00:20:00

Microsoft Azure Administrator Associate Practice Test (AZ-104)

Use the form below to configure your Microsoft Azure Administrator Associate Practice Test (AZ-104). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for Microsoft Azure Administrator Associate AZ-104
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

Microsoft Azure Administrator Associate AZ-104 Information

As a candidate for this certification, you should have subject matter expertise in implementing, managing, and monitoring an organization’s Azure environment, including:

  • Virtual networks
  • Storage
  • Compute
  • Identity
  • Security
  • Governance

As an Azure administrator, you often serve as part of a larger team dedicated to implementing an organization's cloud infrastructure. You also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.

You should be familiar with:

  • Operating systems
  • Networking
  • Servers
  • Virtualization

In addition, you should have experience with:

  • PowerShell
  • Azure CLI
  • The Azure portal
  • Azure Resource Manager templates
  • Microsoft Entra ID

Skills measured

  • Manage Azure identities and governance
  • Implement and manage storage
  • Deploy and manage Azure compute resources
  • Implement and manage virtual networking
  • Monitor and maintain Azure resources

Free Microsoft Azure Administrator Associate AZ-104 Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 20
  • Time: Unlimited
  • Included Topics:
    Manage Azure identities and governance
    Implement and manage storage
    Deploy and manage Azure compute resources
    Configure and manage virtual networking
    Monitor and maintain Azure resources
Question 1 of 20

You are an Azure administrator for a company that stores sensitive data in Azure Blob Storage. You want to ensure that users can access the blobs using their existing corporate credentials without managing storage account keys or shared access signatures. What should you configure to achieve this?

  • Configure Azure Entra ID authentication for the storage account.

  • Enable anonymous access on the storage account.

  • Provide users with the storage account access keys.

  • Use shared access signatures to grant access to users.

Question 2 of 20

You are an Azure administrator for your company. You have configured Azure Backup for several virtual machines. Management wants a comprehensive report on the backup status and trends over time. You need to implement a solution that provides detailed information and insights into backup jobs, alerts, and usage patterns.

Which solution should you implement to meet this requirement?

  • Implement Azure Advisor recommendations to monitor backup health.

  • Use Azure Backup reports with a Log Analytics workspace.

  • Configure Azure Monitor metrics to track backup status.

  • Create custom Power BI reports by querying Azure Backup data.

Question 3 of 20

You are an Azure administrator for your organization. A group of 100 new employees is starting next week, and you need to create user accounts for them in Azure Entra ID. What is the most efficient way to accomplish this task?

  • Request Microsoft Support to create the user accounts for you.

  • Use PowerShell to write a script that creates the user accounts one by one.

  • Use the bulk create users feature in the Azure portal to import a CSV file with the user details.

  • Use the Azure portal to create each user account individually.

Question 4 of 20

An administrator needs to enable backups for an Azure App Service web app. Which prerequisite must be met before the Backups blade in the Azure portal becomes available for the app?

  • The web app must be integrated with Azure Active Directory

  • The web app must have an SSL certificate installed

  • The web app must be running on an App Service plan in the Basic tier or higher

  • The web app must have Application Insights configured

Question 5 of 20

You are administering an Azure storage account used by several applications in your organization. For security compliance, you are required to regularly regenerate the access keys for the storage account. How can you ensure that the applications experience minimal downtime during the key regeneration process?

  • Pause the applications, regenerate the access keys, and then restart the applications.

  • Regenerate one of the access keys, and update the applications to use the regenerated key before regenerating the second key.

  • Delete and recreate the storage account to get new access keys.

  • Regenerate both access keys simultaneously to ensure security compliance.

Question 6 of 20

Your company's Azure environment includes several virtual machines that support different application workloads within the same virtual network. You need to manage network security by grouping virtual machines based on their application roles to simplify the management of inbound and outbound traffic rules. What is the best way to achieve this goal?

  • Implement Azure Firewall to control traffic to the virtual machines.

  • Assign the same network security group to all virtual machines.

  • Use application security groups to group the virtual machines and apply network security group rules to these groups.

  • Place each application workload in a separate subnet and associate a network security group with each subnet.

Question 7 of 20

You are an Azure administrator for Contoso Ltd. You have a Windows Server virtual machine named VM1 running in Azure. VM1 is backed up daily using Azure Backup with the default backup policy. VM1 experiences data corruption, and you need to restore a single file from the backup taken two days ago. What should you do first?

  • Use the Azure portal to create a snapshot of VM1 and extract the file.

  • Use Azure Storage Explorer to access the backup and retrieve the file.

  • Use Azure Backup to initiate a file recovery, which mounts the recovery point as a disk on VM1.

  • Restore the entire VM1 to a new virtual machine.

Question 8 of 20

An administrator needs to grant temporary read access to blobs in a container to clients who cannot authenticate using the storage account's keys or existing authentication mechanisms. What should they configure to achieve this?

  • Role-Based Access Control

  • Stored access policies

  • Account keys

  • Shared Access Signatures

Question 9 of 20

You need to configure replication of an Azure virtual machine to a secondary region for disaster recovery purposes. Which resource must you create first?

  • A Recovery Services vault

  • An Azure Container Registry

  • A Traffic Manager profile

  • A Network Security Group

Question 10 of 20

You are an Azure administrator for your company. The company has a critical resource group named ProdRG that contains production workloads. You need to protect resources within ProdRG from accidental deletion without restricting authorized users from modifying them as needed. What should you do?

  • Apply a Read-only lock to ProdRG.

  • Assign the Owner role to yourself on ProdRG.

  • Apply a CanNotDelete lock to ProdRG.

  • Enable soft delete on resources in ProdRG.

Question 11 of 20

You are an Azure administrator for a company developing web applications. You need to create an App Service plan for a new web application that must:

  • Automatically scale out to multiple instances based on demand
  • Support custom domains and SSL certificates
  • Provide deployment slots for testing

You want to minimize costs while meeting these requirements.

Which App Service plan tier should you select?

  • Premium (P1)

  • Shared (D1)

  • Basic (B1)

  • Standard (S1)

Question 12 of 20

You need to ensure that only certain internet-based clients can access your Azure Storage account. Which feature should you configure to achieve this?

  • Use a Network Security Group to allow incoming traffic from those clients

  • Set up a Virtual Network Service Endpoint for the storage account

  • Configure the storage account's firewall to permit access from those clients

  • Enable Azure DDoS Protection for the storage account

Question 13 of 20

You need to provide a group of users with read access to data in an Azure Storage account by using their Microsoft Entra ID credentials. Which action should you take?

  • Generate a storage account access key and share it with the users.

  • Enable the 'Allow Blob public access' setting on the storage account.

  • Create a Shared Access Signature (SAS) token and distribute it to the users.

  • Assign the 'Storage Blob Data Reader' role to the users at the storage account level.

Question 14 of 20

Your company needs to collect specific Windows event logs and performance counters from Azure virtual machines for centralized analysis. You have installed the Azure Monitor Agent on the virtual machines. What should you configure next to collect the required data?

  • Create data collection rules in Azure Monitor to specify the data to collect.

  • Configure diagnostic settings on the virtual machines to send logs.

  • Enable Boot Diagnostics on the virtual machines.

  • Install the Azure Diagnostics Agent on the virtual machines.

Question 15 of 20

An administrator at Contoso Ltd needs to allow external users to collaborate on a project with internal staff using Azure Entra ID. The external users should be able to sign in using their existing email accounts without creating new credentials. How should the administrator accomplish this?

  • Implement a custom authentication solution for guest access

  • Use Azure Entra ID B2B collaboration to invite guest users

  • Enable Azure Entra ID B2C and configure user flows for external users

  • Create new user accounts in Azure Entra ID for the external users

Question 16 of 20

You need to implement a daily backup solution for an Azure virtual machine named VM1. The solution must allow you to restore individual files from the backup as needed. What should you do?

  • Use Azure Site Recovery to replicate VM1 to another region.

  • Enable disk snapshots on VM1 and schedule daily snapshots.

  • Configure a custom script to copy VM1’s VHD files to Azure Blob storage daily.

  • Use Azure Backup to back up VM1 with a daily backup policy.

Question 17 of 20

You are an Azure administrator responsible for a hybrid cloud environment. Users in the on-premises network are experiencing intermittent connectivity issues when accessing resources in Azure. You need to monitor and diagnose these connectivity issues by analyzing communication between the on-premises network and Azure resources. Which tool should you use to achieve this?

  • Azure Log Analytics

  • Azure Monitor Metrics

  • Azure Advisor

  • Azure Network Watcher Connection Monitor

Question 18 of 20

You have an Azure Storage Account that must be accessible only from a specific subnet in your virtual network. You need to prevent internet access to the storage account and deny access from other subnets. What should you configure to meet these requirements?

  • Configure a network security group to allow traffic from the subnet to the storage account

  • Implement virtual network peering between the subnet and the storage account

  • Create a service endpoint for Azure Storage on the subnet

  • Create a private endpoint for the storage account

Question 19 of 20

Your company owns the domain 'contoso.com', which is managed as a public zone in Azure DNS. You have a web application running on an Azure Virtual Machine that is accessible via a public network address. You need to configure settings so that users on the internet can access the web application using 'app.contoso.com'. What should you do to accomplish this?

  • Create an A record in the 'contoso.com' zone mapping 'app' to the address of the virtual machine

  • Create a CNAME record in the 'contoso.com' zone pointing 'app' to the address of the virtual machine

  • Create an MX record in the 'contoso.com' zone pointing 'app' to the address of the virtual machine

  • Create an NS record in the 'contoso.com' zone for 'app' pointing to the name servers of the virtual machine

Question 20 of 20

Your company has an on-premises network connected to Azure via an ExpressRoute connection. You need to configure access from your on-premises servers to an Azure Storage Account, ensuring that the traffic uses private IP addresses and does not traverse the internet. Which Azure feature should you implement?

  • Configure a Private Endpoint for the Storage Account.

  • Enable Service Endpoint for the Storage Account.

  • Use Azure Traffic Manager to route traffic.

  • Enable Azure DDoS Protection on the Storage Account.