Back to AZ-104

Microsoft exam questions

AZ-104 AZ-104 practice test

Practise questions on virtualization concepts cover hypervisor types, VM resource management, and host/guest relationships for AZ-104.

1,170
practice questions
5
topics covered
AZ-104
exam code
Microsoft
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 1,170 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 1,170 AZ-104 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

16 pages · 75 questions per page · 1,170 total

Related practice questions

Study AZ-104 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

AZ-104 practice questions

Start practice test

A storage automation service principal must upload, read, and delete blob data in one container by using Microsoft Entra authentication. It must not manage storage account settings, keys, or other containers. Which approach is best?

Question 2mediummultiple choice
Review the full subnetting walkthrough →

A subnet contains several application servers. You need to allow inbound TCP 3389 only from a management subnet named Subnet-Mgmt and deny RDP from all other sources. What should you do?

A subscription admin wants to investigate who changed a resource and also review the platform-generated events for that subscription. Which two types of logs can be sent to Log Analytics and queried later? Select two.

Based on the exhibit, which Azure feature should the administrator use to track this kind of platform-wide service issue?

Exhibit

Azure portal > Service Health
Incident: Azure Virtual Machines
Region: East US
Status: Active incident
Impact: Some customers may experience failed VM start operations
Recommended action: Monitor the incident for updates and mitigation status.

An administrator wants a script running on an Azure VM to create a resource in Azure without storing any passwords or client secrets on the VM. What should the administrator configure first?

A PowerShell script runs on an Azure VM every night and uses Azure CLI commands to create tags and VM resources in another subscription. The script cannot store a password or client secret. What should it use to authenticate to Azure?

A storage account becomes unavailable because Azure has a regional platform issue. The operations team wants a notification whenever Azure marks the resource or region unhealthy, and they want to avoid continuous log ingestion just to detect the outage. What should they configure?

A support engineer must start and restart one specific virtual machine from the Azure portal, but must not be able to delete the VM, change networking, or grant access to others. Which two actions should be included in a custom role? Select two.

A storage account must stay online for applications, but administrators have a temporary freeze on configuration changes. Users can still view the account, but attempts to change the access tier, create a container, or update networking all fail. What most likely caused the behavior?

You create a private endpoint for an Azure Storage account. Virtual machines in VNet-Prod must resolve the storage account name to the private IP address of that endpoint. Which Azure feature should you configure?

A support engineer must start, stop, and restart only one virtual machine named vm-app01. The engineer should not gain permissions on any other virtual machine in the subscription. What is the best scope for the role assignment?

A team deploys a Linux VM that must read secrets from Azure Key Vault without storing any usernames, passwords, or client secrets on the VM. What should the administrator enable on the VM?

Question 13mediummultiple choice
Review the full subnetting walkthrough →

A team has Windows VMs in a subnet that need to access an Azure Storage account. The storage account should remain reachable through its public endpoint, but only traffic from that one subnet should be allowed. Which configuration best meets the requirement?

A team needs one Azure Files share that can be mounted by both Windows and Linux VMs. The VMs are joined to the same on-premises Active Directory Domain Services domain, and the security team forbids storage account keys. The team also wants to manage access with existing AD group memberships. What should the administrator configure?

A subscription already grants Contributor to an application team. The organization wants to prevent deployments in unsupported Azure regions and ensure every new resource has an Environment tag. Which two controls should be implemented with Azure Policy rather than RBAC? Select two.

A switch administrator wants log entries from multiple devices to be collected on one central server for later review. Which service should be configured?

Question 17mediummultiple choice
Read the full VPN explanation →

A hub VNet already has a VPN gateway connected to on-premises. A new spoke VNet must reach on-premises through the hub gateway and should not deploy its own gateway. What configuration should be enabled on the peering?

Question 18mediummultiple choice
Read the full VPN explanation →

An administrator is deploying a site-to-site VPN gateway in the Azure portal. The deployment fails validation because the gateway does not have a public-facing address to terminate the tunnel. What must be created and associated with the VPN gateway?

Question 19easymultiple choice
Read the full NAT/PAT explanation →

A team has an approved Windows VM that already includes their application, patches, and monitoring agent. They want future VMs to start with the same configuration. What should they use?

A team in RG-Apps must be able to start, stop, and deallocate virtual machines and read their properties. Built-in roles available to the team are broader than necessary. What should the administrator do?

A team moved blob data to the Archive tier to minimize cost. They now need to restore a few files for an audit. Which two statements are true about accessing archived blobs? Select two.

Your organization wants all subscriptions under the Corp-MG management group to inherit a policy that blocks deployment of resource types not on an approved list. Which Azure feature should you use?

A team wants every resource in a subscription to include a Department tag. New resources that do not have the tag should be blocked from being created. Which Azure Policy effect should you use?

A three-tier application uses separate web and app VMs that are scaled in and out regularly. The administrator must allow only the web tier to connect to the app tier on TCP 8080 without continually updating IP addresses. What should be configured in the NSG rule?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these AZ-104 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests understanding of hypervisors, virtual machines, resource allocation, and host vs. guest OS requirements.

Identify Type 1 vs Type 2 hypervisors and their use cases.

Understand virtual machine resource allocation (CPU, RAM, storage).

Recognize host vs. guest operating system roles.

Know virtualization security and isolation requirements.

These AZ-104 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style AZ-104 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.