AZ-104 Microsoft Practice Exam Flashcards
You have a Microsoft Entra tenant that uses Microsoft Entra Connect to sync with an Active Directory Domain Services (AD DS) domain.
You need to ensure that users can reset their AD DS password from the Azure portal. The users must be able to use two methods to reset their password.
Which two actions should you perform? Each correct answer presents part of the solution.
- From Password reset in the Azure portal, configure the
Authentication methods settings. - From Password reset in the Azure portal, configure the
Notifications settings. - From Password reset in the Azure portal, configure the
Registration settings. - Run Microsoft Entra Connect and select Device writeback.
- Run Microsoft Entra Connect and select Password writeback.
From Password reset in the Azure portal, configure the Authentication methods settings
Run Microsoft Entra Connect and select Password writeback
You have an Azure subscription.
From PowerShell, you run the Get-MgUser cmdlet for a user and receive the following details:
Id: 8755b347-3545-3876-3987-999999999999
DisplayName: Ben Smith
Mail: bsmith@contoso.com
UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com
Which statement accurately describes the user?
- The user account is disabled.
- The user is a guest in the tenant.
- The user is assigned an administrative role.
- The user is deleted.
The user is a guest in the tenant.
You have the following resource groups, management groups, and Azure subscriptions:
Two resource groups named RG1 and RG2 in a subscription named 111-222-333 and a management group named MG1.
Two resource groups named RG3 and RG4 in a subscription named 777-888-999 and a management group named MG1.
Two resource groups named RG5 and RG6 in a subscription named 444-555-666 and a management group named MG1.
Two resource group named RG10 and RG11 in a subscription named 222-333-444 and a management group named MG2.
Two resource group named RG11 and RG12 in a subscription named 555-666-888 and a management group named MG2.
You need to assign a role to a user to ensure the user can view all the resources in the subscriptions. The solution must use the principle of least privilege.
Which role should you assign?
- the Billing Reader role for all the subscriptions
- the Billing Reader role for MG1 and MG2
- the Contributor role for MG1 and MG2
- the Reader role for MG1 and MG2
the Reader role for MG1 and MG2
You have an Azure subscription.
You run the following command:
Get-AzRoleDefinition | Format-Table -Property Name, Id
The command output contains data that includes the following:
CustomRole1 111-222-333-444-555
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Reader acdd72a7-3385-48ef-bd42-f606fba81ae7
You have a script that manages access to resources at the resource group level. The assignment process is automated by running the following PowerShell script nightly.
$rg = “RG1”
$RoleName = “111-222-333-444-555”
$Role = Get-AzRoleDefinition -Name $RoleName
New-AzRoleAssignment -SignInName user1@contoso.com
-RoleDefinitionName $Role.Name `
-ResourceGroupName $rg
User1 is unable to access the RG1 resource group. You discover that the script fails to complete for User1.
You need to modify the script to ensure that it does not fail.
What should you change in the script?
$Role = Add-AzRoleDefinition -Name $RoleName
$Role = Get-AzRoleAssignment -Name $RoleName
$Role = Set-AzRoleAssignment -Name $RoleName
$RoleName = “CustomRole1”
$RoleName = “CustomRole1”
You have several management groups and Azure subscriptions.
You want to prevent the accidental deletion of resources.
To which three resource types can you apply delete locks? Each correct answer presents a complete solution.
- management groups
- resource groups
- subscriptions
- virtual machines
resource groups
subscriptions
virtual machines
