AZ 104 Exam Prep Questions & Answers (Grade A+).docx

AZ 104 Exam Prep Questions &
Answers (Grade A+)
You have an Azure subscription.


From PowerShell, you run the Get-MgUser cmdlet for a user and
receive the following details:


Id: 8755b347-3545-3876-3987-999999999999
DisplayName: Ben Smith
Mail:
UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com


Which statement accurately describes the user? -
correct answer ✅The user was a guest in the tenant.


Question 2 of 50
You have the following resource groups, management groups, and
Azure subscriptions:


Two resource groups named RG1 and RG2 that are associated with
a subscription named 111-222-333 and a management group
named MG1.

,AZ 104 Exam Prep Questions &
Answers (Grade A+)
Two resource groups named RG3 and RG4 that are associated with
a subscription named 777-888-999 and a management group
named MG1.


Two resource groups named RG5 and RG6 that are associated with
a subscription named 444-555-666 and a management group
named MG1


Two resource group named RG10 and RG11 that are associated
with a subscription named 222-333-444 and a management group
named MG2


Two resource group named RG11 and RG12 that are associated
with a subscription named 555-666-888 and a management group
named MG2


You need to assign a role to a user to ensure the user can view all
the resources in the subscriptions. The solution must use the
principle of least privilege.


Which role sh -
correct answer ✅the Reader role for MG1 and MG2

,AZ 104 Exam Prep Questions &
Answers (Grade A+)

(Assigning the Reader role for MG1 and MG2 is correct because the
simplest way to give user access to all resources is to assign a role
at the management group level.)


You have an Azure subscription. An administrator manages access
to resources at the resource group level. The assignment process is
automated by running the following PowerShell script nightly.


$rg = "RG1"
$RoleName = "CustomRole1"
$Role = Get-AzRoleDefinition -Name $RoleName
New-AzRoleAssignment -SignInName `
-RoleDefinitionName $Role.Name `
-ResourceGroupName $rg
User1 is unable to access the RG1 resource group. You discover that
the script fails to complete for new users.
You run Get-AzRoleDefinition | Format-Table -Property Name, Id
and receive the following information:
Name: Custom Role 1, ID: 111-222-333
Name: Owner, ID: 222-333-444

, AZ 104 Exam Prep Questions &
Answers (Grade A+)
Name: Contributor, ID: 333-444-555
Name: Reader, ID: 666-777-888


You need to modify the script to ensure that it does not fail in the
future.
What should you change in the script? -
correct answer ✅$RoleName = "111-222-333"


(You should use the ID of the role in case the role name was
changed to prevent such a change from breaking the script.
Assign Azure roles using Azure PowerShell - Azure RBAC)


You have an Azure subscription that contains multiple virtual
machines.
You need to ensure that a user named User1 can view all the
resources in a resource group named RG1. You must use the
principle of least privilege. Which role should you assign to User1? -
correct answer ✅Reader
(The Reader role allows you to view all the resources but does not
allow you to make any changes. The Contributor role allows you to
manage all the resources, the Billing Reader role provides read
access only to billing data, and the Tag Contributor role allows you