Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

Microsoft Azure AZ-104 Administrator 2025 55 QA Practice Exam Verified Answers

Rating
-
Sold
-
Pages
28
Grade
A+
Uploaded on
24-03-2026
Written in
2025/2026

Microsoft Azure AZ-104 Administrator 2025 — 55 Q&A Practice Exam Verified Answers

Institution
Course

Content preview

Microsoft Azure AZ-104 Administrator 2025 — 55 Q&A Practice
Exam Verified Answers

Series:
CrashCourses Professional Study Series

Author:
Dr Z. Moomba, MBChB, MRCPsych | BethelWellness Ltd

Exam Target:
Microsoft Azure AZ-104

Year:
2025/2026

Format:
55 Questions with Verified Answers and Rationales


>
Author's Note:
This document is an original work produced for the CrashCourses Professional Study Series.
Clinical questions and professional scenarios were composed by Dr Z. Moomba based on current
exam objectives, published guidelines, and evidence-based sources (2024–2025). All patient
names, ages, and case details are fictional. Any resemblance to existing published Q&A banks is
coincidental. For personal study use only — not for reproduction or redistribution.


SECTION A — FOUNDATIONS

1. A healthcare trust is deploying a new patient portal. You need to invite external clinical researchers
to access a specific Azure web app using their existing university credentials. Which Microsoft Entra
ID feature should you configure?
A) Entra ID Domain Services
B) Entra ID B2B Collaboration
C) Entra ID B2C
D) Entra ID Application Proxy

Answer: B




,Rationale:
Entra ID B2B Collaboration allows you to invite external guest users to your directory, letting them
sign in using their own identity providers while you maintain control over access to your
resources. The key discriminating factor is the need for external researchers to use their existing
credentials (BYOI) to access an internal resource. Option C (B2C) is tempting but is designed for
customer-facing apps where users sign up with social accounts, not for targeted guest invitations.
Examiner Pearl: Use `az ad user create --user-principal-name` for internal users, but B2B relies on
invitations. Guests receive the `UserType` of Guest. [Microsoft Entra Docs 2025]


2. You are configuring self-service password reset (SSPR) for the oncology department. Security
policy dictates that users must use two methods to reset their password. Which of the following is a
valid combination of authentication methods for SSPR?
A) Email and Security Questions
B) Mobile app notification and Office phone
C) SMS and an alternate email address
D) Microsoft Authenticator app and a hardware OATH token

Answer: A

Rationale:
Email and Security Questions are valid, standard methods that can be combined for SSPR in
Microsoft Entra ID. The key discriminating factor is understanding which methods are officially
supported in the SSPR policy portal. Option B fails because "Office phone" and "Mobile app
notification" cannot always be combined dynamically if the user lacks the app setup. Examiner
Pearl: SSPR requires at least one Azure AD Premium P1 license in the tenant. [NCSC Security
Guidelines 2024]


3. The trust's Chief Medical Information Officer (CMIO) requires that all administrative access to
Azure resources must trigger a multi-factor authentication (MFA) prompt, but only when accessed
from outside the hospital's corporate network. What should you create?
A) An Azure Policy definition
B) A Conditional Access policy
C) A Network Security Group (NSG) rule
D) A Privileged Identity Management (PIM) access review

Answer: B

Rationale:




, Conditional Access policies evaluate signals like IP address (named locations), user role, and risk
to enforce decisions like requiring MFA. The key discriminating feature is the requirement to
enforce identity security based on a network location condition. Option A (Azure Policy) is for
resource compliance, not identity-based access control. Examiner Pearl: You can configure
named locations via CLI: `az rest --method post --uri
https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations`. [Microsoft Entra
Docs 2025]


4. You need to assign an IT engineer permissions to restart virtual machines in the "Cardiology-RG"
resource group. The engineer must not be able to modify the network interfaces or create new VMs.
Which built-in RBAC role is most appropriate?
A) Contributor
B) Virtual Machine Contributor
C) Reader
D) DevTest Labs User

Answer: B

Rationale:
The Virtual Machine Contributor role lets users manage virtual machines, including starting and
stopping them, but it does not allow them to manage the virtual network or storage account to
which the VM is connected. The key discriminating feature is limiting access strictly to VM
management without network modification. Option A (Contributor) fails because it grants
permission to create and delete any resource in the resource group. Examiner Pearl: You can
assign this via CLI: `az role assignment create --assignee --role "Virtual
Machine Contributor" --scope /subscriptions/.../resourceGroups/Cardiology-RG`. [Azure RBAC
Guidelines 2025]


5. A new clinical application requires a custom RBAC role. You are authoring the JSON definition.
Which property must you configure to ensure the role can only be assigned within a specific
management group?
A) Actions
B) NotActions
C) AssignableScopes
D) DataActions

Answer: C

Rationale:

Written for

Institution
Study
Course

Document information

Uploaded on
March 24, 2026
Number of pages
28
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$20.98
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
CrashCourses (At Home Study)
Follow You need to be logged in order to follow users or courses
Sold
145
Member since
5 year
Number of followers
49
Documents
664
Last sold
3 months ago
University of the People MBA solutions

University of the People - 100% Correct Solutions

4.7

9 reviews

5
7
4
1
3
1
2
0
1
0

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions