Courseiva

AZ-104 · topic practice

Azure Policy practice questions

Use this page to practise AZ-104 Azure Policy practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.

20 questionsDomain: Azure Policy
Practice 10 questionsBrowse domain →

What the exam tests

What to know about Azure Policy

Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.

IaaS, PaaS and SaaS responsibilities and examples.

Public, private, hybrid and community cloud deployment models.

On-premises vs cloud trade-offs: cost, control, scalability.

How cloud connectivity options (VPN, Direct Connect, ExpressRoute) work.

Practice set

Azure Policy questions

20 questions · select your answer, then reveal the explanation

Question 1mediummatching
Full question →

A backup administrator is learning how Azure VM backup actions map to their purpose. Match each Recovery Services or backup item to the best description.

Answer choices are not available in this preview. Open the full question page for the complete review.
Full question →
Question 2mediummultiple choice
Full question →

A company creates new Azure subscriptions every month. Central IT wants all production subscriptions to inherit the same governance baseline automatically, while sandbox subscriptions remain separate. What should the administrator implement?

Full question →
Question 3hardmulti select
Full question →

A build pipeline starts a Linux container once per request. Each run lasts about 12 minutes, never needs inbound connections, and should not leave an always-on server running afterward. Which two configuration choices best fit Azure Container Instances? Select two.

Full question →
Question 4mediummultiple choice
Full question →

A company has 18 Azure subscriptions. Production subscriptions must inherit stricter governance than sandbox subscriptions, and central IT wants one place to target future policy assignments to each group. What should the administrator do?

Full question →
Question 5mediummulti select
Full question →

A compliance team wants to identify all resources in a department that are missing an Environment tag, but they do not want to stop users from creating or changing resources. Which two choices should the administrator make? Select two.

Full question →
Question 6hardmultiple choice
Full question →

A container group runs a one-time import job that writes data to an external system. If the job succeeds, the container must stop and stay stopped. If the job fails, it should automatically retry by restarting. Which restart policy should the administrator choose?

Full question →
Question 7hardmultiple choice
Full question →

A compliance team wants to bundle three policy definitions—allowed locations, required cost center tags, and approved VM sizes—so they can assign them together to a management group and review compliance in one place. Later they want to exempt one pilot subscription from the entire set for 60 days. What should they use?

Full question →
Question 8hardmulti select
Full question →

A developer has the Contributor role on a resource group. A Bicep deployment that creates a VM with a public IP fails with a policy denial, but the same template succeeds after the public IP resource is removed. Which two statements are true? Select two.

Full question →
Question 9easymultiple choice
Full question →

A container group runs a one-time import task and should stop after the task completes successfully. Which restart policy should you use?

Full question →
Question 10easymultiple choice
Full question →

A company wants to prevent users from creating storage accounts unless the resources include a costCenter tag. Which Azure feature should be used?

Full question →
Question 11hardmultiple choice
Full question →

A company uses Azure Blob Storage for legal documents. The documents must not be modified or deleted for seven years after upload, even by administrators. What should you configure?

Full question →
Question 12mediummultiple choice
Full question →

A company wants to stop users from deploying resources in any region except East US and West US. Users still need to be able to create resources if they choose an approved region. Which Azure feature should the administrator use?

Full question →
Question 13easymultiple choice
Full question →

A container group runs a one-time import job in Azure Container Instances. After the job finishes successfully, it should not restart. Which restart policy should you choose?

Full question →
Question 14mediummultiple choice
Full question →

A company wants to enforce three controls across all current and future subscriptions under a management group: allowed Azure regions, a required cost center tag, and approved VM SKUs. Central IT wants a single assignment and consolidated compliance reporting. What should they use?

Full question →
Question 15easymultiple choice
Full question →

A production resource group must not be deleted accidentally, but administrators still need to update resources inside it. Which lock should you apply to the resource group?

Full question →
Question 16easymultiple choice
Full question →

A file server VM is corrupted after a bad change. The team needs to recover the whole machine to the latest recovery point, not just one file. Which restore workflow should they use?

Full question →
Question 17hardmulti select
Full question →

A finance VM is backed up daily. The team wants short-lived snapshots so recently changed files can be recovered quickly, but they also need daily recovery points retained for 30 days. Which two backup policy settings should be configured? Select two.

Full question →
Question 18hardmatching
Full question →

A platform team is tuning alerting for a production VM and the surrounding Azure resources. Match each Azure Monitor component to the function it performs in this design.

Answer choices are not available in this preview. Open the full question page for the complete review.
Full question →
Question 19hardmulti select
Full question →

A Modify policy adds CostCenter=042 to resources in RG-Finance. New resources are tagged correctly, but existing virtual machines remain untagged. What three requirements must be met for the assignment to update the existing resources? Select three.

Full question →
Question 20mediummultiple choice
Full question →

A policy assigned at the management group denies creation of storage accounts with public network access enabled. One legacy storage account in RG-Pilot must stay publicly reachable for 45 days while an application is migrated. What should the administrator configure?

Full question →
Continue with 20-question session →

Watch out for

Common Azure Policy exam traps

  • IaaS gives you infrastructure control; SaaS gives you only the application.
  • Hybrid cloud combines on-premises and public cloud — not two public clouds.
  • Cloud does not automatically mean cheaper or more secure.
  • Management responsibility shifts with each service model (IaaS → PaaS → SaaS).

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Sign up freeLog in

Focused Azure Policy sessions

Start a Azure Policy only practice session

Every question in these sessions is drawn from the Azure Policy domain — nothing else.

10 questions20 questions30 questions50 questions
Browse all Azure Policy questions →Mixed AZ-104 session

Related practice questions

Related AZ-104 topic practice pages

Move into related areas when this topic feels solid.

AZ-104 Azure RBAC practice questions

Practise AZ-104 questions linked to AZ-104 Azure RBAC.

AZ-104 storage account practice questions

Practise AZ-104 questions linked to AZ-104 storage account.

AZ-104 virtual network practice questions

Practise AZ-104 questions linked to AZ-104 virtual network.

AZ-104 NSG practice questions

Practise AZ-104 questions linked to AZ-104 NSG.

AZ-104 Azure Monitor practice questions

Practise AZ-104 questions linked to AZ-104 Azure Monitor.

AZ-104 backup practice questions

Practise AZ-104 questions linked to AZ-104 backup.

AZ-104 managed identity practice questions

Practise AZ-104 questions linked to AZ-104 managed identity.

AZ-104 load balancer practice questions

Practise AZ-104 questions linked to AZ-104 load balancer.

AZ-104 Azure Policy practice questions

Practise AZ-104 questions linked to AZ-104 Azure Policy.

AZ-104 virtual machine practice questions

Practise AZ-104 questions linked to AZ-104 virtual machine.

Frequently asked questions

What does the AZ-104 exam test about Azure Policy?
Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Azure Policy questions in a focused session?
Yes — the session launcher on this page draws every question from the Azure Policy domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-104 topics?
Use the topic links above to move to related areas, or go back to the AZ-104 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-104 exam covers. They are not copied from any real exam or dump site.