Microsoft AZ-104 Exam Dumps

Get All Microsoft Azure Administrator Exam Questions with Validated Answers

AZ-104 Pack
Vendor: Microsoft
Exam Code: AZ-104
Exam Name: Microsoft Azure Administrator Exam
Exam Questions: 429
Last Updated: March 14, 2026
Related Certifications: Microsoft Azure
Exam Tags: Intermediate Azure Administrators
Gurantee
  • 24/7 customer support
  • Unlimited Downloads
  • 90 Days Free Updates
  • 10,000+ Satisfied Customers
  • 100% Refund Policy
  • Instantly Available for Download after Purchase

Get Full Access to Microsoft AZ-104 questions & answers in the format that suits you best

PDF Version

$40.00
$24.00
  • 429 Actual Exam Questions
  • Compatible with all Devices
  • Printable Format
  • No Download Limits
  • 90 Days Free Updates

Discount Offer (Bundle pack)

$80.00
$48.00
  • Discount Offer
  • 429 Actual Exam Questions
  • Both PDF & Online Practice Test
  • Free 90 Days Updates
  • No Download Limits
  • No Practice Limits
  • 24/7 Customer Support

Online Practice Test

$30.00
$18.00
  • 429 Actual Exam Questions
  • Actual Exam Environment
  • 90 Days Free Updates
  • Browser Based Software
  • Compatibility:
    supported Browsers

Pass Your Microsoft AZ-104 Certification Exam Easily!

Looking for a hassle-free way to pass the Microsoft Azure Administrator Exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by Microsoft certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!

DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our Microsoft AZ-104 exam questions give you the knowledge and confidence needed to succeed on the first attempt.

Train with our Microsoft AZ-104 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.

Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the Microsoft AZ-104 exam, we’ll refund your payment within 24 hours no questions asked.
 

Why Choose DumpsProvider for Your Microsoft AZ-104 Exam Prep?

  • Verified & Up-to-Date Materials: Our Microsoft experts carefully craft every question to match the latest Microsoft exam topics.
  • Free 90-Day Updates: Stay ahead with free updates for three months to keep your questions & answers up to date.
  • 24/7 Customer Support: Get instant help via live chat or email whenever you have questions about our Microsoft AZ-104 exam dumps.

Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s Microsoft AZ-104 exam dumps today and achieve your certification effortlessly!

Free Microsoft AZ-104 Exam Actual Questions

Question No. 1

You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares. What should you do?

Show Answer Hide Answer
Correct Answer: A

Azure role-based access control (Azure RBAC) for Azure file shares requires identity-based authentication integration. According to the Microsoft Azure Administrator documentation, this feature is only supported for StorageV2 (general purpose v2) and FileStorage account types.

In this scenario:

You are required to grant Group4 read-only access using Azure RBAC on Azure file shares.

The technical requirement specifies:

''Whenever possible, grant Group4 Azure RBAC read-only permissions to the Azure file shares.''

From the case study data:

Storage Account

Kind

Identity-based Access

storage1

Storage (general purpose v1)

Azure AD DS

storage2

StorageV2

Disabled

storage3

BlobStorage

N/A

storage4

FileStorage

Azure AD DS

The Storage (general purpose v1) type (storage1) does not support Azure AD or Azure RBAC integration for file shares. Microsoft documentation clearly states that ''StorageV1 accounts must be upgraded to StorageV2 to support Azure AD authentication and RBAC role assignments.''

Meanwhile, FileStorage (storage4) already supports Azure AD Domain Services (Azure AD DS) and RBAC role assignment; hence no further modification is required there. However, to make storage1 compatible, it must be converted from StorageV1 to StorageV2.

Once converted to StorageV2, you can then:

Enable identity-based access for Azure file shares.

Assign Azure RBAC roles (e.g., Storage File Data Reader) to Group4.

Microsoft-Documented Requirements Summary:

Supported Account Types: StorageV2 or FileStorage

Unsupported: StorageV1 and BlobStorage

Required RBAC Roles for Read-Only Access:

Storage File Data Reader (or custom read-only role)

Thus, to meet the organization's requirement to provide Azure RBAC read-only permissions, you must change the account type of storage1 to StorageV2, ensuring both storage1 and storage4 can be managed with Azure RBAC.


Question No. 2

You have an Azure Storage account that contains 5,000 blobs accessed by multiple users.

You need to ensure that the users can view only specific blobs based on blob index tags.

What should you include in the solution?

Show Answer Hide Answer
Correct Answer: D

To ensure that users can view only specific blobs based on blob index tags, the correct solution is to configure Azure Role-Based Access Control (RBAC) role assignment conditions that use Azure Blob Index Tags for fine-grained data access.

According to the Microsoft Azure Administrator documentation, Blob index tags provide the ability to categorize and filter blobs within a storage account using key-value pairs. However, controlling access to blobs based on their index tags requires role assignment conditions, which is a feature of Azure RBAC conditional access for data actions.

This functionality is part of Azure Attribute-Based Access Control (ABAC). ABAC extends RBAC by adding conditions to role assignments so that access decisions can include resource attributes such as blob index tags or security principal attributes.

When you apply an RBAC role assignment with a condition, you can restrict access at the object level within a resource type. For example, you can grant a user the Storage Blob Data Reader role but restrict their access only to blobs that contain a specific tag, such as:

@Resource[Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/Department] StringEquals 'Finance'

This configuration ensures that even if multiple users have the same role, they can only view blobs whose tags match the condition defined in their role assignment.

Alternative options explained:

A . Just-in-time (JIT) VM access Used for securing virtual machines via Azure Security Center, not for blob data access control.

B . Shared access signature (SAS) Provides temporary access to storage resources but cannot filter access based on blob index tags.

C . Stored access policy Used to manage SAS tokens collectively but still does not support tag-based conditional access.

Therefore, the only mechanism that supports tag-based, condition-level access control for Azure Storage blobs is Role Assignment Conditions (Azure RBAC ABAC).

This aligns with the Microsoft Azure documentation on ABAC for Azure Storage, which explicitly states:

''You can use role assignment conditions in Azure Storage to control access to blobs based on blob index tags.''


Question No. 3

You need to configure WebApp1 to meet the technical requirements.

Which certificate can you use from Vault1?

Show Answer Hide Answer
Correct Answer: A

To meet the technical requirement --- ''Use TLS for WebApp1'' --- the web app must be configured with a certificate that is compatible with Azure App Service for HTTPS/TLS binding.

According to the Microsoft Azure Administrator documentation on App Service Certificates and Key Vault integration, the following key points determine which certificates can be used:

Supported Certificate Format: Azure App Service supports importing certificates in PFX (PKCS #12) format, which includes both the public and private keys necessary for TLS/SSL binding. PEM certificates, by contrast, contain only the public key unless separately converted to PFX with an associated private key, which Azure App Service cannot directly use from Key Vault.

Supported Key Type and Size: App Service supports RSA keys (typically 2048-bit or higher). Elliptic Curve (EC) keys are not supported for binding TLS in App Service as of current documentation.

Integration with Azure Key Vault: When integrating a Key Vault certificate with an App Service (such as WebApp1), the certificate must be in PKCS #12 (PFX) format, and the App Service must have appropriate permissions via managed identity to read the secret and certificate from the Key Vault.

From the Vault1 data provided in your scenario:

Name

Content type

Key type

Key size

Cert1

PKCS #12

RSA

2048

Cert2

PKCS #12

RSA

4096

Cert3

PEM

RSA

2048

Cert4

PEM

RSA

4096

Analysis:

Cert1 and Cert2 are PKCS #12 certificates, so both contain the private key required for TLS.

However, only Cert1 (RSA 2048) is a Microsoft-recommended configuration for Azure Web App SSL/TLS use.

Cert2 has a 4096-bit RSA key. Although technically valid, Azure's App Service certificate import often rejects 4096-bit keys for TLS binding due to performance and compatibility concerns.

Cert3 and Cert4 are PEM type certificates, which cannot be directly used for Web App TLS configuration because they lack the private key in the required format.

Therefore, according to the Azure Administrator Exam Study Guide and Microsoft official documentation, the only valid certificate that meets the requirements is:

Cert1 only

Final Verified Answe r: A. Cert1 only


Question No. 4

You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Show Answer Hide Answer
Correct Answer: C

As App1 is public-facing we need an incoming security rule, related to the access of the web servers.

Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.


Question No. 5

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

Show Answer Hide Answer
Correct Answer: D

A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.

Scenario:

There are three application tiers, each with five virtual machines.

Move all the virtual machines for App1 to Azure.

Ensure that all the virtual machines for App1 are protected by backups.


Get All 429 Questions & Answers Explore Other Microsoft Exam Dumps

100%

Security & Privacy

10000+

Satisfied Customers

24/7

Committed Service

100%

Money Back Guranteed