1. Home
  2. AZ-104 Free Questions
Free Demo Questions

Test Online Free Microsoft AZ-104 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free AZ-104 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Nov 19, 2025 212 Questions 15 Pages
Get AZ-104 Full Access
Page 1 of 15
Next Page
Question 1 Selectable Answer
You have an Azure Active Directory (Azure AD) tenant that has Azure AD Privileged Identity Management configured.
You have 10 users who are assigned the Security Administrator role for the tenant.
You need the users to verify whether they still require the Security Administrator role.
What should you do?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review
Question 2 Written Answer
You have an Azure subscription named Subscription1.
Subscription1 contains the resources in the following table.



VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
We cannot just move a virtual machine between networks.
What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
Reference:
https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-vm-to-a-different-vnet-on-azure/
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vm-between-vnets
Question 3 Written Answer
You need to create a bar chart that shows the number of distinct computers that have sent heartbeats each week.
How should you complete the Log Analytics query? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.


Answer:

Question 4 Selectable Answer
You have five Windows Server 2008 R2 physical servers. The servers satisfy all requirements for failover protection using Azure Site Recovery (ASR). ASR is correctly configured and active.
You need to ensure that only 10 minutes of data is lost in the event of an incident by using the minimum amount of effort.
Which PowerShell cmdlet should you run?

Answer:
Question 5 Selectable Answer
You have a public load balancer that balances ports 80 and 443 across three virtual machines.
You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only.
What should you configure?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
https://pixelrobots.co.uk/2017/08/azure-load-balancer-for-rds/
Question 6 Written Answer
You have an Azure subscription that contains the storage accounts shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: contoso104 only
Premium file shares are hosted in a special purpose storage account kind, called a FileStorage account.
Box 2: contoso101, contoso102, and contos103 only
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-premium-fileshare?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
Question 7 Written Answer
Drag and Drop
Your company has an Azure subscription that includes a number of Azure virtual machines (VMs), which are all part of the same virtual network.
Your company also has an on-premises Hyper-V server that hosts a VM, named VM1, which must be replicated to Azure.
Which of the following objects that must be created to achieve this goal? Answer by dragging the correct option from the list to the answer area.


Answer:

Question 8 Written Answer
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VNet1 contains one subnet named Sunet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
Box 2: ILB1
Reference:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics
Question 9 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the resources shown in the following table.



VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution: You move VM1 to RG2, and then you add a new network interface to VM1.
Does this meet the goal?

Answer:
Explanation:
Instead you should delete VM1. You recreate VM1, and then you add the network interface for VM1.
Note: When you create an Azure virtual machine (VM), you must create a virtual network (VNet)or use an existing VNet. You can change the subnet a VM is connected to after it's created, butyou cannot change the VNet.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview
Question 10 Selectable Answer
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?

Answer:
Question 11 Written Answer
Case Study 4 - ADatum

Overview
ADatum Corporation is a financial company that has two main offices in New York and Los Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
ADatum uses Microsoft Exchange Online for email.

Existing Environment
On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft Online Services. Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.

Azure Environment
You provision the Azure infrastructure by using the Azure portal.
The infrastructure contains the resources shown in the following table.



AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.

Requirements
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.

Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
✑ A new web app named App1 that will access third-parties for credit card processing must be deployed.
✑ A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
✑ The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.
✑ The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads must be identified.
✑ All migrated and newly deployed Azure virtual machines must be joined to the adatum.com domain.
✑ AG1 must load balance incoming traffic in the following manner:
- http://corporate.adatum.com/video/* will be load balanced across Pool11.
- http://corporate.adatum.com/images/* will be load balanced across Pool12.
✑ AG2 must load balance incoming traffic in the following manner:
- http://www.adatum.com will be load balanced across Pool21.
- http://fabrikam.com will be load balanced across Pool22.
✑ ER1 must route traffic between the New York office and platform as a service (PaaS) services in the East US Azure region, as long as ER1 is available.
✑ ER1 must route traffic between the Los Angeles office and the PaaS services in the West US region, as long as ER2 is available.
✑ ER1 and ER2 must be configured to fail over automatically.

Application Requirements
App2 must be available to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.

Pricing Requirements
ADatum identifies the following pricing requirements:
✑ The cost of App1 and App2 must be minimized
✑ The transactional charges of Azure Storage accounts must be minimized

Drag and Drop
You need to configure the Azure ExpressRoute circuits.
How should you configure Azure ExpressRoute routing? To answer, drag the appropriate configurations to the correct locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.


Answer:

Question 12 Written Answer
You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt.
Your on-premises network contains servers that run Windows Server 2016.
The servers are configured as shown in the following table.



You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: Yes
If you add an Azure file share that has an existing set of files as a cloud endpoint to a sync group, the existing files are merged with any other files that are already on other endpoints in the sync group.
Box 2: No
Box 3: Yes
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning
Question 13 Selectable Answer
You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources.
RG1 contains the resources in the following table.



Which resource can you move to RG2?

Answer:
Explanation:
When moving a virtual network, you must also move its dependent resources. For example, youmust move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependentresource.
Incorrect Answers:
A: Managed disks don't support move.
C: Virtual networks (classic) can't be moved.
D: Virtual machines with the managed disks cannot be moved.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources#virtual-machines-limitations
Question 14 Written Answer
You have an Azure App Service plan named ASP1.
CPU usage for ASP1 is shown in the following exhibit.



Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic. NOTE Each correct selection is worth one point.


Answer:

Question 15 Selectable Answer
You have an Azure policy as shown in the following exhibit.



Which of the following statements are true?

Answer:
Explanation:
You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1
Showing page 1 of 15
Next Page

All copyrights reserved 2026 PassQuestion NETWORK CO.,LIMITED. All Rights Reserved.

Passquestion doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All Passquestion content is sourced from the Internet.