©THESTAR 2024/2025 ALL RIGHTS RESERVED.
AZ 104 Exam Prep Questions And Answers
100% Guaranteed Pass
You have an Azure subscription.
From PowerShell, you run the Get-MgUser cmdlet for a user and receive the following details:
Id: 8755b347-3545-3876-3987-999999999999
DisplayName: Ben Smith
Mail:
UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com
Which statement accurately describes the user? - Answer✔The user was a guest in the tenant.
Question 2 of 50
You have the following resource groups, management groups, and Azure subscriptions:
Two resource groups named RG1 and RG2 that are associated with a subscription named 111-
222-333 and a management group named MG1.
Two resource groups named RG3 and RG4 that are associated with a subscription named 777-
888-999 and a management group named MG1.
Two resource groups named RG5 and RG6 that are associated with a subscription named 444-
555-666 and a management group named MG1
1|Page
, ©THESTAR 2024/2025 ALL RIGHTS RESERVED.
Two resource group named RG10 and RG11 that are associated with a subscription named 222-
333-444 and a management group named MG2
Two resource group named RG11 and RG12 that are associated with a subscription named 555-
666-888 and a management group named MG2
You need to assign a role to a user to ensure the user can view all the resources in the
subscriptions. The solution must use the principle of least privilege.
Which role sh - Answer✔the Reader role for MG1 and MG2
(Assigning the Reader role for MG1 and MG2 is correct because the simplest way to give user
access to all resources is to assign a role at the management group level.)
You have an Azure subscription. An administrator manages access to resources at the resource
group level. The assignment process is automated by running the following PowerShell script
nightly.
$rg = "RG1"
$RoleName = "CustomRole1"
$Role = Get-AzRoleDefinition -Name $RoleName
New-AzRoleAssignment -SignInName `
-RoleDefinitionName $Role.Name `
-ResourceGroupName $rg
User1 is unable to access the RG1 resource group. You discover that the script fails to complete
for new users.
You run Get-AzRoleDefinition | Format-Table -Property Name, Id and receive the following
information:
Name: Custom Role 1, ID: 111-222-333
Name: Owner, ID: 222-333-444
Name: Contributor, ID: 333-444-555
2|Page
, ©THESTAR 2024/2025 ALL RIGHTS RESERVED.
Name: Reader, ID: 666-777-888
You need to modify the script to ensure that it does not fail in the future.
What should you change in the script? - Answer✔$RoleName = "111-222-333"
(You should use the ID of the role in case the role name was changed to prevent such a change
from breaking the script.
Assign Azure roles using Azure PowerShell - Azure RBAC)
You have an Azure subscription that contains multiple virtual machines.
You need to ensure that a user named User1 can view all the resources in a resource group
named RG1. You must use the principle of least privilege. Which role should you assign to
User1? - Answer✔Reader
(The Reader role allows you to view all the resources but does not allow you to make any
changes. The Contributor role allows you to manage all the resources, the Billing Reader role
provides read access only to billing data, and the Tag Contributor role allows you to manage
entity tags without providing access to the entities themselves.)
You have an Azure subscription that contains several storage accounts.
You need to provide a user with the ability to perform the following tasks
- Manage containers within the storage accounts.
- View storage account access keys.
The solution must use the principle of least privilege. Which role should you assign to the user?
- Answer✔Storage Account Contributor
(Storage Account Contributor allows the management of storage accounts. It provides access to
the account key, which can be used to access data via Shared Key authorization. Storage Blob
Data Contributor grants permissions to read, write, and delete Azure Storage containers and
blobs. Reader allows you to view all resources but does not allow you to make any changes.
Owner grants full access to manage all resources, including the ability to assign roles in Azure
RBAC.)
3|Page
AZ 104 Exam Prep Questions And Answers
100% Guaranteed Pass
You have an Azure subscription.
From PowerShell, you run the Get-MgUser cmdlet for a user and receive the following details:
Id: 8755b347-3545-3876-3987-999999999999
DisplayName: Ben Smith
Mail:
UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com
Which statement accurately describes the user? - Answer✔The user was a guest in the tenant.
Question 2 of 50
You have the following resource groups, management groups, and Azure subscriptions:
Two resource groups named RG1 and RG2 that are associated with a subscription named 111-
222-333 and a management group named MG1.
Two resource groups named RG3 and RG4 that are associated with a subscription named 777-
888-999 and a management group named MG1.
Two resource groups named RG5 and RG6 that are associated with a subscription named 444-
555-666 and a management group named MG1
1|Page
, ©THESTAR 2024/2025 ALL RIGHTS RESERVED.
Two resource group named RG10 and RG11 that are associated with a subscription named 222-
333-444 and a management group named MG2
Two resource group named RG11 and RG12 that are associated with a subscription named 555-
666-888 and a management group named MG2
You need to assign a role to a user to ensure the user can view all the resources in the
subscriptions. The solution must use the principle of least privilege.
Which role sh - Answer✔the Reader role for MG1 and MG2
(Assigning the Reader role for MG1 and MG2 is correct because the simplest way to give user
access to all resources is to assign a role at the management group level.)
You have an Azure subscription. An administrator manages access to resources at the resource
group level. The assignment process is automated by running the following PowerShell script
nightly.
$rg = "RG1"
$RoleName = "CustomRole1"
$Role = Get-AzRoleDefinition -Name $RoleName
New-AzRoleAssignment -SignInName `
-RoleDefinitionName $Role.Name `
-ResourceGroupName $rg
User1 is unable to access the RG1 resource group. You discover that the script fails to complete
for new users.
You run Get-AzRoleDefinition | Format-Table -Property Name, Id and receive the following
information:
Name: Custom Role 1, ID: 111-222-333
Name: Owner, ID: 222-333-444
Name: Contributor, ID: 333-444-555
2|Page
, ©THESTAR 2024/2025 ALL RIGHTS RESERVED.
Name: Reader, ID: 666-777-888
You need to modify the script to ensure that it does not fail in the future.
What should you change in the script? - Answer✔$RoleName = "111-222-333"
(You should use the ID of the role in case the role name was changed to prevent such a change
from breaking the script.
Assign Azure roles using Azure PowerShell - Azure RBAC)
You have an Azure subscription that contains multiple virtual machines.
You need to ensure that a user named User1 can view all the resources in a resource group
named RG1. You must use the principle of least privilege. Which role should you assign to
User1? - Answer✔Reader
(The Reader role allows you to view all the resources but does not allow you to make any
changes. The Contributor role allows you to manage all the resources, the Billing Reader role
provides read access only to billing data, and the Tag Contributor role allows you to manage
entity tags without providing access to the entities themselves.)
You have an Azure subscription that contains several storage accounts.
You need to provide a user with the ability to perform the following tasks
- Manage containers within the storage accounts.
- View storage account access keys.
The solution must use the principle of least privilege. Which role should you assign to the user?
- Answer✔Storage Account Contributor
(Storage Account Contributor allows the management of storage accounts. It provides access to
the account key, which can be used to access data via Shared Key authorization. Storage Blob
Data Contributor grants permissions to read, write, and delete Azure Storage containers and
blobs. Reader allows you to view all resources but does not allow you to make any changes.
Owner grants full access to manage all resources, including the ability to assign roles in Azure
RBAC.)
3|Page
