The Microsoft AZ-104 & Study Guides can be challenging if you rely only on theoretical knowledge. This practice test gives you an opportunity to apply concepts in a way that closely matches the real exam experience. As you attempt each question, focus on understanding the reasoning behind the correct answer. This approach will help you avoid common mistakes and improve your confidence. With regular practice, you’ll notice a significant improvement in your performance.
Updated for 2026: This guide provides a structured approach to help you prepare effectively, understand key concepts, and practice real exam-level questions.
How to Use This Practice Test
- Start by reviewing key concepts before attempting questions
- Take the test in a timed environment
- Analyze your mistakes and revisit weak areas
Why This Practice Test Matters
This practice test is designed to simulate the real exam environment and help you identify knowledge gaps, improve accuracy, and build confidence.
Prepare for the Microsoft AZ-104 exam with real-world, scenario-based practice questions designed to help you master Azure administration and pass on your first attempt.
Why This AZ-104 Practice Test Matters
The AZ-104 exam focuses on real-world Azure administration tasks, including identity management, networking, storage, compute, and governance. This practice test helps you understand how to manage Azure resources effectively, troubleshoot issues, and make correct decisions in exam scenarios.
| Exam Name | Microsoft AZ-104: Microsoft Azure Administrator – 2026 Updated |
|---|---|
| Exam Provider | Microsoft Certification Program |
| Exam Type | Azure Administrator Associate Certification |
| Total Practice Questions | 140 Advanced MCQs (Core + Scenario-Based + Admin-Level Questions) |
| Exam Domains Covered | • Manage Azure identities and governance (RBAC, Azure AD, policies) • Implement and manage storage (Blob, redundancy, access control) • Deploy and manage Azure compute resources (VMs, scale sets) • Configure and manage virtual networking (VNet, NSG, VPN, ExpressRoute) • Monitor and maintain Azure resources (Azure Monitor, logs, alerts) • Security and compliance (Key Vault, Defender for Cloud, encryption) |
| Questions in Real Exam | • Total: 40–60 Questions • Scenario-based and practical admin tasks • Focus on real-world Azure management • Includes troubleshooting and architecture decisions |
| Exam Duration | • Total Time: 100–120 Minutes • Time pressure on complex scenarios • Requires hands-on understanding of Azure services |
| Scoring | • Score Range: 0–1000 • Passing Score: 700+ • Scaled scoring system |
| Question Format | • Multiple Choice Questions (MCQs) • Scenario-based admin questions • Real-world troubleshooting cases • Decision-making and configuration questions |
| Difficulty Level | Moderate to High (Associate Level + Real Admin Scenarios) |
| Key Focus Areas | • Managing identities using Azure AD and RBAC • Configuring VNets, NSGs, and secure connectivity • Implementing storage solutions and redundancy • Automating deployments using ARM templates • Monitoring performance using Azure Monitor • Securing resources using Key Vault and policies • Optimizing cost and performance in Azure |
| Common Exam Traps | • Confusing NSG vs Azure Firewall vs Application Gateway • Choosing wrong storage redundancy options • Misunderstanding RBAC vs Azure Policy roles • Overlooking security features like Managed Identity • Selecting incorrect scaling or load balancing solutions • Ignoring cost optimization recommendations • Mixing up regional vs global services |
| Skills Developed | • Azure resource management and administration • Networking and connectivity configuration • Security and compliance implementation • Monitoring, logging, and troubleshooting • Infrastructure automation using templates • Cost optimization and performance tuning |
| Study Strategy | • Focus on real-world scenarios, not theory only • Practice choosing correct Azure services for each use case • Understand networking and security concepts deeply • Review explanations for decision-making logic • Practice under time constraints • Learn differences between similar Azure services |
| Best For | • Azure Administrators and Cloud Engineers • IT professionals managing Azure environments • Candidates preparing for AZ-104 certification • System administrators transitioning to cloud roles • Professionals aiming for Azure career growth |
| Career Benefits | • Validates Azure Administrator Associate certification • High-demand cloud administration skill • Opens roles in cloud engineering and DevOps • Enhances practical Azure management experience • Recognized Microsoft certification globally |
| About This Practice Test | This AZ-104 practice exam includes realistic Azure Administrator questions and answers covering networking, storage, compute, security, and governance. It is designed to match the Microsoft AZ-104 exam format and help you prepare confidently with updated 2026 content. |
| Updated | 2026 Latest Version – Based on Current Azure Administrator Exam Objectives |
Pass AZ-104 Exam with Confidence
Get access to 140 real exam-style questions covering Azure administration, networking, security, and real-world scenarios.
✔ Real scenario-based questions
✔ Detailed explanations for every question
✔ Designed for first-attempt pass
✔ Updated for latest 2026 exam objectives
Q1
You need to ensure that a virtual machine automatically shuts down at a specific time daily. What should you configure?
A. Azure Automation Runbook
B. Auto-shutdown in VM settings
C. Azure Policy
D. Scheduled scaling
Answer: B
Rationale:
Azure provides a built-in auto-shutdown feature within VM settings, allowing you to schedule daily shutdowns without additional services. Azure Automation could achieve this but is unnecessary for this simple requirement.
Q2
You want to restrict access to a storage account so that only specific IP addresses can connect. What should you configure?
A. RBAC roles
B. Network firewall rules
C. Azure AD authentication
D. Shared access signatures
Answer: B
Rationale:
Storage account firewall rules allow you to restrict access based on IP addresses or virtual networks. RBAC controls permissions, not network access.
Q3
You need to assign permissions to a user to manage only virtual machines in a resource group. What should you use?
A. Azure Policy
B. RBAC role assignment
C. Management group
D. Azure Blueprint
Answer: B
Rationale:
RBAC allows you to assign roles such as Virtual Machine Contributor at the resource group level, ensuring least-privilege access.
Q4
You want to ensure that all resources are deployed only in specific regions. What should you use?
A. Azure Monitor
B. Azure Policy
C. Azure Advisor
D. Resource locks
Answer: B
Rationale:
Azure Policy enforces rules such as restricting allowed locations, ensuring compliance with organizational standards.
Q5
You need to monitor CPU usage of virtual machines and receive alerts when usage exceeds a threshold. What should you use?
A. Azure Advisor
B. Azure Monitor alerts
C. Azure Policy
D. Network Watcher
Answer: B
Rationale:
Azure Monitor allows you to create metric-based alerts for CPU usage and trigger notifications when thresholds are exceeded.
Q6
Which storage redundancy option provides the highest availability across regions?
A. LRS
B. ZRS
C. GRS
D. RA-GRS
Answer: D
Rationale:
RA-GRS (Read-Access Geo-Redundant Storage) replicates data to a secondary region and allows read access, providing maximum availability and resilience.
Q7
You need to allow secure access to a storage account without exposing keys. What should you use?
A. Access keys
B. Shared access signature (SAS)
C. Public access
D. Storage explorer
Answer: B
Rationale:
SAS provides time-limited, secure access to storage resources without exposing account keys, making it a best practice.
Q8
You want to prevent accidental deletion of a resource group. What should you configure?
A. Azure Policy
B. Resource lock (Delete lock)
C. RBAC role
D. Backup
Answer: B
Rationale:
A delete lock prevents resources from being deleted, even by users with permissions, protecting critical resources.
Q9
You need to connect two virtual networks in Azure. What should you use?
A. VPN Gateway
B. VNet Peering
C. ExpressRoute
D. Load Balancer
Answer: B
Rationale:
VNet peering allows direct, low-latency communication between virtual networks within Azure without requiring gateways.
Q10
Which service provides recommendations to optimize Azure resources?
A. Azure Monitor
B. Azure Advisor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Advisor provides recommendations for cost optimization, performance, security, and reliability.
Q11
You need to manage multiple Azure subscriptions under a single hierarchy. What should you use?
A. Resource groups
B. Management groups
C. Azure Policy
D. RBAC
Answer: B
Rationale:
Management groups allow you to organize and manage multiple subscriptions with consistent policies and access control.
Q12
You want to assign a role that allows a user to read all resources but not modify them. Which role should you assign?
A. Contributor
B. Owner
C. Reader
D. Administrator
Answer: C
Rationale:
The Reader role provides read-only access to resources without allowing modifications.
Q13
You need to store unstructured data such as images and videos. Which storage type should you use?
A. Table storage
B. Blob storage
C. Queue storage
D. File storage
Answer: B
Rationale:
Blob storage is optimized for storing large amounts of unstructured data like images, videos, and documents.
Q14
You want to ensure high availability for virtual machines within a region. What should you use?
A. Availability Set
B. Availability Zone
C. Load Balancer
D. Backup
Answer: B
Rationale:
Availability Zones provide physical separation across datacenters within a region, offering higher resilience than availability sets.
Q15
You need to create a private connection between Azure and on-premises networks. What should you use?
A. VNet Peering
B. VPN Gateway
C. Azure Firewall
D. Load Balancer
Answer: B
Rationale:
VPN Gateway enables secure communication between on-premises networks and Azure over the internet.
Q16
You want to automatically scale virtual machines based on demand. What should you use?
A. Azure Policy
B. Virtual Machine Scale Sets
C. Azure Advisor
D. Resource groups
Answer: B
Rationale:
VM Scale Sets allow automatic scaling of VM instances based on demand, improving performance and cost efficiency.
Q17
Which service is used to monitor logs and metrics in Azure?
A. Azure Advisor
B. Azure Monitor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Monitor collects and analyzes logs and metrics, providing insights into performance and health of resources.
Q18
You need to securely store secrets such as API keys. What should you use?
A. Azure Storage
B. Azure Key Vault
C. Azure Monitor
D. Azure SQL
Answer: B
Rationale:
Azure Key Vault securely stores secrets, keys, and certificates with controlled access.
Q19
You want to distribute incoming traffic across multiple VMs. What should you use?
A. Azure Firewall
B. Load Balancer
C. VPN Gateway
D. ExpressRoute
Answer: B
Rationale:
Azure Load Balancer distributes traffic across multiple VMs, ensuring high availability and performance.
Q20
You need to enforce tagging on all resources. What should you use?
A. Azure Monitor
B. Azure Policy
C. RBAC
D. Azure Advisor
Answer: B
Rationale:
Azure Policy can enforce tagging rules, ensuring all resources include required metadata for governance and cost management.
Q21
You need to ensure that a user can create virtual machines but cannot delete them. What should you do?
A. Assign Contributor role
B. Assign Owner role
C. Assign custom RBAC role
D. Use Azure Policy
Answer: C
Rationale:
Built-in roles like Contributor allow deletion. To restrict deletion while allowing creation, you must create a custom RBAC role with specific permissions, ensuring least privilege access.
Q22
You want to allow access to a storage account from a specific virtual network only. What should you configure?
A. RBAC
B. Private endpoint
C. SAS token
D. Public access
Answer: B
Rationale:
Private endpoints allow secure access to storage accounts from a specific VNet, keeping traffic within Azure and avoiding exposure to the public internet.
Q23
You need to ensure that a VM is automatically backed up daily. What should you use?
A. Azure Monitor
B. Azure Backup
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Azure Backup provides automated backup scheduling for virtual machines, ensuring data protection and recovery.
Q24
You want to monitor network traffic between VMs. Which tool should you use?
A. Azure Advisor
B. Network Watcher
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Network Watcher provides tools for monitoring and diagnosing network traffic, including connection monitoring and packet capture.
Q25
You need to ensure high availability for an application across regions. What should you use?
A. Availability Set
B. Availability Zone
C. Traffic Manager
D. Load Balancer
Answer: C
Rationale:
Traffic Manager distributes traffic across multiple regions, ensuring global availability and failover capabilities.
Q26
Which service helps you analyze security threats in Azure?
A. Azure Monitor
B. Microsoft Defender for Cloud
C. Azure Policy
D. Azure Advisor
Answer: B
Rationale:
Microsoft Defender for Cloud provides security posture management and threat protection across Azure resources.
Q27
You want to restrict users from creating resources without tags. What should you use?
A. RBAC
B. Azure Policy
C. Azure Monitor
D. Azure Advisor
Answer: B
Rationale:
Azure Policy can enforce rules such as requiring tags during resource creation, ensuring governance compliance.
Q28
You need to assign permissions at the subscription level. What should you use?
A. Resource group
B. Management group
C. RBAC role assignment
D. Azure Policy
Answer: C
Rationale:
RBAC role assignments can be applied at subscription scope to control access across all resources within that subscription.
Q29
You want to ensure that storage data is encrypted at rest. What should you use?
A. Azure Monitor
B. Storage Service Encryption
C. Azure Policy
D. Azure Advisor
Answer: B
Rationale:
Azure Storage Service Encryption automatically encrypts data at rest using Microsoft-managed or customer-managed keys.
Q30
You need to connect Azure to on-premises with a private, dedicated connection. What should you use?
A. VPN Gateway
B. ExpressRoute
C. VNet Peering
D. Load Balancer
Answer: B
Rationale:
ExpressRoute provides a private, dedicated connection between on-premises infrastructure and Azure, offering higher reliability and security than VPN.
Q31
You want to limit the number of VM instances deployed. What should you use?
A. Azure Policy
B. Azure Monitor
C. Azure Advisor
D. Resource lock
Answer: A
Rationale:
Azure Policy can enforce limits on resource deployment, such as restricting the number or type of VMs.
Q32
Which service provides centralized logging for Azure resources?
A. Azure Advisor
B. Azure Monitor Logs
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Monitor Logs (Log Analytics) provides centralized logging and querying capabilities for Azure resources.
Q33
You need to share access to a blob for a limited time. What should you use?
A. RBAC
B. SAS token
C. Private endpoint
D. Access key
Answer: B
Rationale:
SAS tokens provide temporary, secure access to storage resources without exposing account keys.
Q34
You want to ensure that only HTTPS traffic is allowed to a web app. What should you configure?
A. Azure Policy
B. App Service settings
C. Network Security Group
D. Load Balancer
Answer: B
Rationale:
App Service settings allow you to enforce HTTPS-only traffic, ensuring secure communication.
Q35
You need to monitor application performance and user behavior. What should you use?
A. Azure Monitor
B. Application Insights
C. Azure Policy
D. Azure Advisor
Answer: B
Rationale:
Application Insights provides detailed telemetry, performance monitoring, and user behavior tracking for applications.
Q36
You want to control inbound traffic to a subnet. What should you use?
A. Azure Firewall
B. Network Security Group
C. Load Balancer
D. Traffic Manager
Answer: B
Rationale:
Network Security Groups control inbound and outbound traffic at subnet or NIC level using rules.
Q37
You need to replicate data across regions for disaster recovery. What should you use?
A. LRS
B. ZRS
C. GRS
D. Premium storage
Answer: C
Rationale:
Geo-Redundant Storage replicates data to a secondary region, ensuring disaster recovery capability.
Q38
You want to prevent modification of a resource. What should you use?
A. RBAC
B. Resource lock (Read-only)
C. Azure Policy
D. Azure Monitor
Answer: B
Rationale:
A read-only lock prevents any modifications to a resource, even by authorized users.
Q39
You need to automatically deploy resources using templates. What should you use?
A. Azure CLI
B. ARM templates
C. Azure Monitor
D. Azure Policy
Answer: B
Rationale:
ARM templates enable infrastructure-as-code deployments, ensuring consistent and repeatable resource provisioning.
Q40
You want to analyze costs and optimize spending in Azure. What should you use?
A. Azure Monitor
B. Azure Cost Management
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Cost Management provides insights into usage and spending, helping optimize costs and budgets.
Q41
You need to ensure that virtual machines are deployed only with approved sizes. What should you use?
A. Azure Monitor
B. Azure Policy
C. RBAC
D. Resource locks
Answer: B
Rationale:
Azure Policy can enforce rules such as restricting allowed VM SKUs. This ensures compliance with organizational standards and prevents deployment of unauthorized VM sizes.
Q42
You want to allow users to access a storage account securely over the internet using temporary credentials. What should you use?
A. Access keys
B. SAS token
C. Private endpoint
D. RBAC
Answer: B
Rationale:
SAS tokens provide time-limited, secure access without exposing account keys, making them ideal for temporary external access.
Q43
You need to monitor the health and performance of Azure resources in real time. What should you use?
A. Azure Advisor
B. Azure Monitor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Monitor collects metrics and logs, providing real-time insights into performance and health of resources.
Q44
You want to distribute traffic across multiple regions for high availability. What should you use?
A. Load Balancer
B. Traffic Manager
C. Application Gateway
D. NSG
Answer: B
Rationale:
Traffic Manager distributes traffic globally across regions using DNS-based routing, ensuring high availability and failover.
Q45
You need to ensure that a user can only view resources in a subscription. Which role should you assign?
A. Owner
B. Contributor
C. Reader
D. Administrator
Answer: C
Rationale:
The Reader role provides read-only access, allowing users to view resources without making changes.
Q46
You want to securely connect Azure resources to a storage account without using public endpoints. What should you use?
A. SAS token
B. Private endpoint
C. RBAC
D. Access key
Answer: B
Rationale:
Private endpoints allow secure communication over a private network, eliminating exposure to the public internet.
Q47
You need to automate VM start and stop schedules. What should you use?
A. Azure Policy
B. Azure Automation
C. Azure Advisor
D. Azure Monitor
Answer: B
Rationale:
Azure Automation allows scheduling tasks like starting and stopping VMs using runbooks, helping optimize costs.
Q48
Which service helps you identify unused resources and reduce costs?
A. Azure Monitor
B. Azure Advisor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Advisor provides recommendations for cost optimization, including identifying idle or underutilized resources.
Q49
You want to restrict inbound traffic to a VM based on port numbers. What should you use?
A. Load Balancer
B. NSG
C. Azure Firewall
D. Traffic Manager
Answer: B
Rationale:
Network Security Groups allow you to define inbound and outbound rules based on ports, IP addresses, and protocols.
Q50
You need to ensure that data in transit is encrypted. What should you use?
A. Azure Policy
B. HTTPS/TLS
C. RBAC
D. Azure Monitor
Answer: B
Rationale:
HTTPS/TLS encrypts data in transit, ensuring secure communication between clients and Azure services.
Q51
You want to group resources for lifecycle management. What should you use?
A. Subscription
B. Resource group
C. Management group
D. Azure Policy
Answer: B
Rationale:
Resource groups allow you to manage related resources together, including deployment, updates, and deletion.
Q52
You need to assign access to multiple subscriptions centrally. What should you use?
A. Resource groups
B. Management groups
C. Azure Policy
D. NSG
Answer: B
Rationale:
Management groups provide hierarchical organization for multiple subscriptions, enabling centralized governance.
Q53
You want to deploy infrastructure using code. What should you use?
A. Azure Monitor
B. ARM templates
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
ARM templates enable infrastructure-as-code deployments, ensuring consistent and repeatable provisioning.
Q54
Which service helps protect against DDoS attacks?
A. NSG
B. Azure Firewall
C. Azure DDoS Protection
D. Load Balancer
Answer: C
Rationale:
Azure DDoS Protection safeguards applications from distributed denial-of-service attacks, ensuring availability.
Q55
You need to monitor application performance and detect failures. What should you use?
A. Azure Monitor
B. Application Insights
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Application Insights provides detailed telemetry, performance metrics, and failure detection for applications.
Q56
You want to ensure compliance with naming conventions for resources. What should you use?
A. RBAC
B. Azure Policy
C. Azure Monitor
D. Azure Advisor
Answer: B
Rationale:
Azure Policy can enforce naming conventions, ensuring resources follow organizational standards.
Q57
You need to create a secure connection between two VNets in different regions. What should you use?
A. VNet Peering (global)
B. Load Balancer
C. NSG
D. Azure Firewall
Answer: A
Rationale:
Global VNet peering allows secure, low-latency communication between VNets across regions.
Q58
You want to track user activity and changes in Azure resources. What should you use?
A. Azure Monitor
B. Activity Log
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
The Activity Log records all management operations, providing an audit trail of user actions.
Q59
You need to ensure that virtual machines are protected from accidental deletion. What should you use?
A. Azure Policy
B. Resource lock (Delete lock)
C. RBAC
D. Azure Monitor
Answer: B
Rationale:
A delete lock prevents resources from being deleted, even by authorized users.
Q60
You want to automatically scale applications based on CPU usage. What should you use?
A. Azure Policy
B. VM Scale Sets
C. Azure Advisor
D. Resource groups
Answer: B
Rationale:
VM Scale Sets allow automatic scaling based on metrics like CPU usage, ensuring performance and cost efficiency.
Q61
You need to ensure that all virtual machines have antivirus protection enabled automatically. What should you use?
A. Azure Monitor
B. Azure Policy
C. RBAC
D. Azure Advisor
Answer: B
Rationale:
Azure Policy can enforce configuration settings such as requiring specific extensions (e.g., antivirus agents) on VMs, ensuring compliance automatically.
Q62
You want to securely connect an Azure VM to an on-premises network using the internet. What should you use?
A. ExpressRoute
B. VPN Gateway
C. VNet Peering
D. Load Balancer
Answer: B
Rationale:
VPN Gateway provides secure site-to-site or point-to-site connectivity over the internet, unlike ExpressRoute which uses a private connection.
Q63
You need to store frequently accessed data with low latency. Which storage tier should you choose?
A. Archive
B. Cool
C. Hot
D. Premium
Answer: C
Rationale:
The Hot tier is optimized for frequently accessed data with low latency. Cool and Archive tiers are for infrequent access.
Q64
You want to allow access to a VM only through a secure jump server. What should you implement?
A. Load Balancer
B. Bastion Host
C. NSG
D. VPN Gateway
Answer: B
Rationale:
Azure Bastion provides secure RDP/SSH access to VMs without exposing them to the public internet, acting as a jump server.
Q65
You need to ensure that only encrypted connections are allowed to a storage account. What should you configure?
A. Azure Policy
B. Secure transfer required
C. RBAC
D. SAS
Answer: B
Rationale:
Enabling “Secure transfer required” enforces HTTPS connections, ensuring data in transit is encrypted.
Q66
You want to analyze logs for troubleshooting issues in Azure resources. What should you use?
A. Azure Advisor
B. Log Analytics
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Log Analytics allows querying and analyzing logs collected from Azure resources for troubleshooting and monitoring.
Q67
You need to assign permissions to multiple users at once. What should you use?
A. RBAC groups (Azure AD groups)
B. Resource groups
C. Azure Policy
D. Management groups
Answer: A
Rationale:
Assigning roles to Azure AD groups allows managing permissions for multiple users efficiently instead of assigning roles individually.
Q68
You want to ensure that traffic to a web application is distributed evenly across instances. What should you use?
A. Traffic Manager
B. Load Balancer
C. NSG
D. Azure Firewall
Answer: B
Rationale:
Azure Load Balancer distributes incoming traffic across multiple backend instances to ensure high availability.
Q69
You need to ensure data is replicated within a region across multiple availability zones. What should you use?
A. LRS
B. GRS
C. ZRS
D. RA-GRS
Answer: C
Rationale:
Zone-Redundant Storage replicates data across availability zones within a region, providing high resilience.
Q70
You want to track configuration changes in Azure resources. What should you use?
A. Azure Monitor
B. Activity Log
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
The Activity Log tracks all management operations and configuration changes within Azure.
Q71
You need to deploy resources repeatedly with the same configuration. What should you use?
A. Azure Monitor
B. ARM templates
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
ARM templates allow consistent and repeatable deployments using infrastructure as code.
Q72
You want to restrict outbound traffic from a subnet. What should you use?
A. NSG
B. Load Balancer
C. Traffic Manager
D. Azure Monitor
Answer: A
Rationale:
NSGs control both inbound and outbound traffic at subnet or NIC level.
Q73
You need to protect secrets such as connection strings. What should you use?
A. Azure Storage
B. Azure Key Vault
C. Azure Monitor
D. Azure SQL
Answer: B
Rationale:
Azure Key Vault securely stores secrets, keys, and certificates with controlled access.
Q74
You want to automatically scale a web application based on demand. What should you use?
A. Azure Policy
B. App Service autoscale
C. Azure Advisor
D. Resource groups
Answer: B
Rationale:
App Service autoscale allows scaling web apps automatically based on metrics like CPU or request count.
Q75
You need to connect two VNets using private IP addresses. What should you use?
A. VPN Gateway
B. VNet Peering
C. ExpressRoute
D. Load Balancer
Answer: B
Rationale:
VNet peering connects VNets using private IP addresses with low latency and high performance.
Q76
You want to analyze costs by department using tags. What should you use?
A. Azure Monitor
B. Azure Cost Management
C. Azure Policy
D. Azure Advisor
Answer: B
Rationale:
Azure Cost Management allows cost analysis using tags, helping track spending by department or project.
Q77
You need to prevent changes to a critical resource but allow it to be viewed. What should you use?
A. RBAC
B. Read-only lock
C. Azure Policy
D. Azure Monitor
Answer: B
Rationale:
A read-only lock prevents modifications while still allowing users to view the resource.
Q78
You want to filter and query logs using a powerful query language. What should you use?
A. Azure Monitor
B. Log Analytics (KQL)
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Log Analytics uses Kusto Query Language (KQL) to analyze and query logs efficiently.
Q79
You need to ensure secure inbound access to a web app using Layer 7 routing. What should you use?
A. Load Balancer
B. Application Gateway
C. Traffic Manager
D. NSG
Answer: B
Rationale:
Application Gateway provides Layer 7 load balancing with features like SSL termination and URL-based routing.
Q80
You want to receive alerts when a resource exceeds a usage threshold. What should you use?
A. Azure Advisor
B. Azure Monitor alerts
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Monitor alerts notify you when metrics exceed defined thresholds, enabling proactive monitoring.
Q81
You need to ensure that a VM can communicate securely with a storage account without using public internet. What should you configure?
A. Service endpoint
B. Private endpoint
C. SAS token
D. RBAC
Answer: B
Rationale:
Private endpoints provide secure, private connectivity to Azure services using private IPs within a VNet, eliminating exposure to the public internet.
Q82
You want to enforce that all resources must have a specific tag before deployment. What should you use?
A. Azure Monitor
B. Azure Policy
C. Azure Advisor
D. RBAC
Answer: B
Rationale:
Azure Policy can enforce tagging requirements during resource creation, ensuring compliance with organizational standards.
Q83
You need to provide temporary access to a storage container for external users. What should you use?
A. Access keys
B. SAS token
C. RBAC
D. Private endpoint
Answer: B
Rationale:
SAS tokens provide time-limited, secure access to storage resources without exposing account keys.
Q84
You want to monitor application response times and failures. What should you use?
A. Azure Monitor
B. Application Insights
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Application Insights provides deep application performance monitoring, including response times, failures, and user interactions.
Q85
You need to distribute traffic across multiple web servers within a region. What should you use?
A. Traffic Manager
B. Load Balancer
C. Application Gateway
D. Azure Firewall
Answer: B
Rationale:
Azure Load Balancer distributes traffic across multiple VMs within a region, ensuring high availability.
Q86
You want to ensure that a resource cannot be deleted or modified. What should you use?
A. RBAC
B. Azure Policy
C. Read-only lock
D. Azure Monitor
Answer: C
Rationale:
A read-only lock prevents both deletion and modification of resources, protecting critical assets.
Q87
You need to analyze logs from multiple Azure resources in one place. What should you use?
A. Azure Advisor
B. Log Analytics workspace
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Log Analytics centralizes logs and allows querying across multiple resources using KQL.
Q88
You want to ensure that virtual machines are deployed only in a specific region. What should you use?
A. Azure Monitor
B. Azure Policy
C. RBAC
D. Resource locks
Answer: B
Rationale:
Azure Policy can restrict resource deployment to specific regions, ensuring compliance.
Q89
You need to connect Azure to on-premises using a private connection with high bandwidth. What should you use?
A. VPN Gateway
B. ExpressRoute
C. VNet Peering
D. Load Balancer
Answer: B
Rationale:
ExpressRoute provides a dedicated private connection with higher bandwidth and reliability than VPN.
Q90
You want to automatically scale VM instances based on CPU usage. What should you use?
A. Azure Policy
B. VM Scale Sets
C. Azure Advisor
D. Resource groups
Answer: B
Rationale:
VM Scale Sets allow automatic scaling based on metrics such as CPU usage, ensuring performance and cost efficiency.
Q91
You need to restrict inbound traffic to specific IP addresses. What should you use?
A. Azure Firewall
B. NSG rules
C. Load Balancer
D. Traffic Manager
Answer: B
Rationale:
NSG rules allow filtering traffic based on IP addresses, ports, and protocols.
Q92
You want to protect your Azure environment from threats and vulnerabilities. What should you use?
A. Azure Monitor
B. Microsoft Defender for Cloud
C. Azure Policy
D. Azure Advisor
Answer: B
Rationale:
Microsoft Defender for Cloud provides security monitoring, threat detection, and recommendations.
Q93
You need to replicate storage data to another region with read access. What should you use?
A. LRS
B. ZRS
C. GRS
D. RA-GRS
Answer: D
Rationale:
RA-GRS provides geo-redundant storage with read access to the secondary region.
Q94
You want to ensure secure RDP access without exposing ports to the internet. What should you use?
A. NSG
B. Azure Bastion
C. Load Balancer
D. VPN Gateway
Answer: B
Rationale:
Azure Bastion provides secure RDP/SSH access via the Azure portal without public exposure.
Q95
You need to automate deployment of infrastructure across environments. What should you use?
A. Azure Monitor
B. ARM templates
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
ARM templates enable consistent infrastructure deployment using code.
Q96
You want to enforce encryption at rest for all storage accounts. What should you use?
A. Azure Monitor
B. Azure Policy
C. Azure Advisor
D. RBAC
Answer: B
Rationale:
Azure Policy can enforce encryption settings across storage accounts to ensure compliance.
Q97
You need to analyze costs and set budgets. What should you use?
A. Azure Monitor
B. Azure Cost Management
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Cost Management provides cost analysis, budgeting, and spending insights.
Q98
You want to route traffic based on URL paths. What should you use?
A. Load Balancer
B. Application Gateway
C. Traffic Manager
D. NSG
Answer: B
Rationale:
Application Gateway supports Layer 7 routing, including URL-based routing.
Q99
You need to audit all actions performed on Azure resources. What should you use?
A. Azure Monitor
B. Activity Log
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Activity Log records all management operations, providing an audit trail.
Q100
You want to ensure that only specific VM images can be deployed. What should you use?
A. Azure Monitor
B. Azure Policy
C. RBAC
D. Resource locks
Answer: B
Rationale:
Azure Policy can restrict allowed VM images, ensuring compliance with approved standards.
Q101
You need to ensure that only HTTPS traffic is allowed to a storage account. What should you configure?
A. Azure Policy
B. Secure transfer required
C. NSG rules
D. RBAC
Answer: B
Rationale:
Enabling Secure transfer required forces all connections to use HTTPS, ensuring encryption in transit. NSGs do not directly control storage endpoints.
Q102
You want to allow a VM to access a storage account without using keys. What should you use?
A. SAS token
B. Managed Identity
C. Access keys
D. Private endpoint
Answer: B
Rationale:
Managed Identity allows secure, credential-free authentication to Azure services using Azure AD, avoiding the need to store keys.
Q103
You need to monitor CPU usage trends over time for a VM. What should you use?
A. Azure Advisor
B. Azure Monitor metrics
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Monitor metrics provide time-series data for performance metrics like CPU usage, enabling trend analysis.
Q104
You want to route traffic to the closest regional endpoint. What should you use?
A. Load Balancer
B. Traffic Manager (Performance routing)
C. NSG
D. Azure Firewall
Answer: B
Rationale:
Traffic Manager performance routing directs users to the nearest endpoint based on latency, improving user experience.
Q105
You need to enforce that all VMs use managed disks. What should you use?
A. Azure Monitor
B. Azure Policy
C. RBAC
D. Resource locks
Answer: B
Rationale:
Azure Policy can enforce rules such as requiring managed disks, ensuring compliance with best practices.
Q106
You want to provide secure, temporary access to a specific blob. What should you use?
A. Access key
B. SAS token
C. RBAC
D. Private endpoint
Answer: B
Rationale:
SAS tokens provide time-limited access to specific resources without exposing account keys.
Q107
You need to monitor network connectivity between two VMs. What should you use?
A. Azure Advisor
B. Network Watcher connection monitor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Connection Monitor in Network Watcher helps test and monitor connectivity between resources.
Q108
You want to ensure that all resources are deployed with encryption enabled. What should you use?
A. RBAC
B. Azure Policy
C. Azure Monitor
D. Azure Advisor
Answer: B
Rationale:
Azure Policy can enforce encryption requirements across resources to ensure compliance.
Q109
You need to restrict access to a VM based on IP address. What should you configure?
A. Load Balancer
B. NSG rules
C. Traffic Manager
D. Azure Policy
Answer: B
Rationale:
NSGs allow filtering inbound and outbound traffic based on IP addresses and ports.
Q110
You want to ensure high availability for VMs within a region. What should you use?
A. Traffic Manager
B. Availability Zones
C. ExpressRoute
D. Azure Firewall
Answer: B
Rationale:
Availability Zones provide physical separation within a region, ensuring high availability.
Q111
You need to automatically apply tags to resources during deployment. What should you use?
A. Azure Monitor
B. Azure Policy
C. Azure Advisor
D. RBAC
Answer: B
Rationale:
Azure Policy can append or enforce tags during resource creation.
Q112
You want to analyze logs using queries. What should you use?
A. Azure Monitor
B. Log Analytics (KQL)
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Log Analytics uses KQL for querying and analyzing logs across resources.
Q113
You need to connect two VNets securely across regions. What should you use?
A. VNet Peering (global)
B. Load Balancer
C. NSG
D. Azure Firewall
Answer: A
Rationale:
Global VNet peering allows secure, low-latency communication between VNets across regions.
Q114
You want to ensure that a resource cannot be deleted accidentally. What should you use?
A. RBAC
B. Delete lock
C. Azure Policy
D. Azure Monitor
Answer: B
Rationale:
A delete lock prevents accidental deletion of resources.
Q115
You need to track changes made to Azure resources. What should you use?
A. Azure Monitor
B. Activity Log
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Activity Log records all management operations, providing an audit trail.
Q116
You want to distribute traffic based on URL paths. What should you use?
A. Load Balancer
B. Application Gateway
C. Traffic Manager
D. NSG
Answer: B
Rationale:
Application Gateway supports Layer 7 routing, including URL-based routing.
Q117
You need to securely store certificates and secrets. What should you use?
A. Azure Storage
B. Azure Key Vault
C. Azure Monitor
D. Azure SQL
Answer: B
Rationale:
Azure Key Vault securely stores secrets, keys, and certificates with controlled access.
Q118
You want to ensure automatic scaling of VMs based on demand. What should you use?
A. Azure Policy
B. VM Scale Sets
C. Azure Advisor
D. Resource groups
Answer: B
Rationale:
VM Scale Sets automatically scale VM instances based on metrics like CPU usage.
Q119
You need to optimize costs by identifying unused resources. What should you use?
A. Azure Monitor
B. Azure Advisor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Advisor provides recommendations for cost optimization, including identifying unused resources.
Q120
You want to enforce compliance across multiple subscriptions. What should you use?
A. Resource groups
B. Management groups + Azure Policy
C. RBAC
D. Azure Monitor
Answer: B
Rationale:
Management groups combined with Azure Policy allow centralized governance across multiple subscriptions.
Q121
You need to allow a VM to access Azure Storage securely without exposing credentials. What should you use?
A. Access keys
B. SAS token
C. Managed Identity
D. Private endpoint
Answer: C
Rationale:
Managed Identity enables secure, credential-free authentication using Azure AD. It avoids storing secrets and is the recommended approach for service-to-service access.
Q122
You want to ensure that all newly created storage accounts block public access. What should you use?
A. Azure Monitor
B. Azure Policy
C. Azure Advisor
D. RBAC
Answer: B
Rationale:
Azure Policy can enforce rules such as disabling public access for storage accounts at creation time.
Q123
You need to analyze network security rules affecting a VM. What should you use?
A. Azure Advisor
B. Network Watcher IP Flow Verify
C. Azure Policy
D. Azure Monitor
Answer: B
Rationale:
IP Flow Verify helps determine whether a packet is allowed or denied based on NSG rules.
Q124
You want to ensure that resources cannot be modified but can still be deleted. What should you use?
A. Read-only lock
B. Delete lock
C. RBAC
D. Azure Policy
Answer: B
Rationale:
A delete lock prevents deletion but allows modifications, unlike a read-only lock which blocks both.
Q125
You need to provide secure remote access to VMs without opening RDP/SSH ports. What should you use?
A. VPN Gateway
B. Azure Bastion
C. NSG
D. Load Balancer
Answer: B
Rationale:
Azure Bastion provides secure RDP/SSH access through the Azure portal without exposing ports to the internet.
Q126
You want to route traffic to the healthiest endpoint. What should you use?
A. Load Balancer
B. Traffic Manager (Priority routing)
C. NSG
D. Azure Firewall
Answer: B
Rationale:
Priority routing directs traffic to the primary endpoint and fails over to secondary if it becomes unavailable.
Q127
You need to store rarely accessed data at the lowest cost. Which tier should you choose?
A. Hot
B. Cool
C. Archive
D. Premium
Answer: C
Rationale:
Archive tier offers the lowest cost for data that is rarely accessed but has higher retrieval latency.
Q128
You want to monitor resource usage and create dashboards. What should you use?
A. Azure Monitor + Workbooks
B. Azure Policy
C. Azure Advisor
D. RBAC
Answer: A
Rationale:
Azure Monitor Workbooks allow visualization of metrics and logs through customizable dashboards.
Q129
You need to enforce naming conventions for resources. What should you use?
A. Azure Monitor
B. Azure Policy
C. Azure Advisor
D. Resource groups
Answer: B
Rationale:
Azure Policy can enforce naming standards during resource creation.
Q130
You want to secure inbound web traffic using a web application firewall. What should you use?
A. Load Balancer
B. Application Gateway (WAF)
C. NSG
D. Traffic Manager
Answer: B
Rationale:
Application Gateway with WAF provides Layer 7 protection against web-based attacks.
Q131
You need to grant access to resources across multiple subscriptions. What should you use?
A. Resource groups
B. Management groups
C. Azure Policy
D. NSG
Answer: B
Rationale:
Management groups allow centralized access control and policy enforcement across subscriptions.
Q132
You want to monitor changes in resource configurations over time. What should you use?
A. Azure Monitor
B. Activity Log
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
Activity Log tracks all changes and operations performed on Azure resources.
Q133
You need to connect Azure to on-premises using encrypted internet connection. What should you use?
A. ExpressRoute
B. VPN Gateway
C. VNet Peering
D. Load Balancer
Answer: B
Rationale:
VPN Gateway provides encrypted connectivity over the internet between on-premises and Azure.
Q134
You want to ensure that only specific users can manage resources. What should you use?
A. Azure Policy
B. RBAC
C. Azure Monitor
D. Azure Advisor
Answer: B
Rationale:
RBAC controls access by assigning roles to users, ensuring proper permissions.
Q135
You need to replicate data within a region for high availability. What should you use?
A. LRS
B. ZRS
C. GRS
D. RA-GRS
Answer: B
Rationale:
ZRS replicates data across availability zones within a region, providing high availability.
Q136
You want to automatically shut down VMs during non-business hours. What should you use?
A. Azure Policy
B. Azure Automation
C. Azure Advisor
D. Azure Monitor
Answer: B
Rationale:
Azure Automation allows scheduling tasks like VM shutdown to reduce costs.
Q137
You need to distribute traffic based on geographic location. What should you use?
A. Load Balancer
B. Traffic Manager (Geographic routing)
C. NSG
D. Azure Firewall
Answer: B
Rationale:
Geographic routing directs users to endpoints based on their location.
Q138
You want to ensure that logs are retained for compliance. What should you configure?
A. Azure Policy
B. Log retention settings
C. Azure Advisor
D. RBAC
Answer: B
Rationale:
Log retention settings in Azure Monitor define how long logs are stored for compliance.
Q139
You need to analyze VM performance metrics and set alerts. What should you use?
A. Azure Advisor
B. Azure Monitor
C. Azure Policy
D. Azure DevOps
Answer: B
Rationale:
Azure Monitor collects metrics and allows creating alerts based on thresholds.
Q140
You want to ensure consistent deployment across environments. What should you use?
A. Azure Monitor
B. ARM templates
C. Azure Advisor
D. Azure Policy
Answer: B
Rationale:
ARM templates ensure consistent and repeatable infrastructure deployment using code.
Frequently Asked Questions
How accurate is this Microsoft AZ-104 & Study Guides practice test compared to the real exam?
Yes, this practice test is designed to reflect real exam patterns, structure, and difficulty level to help you prepare effectively.
How should I prepare using this Microsoft AZ-104 & Study Guides practice test?
Take the test in a timed setting, review your answers carefully, and focus on improving weak areas after each attempt.
Is it helpful to repeat this Microsoft AZ-104 & Study Guides practice test?
Yes, repeating the test helps reinforce concepts, improve accuracy, and build confidence for the actual exam.
Who should use this Microsoft AZ-104 & Study Guides practice test?
This practice test is suitable for both beginners and retakers who want to improve their understanding and performance.