1. Home
  2. AZ-104 Free Questions
Free Demo Questions

Test Online Free Microsoft AZ-104 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free AZ-104 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Nov 19, 2025 212 Questions 15 Pages
Get AZ-104 Full Access
Page 11 of 15
Previous Page
Next Page
Question 151 Written Answer
You have an Azure subscription named Subscription 1.
You have a virtualization environment that contains the virtualization servers in the following table.



The virtual machines are configured as shown in the following table.



All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to use Azure Site Recovery to migrate the virtual machines to Azure .
Which virtual machines can you migrate? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: VM3
Not VM1 as Bitlocker is not supported. BitLocker must be disabled before you enable replication for a VM.
Not VM2 as maximum Operating system disk size for a generation VM is 2,048 GB.
Box 2: VMA and VMB only
Not VMC as the max data disk size is 4,095 GB
References:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix
https://docs.microsoft.com/en-us/azure/site-recovery/vmware-physical-azure-support-matrix#azure-vm-requirements
Question 152 Written Answer
You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2016 Datacenter by using an Azure Marketplace image.
You need to complete the storageProfile section of the template.
How should you complete the storageProfile section? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
...
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2016-Datacenter",
"version": "latest"
},
...
References: https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate
Question 153 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM 1. VM1 was deployed by using a custom Azure Resource Manager template named ARM 1. json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group.
Does this meet the goal?

Answer:
Explanation:
You should redeploy the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
Question 154 Selectable Answer
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named [email protected] as an administrator on all the computers
that will be joined to the Azure AD domain.
What should you configure in Azure AD?

Answer:
Explanation:
When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:


The Azure AD global administrator
role


The Azure AD device administrator
role


The user performing the Azure AD
join
In the Azure portal, you can manage the device administrator role on the Devices page.
To open the Devices page:
Question 155 Selectable Answer
You have an Azure subscription named Subscription 1.
You have 5 TB of data that you need to transfer to Subscription.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
Question 156 Selectable Answer
You have an Azure subscription that contains an Azure Storage account.
You plan to create an Azure container instance named container1 that will use a Docker image named Image 1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.
You need to configure a storage service for Container 1.
What should you use?

Answer:
Explanation:
Azure file shares can be used as persistent volumes for stateful containers. Containers deliver "build once, run anywhere" capabilities that enable developers to accelerate innovation. For the containers that access raw data at every start, a shared file system is required to allow these containers to access the file system no matter which instance they run on. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
Question 157 Written Answer
Case Study 1 - Humongous Insurance

Overview
Existing Environment
Humongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok.
Each has 5000 users.

Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com.
The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.

Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.

Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.

Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.

Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.

Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.

Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
✑ Default Azure system routes that will be the only routes used to route traffic
✑ A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
✑ A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
✑ A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4
You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.

Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.

Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
✑ Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups.
✑ During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.

Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.

You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.


Answer:


Explanation:
Box 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain. A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2 Box 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network. Box 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register
hostname records.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview Testlet 3
Question 158 Selectable Answer
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template 1.
What can you configure during the deployment of VM2?

Answer:
Explanation:
When you deploy a template, you specify a resource group that will contain the resources. Before running the deployment command, create the resource group or during deployment also we can create the resource group. If you try to deploy your own template in the portal, there are 3 available options - "Subscription", "Resource Group", "Location".
Question 159 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You add the Microsoft Monitoring Agent VM extension to VM 1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Question 160 Written Answer
You have an Azure subscription that contains the public load balancers shown in the following table.



You plan to create six virtual machines and to load balance requests to the virtual machines.
Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.


Answer:


Explanation:
Box 1: be created in the same availability set or virtual machine scale set. The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
Reference: https://www.petri.com/comparing-basic-standard-azure-load-balancers
Question 161 Written Answer
You have an Azure subscription named Subscription1 that contains the quotas shown in the following table.



You deploy virtual machine to Subscription1 as shown in the following table.



You plan to deploy the virtual machines shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
The total regional vCPUs is 20 so that means a maximum total of 20 vCPUs across all the different VM sizes. The deallocated VM with 16 vCPUs counts towards the total. VM20 and VM1 are using 18 of the maximum 20 vCPUs leaving only two vCPUs available.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quotas
Question 162 Selectable Answer
You plan to move a distributed on-premises app named App1 to an Azure subscription.
After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create?

Answer:
Explanation:
An update domain is a logical group of underlying hardware that can undergo maintenance or be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Reference: http://www.thatlazyadmin.com/azure-fault-update-domains/
Question 163 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
- A virtual network that has a subnet named Subnet1
- Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
- A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
- Priority: 100
- Source: Any
- Source port range: *
- Destination: *
- Destination port range: 3389
- Protocol: UDP
- Action: Allow
VM1 has a public IP address and is connected to Subnet 1. NSG-VM1 is associated to the network interface of VM 1. NSG-Subnet1 is associated to Subnet 1.
You need to be able to establish Remote Desktop connections from the internet to VM 1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?

Answer:
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
Question 164 Selectable Answer
You have a general purpose v1 storage account named storageaccount1 that has a private container named container 1.
You need to allow read access to the data inside container1, but only within a 14 day window .
How do you accomplish this?

Answer:
Explanation:
A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).
A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access.
Question 165 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription 1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?

Answer:
Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
You would need the Logic App Contributor role.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
Showing page 11 of 15
Previous Page
Next Page

All copyrights reserved 2026 PassQuestion NETWORK CO.,LIMITED. All Rights Reserved.

Passquestion doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All Passquestion content is sourced from the Internet.