How to use AZ-104 flashcards effectively
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For AZ-104 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the AZ-104 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your AZ-104 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real AZ-104 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass AZ-104.
AZ-104 flashcard preview
Sample cards from the AZ-104 flashcard bank. Read the question, think of the answer, then read the explanation below.
Your company has an Azure subscription named Prod-Sub. You create a custom role that allows users to restart virtual machines but not create, delete, or resize them. You need to ensure that members of the VMOperators group can use this custom role only for virtual machines in the RG-Prod resource group. What should you do?
Assign the custom role to VMOperators at the RG-Prod scope.
Azure RBAC permissions are assigned at a scope and inherited by child resources. Assigning the custom role at the RG-Prod resource group scope grants the required permissions only within that resource group. Assigning at the subscription or management group scope would grant broader access than required, while Virtual Machine Contributor would provide more permissions than necessary.
Your organization assigns an Azure Policy at the Corp-MG management group to require the tag Environment on all newly created resources. A deployment to RG-App in the Prod-Sub subscription fails because the tag is missing. You need to allow this single deployment to proceed without weakening enforcement for the rest of the organization. What should you do?
Create a policy exemption at the Prod-Sub or RG-App scope.
A policy exemption is the correct way to allow a scoped exception while preserving the existing policy assignment and enforcement elsewhere. Removing the assignment or changing the effect to Audit would weaken governance more broadly than necessary. Moving the subscription out of the management group is an excessive administrative change for a single exception.
A help desk team must be able to reset passwords for cloud users in Microsoft Entra ID, but they must not be able to create or delete users. Which built-in role should you assign?
User Administrator
User Administrator can manage user and group aspects such as password resets without the broad privileges of Global Administrator. Reader has no write permissions, and Billing Administrator is unrelated.
Your company stores departmental documents in an Azure file share. Users need to be able to recover previous versions of files that were deleted or modified accidentally. You need a solution that supports recovery at the file share level without deploying additional virtual machines. What should you configure?
Create share snapshots for the Azure file share.
Share snapshots for Azure Files provide point-in-time copies of the file share and support recovery of files and folders. Blob versioning and immutable blob storage apply to blob storage rather than Azure Files. Azure File Sync cloud tiering optimizes storage usage and caching but does not provide the required recovery mechanism by itself.
A business-critical application uses an Azure storage account. The company requires that data remain available even if an entire Azure region becomes unavailable. Which redundancy option should you choose?
GZRS
GZRS replicates data synchronously across availability zones in the primary region and asynchronously to a secondary region, giving both zonal resilience and regional disaster protection. LRS and ZRS do not provide secondary-region copies, while GRS lacks the same zonal protection in the primary region.
You need to deploy 20 identical Azure virtual machines that host the same web application. The solution must support automatic scale-out based on CPU usage and should minimize administrative overhead. What should you deploy?
A Virtual Machine Scale Set.
Virtual Machine Scale Sets are designed to deploy and manage a group of identical VMs and support autoscaling based on metrics such as CPU. Individual VMs do not provide native group autoscaling, availability sets improve fault tolerance but not scaling, and Azure Container Instances are not a drop-in replacement for managing a fleet of identical VMs in this scenario.
A virtual machine named VM-App01 hosts a critical internal application. You need to protect the VM so that it can be restored if the VM is deleted or corrupted. The solution must provide centralized backup management and retention policies. What should you use?
Azure Backup with a Recovery Services vault.
Azure Backup with a Recovery Services vault is the standard Azure-native solution for centrally protecting virtual machines with retention and restore capabilities. Managed disk snapshots are useful for point-in-time copies but are not the best centralized backup and retention solution. Azure Site Recovery is primarily for disaster recovery and replication, while boot diagnostics is used for troubleshooting startup issues.
You need to restore a deleted file from a backed-up Azure virtual machine without restoring the entire VM. Which Azure Backup capability should you use?
File Recovery
Azure Backup File Recovery allows individual files and folders to be restored from VM backups without performing a full VM restore. Cross-region restore is about region-level recovery, Site Recovery is for disaster recovery replication, and boot diagnostics is for troubleshooting startup issues.
A network team wants all routers to send log messages to a centralized server at 192.0.2.50. Which command should be added to the router configuration?
logging host 192.0.2.50
The requirement is about centralized log collection, which points directly to Syslog. In plain language, the router needs to know where to send its event messages, warnings, and errors. The `logging host 192.0.2.50` command tells the device the IP address of the remote Syslog server. Once that is in place, the router can forward log messages to that system for centralized review, alerting, and troubleshooting. The other options relate to different services. NTP is for time synchronization, SNMP is for management and monitoring, and archive is associated with configuration archiving rather than standard Syslog event delivery.
Which statement best explains the value of enabling both centralized logging and strong access controls on network devices?
Access controls reduce unauthorized use, and centralized logging improves visibility and investigation.
The value comes from combining prevention with visibility. In plain language, strong access controls help reduce the chance of unauthorized use, while centralized logging helps administrators see what is happening and investigate events later. One reduces risk directly, and the other improves detection, auditing, and response. Together, they create a stronger operational security posture than either one alone. This is a conceptual but practical question. Good security does not depend only on stopping bad actions; it also depends on being able to observe and analyze what happened. That is why the best answer emphasizes both protection and visibility.
Which statement best explains why centralized logging is valuable in security operations?
It improves visibility by collecting events from multiple devices in one place for review and investigation.
Centralized logging is valuable because it brings messages from many devices into one place for review, correlation, and investigation. In plain language, instead of checking each router, switch, firewall, or controller separately, the team can analyze events centrally and more easily see patterns or timelines across the environment. That improves visibility and response. This does not replace access control or encryption, but it complements them by improving monitoring and investigation. The correct answer is the one centered on centralized visibility.
You need to be notified whenever the average CPU usage of VM-App01 exceeds 80 percent for 10 minutes. The solution must send an email to the operations team automatically. What should you configure?
Create an Azure Monitor metric alert and link it to an action group.
An Azure Monitor metric alert can evaluate VM CPU metrics against a threshold and trigger an action group to send notifications such as email. Azure Advisor provides recommendations rather than real-time threshold alerting, activity log alerts focus on control-plane events, and a budget alert is for cost monitoring.
Your company wants to query performance and event data from multiple Azure virtual machines by using Kusto Query Language. The operations team also wants to centralize retention and analysis of this data. What should you deploy?
A Log Analytics workspace.
A Log Analytics workspace is the central data store used by Azure Monitor Logs and supports Kusto Query Language for querying collected log and performance data. Azure Advisor is not a log repository, Network Watcher focuses on network diagnostics, and an NSG is a traffic-filtering control rather than a logging analytics platform.
You need to retain Azure Firewall logs for long-term analysis in a Log Analytics workspace and also archive them in a storage account for compliance. What should you configure on the Azure Firewall resource?
Diagnostic settings
Diagnostic settings allow supported Azure resources to send logs and metrics to destinations such as Log Analytics, Event Hubs, and storage accounts. The other choices do not provide telemetry export.
You need to notify the security team whenever anyone deletes a resource group in the subscription. Which alert type should you configure?
An activity log alert
Deleting a resource group is a control-plane operation recorded in the Azure Activity Log. An activity log alert is the correct way to notify on that type of administrative event.
AZ-104 flashcards by domain
The AZ-104 flashcard bank covers all 5 official blueprint domains published by Microsoft. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Manage Azure Identities and Governance
Implement and Manage Storage
Deploy and Manage Azure Compute
Implement and Manage Virtual Networking
Monitor and Maintain Azure Resources
Flashcards vs practice tests: which is better for AZ-104?
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that AZ-104 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.AZ-104 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective AZ-104 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
AZ-104 flashcards — frequently asked questions
Are the AZ-104 flashcards free?
Yes — all AZ-104 flashcards on Courseiva are completely free, no account required. Every card includes the question, correct answer, and a full explanation. Create a free account to track which cards you have studied and get spaced repetition recommendations.
How many AZ-104 flashcards are on Courseiva?
Courseiva has 1140+ original AZ-104 flashcards across all 5 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Microsoft exam objectives.
How are Courseiva flashcards different from Anki or Quizlet?
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official AZ-104 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Can I use AZ-104 flashcards offline?
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Track your AZ-104 flashcard progress
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included