AZ-104 · topic practice

Managed Identity practice questions

Practise AZ-104 Managed Identity practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Managed Identity

What the exam tests

What to know about Managed Identity

Managed Identity questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Managed Identity exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Managed Identity questions

20 questions · select your answer, then reveal the explanation

An administrator wants a script running on an Azure VM to create a resource in Azure without storing any passwords or client secrets on the VM. What should the administrator configure first?

Question 2mediummultiple choice
Read the full Managed Identity explanation →

A PowerShell script runs on an Azure VM every night and uses Azure CLI commands to create tags and VM resources in another subscription. The script cannot store a password or client secret. What should it use to authenticate to Azure?

A team deploys a Linux VM that must read secrets from Azure Key Vault without storing any usernames, passwords, or client secrets on the VM. What should the administrator enable on the VM?

Question 4mediummultiple choice
Read the full Managed Identity explanation →

An Azure virtual machine was moved to a host that is experiencing intermittent issues. You need to move the VM to a different Azure host while keeping the existing managed disks and configuration. Which action should you perform?

Question 5mediummultiple choice
Read the full Managed Identity explanation →

An Azure Automation account runs PowerShell runbooks that must authenticate to Azure resources without embedded secrets. The automation account is recreated periodically during deployment, and the identity must continue to work after recreation without reissuing credentials. Which identity should you use?

An Azure application and an Azure Automation account need Azure access without any stored secrets. The same identity should be reusable and should not require manual secret rotation. Which two identity choices meet the requirement? Select two.

Based on the exhibit, an Azure VM must read secrets from Azure Key Vault during startup. No passwords, certificates, or client secrets may be stored on the VM. What should you configure?

Network Topology
az vm createresource-group rg-appname vm01image Ubuntu2204admin-username azureadminApplication note:

A VM-hosted app needs to upload blobs without storing a storage account key or password on the VM. Which two authentication options meet this requirement? Select two.

A web application runs in Azure App Service and uploads files to Azure Blob Storage. The storage account has shared key access disabled, and the app must not store secrets in configuration. If the App Service is deleted and recreated later, the storage access should be removed automatically with the app. What should you configure?

A VM-hosted application must read blobs from Azure Storage without storing any keys or passwords. Which two identity types can the VM use to authenticate to Azure Storage? Select two.

An administrator assigned a policy definition with the Modify effect to add tag Environment=Prod to resources in a subscription. Existing VMs still do not show the tag. Which two actions should the administrator take to bring the existing VMs into compliance? Select two.

Question 12mediummultiple choice
Read the full Managed Identity explanation →

A web API runs on a single Azure VM and must access Azure Key Vault without storing any credentials on the VM. The identity should be tied to that VM and removed when the VM is deleted. What should you enable?

Match each access scenario to the SAS or key type that best fits it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

User delegation SAS

Service SAS

Account SAS

Storage account key

A platform team must enforce two governance rules across every current and future subscription under a management group: resources must include an Environment tag, and only East US or West US may be used for deployment. They want one compliance view for both rules and a way to correct missing tags on existing resources where supported. What should they assign?

An Azure Function App and an Azure Automation runbook both need to upload, read, and delete blobs in one container. You must avoid stored secrets and keep the permissions as limited as possible. Which two configuration choices should you make? Select two.

Question 16mediummultiple choice
Read the full Managed Identity explanation →

Based on the exhibit, what should the administrator configure so the container group can pull the private image without storing registry credentials?

Exhibit

Template excerpt:
```
resources:
- type: Microsoft.ContainerInstance/containerGroups
  name: cg-transform
  properties:
    containers:
    - name: transform
      properties:
        image: contoso.azurecr.io/transform:3.0
    imageRegistryCredentials: []
```
Requirement: the image is stored in Azure Container Registry and no username, password, or connection string may be embedded in the deployment

A bootstrap script must install software on three VMs, then download configuration files from Blob Storage. Security forbids secrets in templates or scripts, and the same authentication method must work after the VMs are rebuilt. Which two choices should you make? Select two.

Question 18mediummultiple choice
Read the full Managed Identity explanation →

A team needs to deploy 25 identical Ubuntu VMs every month from source control. The deployment must be repeatable, and each VM must include a system-assigned managed identity at creation time. Which approach should be used?

A Modify policy adds CostCenter=042 to resources in RG-Finance. New resources are tagged correctly, but existing virtual machines remain untagged. What three requirements must be met for the assignment to update the existing resources? Select three.

A scheduled script runs on several Azure VMs. The VMs are rebuilt often, and the script must always use the same Azure identity across every rebuild without storing secrets on disk. Which two steps should the administrator take? Select two.

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Managed Identity sessions

Start a Managed Identity only practice session

Every question in these sessions is drawn from the Managed Identity domain — nothing else.

Related practice questions

Related AZ-104 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AZ-104 exam test about Managed Identity?
Managed Identity questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Managed Identity questions in a focused session?
Yes — the session launcher on this page draws every question from the Managed Identity domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-104 topics?
Use the topic links above to move to related areas, or go back to the AZ-104 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-104 exam covers. They are not copied from any real exam or dump site.