Question 1hardmulti select
Full question →AZ-104 · topic practice
Managed Identity practice questions
Use this page to practise AZ-104 Managed Identity practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Managed Identity
Managed Identity questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Managed Identity questions
20 questions · select your answer, then reveal the explanation
Question 2hardmultiple choice
Full question →A build server in an on-premises datacenter must deploy ARM templates to Azure. The automation must not use a human account password, and Microsoft Entra conditional access for device sign-in is not available because the server is outside Azure. The security team allows a non-human credential but wants the strongest practical option for this scenario. What should the administrator configure?
Question 3mediummultiple choice
Full question →A contractor must import data into one blob container for six hours. The contractor should not receive the storage account key, and access must be limited to that container only. Which credential should the administrator generate?
Question 4easymultiple choice
Full question →A developer wants to give one Azure VM access to Azure Storage now, and that identity should be removed automatically if the VM is deleted. Which identity type should the administrator assign?
Question 5mediummulti select
Full question →A DevOps engineer must run an Azure CLI script from a Windows VM to create resources in a specific resource group in another subscription. The script must not use a client secret or password, and access should be limited to only that resource group. Which three actions should the administrator take? Select three.
Question 6hardmultiple choice
Full question →A storage account has public network access disabled. A VM in VNet-Prod must reach Blob storage by using the storage account name, but nslookup from the VM still returns the public endpoint address. What should the administrator do?
Question 7easymultiple choice
Full question →A newly created VM must read secrets from Azure Key Vault. The solution must not store credentials on the VM, and the identity should disappear automatically when the VM is deleted. What should the administrator enable?
Question 8mediummultiple choice
Full question →A PowerShell script runs on an Azure VM every night and uses Azure CLI commands to create tags and VM resources in another subscription. The script cannot store a password or client secret. What should it use to authenticate to Azure?
Question 9hardmultiple choice
Full question →A new Windows VM must be deployed with an application installed, a configuration file copied from a storage account, and a bootstrap script run automatically after the operating system is provisioned. The operations team does not want to log in manually after deployment. What should they use?
Question 10hardmultiple choice
Full question →A scale set of application VMs uploads JSON files to one blob container. The identity must not use secrets, must keep working if an instance is reimaged or replaced, and the same identity should be reusable across all instances. What should the administrator configure?
Question 11hardmulti select
Full question →A reporting server must be resized from 4 vCPU to 8 vCPU for a four-hour batch window. The VM name, NIC, private IP, and attached managed disks must stay the same, and the team accepts a brief outage during the change. Which two actions should you choose? Select two.
Question 12mediummultiple choice
Full question →A scheduled script runs on several Azure virtual machines that are created and replaced over time. The script must use the same Azure identity on every VM, and the identity should continue to exist even if one VM is deleted and recreated. What should the administrator use?
Question 13hardmulti select
Full question →A scheduled script runs on several Azure VMs. The VMs are rebuilt often, and the script must always use the same Azure identity across every rebuild without storing secrets on disk. Which two steps should the administrator take? Select two.
Question 14hardmultiple choice
Full question →A system-assigned managed identity is attached to an Azure VM to call Key Vault. The VM is frequently reimaged and sometimes redeployed to a different name during scale events, but the application must keep the same identity and secretless access. What should the administrator use instead?
Question 15easymultiple choice
Full question →A team deploys a Linux VM that must read secrets from Azure Key Vault without storing any usernames, passwords, or client secrets on the VM. What should the administrator enable on the VM?
Question 16mediummultiple choice
Full question →A team needs to deploy 25 identical Ubuntu VMs every month from source control. The deployment must be repeatable, and each VM must include a system-assigned managed identity at creation time. Which approach should be used?
Question 17mediummultiple choice
Full question →A team runs a Windows VM in Azure that uploads invoices to a blob container. Security policy forbids storing storage account keys or long-lived SAS tokens on the VM. The app must keep working until the VM is deleted, and access should disappear automatically when the VM is removed. What should the administrator configure?
Question 18mediummultiple choice
Full question →A web app running in Azure App Service must read blobs from a storage account. The app must authenticate without storing secrets or SAS tokens, and administrators should grant only blob data permissions, not storage management permissions. What should you configure?
Question 19easymultiple choice
Full question →A VM-hosted application must read blobs from an Azure Storage account without storing any secret in code or configuration. Which identity should you enable on the VM?
Question 20mediummultiple choice
Full question →A VM-hosted automation tool must call Azure Resource Manager APIs, but the team will not store a password, certificate, or client secret on the VM. The identity should also disappear automatically when the VM is deleted. Which identity should be assigned?
Watch out for
Common Managed Identity exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Managed Identity sessions
Start a Managed Identity only practice session
Every question in these sessions is drawn from the Managed Identity domain — nothing else.
Related practice questions
Related AZ-104 topic practice pages
Move into related areas when this topic feels solid.
AZ-104 Azure RBAC practice questions
Practise AZ-104 questions linked to AZ-104 Azure RBAC.
AZ-104 storage account practice questions
Practise AZ-104 questions linked to AZ-104 storage account.
AZ-104 virtual network practice questions
Practise AZ-104 questions linked to AZ-104 virtual network.
AZ-104 NSG practice questions
Practise AZ-104 questions linked to AZ-104 NSG.
AZ-104 Azure Monitor practice questions
Practise AZ-104 questions linked to AZ-104 Azure Monitor.
AZ-104 backup practice questions
Practise AZ-104 questions linked to AZ-104 backup.
AZ-104 managed identity practice questions
Practise AZ-104 questions linked to AZ-104 managed identity.
AZ-104 load balancer practice questions
Practise AZ-104 questions linked to AZ-104 load balancer.
AZ-104 Azure Policy practice questions
Practise AZ-104 questions linked to AZ-104 Azure Policy.
AZ-104 virtual machine practice questions
Practise AZ-104 questions linked to AZ-104 virtual machine.
Frequently asked questions
- What does the AZ-104 exam test about Managed Identity?
- Managed Identity questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Managed Identity questions in a focused session?
- Yes — the session launcher on this page draws every question from the Managed Identity domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other AZ-104 topics?
- Use the topic links above to move to related areas, or go back to the AZ-104 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the AZ-104 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.