should the administrator perform to meet this requirement?

  • Enable server-side encryption with Microsoft-managed keys

  • Configure the storage account to use customer-managed keys stored in Azure Key Vault

  • Implement client-side encryption using Azure Storage SDK

  • Enable Azure Disk Encryption on the storage account

Question 9 of 15

Which Azure resource defines the hardware configuration (such as CPU, memory, and storage capacity) of a virtual machine during creation?

  • Virtual network

  • Virtual machine image

  • Resource group

  • Virtual machine size

Question 10 of 15

Which Azure feature allows you to grant temporary access to storage resources without sharing your storage account key?

  • Secure Transfer Required

  • Shared Access Signature

  • Network Security Groups

  • Azure Active Directory Authentication

Question 11 of 15

You need to create an Azure App Service plan to host a web application that requires custom domains and SSL certificates for secure traffic. The application must automatically scale to handle varying traffic loads. Cost optimization is important. Which App Service plan tier should you choose to best meet these requirements?

  • Shared

  • Basic

  • Standard

  • Premium

Question 12 of 15

You are configuring backups for Azure resources located in the East US region. You need to create a vault to store these backups. Which location should you select for the vault to ensure optimal performance and compatibility?

  • Any region

  • A different region

  • The default region set for the subscription

  • The same region as the resources being backed up

Question 13 of 15

Which of the following can be used to perform file-level recovery from an Azure virtual machine backup?

  • Use the Instant Restore feature of Azure Backup

  • Use Azure Site Recovery's Failover option

  • Use the Azure VM's Snapshot feature

  • Use Azure Backup's File Recovery feature

Question 14 of 15

Guest users added to an Azure Entra ID tenant have the same default permissions as regular members.

  • False

  • True

Question 15 of 15

Deploying Azure Bastion requires installing client software on the administrator's computer.

  • True

  • False