1. Home
  2. AZ-104 Free Questions
Free Demo Questions

Test Online Free Microsoft AZ-104 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free AZ-104 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Nov 19, 2025 212 Questions 15 Pages
Get AZ-104 Full Access
Page 4 of 15
Previous Page
Next Page
Question 46 Selectable Answer
You have an Azure subscription named Subscription1.
Subscription1 contains the resource groups in the following table.



RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?

Answer:
Explanation:
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
The region in which your app runs is the region of the App Service plan it's in. However, youcannot change an App Service plan's region.
Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage
Question 47 Selectable Answer
You have an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to configure cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Answer:
Explanation:
A: The following example uses the kubectl autoscale command to autoscale the number of pods in the azure-vote-front deployment. If average CPU utilization across all pods exceeds 50% of their requested usage, the autoscaler increases the pods up to a maximum of 10 instances. A minimum of 3 instances is then defined for the deployment:
kubectl autoscale deployment azure-vote-front --cpu-percent=50 --min=3 --max=10
B: Use the az aks update command to enable and configure the cluster autoscaler on the node pool for the existing cluster.
Reference:
https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-scale
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
Question 48 Selectable Answer
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?

Answer:
Explanation:
To assign a license, under Azure Active Directory > Licenses > All Products, select one or more products, and then select Assign on the command bar.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups
Question 49 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure Cloud Shell, you run the kubectl client.
Does this meet the goal?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
Question 50 Selectable Answer
Your company has an Azure Active Directory (Azure AD) subscription.
You need to deploy five virtual machines (VMs) to your company's virtual network subnet.
The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical.
Which of the following is the least amount of network interfaces needed for this configuration?

Answer:
Question 51 Selectable Answer
You have an Azure subscription that contains the resources in the following table.



VM1 and VM2 are deployed from the same template and host line-of-business applications.
You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit tab.)



You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?

Answer:
Explanation:
You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need toassociate it with Subnet1.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
Question 52 Written Answer
You have an Azure subscription that contains the file shares shown in the following table.



You have the on-premises file shares shown in the following table.



You create an Azure file sync group named Sync1 and perform the following actions:
- Add share1 as the cloud endpoint for Sync1.
- Add data1 as a server endpoint for Sync1.
- Register Server1 and Server2 to Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: No
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Data2 is located on Server2 which is registered to Sync1.
Box 3: No
Data3 is located on Server3 which is not registered to Sync1.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=azure-portal%2Cproactive-portal#create-a-sync-group-and-a-cloud-endpoint
Question 53 Written Answer
You have an Azure subscription that contains the Azure virtual machines shown in the following table.



You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.



You run Azure Network Watcher as shown in the following exhibit.



You run Network Watcher again as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: No
It limits traffic to VM2, but not VM1 traffic.
Box 2: Yes
Yes, the destination is VM2.
Box 3: No
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Question 54 Selectable Answer
Case Study 3 - Contoso, Ltd

Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses adomain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.

Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized.

The virtualization environment contains the servers in the following table.



Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.



The network security team implements several network security groups (NSGs).

Planned Changes
Litware plans to implement the following changes:
• Deploy Azure ExpressRoute to the Montreal office.
• Migrate the virtual machines hosted on Server1 and Server2 to Azure.
• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
• Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.

Technical requirements
Litware must meet the following technical requirements:
• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com.
• Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
• Create a workflow to send an email message when the settings of VM4 are modified.
• Create a custom Azure role named Role1 that is based on the Reader role.
• Minimize costs whenever possible.

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommendation?

Answer:
Explanation:
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups ofusers, specific applications, or other conditions.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Question 55 Written Answer
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.



Adatum.onmicrosoft.com contains the user accounts in the following table.



You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory.
These credentials are only used during the installation and are not used after the installation hascompleted. The Enterprise Admin, not the Domain Admin should make sure the permissions inActive Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions
Question 56 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes.
You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Shared.
Does this meet the goal?

Answer:
Explanation:
You should switch to the Basic Tier.
The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Shared Tier provides 240 CPU minutes / day. The Basic tier has no such cap.
References: https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
Question 57 Written Answer
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.


Answer: Userandgroups. Cloud apps . Grant
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa
Question 58 Selectable Answer
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.



What caused AlexW to be blocked?

Answer:
Explanation:
Only an admin can block users and not a reason and complaints in terms of the software way of working.
Question 59 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?

Answer:
Explanation:
The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition. You would need the Logic App Contributor role.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
Question 60 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

Answer:
Explanation:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at regular intervals, and if results ofthe log search match particular criteria, then an alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system and workloadsof virtual machines in Azure, other cloud providers, and on-premises. It collects data into a Log
Analytics workspace.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Showing page 4 of 15
Previous Page
Next Page

All copyrights reserved 2026 PassQuestion NETWORK CO.,LIMITED. All Rights Reserved.

Passquestion doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All Passquestion content is sourced from the Internet.