Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
The billing unit of Azure Services that aggregates all the costs of the
underlying resources. -
correct answer ✅Azure Subscriptions
An identity in Azure Active Directory (AAD) or a directory that is
trusted by AAD, such as a work or school organization. -
correct answer ✅Azure Accounts
Also known as the account owner, this person is responsible for
paying the subscription bill to Microsoft when it is due. Normally,
this user has financial responsibilities in your company such as CFO,
Accounts Payable Lead etc. -
correct answer ✅Account Administrator
Also known as the Service Owner. This user manages the services
that run in Windows Azure. They will have access to and uses the
Window Azure Developer Portal or Service Management API to
orchestrate the applications and data running in Azure. Normally,
the user is a developer, system administrator, or other IT person
responsible for IT services in your company. -
correct answer ✅Service Administrator
,Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
When an enterprise becomes to large for a single Service
Administrator, the Service Administrator can create this role for
other IT administrators to help them out. They will have complete
access to the subscription services. They can even add or delete
other users in the same role. However, they cannot remove the
Service Owner nor do they have access to payment/billing
information. -
correct answer ✅Co-Administrators
The Microsoft recommended way to manage the permissions of
your resources. However this will not work with Azure's classic
deployment model. -
correct answer ✅Role-Based Access Control
Global Administrator -
correct answer ✅Users who are assigned this role can read and
modify every administrative setting in your Azure AD organization.
By default this role is given to the user that signed up for the Azure
subscription. It is one of the two roles that has an ability to
delegate administrator roles. To reduce the risk to your business, it
is recommended by Microsoft that you assign this role to the
fewest possible people in your organization.
,Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
Application Developer -
correct answer ✅Users in this role can create application
registrations when the "Users can register applications" setting is
set to No. This role also grants permission to consent on one's own
behalf when the "Users can consent to apps accessing company
data on their behalf" setting is set to No. Users assigned to this role
are added as owners when creating new application registrations or
enterprise applications.
Application Administrator -
correct answer ✅This role grants the ability to manage application
credentials. Users assigned this role can add credentials to an
application, and use those credentials to impersonate the
application's identity.
Authentication Administrator -
correct answer ✅Users with this role can set or reset non-
password credentials and can update passwords for all users.
Authentication Administrators can require users to re-register
against existing non-password credential
Azure gives you the ability to see the number of resources you've
deployed into your subscription and what your limits are. This
ability makes it easier for you to track current usage and plan for
, Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
new deployments in the near future. -
correct answer ✅Azure Resource Limits
A good way to keep track of your resources is through tagging
them. Each "Tag" consists of a Name and a Key Value Pair, such as
"Environment" : "Production" where you could tag all your
resources that are in production. Tags applied to the resource group
are not inherited by the resources in that resource group. -
correct answer ✅Tagging Resources
A service used to create, assign and manage different policies.
These policies enforce different rules over your resources so they
stay compliant with your corporate standards and service level
agreements, The service does this by running evaluations against
your resources and scanning for those that are not in compliance
with your policies. -
correct answer ✅Azure Policy
A policy definition that has been assigned to take place within a
specific scope. This scope could range from a management group to
a resource group. The term scope refers to all the resource groups,
subscriptions, or management groups that the policy definition is
assigned to. Policy assignments are inherited by all child resources.
Questions & Answers (Grade A+)
The billing unit of Azure Services that aggregates all the costs of the
underlying resources. -
correct answer ✅Azure Subscriptions
An identity in Azure Active Directory (AAD) or a directory that is
trusted by AAD, such as a work or school organization. -
correct answer ✅Azure Accounts
Also known as the account owner, this person is responsible for
paying the subscription bill to Microsoft when it is due. Normally,
this user has financial responsibilities in your company such as CFO,
Accounts Payable Lead etc. -
correct answer ✅Account Administrator
Also known as the Service Owner. This user manages the services
that run in Windows Azure. They will have access to and uses the
Window Azure Developer Portal or Service Management API to
orchestrate the applications and data running in Azure. Normally,
the user is a developer, system administrator, or other IT person
responsible for IT services in your company. -
correct answer ✅Service Administrator
,Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
When an enterprise becomes to large for a single Service
Administrator, the Service Administrator can create this role for
other IT administrators to help them out. They will have complete
access to the subscription services. They can even add or delete
other users in the same role. However, they cannot remove the
Service Owner nor do they have access to payment/billing
information. -
correct answer ✅Co-Administrators
The Microsoft recommended way to manage the permissions of
your resources. However this will not work with Azure's classic
deployment model. -
correct answer ✅Role-Based Access Control
Global Administrator -
correct answer ✅Users who are assigned this role can read and
modify every administrative setting in your Azure AD organization.
By default this role is given to the user that signed up for the Azure
subscription. It is one of the two roles that has an ability to
delegate administrator roles. To reduce the risk to your business, it
is recommended by Microsoft that you assign this role to the
fewest possible people in your organization.
,Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
Application Developer -
correct answer ✅Users in this role can create application
registrations when the "Users can register applications" setting is
set to No. This role also grants permission to consent on one's own
behalf when the "Users can consent to apps accessing company
data on their behalf" setting is set to No. Users assigned to this role
are added as owners when creating new application registrations or
enterprise applications.
Application Administrator -
correct answer ✅This role grants the ability to manage application
credentials. Users assigned this role can add credentials to an
application, and use those credentials to impersonate the
application's identity.
Authentication Administrator -
correct answer ✅Users with this role can set or reset non-
password credentials and can update passwords for all users.
Authentication Administrators can require users to re-register
against existing non-password credential
Azure gives you the ability to see the number of resources you've
deployed into your subscription and what your limits are. This
ability makes it easier for you to track current usage and plan for
, Azure Administrator (AZ-104) Exam
Questions & Answers (Grade A+)
new deployments in the near future. -
correct answer ✅Azure Resource Limits
A good way to keep track of your resources is through tagging
them. Each "Tag" consists of a Name and a Key Value Pair, such as
"Environment" : "Production" where you could tag all your
resources that are in production. Tags applied to the resource group
are not inherited by the resources in that resource group. -
correct answer ✅Tagging Resources
A service used to create, assign and manage different policies.
These policies enforce different rules over your resources so they
stay compliant with your corporate standards and service level
agreements, The service does this by running evaluations against
your resources and scanning for those that are not in compliance
with your policies. -
correct answer ✅Azure Policy
A policy definition that has been assigned to take place within a
specific scope. This scope could range from a management group to
a resource group. The term scope refers to all the resource groups,
subscriptions, or management groups that the policy definition is
assigned to. Policy assignments are inherited by all child resources.
