1|Page
AZ-104 EXAM TEST BANK 2026-2027 |
MICROSOFT AZURE ADMINISTRATOR | 200+
PRACTICE QUESTIONS & RATIONALES | HIGH-
YIELD | PASS FIRST ATTEMPT
## Table of Contents
1. **Manage Azure Identities & Governance (Azure AD, RBAC,
Subscriptions)** (Q1–Q35)
2. **Implement & Manage Storage (Storage Accounts, Blob, Files,
Security)** (Q36–Q55)
3. **Deploy & Manage Azure Compute Resources (VMs, Containers,
App Service)** (Q56–Q80)
4. **Configure & Manage Virtual Networking (VNet, Peering, Load
Balancer, VPN)** (Q81–Q115)
5. **Monitor & Back Up Azure Resources (Monitor, Alerts, Backup,
Recovery)** (Q116–Q135)
6. **Configure & Manage Azure Virtual Desktop** (Q136–Q145)
7. **Implement & Manage Azure Security (NSG, Firewall, DDoS, Key
Vault)** (Q146–Q165)
8. **Configure & Manage Governance & Compliance (Policies, Locks,
Blueprints)** (Q166–Q180)
9. **Manage Azure Compute & Storage Optimization** (Q181–Q190)
10. **High-Yield NGN/Scenario-Based Questions** (Q191–Q200)
,2|Page
# Section 1: Manage Azure Identities & Governance (Azure AD, RBAC,
Subscriptions) (Q1–Q35)
**Q1.** You need to synchronize on-premises Active Directory users to
Azure Active Directory (Azure AD). Which tool should you use?
A. Azure AD Connect
B. Azure Site Recovery
C. Azure Backup
D. Azure Policy
**Correct Answer: A – Azure AD Connect**
*Rationale: Azure AD Connect is the tool used to synchronize on-
premises AD identities to Azure AD.*
**Q2.** You need to grant a user the ability to create and manage virtual
machines but not delete them. Which role assignment should you use?
A. Virtual Machine Contributor
B. Owner
C. Contributor
D. Reader
**Correct Answer: A – Virtual Machine Contributor**
,3|Page
*Rationale: The Virtual Machine Contributor role allows management of
VMs (create, start, stop) but not deletion of the VM or the ability to
manage the virtual network or storage account.*
**Q3.** A user needs full access to all resources in a subscription,
including the ability to assign roles to others. Which role should you
assign?
A. Owner
B. Contributor
C. Reader
D. User Access Administrator
**Correct Answer: A – Owner**
*Rationale: The Owner role has full access to all resources and can
delegate access to others.*
**Q4.** You have a subscription with multiple resource groups. You
need to prevent accidental deletion of a critical resource group. What
should you configure?
A. Resource lock (Delete lock)
B. Azure Policy
C. Role assignment
D. Management group
, 4|Page
**Correct Answer: A – Resource lock (Delete lock)**
*Rationale: A CanNotDelete lock prevents deletion of the resource
group and its resources.*
**Q5.** You need to organize subscriptions into a hierarchy for
centralized policy and governance. What should you use?
A. Management groups
B. Resource groups
C. Tags
D. Azure Policy
**Correct Answer: A – Management groups**
*Rationale: Management groups allow you to organize subscriptions
into a hierarchy and apply policies and RBAC at scale.*
**Q6.** A user reports that they cannot create a VM in a specific region.
You need to identify why. Which Azure service should you check?
A. Azure Policy compliance
B. Azure Monitor
C. Azure Security Center
D. Azure Advisor
**Correct Answer: A – Azure Policy compliance**
AZ-104 EXAM TEST BANK 2026-2027 |
MICROSOFT AZURE ADMINISTRATOR | 200+
PRACTICE QUESTIONS & RATIONALES | HIGH-
YIELD | PASS FIRST ATTEMPT
## Table of Contents
1. **Manage Azure Identities & Governance (Azure AD, RBAC,
Subscriptions)** (Q1–Q35)
2. **Implement & Manage Storage (Storage Accounts, Blob, Files,
Security)** (Q36–Q55)
3. **Deploy & Manage Azure Compute Resources (VMs, Containers,
App Service)** (Q56–Q80)
4. **Configure & Manage Virtual Networking (VNet, Peering, Load
Balancer, VPN)** (Q81–Q115)
5. **Monitor & Back Up Azure Resources (Monitor, Alerts, Backup,
Recovery)** (Q116–Q135)
6. **Configure & Manage Azure Virtual Desktop** (Q136–Q145)
7. **Implement & Manage Azure Security (NSG, Firewall, DDoS, Key
Vault)** (Q146–Q165)
8. **Configure & Manage Governance & Compliance (Policies, Locks,
Blueprints)** (Q166–Q180)
9. **Manage Azure Compute & Storage Optimization** (Q181–Q190)
10. **High-Yield NGN/Scenario-Based Questions** (Q191–Q200)
,2|Page
# Section 1: Manage Azure Identities & Governance (Azure AD, RBAC,
Subscriptions) (Q1–Q35)
**Q1.** You need to synchronize on-premises Active Directory users to
Azure Active Directory (Azure AD). Which tool should you use?
A. Azure AD Connect
B. Azure Site Recovery
C. Azure Backup
D. Azure Policy
**Correct Answer: A – Azure AD Connect**
*Rationale: Azure AD Connect is the tool used to synchronize on-
premises AD identities to Azure AD.*
**Q2.** You need to grant a user the ability to create and manage virtual
machines but not delete them. Which role assignment should you use?
A. Virtual Machine Contributor
B. Owner
C. Contributor
D. Reader
**Correct Answer: A – Virtual Machine Contributor**
,3|Page
*Rationale: The Virtual Machine Contributor role allows management of
VMs (create, start, stop) but not deletion of the VM or the ability to
manage the virtual network or storage account.*
**Q3.** A user needs full access to all resources in a subscription,
including the ability to assign roles to others. Which role should you
assign?
A. Owner
B. Contributor
C. Reader
D. User Access Administrator
**Correct Answer: A – Owner**
*Rationale: The Owner role has full access to all resources and can
delegate access to others.*
**Q4.** You have a subscription with multiple resource groups. You
need to prevent accidental deletion of a critical resource group. What
should you configure?
A. Resource lock (Delete lock)
B. Azure Policy
C. Role assignment
D. Management group
, 4|Page
**Correct Answer: A – Resource lock (Delete lock)**
*Rationale: A CanNotDelete lock prevents deletion of the resource
group and its resources.*
**Q5.** You need to organize subscriptions into a hierarchy for
centralized policy and governance. What should you use?
A. Management groups
B. Resource groups
C. Tags
D. Azure Policy
**Correct Answer: A – Management groups**
*Rationale: Management groups allow you to organize subscriptions
into a hierarchy and apply policies and RBAC at scale.*
**Q6.** A user reports that they cannot create a VM in a specific region.
You need to identify why. Which Azure service should you check?
A. Azure Policy compliance
B. Azure Monitor
C. Azure Security Center
D. Azure Advisor
**Correct Answer: A – Azure Policy compliance**
