AZ 104 Exam Prep Questions with 100% Correct Answers | Get it 100% Correct!!

AZ 104 Exam Prep Questions with 100%
Correct Answers | Get it 100% Correct!!

You have an Azure subscription.



From PowerShell, you run the Get-MgUser cmdlet for a user and receive the

following details:



Id: 8755b347-3545-3876-3987-999999999999

DisplayName: Ben Smith

Mail:

UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com



Which statement accurately describes the user? - ✔✔The user was a guest in

the tenant.

Question 2 of 50

You have the following resource groups, management groups, and Azure

subscriptions:




1|Page
©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025.

,Two resource groups named RG1 and RG2 that are associated with a

subscription named 111-222-333 and a management group named MG1.



Two resource groups named RG3 and RG4 that are associated with a

subscription named 777-888-999 and a management group named MG1.



Two resource groups named RG5 and RG6 that are associated with a

subscription named 444-555-666 and a management group named MG1



Two resource group named RG10 and RG11 that are associated with a

subscription named 222-333-444 and a management group named MG2



Two resource group named RG11 and RG12 that are associated with a

subscription named 555-666-888 and a management group named MG2



You need to assign a role to a user to ensure the user can view all the resources

in the subscriptions. The solution must use the principle of least privilege.



Which role sh - ✔✔the Reader role for MG1 and MG2

2|Page
©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025.

,(Assigning the Reader role for MG1 and MG2 is correct because the simplest

way to give user access to all resources is to assign a role at the management

group level.)

You have an Azure subscription. An administrator manages access to resources

at the resource group level. The assignment process is automated by running

the following PowerShell script nightly.



$rg = "RG1"

$RoleName = "CustomRole1"

$Role = Get-AzRoleDefinition -Name $RoleName

New-AzRoleAssignment -SignInName `

-RoleDefinitionName $Role.Name `

-ResourceGroupName $rg

User1 is unable to access the RG1 resource group. You discover that the script

fails to complete for new users.

You run Get-AzRoleDefinition | Format-Table -Property Name, Id and receive

the following information:

Name: Custom Role 1, ID: 111-222-333

3|Page
©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025.

, Name: Owner, ID: 222-333-444

Name: Contributor, ID: 333-444-555

Name: Reader, ID: 666-777-888



You need to modify the script to ensure that it does not fail in the future.

What should you change in the script? - ✔✔$RoleName = "111-222-333"



(You should use the ID of the role in case the role name was changed to prevent

such a change from breaking the script.

Assign Azure roles using Azure PowerShell - Azure RBAC)

You have an Azure subscription that contains multiple virtual machines.

You need to ensure that a user named User1 can view all the resources in a

resource group named RG1. You must use the principle of least privilege. Which

role should you assign to User1? - ✔✔Reader

(The Reader role allows you to view all the resources but does not allow you to

make any changes. The Contributor role allows you to manage all the resources,

the Billing Reader role provides read access only to billing data, and the Tag

Contributor role allows you to manage entity tags without providing access to

the entities themselves.)

4|Page
©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025.