How to use AZ-204 flashcards effectively
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For AZ-204 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the AZ-204 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your AZ-204 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real AZ-204 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass AZ-204.
AZ-204 flashcard preview
Sample cards from the AZ-204 flashcard bank. Read the question, think of the answer, then read the explanation below.
You are implementing an Azure Durable Functions application that processes orders. The function must call three external APIs (payment gateway, inventory system, and shipping calculator) in parallel, then aggregate the results once all three have completed. Which Durable Functions pattern should you use?
Fan-out/Fan-in
The Fan-out/Fan-in pattern is designed to execute multiple functions in parallel and then aggregate results. Function chaining runs activities sequentially. Monitor pattern polls an external state. Human interaction waits for a manual action.
A company stores archival data in Azure Blob Storage. The data is accessed only a few times per year, and retrieval can take up to 15 hours. Which blob access tier minimizes storage costs while meeting these requirements?
Archive tier
The Archive tier is the most cost-effective for long-term storage with infrequent access, and allows retrieval within up to 15 hours. Hot is for frequent access, Cool for moderate access with lower cost, and Premium for low-latency scenarios.
You have multiple Azure virtual machines that need to access the same Azure Key Vault to retrieve certificates. You want to minimize administrative overhead while ensuring each VM can authenticate without managing credentials. Which identity type should you use?
User-assigned managed identity assigned to each VM
User-assigned managed identities can be shared across multiple Azure resources. You create one identity, assign it to all VMs, and grant that identity access to Key Vault once. System-assigned identities are per-resource and would require granting access for each VM individually, increasing overhead.
An e-commerce application emits a high volume of telemetry data to Azure Application Insights. You need to reduce the cost of data ingestion while preserving statistical accuracy for performance metrics. Which sampling technique should you use?
Adaptive sampling
Adaptive sampling automatically adjusts the sampling rate based on the volume of telemetry, maintaining accuracy while reducing cost. Fixed-rate sampling may over-sample during low volume or under-sample during high volume. Ingestion sampling and head-based sampling are not standard terms for Application Insights.
A retail system uses Azure Service Bus to process orders. Each order has multiple messages (e.g., payment, shipping, confirmation) that must be processed in sequence. You need to guarantee that all messages belonging to the same order are handled by the same consumer in order. Which Service Bus feature should you use?
Sessions
Service Bus sessions enable grouping of messages into a logical sequence. Messages within a session are delivered in order and processed by a single consumer. Scheduled messages are for delayed delivery. Dead-letter queue stores undeliverable messages. Auto-forwarding chains queues/topics together.
An application stores customer invoices in Azure Blob Storage. Deleted blobs must be recoverable for 14 days. What should be enabled?
Blob soft delete with a 14-day retention period
Blob soft delete protects against accidental deletion by retaining recoverable deleted blobs.
You are deploying a containerized application to Azure Container Instances. The application requires a custom domain name and SSL/TLS termination. You need to configure these features. Which resource should you create alongside the container group?
Azure Application Gateway
Azure Application Gateway provides layer-7 load balancing, SSL termination, and custom domain support. Azure Front Door is a global load balancer but not required for simple SSL termination. Azure Container Registry stores container images. Azure DNS only resolves names. Therefore, Application Gateway is the correct choice.
A developer needs to run a Kusto query against application request data to identify 95th percentile latency by operation. Where should the query be run? The architecture review board prefers a managed AWS-native control.
Logs in Application Insights or the associated Log Analytics workspace
Application Insights Logs support KQL queries over request and dependency telemetry.
You are developing a web app that authenticates users via Microsoft Entra ID. The app needs to read the user's profile and send emails on their behalf. You want to minimize user consent prompts. Which OAuth 2.0 grant type should you use?
Authorization code flow with PKCE
The Authorization Code flow with PKCE (Proof Key for Code Exchange) is the recommended grant type for web apps and single-page apps. It allows requesting delegated permissions (scopes) and supports refresh tokens, enabling the app to access resources on behalf of the user. With PKCE, consent is typically required only once per user and app combination, minimizing prompts.
You are developing an Azure Function that processes messages from an Azure Service Bus queue. The function uses a Service Bus queue trigger and runs on a Consumption Plan. The queue receives a high volume of messages in bursts. You need to ensure that the function scales out to handle the load but does not exceed 10 concurrent instances. Which configuration should you apply?
Set the 'WEBSITE_MAX_INSTANCES' application setting to 10 in the function app.
Azure Functions with Service Bus triggers have configuration options for scaling. The key property is 'maxConcurrentCalls' which controls how many messages are processed concurrently per instance. However, to limit the number of function app instances, you can set the 'WEBSITE_MAX_INSTANCES' app setting. For Service Bus triggers, you can also set 'maxMessageBatchSize' but that relates to batch processing per instance, not instance count.
You are monitoring an Azure App Service using Application Insights. You notice that the server response time is high for certain requests. You need to drill down to see which external dependencies (like databases or APIs) are causing the delay. Which Application Insights feature should you use?
Profiler
Application Insights Profiler captures detailed traces for slow requests, showing time spent in dependencies, database queries, and code. Live Metrics shows real-time data but not deep dependency analysis. Application Map provides a topology view but not granular timing. Snapshot Debugger captures exception snapshots, not dependency performance. Therefore, Profiler is the correct tool.
You are building a serverless application that needs to react to insertions and updates in an Azure Cosmos DB container. You want to process these changes using an Azure Function. Which trigger should you configure for the function?
Cosmos DB trigger
The Cosmos DB trigger binds to the change feed of a Cosmos DB container, allowing a function to react automatically to document changes. Blob trigger reacts to blob events, Event Grid for event notifications, and Service Bus for message processing.
You are building an Azure Logic App that must connect to a third-party CRM system using a custom API. The API requires an API key in the header of every request. You need to securely store the API key and reference it in the Logic App. Which approach should you use?
Store the API key in Azure Key Vault and reference it with a dynamic expression.
Azure Key Vault provides a secure store for secrets and can be referenced in Logic Apps via dynamic expressions, keeping the API key out of code and configuration files.
A developer needs to grant an Azure Function read access to secrets in Azure Key Vault without storing any credentials in the function code or configuration. Which approach should they use?
Managed identity
Managed identities for Azure resources provide an automatically managed identity in Microsoft Entra ID, allowing the function to authenticate to Key Vault without any stored credentials. Service principal with certificate still requires managing the certificate; access policy with client secret stores a secret; SAS tokens are for storage, not Key Vault.
You are building an Azure Logic App that needs to call a third-party REST API. The API requires an API key to be passed in the 'X-API-Key' header. You have stored the API key as a secret in Azure Key Vault. The Logic App uses a managed identity that has read access to the Key Vault secret. You want to retrieve the API key securely at runtime and include it in the HTTP request. Which approach should you use?
Use the 'Get secret' action from the Azure Key Vault connector, configured to authenticate with a managed identity. Then pass the output to the 'HTTP' action's header as 'X-API-Key'.
The best approach is to use the 'HTTP + Swagger' or 'HTTP' action with an authentication type? Logic Apps can use managed identity to authenticate to Azure Key Vault. You can use an 'HTTP' action to call Key Vault's REST API to get the secret, but that is complex. The simpler and recommended approach is to use the 'Azure Key Vault' connector's 'Get secret' action, which can authenticate using the managed identity. Then use that secret in the HTTP action's header. Option A describes this correctly. Option B suggests using an API connection with an API key and then referencing it, but that requires creating an API connection which may not support custom headers easily. Option C suggests storing the API key directly in the Logic App definition, which is insecure. Option D suggests using the 'HTTP' action with managed identity to call the external API directly, but the external API does not support AAD authentication.
You are building an event-driven application that needs to publish messages to multiple independent subscribers. Each subscriber must be able to filter messages based on custom properties, and each subscriber must receive all messages that match its filter, even if other subscribers have different filters. The solution must guarantee message delivery. Which Azure messaging service should you use?
Azure Service Bus Topics and Subscriptions
Azure Service Bus Topics and Subscriptions support fan-out messaging with filtering. A topic allows multiple subscriptions, each with its own filter rules (e.g., SQL filters or correlation filters). Messages are delivered to each subscription that matches. Service Bus supports at-least-once delivery. Storage Queues (A) and Event Hubs (D) do not support rich filtering on the consumer side; Event Hubs partitions messages and does not support subscription-level filtering. Queues (C) provide point-to-point messaging, not pub/sub.
You are developing a web application that relies on a third-party weather API. The API has a rate limit of 10 requests per second per API key. You need to ensure your application never exceeds this limit and also caches responses for 10 minutes to reduce call frequency. Which combination of Azure services should you implement?
Azure API Management with rate-limit and caching policies.
Azure API Management can be used as a gateway to the third-party API, where you configure rate limiting policies to enforce the 10 requests/second limit. Additionally, caching policies in API Management can store responses and serve cached copies for subsequent requests within the TTL, reducing calls to the backend.
You are developing a web API that must authenticate requests using Microsoft Entra ID (Microsoft Entra ID) and OAuth 2.0 bearer tokens. You want to validate the token in your API code. Which library should you use?
Microsoft.Identity.Web
Microsoft.Identity.Web is the recommended library for adding Microsoft Entra ID authentication to ASP.NET Core APIs. It handles token validation, policy configuration, and integration with the pipeline. MSAL is for acquiring tokens from an application. ADAL.NET is deprecated and not recommended. Azure.Identity is for credential-based authentication (e.g., to Azure resources), not for token validation.
You are using Azure Event Grid to respond to blob storage events (blob created). You need to ensure that only JPEG image files trigger a function for processing, while other files are ignored. The number of files is high, and you want to minimize cost and latency. How should you filter events?
Configure Advanced Filters on the Event Grid subscription with a 'subjectEndsWith' condition set to '.jpg' or '.jpeg'.
Event Grid supports advanced filtering on event data properties, including subject. For blob storage events, the subject contains the blob path. You can create a filter that checks if the subject ends with '.jpg' or '.jpeg' using the 'subjectEndsWith' filter. This filtering happens at the Event Grid service before the event is delivered, reducing unnecessary invocations of the function and saving costs.
You are building a web application that allows users to upload profile pictures. The images are up to 5 MB in size and must be stored durably. The images are accessed infrequently after upload (a few times per month). You want to minimize storage costs while ensuring the data is available within seconds when requested. Which Azure Blob Storage access tier should you use for the blob container?
Cool
Data that is infrequently accessed but must be available immediately when needed (no retrieval delay) should use the Cool access tier. Archive tier has retrieval times in hours. Hot is for frequently accessed data and is more expensive. Premium is for low-latency workloads and is not cost-effective for infrequent access.
You are developing a .NET Core application that stores session state data. The data is infrequently updated but must be read quickly for every user request. You need a serverless, globally distributed storage solution with low latency reads. Which Azure storage solution should you use?
Azure Cosmos DB with SQL API
Azure Cosmos DB with SQL API provides low-latency reads, global distribution, and a serverless capacity mode, making it a great fit for session state with fast reads and rare writes. Table Storage has no latency SLA, Redis Cache is not serverless (though PaaS), and Blob Storage is not optimized for small, frequent read operations.
You are developing an ASP.NET Core application that needs to access Azure Key Vault to retrieve secrets. You have enabled a managed identity for the App Service. Which Azure SDK class should you use to authenticate to Key Vault?
DefaultAzureCredential
DefaultAzureCredential is the recommended way to authenticate because it automatically tries multiple credential sources, including ManagedIdentityCredential when running in Azure. This provides portability and simplifies code. Using a specific credential like ClientSecretCredential would require manually managing secrets.
You are building an Azure Logic App that needs to call an external HTTP API secured with OAuth 2.0 Client Credentials flow. The client ID and client secret are stored in Azure Key Vault. You need to obtain an access token and include it in the Authorization header of each request. Which combination of actions should you use within the Logic App?
Use an HTTP action with the OAuth 2.0 authentication type. Set the client secret parameter to a secure reference to the Key Vault secret.
The HTTP action in Logic Apps supports OAuth 2.0 authentication. When you configure the HTTP action, you can select 'OAuth 2.0' and specify the token endpoint, client ID, and client secret. The client secret value can be referenced securely using Key Vault references in the parameters. Logic Apps handles token acquisition and token refresh automatically. Using a separate 'HTTP' action to call the token endpoint is unnecessary and less secure.
AZ-204 flashcards by domain
The AZ-204 flashcard bank covers all 5 official blueprint domains published by Microsoft. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Develop Azure compute solutions
Develop for Azure storage
Implement Azure security
Monitor, troubleshoot, and optimize Azure solutions
Connect to and consume Azure services and third-party services
Flashcards vs practice tests: which is better for AZ-204?
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that AZ-204 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.AZ-204 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective AZ-204 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
AZ-204 flashcards — frequently asked questions
Are the AZ-204 flashcards free?
Yes — all AZ-204 flashcards on Courseiva are completely free, no account required. Every card includes the question, correct answer, and a full explanation. Create a free account to track which cards you have studied and get spaced repetition recommendations.
How many AZ-204 flashcards are on Courseiva?
Courseiva has 324+ original AZ-204 flashcards across all 5 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Microsoft exam objectives.
How are Courseiva flashcards different from Anki or Quizlet?
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official AZ-204 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Can I use AZ-204 flashcards offline?
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Track your AZ-204 flashcard progress
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included