• Home
  • Articles
  • AZ-104 Dumps 2026 New Microsoft AZ-104 Exam Questions [Q238-Q258]

AZ-104 Dumps 2026 New Microsoft AZ-104 Exam Questions [Q238-Q258]

Share

AZ-104 Dumps 2026 - New Microsoft AZ-104 Exam Questions

Free AZ-104 braindumps download (AZ-104 exam dumps Free Updated)


Microsoft AZ-104 (Microsoft Azure Administrator) Certification Exam is designed to test the skills and knowledge required to manage and maintain Microsoft Azure cloud services. Microsoft Azure Administrator certification is intended for individuals who are responsible for administering Azure resources and services, including managing virtual machines, storage solutions, and Azure networking. AZ-104 exam covers a range of topics, including Azure subscription management, resource group management, and Azure Active Directory management.


The Microsoft AZ-104 exam consists of 40-60 multiple-choice questions that need to be completed within 150 minutes. The questions are designed to test the candidate's knowledge and real-world experience in Azure administration. AZ-104 exam is available in several languages, including English, Chinese, French, German, Japanese, Portuguese, and Spanish.

 

NEW QUESTION # 238
You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You configure the network interfaces of the virtual machines to use the settings shown in the following table

From the settings of VNET1, you configure the DNS servers shown in the following exhibit.

The virtual machines can successfully connect to the DNS server that has an IP address of 192.168.10.15 and the DNS server that has an IP address of 193.77.134.10.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#name-resolution-dns


NEW QUESTION # 239
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?

  • A. The App Service plan to WebApp1 moves to North Europe. Policy2 applies to WebApp1.
  • B. The App Service plan to WebApp1 moves to North Europe. Policy1 applies to WebApp1.
  • C. The App Service plan to WebApp1 remains to West Europe. Policy1 applies to WebApp1.
  • D. The App Service plan to WebApp1 remains to West Europe. Policy2 applies to WebApp1.

Answer: D

Explanation:
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region.


NEW QUESTION # 240
You have an Azure subscription that contains the resources shown in the following table

In Azure Cloud Shell, you need to create a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the command? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroupdeployment?view=azps-6.6.0


NEW QUESTION # 241
You have an Azure subscription named Subscription1.
You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1.
You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment


NEW QUESTION # 242
Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.

You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to identify which objects are synced to Azure AD.
Which objects should you identify?

  • A. User1 and Group1 only
  • B. User1, Group1, Group2, and Computer1
  • C. Computer1 only
  • D. User1, Group1, and Group2 only

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization


NEW QUESTION # 243
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You add an extension to VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview


NEW QUESTION # 244
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 245
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.

  • A. Yes
  • B. No

Answer: A

Explanation:
Explanation
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad


NEW QUESTION # 246
You have an Azure subscription that contains the resources in the following table.

You install the Web Server server role (IIS) on VM1 and VM2, and then and VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the LB1 tab.)

Rule1 is configure as shown in the Rule1 exhibit. (Click the Rule tab.) For each of the following statements, select Yes if the statements is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview


NEW QUESTION # 247
You have an Azure subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Modify the firewall of storageacct1234.
  • B. View blob data in storageacctl234.
  • C. Assign roles to User2 for storageacctl234.
  • D. View file shares in storageacct1234.
  • E. Upload blob data to storageacct1234.

Answer: C,D


NEW QUESTION # 248
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.

  • A. Yes
  • B. No

Answer: B

Explanation:
Explanation
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad


NEW QUESTION # 249
You have an Azure subscription.
You need to implement a custom policy that meet the following requirements:
*Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.
*Ensures that resource group can be created from the Azure portal.
*Ensures that compliance reports in the Azure portal are accurate.
How should you complete the policy? To answer, select the appropriate options in the answers area.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects


NEW QUESTION # 250
You have an Azure subscription that contains a storage account named contoso?02 3. The Contoso 2023 storage account contains the resources shown in the following table.
The Contoso 2023 storage account is configured as shown in the following exhibit.

You have a Microsoft Entra tenant that contains the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 251
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
https://docs.microsoft.com/en-us/azure/networking/networking-overview#internet-connectivity


NEW QUESTION # 252
You have an Azure subscription named Subcription1 that contains a resource group named RG1.
In RG1. you create an internal load balancer named LB1 and a public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Caen correct selection is worth one point.

Answer:

Explanation:

Explanation
Box 1: Network Contributor on RG1
To add to the backend pool, write permission is required on the Resource Group because it writes deployment information. To add a backend pool, you need network contributor role on the LB and on the VMs that will be part of the backend pool.
For this reason the network contributor role must be assigned to the RG where the LB and the VM resides. So the correct answer is Network Contributor on RG1 .
Box 2: Network Contributor on RG1
For Health Probe also, without having access to RG1, no health probe can be added. If only Network Contributor role is assigned to LB then the user would not be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the the principle of least privilege. Hence Owner and contributor role is incorrect choices for the question.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles


NEW QUESTION # 253
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 254
Hotspot Question
You have an Azure subscription named Subscription1.
In Subscription1, you create an alert rule named Alert1.
The Alert1 action group is configured as shown in the following exhibit.

Alert1 alert criteria triggered every minute.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: 60
One alert per minute will trigger one email per minute.
Box 2: 12
No more than 1 SMS every 5 minutes can be send, which equals 12 per hour.
Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable.
The rate limit thresholds are:
- SMS: No more than 1 SMS every 5 minutes.
- Voice: No more than 1 Voice call every 5 minutes.
- Email: No more than 100 emails in an hour.
- Other actions are not rate limited.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-rate-limiting


NEW QUESTION # 255
You have an Azure Storage account named storage1.
You have Azure App Service apps named App1 and App2 that run in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:
* Minimize the number of secrets used.
* Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Answer:

Explanation:

Explanation:

The question involves two applications - App1 and App2 - that both need read access to blobs in an Azure Storage account (storage1). Both apps are running in Azure container instances and use managed identities for authentication.
Let's analyze the requirements and correct configuration for each app based on Azure's security and access control models.
App1 - Minimize Secrets
App1 uses a managed identity, meaning it can be authenticated to Azure services without any stored credentials or secrets.
The best practice is to assign Azure RBAC permissions (role-based access control) directly at the storage account or container level.
By using Access control (IAM), you can assign the Storage Blob Data Reader role to App1's managed identity.
This method uses Azure AD-based authentication, requires no SAS tokens or access keys, and minimizes secret management.
Access is continuous until the role is removed or modified.
# Therefore, App1 # Access control (IAM)
App2 - Temporary 30-day Access
The requirement specifies that App2 should be able to read blobs only for 30 days.
Azure RBAC roles (IAM) do not provide time-bound permissions.
The appropriate way to grant time-limited access is through a Shared Access Signature (SAS).
A SAS token defines permissions, resource scope (e.g., container or blob), and an expiry time - making it ideal for temporary or limited access scenarios.
You can generate a SAS token valid for 30 days and assign it to App2.
# Therefore, App2 # Shared access signatures (SAS)
Why Not Access Keys or Advanced Security
Access Keys: Grant full control (read/write/delete) to the storage account - not secure or granular, and they cannot be time-bound.
Advanced Security: Refers to configurations such as firewall rules or encryption; not directly related to granting app access.
# Microsoft Azure Administrator Documentation Extract (AZ-104 Study Guide Reference):
"To enable secure access for applications, use Azure AD authentication with managed identities and assign appropriate RBAC roles via Access control (IAM). For temporary or limited access, use Shared Access Signatures (SAS) to specify permissions and expiry times." (Source: Microsoft Learn - Secure access to Azure Storage with Azure AD, SAS, and managed identities.)
# Final Verified Answer:
App1: Access control (IAM)
App2: Shared access signatures (SAS)


NEW QUESTION # 256
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs


NEW QUESTION # 257
You have an Azure subscription.
You need to use an Azure Resource Manager (ARM) template to create a virtual machine that will have multiple data disks.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

When using an Azure Resource Manager (ARM) template to deploy multiple identical resources-such as several data disks for a virtual machine-you use the copy loop construct within the resource definition.
1. The Purpose of the copy Element
The copy element in an ARM template enables you to create multiple instances of a property or resource based on a defined count.
According to the Azure Resource Manager Template Schema Documentation:
"Use the copy element to repeat a resource property or resource definition multiple times during deployment.
The copy loop works with the copyIndex() function to generate a unique index value for each iteration." Therefore, the first selection should be copy, as it defines the structure that will be repeated for each data disk.
Example syntax:
"dataDisks": [
{
"copy": {
"name": "dataDisks",
"count": "[parameters('numberOfDataDisks')]",
"input": {
"lun": "[copyIndex()]",
"createOption": "Empty",
"diskSizeGB": 1023
}
}
}
]
2. The copyIndex() Function
The copyIndex() function returns the current iteration number within a copy loop (starting at 0 by default).
This allows each created disk to be assigned a unique Logical Unit Number (LUN) or a distinctive name.
Microsoft documentation states:
"The copyIndex() function returns the iteration index of a resource copy loop, which is often used to generate unique names or configuration values for each resource instance." Thus, the second selection (used to define lun) should be copyIndex(), ensuring each disk has a unique LUN value.
How It Works Together:
The copy block iterates based on the numberOfDataDisks parameter.
The copyIndex() function assigns each disk a unique identifier within the loop.
This structure ensures dynamic, scalable deployment of data disks without manually defining each one.
# Final Verified Answer:
First Selection: copy
Second Selection: copyIndex()
Explanation Extracted from Microsoft Azure Administrator and ARM Template Documentation:
"The copy element repeats a property or resource in an ARM template."
"The copyIndex() function returns the index number of the iteration and can be used for unique naming or logical unit assignments." This combination (copy + copyIndex()) is the official and verified method for creating multiple data disks dynamically in an Azure virtual machine deployment using ARM templates.


NEW QUESTION # 258
......


Microsoft AZ-104 is a certification exam that tests the knowledge and skills of the Microsoft Azure Administrator. It is designed for IT professionals who are responsible for managing and monitoring Azure resources and services. Microsoft Azure Administrator certification exam validates the candidate's ability to perform various tasks such as implementing and managing Azure storage, configuring and managing virtual networks, deploying and managing Azure compute resources like virtual machines, and managing Azure identities and governance.

 

Verified AZ-104 dumps Q&As - Pass Guarantee Exam Dumps Test Engine: https://www.actual4dumps.com/AZ-104-study-material.html

AZ-104 Dumps for Pass Guaranteed - Pass AZ-104 Exam: https://drive.google.com/open?id=1bJfIeCG6_4XEWTCgNmY5z7GDUWUcr4j0

Related Articles

more
Microsoft AZ-104 Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
Actual4Dumps doesn't offer Real SAP Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4Dumps material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4Dumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4Dumps does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4Dumps does not own or claim any ownership on any of the brands.