AZ-104 Renewal Exam 2026 UPDATED
EXAM QUESTIONS WITH 100%
ACCURATE ANSWERS PLUS RATIONALES
(MULTIPLE CHOICES)
1. You need to grant a user the ability to manage all virtual machines in a
subscription. Which built-in role should you assign?
A. Owner
B. Contributor
C. Virtual Machine Contributor
D. Reader
Answer: C
Rationale: The Virtual Machine Contributor role provides permissions to manage VMs
without giving access to other resources.
2. Which Azure service provides centralized identity management and single
sign-on (SSO)?
A. Azure AD
B. Azure Monitor
C. Azure Firewall
D. Azure Backup
Answer: A
Rationale: Azure Active Directory manages identities and provides SSO.
3. What is the purpose of Azure AD Conditional Access?
A. Manage VM sizes
B. Enforce access policies based on conditions
C. Backup Azure VMs
D. Monitor network traffic
,Answer: B
Rationale: Conditional Access enforces policies like MFA, location-based access, and device
compliance.
4. What is the default maximum number of Azure subscriptions per Azure AD
tenant?
A. 1
B. 50
C. 100
D. 1000
Answer: C
Rationale: Azure AD tenants can have multiple subscriptions, with the default maximum being
100.
5. Which feature helps ensure governance by applying rules and effects to
resources?
A. Azure Policy
B. Azure Monitor
C. Azure Firewall
D. Azure Key Vault
Answer: A
Rationale: Azure Policy enforces compliance rules for resource configurations.
6. Which Azure service stores secrets, keys, and certificates?
A. Azure Storage
B. Azure Key Vault
C. Azure Policy
D. Azure Monitor
Answer: B
Rationale: Key Vault securely stores secrets and keys.
, 7. You need to delegate permission to manage a resource group without granting
subscription-level access. What should you use?
A. Role-based access control (RBAC)
B. Azure Policy
C. Azure Blueprints
D. Azure AD B2C
Answer: A
Rationale: RBAC provides granular permissions at subscription, resource group, or resource
level.
8. Which tool allows you to view Azure activity logs?
A. Azure Portal
B. Azure CLI
C. Azure PowerShell
D. All of the above
Answer: D
Rationale: Activity logs can be viewed through the portal, CLI, or PowerShell.
9. What is an Azure Management Group used for?
A. Managing VMs
B. Organizing subscriptions for governance
C. Storing data
D. Monitoring alerts
Answer: B
Rationale: Management groups help apply policies and access controls across multiple
subscriptions.
10. What does Azure Blueprints enable?
A. Automated infrastructure deployment
B. Consistent resource deployment with policies and RBAC
C. Data analytics
D. Virtual network configuration
EXAM QUESTIONS WITH 100%
ACCURATE ANSWERS PLUS RATIONALES
(MULTIPLE CHOICES)
1. You need to grant a user the ability to manage all virtual machines in a
subscription. Which built-in role should you assign?
A. Owner
B. Contributor
C. Virtual Machine Contributor
D. Reader
Answer: C
Rationale: The Virtual Machine Contributor role provides permissions to manage VMs
without giving access to other resources.
2. Which Azure service provides centralized identity management and single
sign-on (SSO)?
A. Azure AD
B. Azure Monitor
C. Azure Firewall
D. Azure Backup
Answer: A
Rationale: Azure Active Directory manages identities and provides SSO.
3. What is the purpose of Azure AD Conditional Access?
A. Manage VM sizes
B. Enforce access policies based on conditions
C. Backup Azure VMs
D. Monitor network traffic
,Answer: B
Rationale: Conditional Access enforces policies like MFA, location-based access, and device
compliance.
4. What is the default maximum number of Azure subscriptions per Azure AD
tenant?
A. 1
B. 50
C. 100
D. 1000
Answer: C
Rationale: Azure AD tenants can have multiple subscriptions, with the default maximum being
100.
5. Which feature helps ensure governance by applying rules and effects to
resources?
A. Azure Policy
B. Azure Monitor
C. Azure Firewall
D. Azure Key Vault
Answer: A
Rationale: Azure Policy enforces compliance rules for resource configurations.
6. Which Azure service stores secrets, keys, and certificates?
A. Azure Storage
B. Azure Key Vault
C. Azure Policy
D. Azure Monitor
Answer: B
Rationale: Key Vault securely stores secrets and keys.
, 7. You need to delegate permission to manage a resource group without granting
subscription-level access. What should you use?
A. Role-based access control (RBAC)
B. Azure Policy
C. Azure Blueprints
D. Azure AD B2C
Answer: A
Rationale: RBAC provides granular permissions at subscription, resource group, or resource
level.
8. Which tool allows you to view Azure activity logs?
A. Azure Portal
B. Azure CLI
C. Azure PowerShell
D. All of the above
Answer: D
Rationale: Activity logs can be viewed through the portal, CLI, or PowerShell.
9. What is an Azure Management Group used for?
A. Managing VMs
B. Organizing subscriptions for governance
C. Storing data
D. Monitoring alerts
Answer: B
Rationale: Management groups help apply policies and access controls across multiple
subscriptions.
10. What does Azure Blueprints enable?
A. Automated infrastructure deployment
B. Consistent resource deployment with policies and RBAC
C. Data analytics
D. Virtual network configuration
