AZURE ADMINISTRATOR (AZ-104) CAREFULLY
STRUCTURED QUESTIONS WITH CORRECT
VERIFIED SOLUTIONS ALREADY GRADED A+
2026
The billing unit of Azure Services that aggregates all the costs of the underlying
resources. ANSWER >> Azure Subscriptions
An identity in Azure Active Directory (AAD) or a directory that is trusted by AAD, such as
a work or school organization. ANSWER >> Azure Accounts
1
,Also known as the account owner, this person is responsible for paying the subscription
bill to Microsoft when it is due. Normally, this user has financial responsibilities in your
company such as CFO, Accounts Payable Lead etc. ANSWER >> Account
Administrator
Also known as the Service Owner. This user manages the services that run in Windows
Azure. They will have access to and uses the Window Azure Developer Portal or
Service Management API to orchestrate the applications and data running in Azure.
Normally, the user is a developer, system administrator, or other IT person responsible
for IT services in your company. ANSWER >> Service Administrator
When an enterprise becomes to large for a single Service Administrator, the Service
Administrator can create this role for other IT administrators to help them out. They will
have complete access to the subscription services. They can even add or delete other
users in the same role. However, they cannot remove the Service Owner nor do they
have access to payment/billing information. ANSWER >> Co-Administrators
The Microsoft recommended way to manage the permissions of your resources.
However this will not work with Azure's classic deployment model. ANSWER >> Role-
Based Access Control
Global Administrator ANSWER >> Users who are assigned this role can read and
modify every administrative setting in your Azure AD organization. By default this role is
given to the user that signed up for the Azure subscription. It is one of the two roles that
has an ability to delegate administrator roles. To reduce the risk to your business, it is
recommended by Microsoft that you assign this role to the fewest possible people in
your organization.
Application Developer ANSWER >> Users in this role can create application
registrations when the "Users can register applications" setting is set to No. This role
also grants permission to consent on one's own behalf when the "Users can consent to
apps accessing company data on their behalf" setting is set to No. Users assigned to
this role are added as owners when creating new application registrations or enterprise
applications.
2
, Application Administrator ANSWER >> This role grants the ability to manage application
credentials. Users assigned this role can add credentials to an application, and use
those credentials to impersonate the application's identity.
Authentication Administrator ANSWER >> Users with this role can set or reset non-
password credentials and can update passwords for all users. Authentication
Administrators can require users to re-register against existing non-password credential
Azure gives you the ability to see the number of resources you've deployed into your
subscription and what your limits are. This ability makes it easier for you to track current
usage and plan for new deployments in the near future. ANSWER >> Azure Resource
Limits
A good way to keep track of your resources is through tagging them. Each "Tag"
consists of a Name and a Key Value Pair, such as
"Environment" : "Production" where you could tag all your resources that are in
production. Tags applied to the resource group are not inherited by the resources in that
resource group. ANSWER >> Tagging Resources
A service used to create, assign and manage different policies. These policies enforce
different rules over your resources so they stay compliant with your corporate standards
and service level agreements, The service does this by running evaluations against
your resources and scanning for those that are not in compliance with your policies.
ANSWER >> Azure Policy
A policy definition that has been assigned to take place within a specific scope. This
scope could range from a management group to a resource group. The term scope
refers to all the resource groups, subscriptions, or management groups that the policy
definition is assigned to. Policy assignments are inherited by all child resources. This
design means that a policy applied to a resource group is also applied to resources in
that resource group. However, you can exclude a sub-scope from the policy
assignment. ANSWER >> Policy Assignment
3
STRUCTURED QUESTIONS WITH CORRECT
VERIFIED SOLUTIONS ALREADY GRADED A+
2026
The billing unit of Azure Services that aggregates all the costs of the underlying
resources. ANSWER >> Azure Subscriptions
An identity in Azure Active Directory (AAD) or a directory that is trusted by AAD, such as
a work or school organization. ANSWER >> Azure Accounts
1
,Also known as the account owner, this person is responsible for paying the subscription
bill to Microsoft when it is due. Normally, this user has financial responsibilities in your
company such as CFO, Accounts Payable Lead etc. ANSWER >> Account
Administrator
Also known as the Service Owner. This user manages the services that run in Windows
Azure. They will have access to and uses the Window Azure Developer Portal or
Service Management API to orchestrate the applications and data running in Azure.
Normally, the user is a developer, system administrator, or other IT person responsible
for IT services in your company. ANSWER >> Service Administrator
When an enterprise becomes to large for a single Service Administrator, the Service
Administrator can create this role for other IT administrators to help them out. They will
have complete access to the subscription services. They can even add or delete other
users in the same role. However, they cannot remove the Service Owner nor do they
have access to payment/billing information. ANSWER >> Co-Administrators
The Microsoft recommended way to manage the permissions of your resources.
However this will not work with Azure's classic deployment model. ANSWER >> Role-
Based Access Control
Global Administrator ANSWER >> Users who are assigned this role can read and
modify every administrative setting in your Azure AD organization. By default this role is
given to the user that signed up for the Azure subscription. It is one of the two roles that
has an ability to delegate administrator roles. To reduce the risk to your business, it is
recommended by Microsoft that you assign this role to the fewest possible people in
your organization.
Application Developer ANSWER >> Users in this role can create application
registrations when the "Users can register applications" setting is set to No. This role
also grants permission to consent on one's own behalf when the "Users can consent to
apps accessing company data on their behalf" setting is set to No. Users assigned to
this role are added as owners when creating new application registrations or enterprise
applications.
2
, Application Administrator ANSWER >> This role grants the ability to manage application
credentials. Users assigned this role can add credentials to an application, and use
those credentials to impersonate the application's identity.
Authentication Administrator ANSWER >> Users with this role can set or reset non-
password credentials and can update passwords for all users. Authentication
Administrators can require users to re-register against existing non-password credential
Azure gives you the ability to see the number of resources you've deployed into your
subscription and what your limits are. This ability makes it easier for you to track current
usage and plan for new deployments in the near future. ANSWER >> Azure Resource
Limits
A good way to keep track of your resources is through tagging them. Each "Tag"
consists of a Name and a Key Value Pair, such as
"Environment" : "Production" where you could tag all your resources that are in
production. Tags applied to the resource group are not inherited by the resources in that
resource group. ANSWER >> Tagging Resources
A service used to create, assign and manage different policies. These policies enforce
different rules over your resources so they stay compliant with your corporate standards
and service level agreements, The service does this by running evaluations against
your resources and scanning for those that are not in compliance with your policies.
ANSWER >> Azure Policy
A policy definition that has been assigned to take place within a specific scope. This
scope could range from a management group to a resource group. The term scope
refers to all the resource groups, subscriptions, or management groups that the policy
definition is assigned to. Policy assignments are inherited by all child resources. This
design means that a policy applied to a resource group is also applied to resources in
that resource group. However, you can exclude a sub-scope from the policy
assignment. ANSWER >> Policy Assignment
3
