Microsoft AZ-104 Exam Dumps

Get All Microsoft Azure Administrator Exam Questions with Validated Answers

AZ-104 Pack
Vendor: Microsoft
Exam Code: AZ-104
Exam Name: Microsoft Azure Administrator Exam
Exam Questions: 429
Last Updated: May 25, 2026
Related Certifications: Azure Administrator Associate
Exam Tags: Cloud Certifications, Microsoft Azure Certifications Intermediate Azure Administrators
Gurantee
  • 24/7 customer support
  • Unlimited Downloads
  • 90 Days Free Updates
  • 10,000+ Satisfied Customers
  • 100% Refund Policy
  • Instantly Available for Download after Purchase

Get Full Access to Microsoft AZ-104 questions & answers in the format that suits you best

PDF Version

$40.00
$24.00
  • 429 Actual Exam Questions
  • Compatible with all Devices
  • Printable Format
  • No Download Limits
  • 90 Days Free Updates

Discount Offer (Bundle pack)

$80.00
$48.00
  • Discount Offer
  • 429 Actual Exam Questions
  • Both PDF & Online Practice Test
  • Free 90 Days Updates
  • No Download Limits
  • No Practice Limits
  • 24/7 Customer Support

Online Practice Test

$30.00
$18.00
  • 429 Actual Exam Questions
  • Actual Exam Environment
  • 90 Days Free Updates
  • Browser Based Software
  • Compatibility:
    supported Browsers

Pass Your Microsoft AZ-104 Certification Exam Easily!

Looking for a hassle-free way to pass the Microsoft Azure Administrator Exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by Microsoft certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!

DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our Microsoft AZ-104 exam questions give you the knowledge and confidence needed to succeed on the first attempt.

Train with our Microsoft AZ-104 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.

Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the Microsoft AZ-104 exam, we’ll refund your payment within 24 hours no questions asked.
 

Why Choose DumpsProvider for Your Microsoft AZ-104 Exam Prep?

  • Verified & Up-to-Date Materials: Our Microsoft experts carefully craft every question to match the latest Microsoft exam topics.
  • Free 90-Day Updates: Stay ahead with free updates for three months to keep your questions & answers up to date.
  • 24/7 Customer Support: Get instant help via live chat or email whenever you have questions about our Microsoft AZ-104 exam dumps.

Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s Microsoft AZ-104 exam dumps today and achieve your certification effortlessly!

Free Microsoft AZ-104 Exam Actual Questions

Question No. 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:

*Name: LB1

*Type: Internal

*SKU: Standard

*Virtual network: VNET1

You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.

Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.

Does this meet the goal?

Show Answer Hide Answer
Correct Answer: B, B

This question tests understanding of Azure Load Balancer SKU compatibility and backend pool configuration requirements.

Scenario Summary

You have:

VM1 and VM2 in the same VNet (VNET1)

A Load Balancer (LB1) configured as:

Type: Internal

SKU: Standard

You need to ensure that VM1 and VM2 can be added to LB1's backend pool.

The proposed solution:

'You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.'

Understanding Azure Load Balancer Requirements

1. Backend pool requirements for a Standard Load Balancer:

All VMs must be in the same virtual network as the load balancer.

Each VM's NIC must be configured with a Standard SKU IP configuration (private or public).

The Load Balancer SKU must match the SKU of the IP addresses associated with the VM network interfaces.

2. Internal Load Balancer behavior:

An Internal Load Balancer (ILB) distributes traffic within a virtual network using private IP addresses, not public IPs.

Therefore, the backend VMs do not need public IPs --- and adding them does not affect backend pool membership.

3. SKU alignment rule (Microsoft Docs):

''You can only attach virtual machines or instances that use Standard IP configurations to a Standard Load Balancer. Basic and Standard SKUs are not interchangeable.''

However:

A public IP is only required for inbound Internet access or outbound NAT, not for internal load balancing.

For an Internal Standard Load Balancer, backend pool members require Standard SKU NIC configurations, not public IPs.

Why the Proposed Solution Fails

The solution suggests creating two Standard public IPs and assigning them to the VMs' NICs.

This does not enable VM1 and VM2 to join the backend pool of an internal load balancer, because:

The load balancer type is internal, meaning it routes private traffic within the virtual network, not via public IPs.

Backend pool membership depends on the NIC's private IP configuration, not its public IP.

Adding public IPs only exposes VMs to the Internet and does not influence load balancer backend eligibility.

Thus, this action is unnecessary and does not meet the goal.

Correct Solution (for reference)

To meet the goal:

Ensure VM1 and VM2 have NICs configured with Standard SKU private IPs.

Ensure both VMs are in VNet1, the same virtual network as LB1.

No need to assign public IPs to internal backend VMs.

You could also ensure:

az network nic ip-config update \

--name ipconfig1 \

--nic-name VM1-nic \

--resource-group RG1 \

--private-ip-address-version IPv4 \

--sku Standard

Final Verified Answe r:


Question No. 2

You need to implement the planned changes for the storage account content. Which containers and file shares can you use to organize the content?

Show Answer Hide Answer
Correct Answer: B

In the scenario, storage1 is configured as StorageV2 with Hierarchical namespace = Yes, while storage2 is configured as StorageV2 with Hierarchical namespace = No.

From Microsoft's Azure Storage Documentation and AZ-104 Study Guide, the following principles apply:

A hierarchical namespace (enabled when the storage account has Azure Data Lake Storage Gen2 capabilities) allows the use of directories within containers to organize data.

The hierarchical namespace provides directory and file-level structure similar to a file system. This is supported only for blob containers, not for Azure Files.

Azure Files (file shares) do not depend on hierarchical namespaces and cannot have directories in the same way Data Lake Gen2 does --- directories can exist inside the share but not in the blob container sense.

The planned change states that you must use directories whenever possible to organize content. Therefore, only storage accounts with hierarchical namespace enabled can use directory structures --- that's storage1.

In this case:

storage1 (Hierarchical namespace = Yes) supports containers (like cont1) and file shares (like share1).

storage2 (Hierarchical namespace = No) does not support directories within blob containers (Data Lake structure).

Hence, you can use only cont1 (container in storage1) and share1 (file share in storage1) to organize content as required.

This is directly supported by the Microsoft documentation on Data Lake Storage Gen2:

''When you enable the hierarchical namespace for a storage account, you can organize objects into directories and subdirectories. This capability is available only for accounts configured for Data Lake Storage Gen2.''

Final Verified Answe r: B. cont1 and share1 only


Question No. 3

You have a Microsoft Entra tenant that contains 5,000 user accounts.

You create a new user account named AdminUser1.

You need to assign the User Administrator administrative role to AdminUser1.

What should you do from the user account properties?

Show Answer Hide Answer
Correct Answer: B

In Microsoft Entra ID (formerly Azure Active Directory), roles are assigned to users to delegate administrative permissions in a least-privilege manner. The User Administrator role allows a user to manage other users and groups --- for example, creating and managing user accounts, resetting passwords for non-administrators, and managing user group memberships.

To assign a role such as User Administrator, you must use the Directory role blade within the user's account properties in the Azure portal.

Step-by-step according to Microsoft documentation:

Sign in to the Azure Portal using an account that has one of the following roles:

Global Administrator

Privileged Role Administrator

Navigate to Azure Active Directory Users select AdminUser1.

Under Manage, select Directory role. This blade shows all current role assignments for the selected user.

Click Add assignment (or Modify role).

Select the User Administrator role from the list of available directory roles, then click Add.

Once this is completed, AdminUser1 will have administrative permissions limited to user management activities within the tenant.

Why other options are incorrect:

A. From the Groups blade, invite the user account to a new group: Group membership does not grant directory-level administrative permissions. Roles must be assigned at the directory role level, not via groups (unless using role-assignable groups configured for PIM).

C. From the Licenses blade, assign a new license: Licenses determine service usage (e.g., Microsoft 365, Intune) and do not provide administrative privileges in Entra ID.

Extract from Microsoft Azure Administrator Documentation (Official Guide):

''To assign a role to a user, in the Azure portal, select the user, then under Manage select Directory role, and choose the role you want to assign.'' (Source: Microsoft Learn -- Assign roles to users in Azure Active Directory)


Question No. 4

You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.

On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK)

You need to prepare Vault! for Azure Disk Encryption.

Which two actions should you perform on Vault1? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Answer Hide Answer
Correct Answer: A, C

To prepare Vault1 for Azure Disk Encryption, you need to perform the following actions on Vault1:

Create a new key. A key encryption key (KEK) is an encryption key that is used to encrypt the encryption secrets before they are stored in the key vault.You can create a new KEK by using the Azure CLI, the Azure PowerShell, or the Azure portal1.You can also import an existing KEK from another source, such as a hardware security module (HSM)2.The KEK must be a 2048-bit RSA key or a 256-bit AES key3.

Select Azure Disk Encryption for volume encryption. This is an advanced access policy setting that enables Azure Disk Encryption to access the keys and secrets in the key vault.You can select this setting by using the Azure CLI, the Azure PowerShell, or the Azure portal4. You must also enable access to Microsoft Trusted Services if you have enabled the firewall on the key vault.


Question No. 5

You have an Azure App Services web app named App1.

You plan to deploy App1 by using Web Deploy.

You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the principle of least privilege.

What should you do?

Show Answer Hide Answer
Correct Answer: B

When deploying to Azure App Service, several authentication methods exist:

App-level FTPS credentials: Common to all users, not tied to Azure AD.

User-level FTPS credentials: Separate per user, but still not Azure AD integrated.

Azure Role-Based Access Control (RBAC): Allows assigning permissions through Azure AD roles.

To allow developers to deploy code to an App Service (via Web Deploy, Git, or Visual Studio), the least privilege role that grants this capability is the Website Contributor role.

Role capabilities:

The Website Contributor role allows a user to manage web apps (including deployment, restart, and configuration changes), but not delete or grant access.

It uses Azure AD authentication through RBAC, satisfying the requirement that developers use their Azure AD credentials.

Other options:

Owner: Grants excessive permissions (manage access and delete resources)

App-level/User-level FTPS credentials: Use username/password, not Azure AD identities

Therefore, the correct and least-privileged role for developers to deploy via Web Deploy is Website Contributor.

Final Verified Answe r: B. Assign the Website Contributor role to the developers


Get All 429 Questions & Answers Explore Other Microsoft Exam Dumps

100%

Security & Privacy

10000+

Satisfied Customers

24/7

Committed Service

100%

Money Back Guranteed