Before sharing the latest AZ-104 dumps exam questions, I would like to share my views on Microsoft cloud computing in 2025 briefly.
I am very sure that cloud computing certification is still very popular, especially the “Microsoft Certified: Azure Administrator Associate” certification. Here are some of my opinions:
1.Digital transformation accelerates
More and more enterprises are undergoing digital transformation. Please see the figure below. According to Google data, most of the top enterprises are undergoing digital transformation or are still in the process of transformation. This will reduce their costs, improve business efficiency, reduce hardware expenses and improve data security.
2. Telecommuting and distributed work models
If your job requires a computer, then you or someone around you must be a remote worker, and this is already the norm. In particular, the changes in the global economic environment after the epidemic have accelerated cloud computing technology to become a key infrastructure to support remote office and cross-regional work.
3. other reasons
Big data and artificial intelligence applications, multi-cloud and hybrid cloud trends, the rise of edge computing, increasing security and compliance requirements, and so on, everything is inseparable from cloud computing. So do you think cloud computing certification is important? Microsoft Azure is also the industry leader in cloud computing. Then getting AZ-104 certification is crucial for people who want to engage in cloud computing because it occupies a very high status.
Closer to home, next I will share the latest AZ-104 dumps exam questions in 2025.
AZ-104 dumps exam questions online practice
| Number of exam questions (Free) | Type | Update Time | Get More |
| 15 | Single & Multiple Choice | 2025 | 361 Q&As |
Question 1:
Your company\’s Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.
One of the VMs is backed up every day using Azure Backup Instant Restore.
When the VM becomes infected with data encrypting ransomware, you decide to recover the VM\’s files.
Which of the following is TRUE in this scenario?
A. You can only recover the files to the infected VM.
B. You can recover the files to any VM within the company\’s subscription.
C. You can only recover the files to a new VM.
D. You will not be able to recover the files.
Correct Answer: B
Question 2:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each external user.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Wrong module.
New-MgUser
Module: Microsoft.Graph.Users
Create a new user.
Instead use the New-AzureADMSInvitation cmdlet which is used to invite a new external user to your directory.
Reference:
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation
Question 3:
HOTSPOT
You have an Azure subscription.
You plan to deploy a storage account named storage\’ by using the following Azure Resource Manager (ARM) template.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 4:
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
A. Azure Custom Script Extension
B. Deployment Center in Azure App Service
C. the New-AzConfigurationAssignment cmdlet
D. a Microsoft Endpoint Manager device configuration profile
Correct Answer: A
There are several versions of this question in the exam. The question has two correct answers:
1.
A Desired State Configuration (DSC) extension
2.
Azure Custom Script Extension
The Custom Script Extension downloads and runs scripts on Azure virtual machines (VMs). This extension is useful for post-deployment configuration, software installation, or any other configuration or management task. You can download scripts from Azure Storage or GitHub, or provide them to the Azure portal at extension runtime. https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Question 5:
HOTSPOT
You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 6:
You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users.
You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.
What should you do?
A. From the multi-factor authentication page, configure the users\’ settings.
B. From Azure AD, create a conditional access policy.
C. From the multi-factor authentication page, configure the service settings.
D. From the MFA blade in Azure AD, configure the MFA Server settings.
Correct Answer: C
Enable remember Multi-Factor Authentication
1.
Sign in to the Azure portal.
2.
On the left, select Azure Active Directory>; Users.
3.
Select Multi-Factor Authentication.
4.
Under Multi-Factor Authentication, select service settings.
5.
On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they trust option.
6.
Set the number of days to allow trusted devices to bypass two-step verification. The default is 14 days.
7.
Select Save.
References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
Question 7:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You need to use a custom policy definition, because there is not a built-in policy.
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies
Question 8:
HOTSPOT
You need to meet the connection requirements for the New York office. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Create a virtual network gateway and a local network gateway. Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
*
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
*
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
*
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
*
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid- networking/vpn
Question 9:
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company\’s Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.
VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to- site VPN connection exists between your company\’s on-premises network and VirtualNetworkA.
You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company\’s on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.
You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.
Solution: You download and re-install the VPN client configuration package on the Windows 10 workstation.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 10:
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
A. NSG flow logs
B. Connection troubleshoot
C. IP flow verify
D. Connection monitor
Correct Answer: D
The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint Incorrect Answers:
A: The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound).
IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.
B: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does.
D: The NSG flow log capability allows you to log the source and destination IP address, port, protocol, and whether traffic was allowed or denied by an NSG.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
Question 11:
You have an Azure subscription. The subscription contains virtual machines that run Windows Server.
You have a data collection rule (DCR) named Rule1.
You plan to use the Azure Monitor Agent to collect events from Windows System event logs.
You only need to collect system events that have an ID of 1001.
Which type of query should you use for the data source in Rule1?
A. SQL
B. XPath
C. KQL
Correct Answer: B
Filter events using XPath queries
You\’re charged for any data you collect in a Log Analytics workspace. Therefore, you should only collect the event data you need. The basic configuration in the Azure portal provides you with a limited ability to filter out events.
To specify more filters, use custom configuration and specify an XPath that filters out the events you don\’t need. XPath entries are written in the form LogName!XPathQuery. For example, you might want to return only events from the Application event log with an event ID of 1035.
The XPathQuery for these events would be *[System[EventID=1035]]. Because you want to retrieve the events from the Application event log, the XPath is Application!*[System[EventID=1035]]
Reference:
Question 12:
You have web apps in the West US, Central US and East US Azure regions. You have the App Service plans shown in the following table.
You plan to create an additional App Service plan named ASP5 that will use the Linux operating system.
You need to identify in which of the currently used locations you can deploy ASP5.
What should you recommend?
A. West US, Central US, or East US
B. Central US only
C. East US only
D. West US only
Correct Answer: A
This question is asking in which regional locations can a APP service plan be deployed to. It tells you it will be a Linux Plan to throw you off and make you wonder if it matters. Which is does not.
Then it asks what should you recommend to make you think you are supposed to choose. The fact is you can recommend any region.
An APP service plan can be deployed in any region and multiple APP service plans can be deployed in a region.
The Plan type you choose depends on the APP\’s your going to deploy and whether the programing language can be run on Linux or Windows.
https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans
Question 13:
You have an Azure policy as shown in the following exhibit: What is the effect of the policy?
A. You can create Azure SQL servers in ContosoRG1 only.
B. You are prevented from creating Azure SQL servers anywhere in Subscription 1.
C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
D. You can create Azure SQL servers in any resource group within Subscription 1.
Correct Answer: A
You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1
Reference: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
Question 14:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are the global administrator for an Azure Active Directory (Azure AD) tenant that has several subscriptions.
You need to create a report that lists all the resources for the tenant.
Solution: You open the Azure portal and modify the properties of the Azure AD tenant.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Question 15:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a packet capture.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
AZ-104 dumps exam questions free download (PDF): https://drive.google.com/file/d/1YG7DdbCWx5ClfIcB_oPaUCucYUlxY9qF/view?usp=sharing
Get more AZ-104 dumps exam questions
The AZ-104 “Microsoft Certified: Azure Administrator Associate” certification exam provides a variety of exam question types: single-choice questions, multiple-choice questions, case analysis questions, drag-and-drop questions, fill-in-the-blank questions, experimental questions… In order to help candidates pass this Exam, Pass4itsure has developed the optimal exam practice plan based on the actual exam situation:
| Total Questions: | 361 |
| Single & multiple choice: | 195 |
| Drag Drop: | 12 |
| Hotspot: | 154 |
| Testlet | 5 |
And two practice plans are provided, PDF & VCE. They both provide complete exam questions and answers. VCE is actually close to the real scenario and can help you quickly improve your passing rate.
Conclusion:
Facing the future, it is very necessary to choose a certification program that will help me improve!
Microsoft AZ-104 certification is one of the most popular!
Today here I share the latest 2025 AZ-104 dumps exam questions, you can practice online, or you can download and learn slowly, which will help you quickly improve your exam skills. Choose the most worthwhile Pass4itsure AZ-104 dumps exam questions to help you get promoted quickly.