AZ-104: Microsoft Azure Administrator Associate Practice Exam

Looking to validate your skills as a Microsoft Azure Administrator? The AZ-104: Microsoft Azure Administrator Associate certification is a globally recognized credential designed for IT professionals who manage cloud services that span storage, networking, compute, and security within Microsoft Azure. Whether you’re a system administrator, network technician, or IT support specialist transitioning to cloud-based roles, this certification provides the credibility and confidence needed to accelerate your career in cloud computing.

What is the AZ-104 Certification Exam?

The AZ-104 exam assesses your ability to implement, manage, and monitor an organization’s Microsoft Azure environment. Candidates are tested on core services, Azure governance, identity management, security, virtual networking, storage solutions, and resource optimization. Passing this exam confirms that you have the practical knowledge and skills to perform the role of an Azure Administrator in real-world scenarios.

What Will You Learn with This Practice Exam?

Our comprehensive AZ-104 practice exam is carefully designed to reflect the actual exam format, complexity, and question structure. You’ll learn how to:

Manage Azure identities and governance using Azure AD, RBAC, and policies
Implement and configure virtual networks, subnets, and VPNs
Secure Azure environments with firewalls, NSGs, and Azure Defender
Monitor resources and services using Azure Monitor and Log Analytics
Manage storage accounts, blobs, file shares, and backup solutions
Configure and manage VMs, scale sets, availability zones, and load balancing
Optimize cloud performance and manage Azure cost-effectively

Covered Topics Include:

Azure Active Directory and access control
Role-based access and policy management
Resource deployment and automation using ARM templates
Monitoring and diagnostics
Virtual networking and hybrid connectivity
Storage implementation and management
Compute resource configuration (VMs, containers)
Security, compliance, and governance
Backup, disaster recovery, and high availability

Why Choose Exam Sage for Your AZ-104 Preparation?

At ExamSage.com, we specialize in providing high-quality, exam-focused practice tests that mirror the real exam experience. Our AZ-104 practice exam includes hundreds of carefully crafted multiple-choice questions, complete with detailed explanations and rationales for each answer. The questions are updated regularly to match the latest Microsoft exam objectives and Azure platform changes.

Whether you’re preparing for your first attempt or looking to reinforce your skills before retaking the exam, Exam Sage is your trusted companion. Our practice tests are designed to boost confidence, strengthen weak areas, and ensure you walk into the real exam well-prepared.

Ready to take the next step in your cloud career? Start practicing today with Exam Sage’s AZ-104 Practice Exam and move one step closer to becoming a certified Microsoft Azure Administrator Associate.

Sample Questions and Answers

1. You are managing a resource group named “Prod-RG.” You want to prevent accidental deletion of resources within it. What should you do?

A. Apply a read-only lock to the resource group
B. Apply a delete lock to the resource group
C. Assign the Contributor role to all users
D. Remove owner permissions

Answer: B. Apply a delete lock to the resource group
Explanation: A delete lock prevents the deletion of resources in the resource group, which is exactly what’s needed to avoid accidental deletion.

2. Which Azure service helps you centrally manage and govern your environment across multiple subscriptions?

A. Azure Monitor
B. Azure Resource Manager
C. Azure Policy
D. Azure Blueprints

Answer: D. Azure Blueprints
Explanation: Azure Blueprints allow you to define a repeatable set of Azure resources and policies that implement and adhere to an organization’s standards and requirements.

3. You need to create a virtual machine (VM) with the latest OS patches installed. Which deployment option should you use?

A. Azure Resource Manager template
B. Shared Image Gallery
C. Azure Marketplace
D. Custom script extension

Answer: C. Azure Marketplace
Explanation: Azure Marketplace images are frequently updated and maintained with the latest OS patches, making them a reliable choice for up-to-date VMs.

4. You need to ensure only users from the finance department can access a specific Azure SQL Database. What’s the best approach?

A. Set up a firewall rule
B. Use SQL authentication
C. Assign RBAC roles with Azure AD groups
D. Create a login for each user

Answer: C. Assign RBAC roles with Azure AD groups
Explanation: Using Azure AD groups and role-based access control (RBAC) is the most scalable and secure way to manage access.

5. Which tool can be used to move resources from one Azure region to another?

A. Azure Migrate
B. Azure Backup
C. Azure Site Recovery
D. Azure Resource Mover

Answer: D. Azure Resource Mover
Explanation: Azure Resource Mover is a dedicated service for moving resources across Azure regions.

6. What is the primary purpose of Azure Monitor?

A. To manage VM snapshots
B. To configure RBAC
C. To collect and analyze telemetry data
D. To deploy resources

Answer: C. To collect and analyze telemetry data
Explanation: Azure Monitor collects metrics and logs, enabling visibility into the performance and health of Azure services.

7. Which Azure storage type would you use for hosting a VHD file for a VM?

A. Azure Files
B. Blob Storage (Page Blob)
C. Table Storage
D. Queue Storage

Answer: B. Blob Storage (Page Blob)
Explanation: Page blobs are optimized for random read/write operations and are used for VHDs in Azure.

8. How can you ensure that Azure VMs are shut down during off-business hours automatically?

A. Use auto-shutdown in the VM blade
B. Use Azure Monitor
C. Use Azure Security Center
D. Assign a policy

Answer: A. Use auto-shutdown in the VM blade
Explanation: Auto-shutdown can be configured directly from the VM’s settings in the Azure portal.

9. What is the default replication type for Azure Storage accounts?

A. LRS (Locally Redundant Storage)
B. ZRS (Zone Redundant Storage)
C. GRS (Geo-Redundant Storage)
D. RA-GRS (Read Access Geo-Redundant Storage)

Answer: A. LRS (Locally Redundant Storage)
Explanation: The default replication type is LRS, which replicates data within a single region.

10. You are tasked with securing network traffic to an Azure VM. What should you configure?

A. Azure DNS
B. Network Security Group
C. Azure Firewall
D. Application Gateway

Answer: B. Network Security Group
Explanation: NSGs are used to control inbound and outbound traffic at the network interface or subnet level.

11. Which feature allows automatic scaling of an application hosted on Azure App Service?

A. Load Balancer
B. App Service Plan
C. Autoscale
D. Application Gateway

Answer: C. Autoscale
Explanation: Autoscale in App Service allows dynamic adjustment of instance count based on demand.

12. How do you provide just-in-time (JIT) access to a virtual machine?

A. Through Azure Bastion
B. Using NSG
C. Via Azure Security Center
D. Via RBAC

Answer: C. Via Azure Security Center
Explanation: Just-in-time access is enabled via Security Center to reduce exposure to brute-force attacks.

13. Which Azure feature enables deployment of resources based on a template file?

A. Azure CLI
B. Azure Policy
C. ARM Template
D. Azure DevOps

Answer: C. ARM Template
Explanation: Azure Resource Manager (ARM) templates define infrastructure in a declarative JSON format.

14. Which authentication method is most secure for Azure CLI?

A. Username and Password
B. Service Principal with Secret
C. Service Principal with Certificate
D. Azure AD Token

Answer: C. Service Principal with Certificate
Explanation: Certificates offer stronger authentication and better security management than client secrets.

15. What’s the recommended solution to monitor VMs across multiple subscriptions?

A. Azure Service Health
B. Azure Monitor
C. Log Analytics Workspace
D. Azure Advisor

Answer: C. Log Analytics Workspace
Explanation: A Log Analytics Workspace can collect logs and metrics from resources across subscriptions.

16. What service provides recommendations for optimizing Azure resource configurations?

A. Azure Monitor
B. Azure Advisor
C. Azure Cost Management
D. Azure Security Center

Answer: B. Azure Advisor
Explanation: Azure Advisor offers personalized best practices across performance, security, and cost.

17. To restrict access to a storage account to specific IPs, which feature should you configure?

A. RBAC
B. NSG
C. Firewall and virtual networks
D. Private Link

Answer: C. Firewall and virtual networks
Explanation: Storage account firewalls can allow access only from specific IP addresses or VNets.

18. What does Azure Key Vault store?

A. Databases
B. Resource templates
C. Secrets, keys, and certificates
D. Virtual machines

Answer: C. Secrets, keys, and certificates
Explanation: Azure Key Vault is designed to store sensitive information securely.

19. You want to ensure compliance with regulatory standards. Which service is best?

A. Azure Sentinel
B. Azure Policy
C. Azure Monitor
D. Azure Blueprints

Answer: B. Azure Policy
Explanation: Azure Policy helps enforce rules and compliance across resources.

20. A VM has failed due to host-level issues. What feature provides high availability across datacenters?

A. Availability Set
B. Backup Vault
C. Availability Zone
D. Load Balancer

Answer: C. Availability Zone
Explanation: Availability Zones ensure VM redundancy across physically separate datacenters.

21. What tool is used to track user and administrative activity in Azure?

A. Azure Activity Log
B. Log Analytics
C. Azure Policy
D. Azure Blueprints

Answer: A. Azure Activity Log
Explanation: Activity Logs provide insight into operations and events at the subscription level.

22. You want to reduce costs by automatically stopping underutilized VMs. Which service helps?

A. Azure Advisor
B. Azure Monitor
C. Azure Migrate
D. Azure Site Recovery

Answer: A. Azure Advisor
Explanation: Advisor identifies cost-saving opportunities like shutting down low-utilization VMs.

23. What type of Azure resource is required to deploy a VM?

A. App Service Plan
B. Virtual Network
C. Management Group
D. Key Vault

Answer: B. Virtual Network
Explanation: A VNet is essential for VM communication and networking.

24. You need to ensure resources are deployed only in the “East US” region. What should you use?

A. Azure Blueprint
B. Azure Policy
C. NSG
D. Lock

Answer: B. Azure Policy
Explanation: Azure Policy can restrict resource creation to specific regions.

25. How can you enforce tagging policies for resources?

A. Azure Tags
B. Azure Monitor
C. Azure Policy
D. Azure Cost Management

Answer: C. Azure Policy
Explanation: Azure Policy can require specific tags or prevent deployment without them.

26. What provides centralized identity management across Azure services?

A. Azure Key Vault
B. Azure Active Directory
C. Azure CLI
D. Azure Resource Manager

Answer: B. Azure Active Directory
Explanation: Azure AD manages users, groups, and access to Azure resources.

27. To create a reusable set of policies and RBAC settings, what should you use?

A. Azure Blueprints
B. ARM Template
C. Azure Advisor
D. Azure Migrate

Answer: A. Azure Blueprints
Explanation: Blueprints bundle policies, role assignments, and templates into repeatable deployments.

28. What provides automated threat detection across Azure resources?

A. Azure Monitor
B. Azure Security Center
C. Azure Advisor
D. Azure Resource Graph

Answer: B. Azure Security Center
Explanation: Security Center provides threat protection and security posture management.

29. What is the primary use of Azure Bastion?

A. VPN replacement
B. Secure SSH/RDP access without public IPs
C. Web app firewall
D. Password manager

Answer: B. Secure SSH/RDP access without public IPs
Explanation: Azure Bastion provides secure and seamless RDP/SSH connectivity directly in the portal.

30. What does Azure Cost Management allow you to do?

A. Create VMs
B. Configure security alerts
C. Monitor and optimize spending
D. Create RBAC policies

Answer: C. Monitor and optimize spending
Explanation: Azure Cost Management helps track and control cloud spending efficiently.

31. You need to configure a storage account to support Azure Files with Active Directory authentication. What type of storage account should you use?

A. General-purpose v1
B. General-purpose v2
C. BlobStorage
D. BlockBlobStorage

Answer: B. General-purpose v2
Explanation: Azure Files with Active Directory (AD) authentication requires a general-purpose v2 (GPv2) storage account, which supports all advanced storage features, including integration with on-premises AD.

32. Which of the following Azure services can be used to manage security policies across multiple subscriptions?

A. Azure AD Identity Protection
B. Azure Policy
C. Azure Blueprints
D. Azure Security Center

Answer: B. Azure Policy
Explanation: Azure Policy helps enforce governance and compliance by defining policies across resources, resource groups, or subscriptions.

33. You are troubleshooting an issue where virtual machines are not able to connect to the internet. What Azure component should you inspect first?

A. NSG rules
B. VM extensions
C. Resource locks
D. Azure Monitor

Answer: A. NSG rules
Explanation: Network Security Groups (NSGs) control inbound and outbound traffic. Incorrect NSG rules can block internet access.

34. You need to grant a user the ability to start and stop virtual machines, but not delete them. What role should you assign?

A. Owner
B. Contributor
C. Virtual Machine Contributor
D. Reader

Answer: C. Virtual Machine Contributor
Explanation: This role allows a user to manage VMs but prevents deletion of resource groups or other unrelated resources.

35. Which of the following is a valid use case for Azure Bastion?

A. Deploying serverless code
B. Hosting web applications
C. Secure RDP/SSH access without public IP
D. Managing API Gateways

Answer: C. Secure RDP/SSH access without public IP
Explanation: Azure Bastion allows secure RDP and SSH access to VMs without exposing them to the public internet.

36. You want to protect Azure Storage data from accidental deletion. What feature should you use?

A. Immutable blob storage
B. Soft delete
C. Data redundancy
D. Versioning

Answer: B. Soft delete
Explanation: Soft delete for blobs and file shares enables recovery after accidental deletion by retaining deleted data for a configured retention period.

37. You are deploying an application with frequent configuration changes. What service should you use to centralize and manage these configurations?

A. Azure App Configuration
B. Azure Key Vault
C. Azure Blob Storage
D. Azure Resource Manager

Answer: A. Azure App Configuration
Explanation: Azure App Configuration is designed to manage app settings and feature flags in a centralized location.

38. A resource group is accidentally deleted. How can you protect critical resources from accidental deletion in the future?

A. Set tags
B. Apply RBAC
C. Configure alerts
D. Use resource locks

Answer: D. Use resource locks
Explanation: Resource locks (CanNotDelete or ReadOnly) prevent users from accidentally deleting or modifying critical resources.

39. Which log type in Azure Monitor tracks control plane operations like creation or deletion of resources?

A. Metric logs
B. Activity logs
C. Diagnostic logs
D. Application logs

Answer: B. Activity logs
Explanation: Activity logs capture control plane actions at the subscription level, such as resource creation or deletion.

40. You want to restrict traffic to an Azure Web App based on IP ranges. Which feature should you use?

A. Azure Policy
B. Azure Firewall
C. Access restrictions
D. NSG

Answer: C. Access restrictions
Explanation: Web Apps support built-in access restrictions that can limit access based on IP addresses.

41. How can you ensure that Azure SQL Database remains available during a regional failure?

A. Geo-replication
B. Read replicas
C. Point-in-time restore
D. Transparent Data Encryption (TDE)

Answer: A. Geo-replication
Explanation: Active geo-replication allows Azure SQL databases to be replicated across regions for high availability and disaster recovery.

42. What command-line tool allows administrators to interact with Azure resources?

A. PowerCLI
B. Azure CLI
C. kubectl
D. Bicep

Answer: B. Azure CLI
Explanation: Azure CLI is a cross-platform tool for managing Azure resources via command line.

43. What service allows you to assign conditional access policies based on risk events?

A. Azure AD B2B
B. Azure AD Identity Protection
C. Azure Security Center
D. Azure Information Protection

Answer: B. Azure AD Identity Protection
Explanation: This service detects risky behaviors and allows the configuration of conditional access policies based on the risk level.

44. A VM’s disk usage exceeds limits. What should you do to expand its storage?

A. Resize the VM
B. Attach a new NIC
C. Expand the existing disk
D. Restart the VM

Answer: C. Expand the existing disk
Explanation: Azure allows you to resize managed disks without restarting the VM, though the OS may require additional steps to recognize it.

45. You need to protect secret keys for your application. What service should you use?

A. Azure App Service
B. Azure App Configuration
C. Azure Key Vault
D. Azure Cosmos DB

Answer: C. Azure Key Vault
Explanation: Key Vault securely stores secrets, certificates, and encryption keys.

46. What feature of Azure provides just-in-time access to virtual machines?

A. Azure AD PIM
B. NSG flow logs
C. Just-In-Time VM Access
D. Azure Bastion

Answer: C. Just-In-Time VM Access
Explanation: JIT VM Access helps lock down inbound traffic to VMs, reducing exposure to attacks.

47. Which Azure service is best suited for deploying containerized applications in a managed environment?

A. Azure Web Apps
B. Azure Container Instances
C. Azure Kubernetes Service
D. Azure Functions

Answer: C. Azure Kubernetes Service
Explanation: AKS is a fully managed Kubernetes container orchestration service suitable for large-scale container deployments.

48. You are setting up a VM with managed identities to access Azure resources. What’s the benefit?

A. Requires admin credentials
B. Stores credentials in source code
C. Eliminates the need for credentials
D. Allows external authentication

Answer: C. Eliminates the need for credentials
Explanation: Managed identities allow Azure services to access resources securely without storing credentials in code.

49. Which service monitors the performance and health of applications?

A. Azure Monitor
B. Application Insights
C. Azure Advisor
D. Azure Sentinel

Answer: B. Application Insights
Explanation: Application Insights is designed for application performance management and diagnostics.

50. You want to back up virtual machines daily and retain backups for 30 days. What should you use?

A. Azure Monitor
B. Azure Site Recovery
C. Azure Backup
D. Azure Storage Account

Answer: C. Azure Backup
Explanation: Azure Backup provides simple, secure, and cost-effective backup solutions for VMs, with configurable backup schedules and retention policies.