top of page

Azure Administrator Associate Sample Questions for AZ-104 Exam

  • CertiMaan
  • Oct 10
  • 9 min read

Prepare for the AZ-104 certification with these carefully crafted Azure Administrator Associate sample questions. These questions are designed to match the AZ-104 exam format and include key domains like Azure services, identity, governance, storage, compute, and virtual networking. Strengthen your preparation with high-quality az 104 practice exams, azure 104 practice tests, and real-world use cases. Whether you’re revising with az 104 dumps or tackling fresh az 104 exam questions, this collection ensures you're exam-ready. Master the Microsoft Azure environment and confidently clear the AZ-104 with structured, scenario-based practice and guidance.



Azure Administrator Associate Sample Questions List :


1. Your company has a hybrid environment with an on-premises Active Directory and Azure Active Directory (Azure AD). You need to ensure that all users authenticated in the on-premises Active Directory can seamlessly access Azure resources. What is the MOST efficient way to achieve this?

  1. Create duplicate user accounts in Azure AD manually.

  2. Implement Azure AD Connect to synchronize user identities.

  3. Use PowerShell scripts to periodically export and import user data.

  4. Require users to create separate Azure AD accounts.

2. A user is reporting they can't access a storage account, but you have verified they are assigned the 'Storage Blob Data Contributor' role at the storage account level. You also confirmed there are no deny assignments involved. What is the MOST likely cause of this issue?

  1. The role assignment has not propagated yet. It can take up to 24 hours.

  2. The user's account is locked.

  3. The user is trying to access a resource within the storage account they don't have permissions for.

  4. The storage account firewall is blocking the user's access.

3. You are the Azure administrator for your company. A user reports they are unable to access a specific Azure resource, despite being part of a group that has been assigned the 'Contributor' role at the resource group level. Upon investigation, you discover the user is also a member of another group that has an explicit 'Deny Assignment' for all actions on the same resource group. What is the MOST likely cause of the access issue?

  1. Role assignments are not applied correctly.

  2. The 'Contributor' role overrides the 'Deny Assignment'.

  3. The 'Deny Assignment' takes precedence over the 'Contributor' role.

  4. The user's account is corrupted.

4. You need to implement a solution that provides detailed insights into who is doing what in your Azure environment. Which Azure service provides comprehensive auditing capabilities to track user activities and resource changes?

  1. Azure Advisor

  2. Azure Policy

  3. Azure Activity Log

  4. Azure Security Center

5. You are implementing Azure Policy to enforce naming conventions for all virtual machines created in your subscription. You want to ensure that all VM names start with 'VM-' and are no longer than 15 characters. Which Azure Policy component would you use to define the desired naming pattern and length?

  1. Initiative

  2. Remediation Task

  3. Policy Definition

  4. Policy Assignment

6. Your company is implementing Azure landing zones. You are planning to delegate access management to different teams, allowing them to manage resources within their respective landing zones. Which Azure role is BEST suited for granting a team the ability to assign roles to other users within a specific scope, without granting them excessive permissions?

  1. Owner

  2. Contributor

  3. User Access Administrator

  4. Reader

7. Your organization uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A user needs to perform a privileged task that requires the 'Global Administrator' role for a limited time. How would you grant this user the required access?

  1. Permanently assign the 'Global Administrator' role to the user.

  2. Create a new custom role with 'Global Administrator' permissions and assign it permanently.

  3. Have the user activate the 'Global Administrator' role in PIM for the required duration.

  4. Share the 'Global Administrator' account credentials with the user.

8. You are reviewing your Azure subscription's security posture and notice several recommendations from Azure Security Center regarding multi-factor authentication (MFA). You want to quickly enable MFA for all users who are not currently enrolled. What is the MOST efficient way to achieve this?

  1. Manually enable MFA for each user in Azure AD.

  2. Configure Conditional Access policies in Azure AD to require MFA for all users.

  3. Implement a custom PowerShell script to enable MFA for all users.

  4. Require all users to reset their passwords.

9. You need to create a custom image of an Azure Virtual Machine that contains pre-installed software and specific configurations. What is the recommended way to create this image?

  1. Copy the VHD file from the VM's storage account.

  2. Create a snapshot of the VM's OS disk, then create an image from the snapshot.

  3. Export the VM configuration as a JSON file.

  4. Use Azure Resource Manager (ARM) Templates to define the VM configuration.

10. Your organization is using Azure AD Identity Protection. You notice a high number of users being flagged with 'risky sign-ins' due to unusual travel patterns. You want to minimize false positives. Which of the following actions would be the MOST appropriate first step to investigate and address this issue?

  1. Disable Azure AD Identity Protection.

  2. Immediately block all users flagged as risky.

  3. Review the sign-in details of the flagged users and investigate the reasons for the unusual travel patterns.

  4. Force all flagged users to reset their passwords.

11. Your company is migrating resources to Azure. You need to implement a centralized logging solution to collect logs from all Azure resources in your subscription, including virtual machines, storage accounts, and databases. Which Azure service is BEST suited for this purpose?

  1. Azure Monitor Log Analytics

  2. Azure Key Vault

  3. Azure Security Center

  4. Azure Resource Manager

12. Your company needs to store unstructured data like images and videos in Azure. The data will be accessed frequently and must be highly available. Which Azure storage service is MOST suitable?

  1. Azure Queue Storage

  2. Azure Blob Storage

  3. Azure Table Storage

  4. Azure File Storage

13. You are managing Azure AD users. A user has left the company, and you need to revoke their access to all Azure resources. What is the MOST secure and appropriate action to take?

  1. Delete the user account from Azure AD.

  2. Disable the user account in Azure AD.

  3. Reset the user's password.

  4. Remove the user from all Azure AD groups.

14. You need to create a storage account that will be used for storing virtual machine disk images. You want to ensure the lowest possible latency for disk I/O operations. Which performance tier should you select?

  1. Standard

  2. Premium

  3. Archive

  4. Cool

15. Your company requires that all resources deployed to Azure must be tagged with specific metadata, such as 'Department', 'Environment', and 'CostCenter'. You want to enforce this requirement using Azure Policy. What type of effect should you use in your Azure Policy definition to automatically add these tags if they are missing during resource deployment?

  1. Audit

  2. Deny

  3. Append

  4. DeployIfNotExists

16. Your company has a requirement to store data for compliance reasons for 7 years. The data will rarely be accessed after the first year. Which storage tier is the MOST cost-effective option for storing the data after the first year?

  1. Hot

  2. Cool

  3. Archive

  4. Premium

17. You are implementing Azure Blueprints to standardize the deployment of resources across multiple subscriptions in your organization. You need to ensure that specific resource groups are created with pre-defined network configurations and RBAC settings in each subscription. What is the appropriate component of an Azure Blueprint to define these resource group configurations?

  1. Artifact

  2. Definition

  3. Assignment

  4. Parameter

18. You are tasked with configuring lifecycle management for an Azure Blob Storage account. You need to move all blobs older than 90 days to the Cool tier and delete blobs older than 365 days. How would you achieve this?

  1. Use Azure Automation runbooks to periodically move and delete blobs.

  2. Configure a lifecycle management policy in the Azure portal.

  3. Write a custom application using the Azure Storage SDK to move and delete blobs.

  4. Use Azure Data Factory to copy and delete blobs based on their age.

19. You need to grant a vendor temporary access to manage a specific Azure SQL Database server for maintenance purposes. The vendor should only have the necessary permissions for a limited duration. Which approach is MOST secure and efficient?

  1. Create a new Azure AD user account for the vendor and assign the 'SQL Server Contributor' role permanently.

  2. Use an existing Azure AD user account for the vendor and assign the 'SQL Server Contributor' role permanently.

  3. Invite the vendor as a guest user to your Azure AD and grant them temporary access using Azure AD Privileged Identity Management (PIM).

  4. Share the credentials of an existing Azure AD user account with the necessary permissions with the vendor.

20. You are planning to use Azure File Sync to synchronize on-premises file shares with Azure File Shares. What is the minimum supported Windows Server version for the on-premises servers?

  1. Windows Server 2008 R2

  2. Windows Server 2012

  3. Windows Server 2016

  4. Windows Server 2019

21. You are implementing Azure Policy to enforce that all new storage accounts created in your subscription are configured with a specific minimum TLS version. However, some existing storage accounts may not meet this requirement. How can you identify and remediate the non-compliant storage accounts?

  1. Use Azure Resource Graph to query for storage accounts and manually update the TLS version.

  2. Use Azure Security Center recommendations to identify and remediate the non-compliant storage accounts.

  3. Use Azure Policy Compliance Scan and Remediation Task to identify and automatically remediate the non-compliant storage accounts.

  4. Use PowerShell scripts to iterate through all storage accounts and update the TLS version.

22. Your company wants to implement geo-redundancy for their Azure Storage account to ensure business continuity in case of a regional outage. Which replication option provides read access to the secondary region?

  1. Locally Redundant Storage (LRS)

  2. Zone-Redundant Storage (ZRS)

  3. Geo-Redundant Storage (GRS)

  4. Read-Access Geo-Redundant Storage (RA-GRS)

23. Your company has multiple Azure subscriptions. You need to manage policies across all subscriptions from a central location. What Azure service should you use?

  1. Azure Resource Manager templates

  2. Azure Management Groups

  3. Azure Cost Management

  4. Azure Active Directory

24. You need to grant a user temporary access to read data from a specific container within your Azure Blob Storage account. You want to avoid sharing your storage account key. Which method should you use?

  1. Assign the user the 'Storage Blob Data Reader' role at the storage account level.

  2. Create a Shared Access Signature (SAS) for the container with read permissions.

  3. Create a new storage account and move the data to it.

  4. Share the storage account key directly with the user.

25. You have an Azure storage account configured with the 'Hot' access tier. A significant portion of the data has not been accessed for over six months. To optimize costs, you want to move this data to a more cost-effective tier. What is the MOST appropriate action?

  1. Manually download the data and re-upload it to the 'Archive' tier.

  2. Change the storage account access tier to 'Archive'.

  3. Implement a lifecycle management policy to move the data to the 'Cool' tier and then to the 'Archive' tier after a specified period.

  4. Delete the data and recreate it in the 'Archive' tier.




FAQs


What is the Microsoft Azure Administrator Associate certification?

It’s a Microsoft certification that validates your ability to manage Azure cloud infrastructure, including compute, network, storage, and security.

Who should take the AZ-104 certification exam?

IT professionals involved in managing cloud services, especially Azure environments, should take this exam.

Is AZ-104 worth it in 2025?

Yes, it’s in high demand as organizations increasingly rely on Azure. It enhances career opportunities in cloud administration.

What are the prerequisites for the Azure Administrator Associate exam?

There are no strict prerequisites, but basic knowledge of Azure services and networking is recommended.

How hard is the AZ-104 certification exam?

The difficulty is moderate. With structured preparation and hands-on practice, it’s manageable for most candidates.

What skills are measured in the AZ-104 exam?

It covers Azure identity, governance, compute, storage, networking, and monitoring.

How many questions are there in the AZ-104 exam?

The exam includes around 40–60 multiple-choice and performance-based questions.

What is the format and time duration of the AZ-104 exam?

It’s a 120-minute online or test-center exam with scenario-based and multiple-choice questions.

What is the passing score for the AZ-104 certification?

You need a score of 700 out of 1000 to pass.

How do I register for the AZ-104 exam?

Visit the official Microsoft exam page to schedule your test via Pearson VUE.

Can I take the AZ-104 exam online from home?

Yes, Microsoft offers online proctoring for AZ-104 through Pearson VUE.

What is the cost of the Microsoft AZ-104 exam?

The exam fee is $165 USD, but may vary by region.

Is there a renewal requirement for the Azure Administrator certification?

Yes, it must be renewed annually via a free online assessment provided by Microsoft.

What jobs can I get with an Azure Administrator Associate certification?

Roles include Azure Administrator, Cloud Operations Engineer, and Infrastructure Specialist.

What is the average salary after passing AZ-104?

Certified professionals can expect an average salary between $85,000 and $110,000 annually.

What is the difference between AZ-104 and AZ-900?

AZ-900 is foundational and non-technical, while AZ-104 is role-based and hands-on for admins.

How long does it take to prepare for the AZ-104 exam?

Typically, 6–8 weeks with consistent study and practice is sufficient.

Where can I find updated AZ-104 dumps or mock exams?

You can access updated dumps and mock tests at CertiMaan.com.

Does CertiMaan offer AZ-104 practice tests and preparation resources?

Yes, CertiMaan provides verified dumps, topic-wise tests, and full-length practice exams.

Are there any free learning paths available for AZ-104 preparation?

Yes, Microsoft Learn offers free, structured modules for AZ-104 preparation.


Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
CertiMaan Logo

​​

Terms Of Use     |      Privacy Policy     |      Refund Policy    

   

 Copyright © 2011 - 2025  Ira Solutions -   All Rights Reserved

Disclaimer:: 

The content provided on this website is for educational and informational purposes only. We do not claim any affiliation with official certification bodies, including but not limited to Pega, Microsoft, AWS, IBM, SAP , Oracle , PMI, or others.

All practice questions, study materials, and dumps are intended to help learners understand exam patterns and enhance their preparation. We do not guarantee certification results and discourage the misuse of these resources for unethical purposes.

PayU logo
Razorpay logo
bottom of page