AZ-104 Practice Test 2026 – Azure Administrator Free Mock Exam

AZ-104 Practice Set 7

Prepare for the AZ-104 certification exam with our comprehensive practice set, featuring a range of questions designed to test your knowledge of Microsoft Azure administration. This practice set includes one detailed case study question that reflects the real-world scenarios you’ll encounter on the exam.

Our practice questions cover all key topics, including managing Azure identities and governance, implementing and managing storage, deploying and managing Azure compute resources, configuring and managing virtual networking, and monitoring and backing up Azure resources.

Each question comes with thorough explanations to help you understand the concepts and prepare effectively for the exam. The case study question is designed to enhance your problem-solving skills and give you a taste of what to expect in the actual test.

Get started today with our AZ-104 practice set and take the next step toward becoming a certified Azure Administrator!

Note: To Zoom the Picture click/touch it

1 / 42

1. Scenario:
Your company has several Azure Virtual Machines (VMs) running different workloads in various regions. You need to implement a centralized log aggregation and analysis solution to monitor these VMs. You‘re considering Azure Monitor and Log Analytics workspace to collect and store logs from the VMs.
You‘ve gathered the following information about your VMs:

Question:
Given the scenario and VM details, which of the following configurations would be the MOST efficient and cost-effective for collecting and storing diagnostic logs for all your VMs using Azure Monitor and Log Analytics workspaces?

A) Create a Log Analytics workspace in each resource group (Web-RG, App-RG, DB-RG) and configure diagnostic settings for VMs to send logs to the workspace within their respective resource group.

B) Create a single Log Analytics workspace in a central region (e.g., Central US) and configure diagnostic settings for all VMs to send logs to this workspace.

C) Create a single Log Analytics workspace in East US and configure diagnostic settings for all VMs to send logs to this workspace.

D) Create a Log Analytics workspace in each region (East US, West US, North Europe) and configure diagnostic settings for VMs in each region to send logs to the corresponding workspace.

2 / 42

2. Scenario:
Your company, a financial institution, stores large volumes of sensitive customer data in Azure Blob Storage. To optimize costs and comply with data retention policies, you need to automate the lifecycle management of this data. Specifically, you need to:
Transition older data to cooler storage tiers based on last accessed time.
Permanently delete sensitive customer data after a specified retention period.
Preserve the ability to recover accidentally deleted data for a limited time.
Question:
Which Azure features or tools should you use to implement this automated data lifecycle management process?

A) Azure Information Protection, Azure Security Center, and Azure Policy

B) Azure Blob Storage access tiers, Azure Blob versioning, and Azure Resource Manager templates

C) Azure Blob Storage lifecycle management policies, Azure Blob soft delete, and Azure Monitor

D) Azure Blob Inventory, Azure Event Grid, and Azure Data Factory

3 / 42

3. Scenario:
Your company has been rapidly expanding its cloud footprint on Azure, deploying numerous resources across multiple subscriptions. As a result, you‘re experiencing increasing challenges in understanding, managing, and optimizing your Azure costs.
Specifically, you‘re facing the following issues:
1. Unexpected cost spikes: You‘ve noticed sudden increases in your monthly Azure bill that you can‘t readily explain.
2. Resource Overprovisioning: You suspect that some of your resources are overprovisioned and not being utilized efficiently.
3. Lack of Cost Visibility: You need a way to break down your Azure costs by resource type, subscription, and department to better understand your spending patterns.
4. Budget Overruns: You need to establish budgets for different departments and projects to prevent unexpected cost overruns.
Question:
Which combination of Azure Cost Management and Billing features would BEST address these challenges and help you gain better control over your Azure spending?

A) Azure Advisor recommendations, Azure budgets, and Azure Cost Management APIs

B) Azure reservations, Azure Cost Management exports, and Azure Cost Management APIs

C) Cost analysis, Azure reservations, and Azure Cost Management exports

D) Cost analysis, Azure Advisor recommendations, and Azure budgets

4 / 42

4. Your company is modernizing its application development process by adopting containerization. You are tasked with designing a containerized solution in Azure that meets the following requirements:
Scalability: The application needs to scale dynamically to handle varying workloads.
Portability: The containers should be able to run seamlessly across different environments (development, testing, and production).
Security: The container environment should be isolated and protected from potential threats.
Monitoring: You need to track the health and performance of the containers in real time.
Deployment Automation: You need a way to automate the deployment and management of containerized applications.
The company has an existing Azure Kubernetes Service (AKS) cluster and is considering Azure Container Instances (ACI) for running ephemeral tasks.
Question:
Given the scenario and requirements, which of the following solutions would BEST address the company‘s needs?

A) Deploy all application components as containers in AKS, using Horizontal Pod Autoscaler (HPA) for scaling and Azure Monitor for monitoring.

B) Create a hybrid environment with AKS on-premises and ACI in Azure. Utilize Azure Arc for centralized management and Azure Security Center for container security.

C) Deploy all application components as containers in ACI, leveraging its serverless capabilities for automatic scaling and cost-efficiency. Use Azure Log Analytics for monitoring and Azure DevOps for deployment automation.

D) Use a combination of AKS and ACI, deploying long-running services in AKS and short-lived tasks in ACI. Utilize Azure Container Registry (ACR) for storing container images and Azure Pipelines for CI/CD.

5 / 42

5. Scenario: Your company has a complex Azure environment with multiple virtual networks (VNets) in different regions. You have several critical applications hosted on VMs in these VNets. The applications need to communicate securely with each other, and you also need to provide access to these applications for on-premises users through a site-to-site VPN connection. However, you are facing the following challenges:
Limited Public IP Addresses: You have a limited number of public IP addresses available.
Security Concerns: You need to ensure that communication between the applications and from on-premises is secure.
Cost Optimization: You need to minimize the cost of network traffic between the VNets.
Task:
Which combination of Azure services would BEST address these challenges?

A) Azure VNet Peering, Azure Firewall, and Azure Load Balancer

B) Azure VNet Peering, Azure Bastion, and Azure VPN Gateway

C) Azure Virtual WAN, Azure Firewall, and Azure VPN Gateway

D) Azure Virtual WAN, Azure Application Gateway, and Azure ExpressRoute

6 / 42

6. Scenario:
Your company‘s security policy mandates the use of custom roles for managing access to sensitive Azure resources. You need to implement a solution that allows you to:
Define granular permissions for different user groups (e.g., developers, operators, administrators).
Ensure that users only have access to the specific resources and actions they need to perform their job functions.
Easily manage and update custom roles as your organization‘s needs evolve.
Question:
Which of the following approaches is the MOST suitable for creating and managing custom roles in Azure to meet your company‘s security requirements?

A) Create custom roles in the Azure portal using the JSON editor and assign them to security groups.

B) Leverage Azure Blueprints to define and deploy custom roles as part of a standard environment configuration.

C) Use PowerShell or Azure CLI to define custom roles using role definition files and assign them to individual users.

D) Use only the built-in Azure roles and assign them to users based on their job functions.

7 / 42

7. You have an Azure virtual machine named VM-01 that runs Windows Server 2019. You save VM-01 as a template named VM-Template to the Azure Resource Manager library. You plan to deploy a virtual machine named VM-02 from VM_Template, using Azure Portal
What can you configure during the deployment of VM-02?

A) operating system

B) administrator username

C) virtual machine size

D) resource group

8 / 42

8. You plan to deploy three Azure virtual machines named VM-01, VM-02, and VM-03. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
Which VM availability option should you choose?

A) all three VMs deployed in a single Availability Zone

B) all VMs deployed in a single Availability Set

C) each VM deployed in a separate Availability Zone

D) each VM deployed in a separate Availability Set

9 / 42

9. You are currently running in your Azure subscription a virtual machine named VM-01. You install and configure a web server and a DNS server on VM-01. VM-01 has the inbound network security rules shown in the following exhibit:

Select the option that completes correctly the following sentence:
Internet users ………. .

A) can connect to only the DNS server on VM-01

B) can connect to only the web server on VM-01

C) can connect to the web server and DNS server on VM-01

D) cannot connect to the web server and DNS server on VM-01

10 / 42

10. You want to monitor the metrics and the logs of your Linux virtual machine VM-01.
Which of the following Azure services would you use for this task?

A) Azure HDInsight

B) Linux Diagnostic Extension (LAD) 3.0

C) AzurePerformanceDiagnostics extension

D) Azure Analysis Services

11 / 42

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have an Azure subscription named Subscription-Dev. Subscription-Dev contains a resource group named RG-01. RG-01 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG-01.
Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers.
Does this meet the goal?

A) True

B) False

12 / 42

12. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have an Azure subscription named Subscription-Dev. Subscription-Dev contains a resource group named RG-01. RG-01 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG-01.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?

A) True

B) False

13 / 42

13. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have an Azure subscription named Subscription-Dev. Subscription-Dev contains a resource group named RG-01. RG-01 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG-01.
Solution: From the RG-01 blade, you click Deployments.
Does this meet the goal?

A) True

B) False

14 / 42

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You have an Azure subscription named Subscription-Dev. Subscription-Dev contains a resource group named RG-01. RG-01 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG-01.
Solution: From the RG-01 blade, you click Automation script.
Does this meet the goal?

A) True

B) False

15 / 42

15. You have an Azure subscription named Subscription1. In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit:

If on November 2, 2020, you run Microsoft Azure Storage Explorer on a computer that has an IP address of 134.92.112.1 and you use SAS1 to connect to the storage account, you ……………………….

A) will be prompted for credentials

B) will have no access

C) will have read, write and list access

D) will have read-only access

16 / 42

16. You have an Azure subscription that contains the resources shown in the following table:

You need to configure Azure Backup reports for Recovery-Vault-1.You are configuring the Diagnostics settings for the AzureBackupReports log.
Which Log Analytics workspaces can you use for the Azure Backup reports of Recovery-Vault-1?

A) LAW1

B) LAW2

C) LAW3

D) LAW1, LAW2 and LAW3

17 / 42

17. You have deployed in Azure an application App1, on two Azure virtual machines named VM1 and VM2. You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the servers hosting VM1 and VM2.
What should you include in the Availability Set?

A) one update domain

B) two fault domains

C) one fault domain

D) two update domains

18 / 42

18. You have an Azure Storage account named storage-01. You plan to use AzCopy to copy data to storage-01.
Which of the following are valid storage services in storage-01 that you can copy data to?

A) blob, file, table, and queue

B) blob and file only

C) file and table only

D) file only

E) blob, table, and queue only

19 / 42

19. You have an Azure subscription named Subscription-Prod that contains a resource group named RG-01.
In RG-01, you create an internal load balancer named LB-01. You need to ensure that an administrator named Admin-01 can manage LB-01 and is allowed to add a backend pool to LB-01. The solution must follow the principle of least privilege.
Which role should you assign to Admin-01 ?

A) Contributor on LB-01

B) Network Contributor on LB-01

C) Network Contributor on RG-01

D) Owner on LB-01

20 / 42

20.

You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?

A) Application Insights Search

B) Log analytics workspace

C) Client-side monitoring

D) Live Metrics Stream in Application Insights

21 / 42

21.

You have a general purpose v1 storage account named storageaccount1 that has a private container named container1. You need to allow read access to the data inside container1, but only within a 14 day window. How do you accomplish this?

A) Create a stored access policy

B) Create a service SAS

C) Create a shared access signatures

D) Upgrade the storage account to general purpose v2

22 / 42

22. You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

A) an Azure Cosmos DB database

B) Azure Blob storage

C) Azure Data Lake Store

D) the Azure File Sync Storage Sync Service

23 / 42

23. You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?

A) True

B) False

24 / 42

24. You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?

A) True

B) False

25 / 42

25. You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?

A) True

B) False

26 / 42

26. You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances. At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?

A) Add the Azure Performance Diagnostics agent to VM1.

B) Modify the VM size property of VM1.

C) Add VM1 to a scale set.

D) Increase the vCPU quota for the subscription.

E) Add a Desired State Configuration (DSC) extension to VM1.

27 / 42

27. You manage a virtual network named VNet1 that is hosted in the West US region. Two virtual machines named VM1 and VM2, both running Windows Server, are on VNet1. You need to monitor traffic between VM1 and VM2 for a period of five hours.
As a solution, you propose to create a connection monitor in Azure Network Watcher. Does this solution meet the goal?

A) True

B) False

28 / 42

28.

You have an Azure subscription. You need to transfer 34TB of data from an on-premise Windows 2016 server to your Azure storage account. You need to ensure that the data transfer has zero impact on the network, preserves your existing drives and is the fastest and most secure method. What should be your first step?

A) Start an Import Job via the Azure Portal

B) Order an Azure Databox via the Azure Portal

C) Open a ticket with Microsoft Support

D) Prepare your hard drives using the WAImportExport tool

29 / 42

29. You have an Azure subscription that contains the storage accounts shown in the following exhibit.

In which storage accounts you can use the archive access tier?

A) Contoso101 only

B) Contoso104 only

C) Contoso101 or contoso103 only

D) Contoso101, Contoso102 or contoso103 only

E) Contoso101, Contoso102, Contoso103 or contoso104 only

30 / 42

30. You have an Azure subscription that contains the storage accounts shown in the following exhibit.

In which storage accounts you can create a premium file share?

A) Contoso101 only

B) Contoso104 only

C) Contoso101 or contoso104 only

D) Contoso101, Contoso102 or contoso104 only

E) Contoso101, Contoso102, Contoso103 or contoso104 only

31 / 42

31. You have an Azure subscription that contains the file shares shown in the following table.

You have the on-premises file shares shown in the following table.

You create an Azure file sync group named Sync1 and perform the following actions:
Add share1 as the cloud endpoint for Sync1.
Add data1 as a server endpoint for Sync1.
Register Server1 and Server2 to Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
1. You can add share3 as an additional cloud endpoint for Sync1
2. You can add data2 as an additional server endpoint for Sync1
3. You can add data3 as an additional server endpoint for Sync1

A) Yes, Yes, Yes

B) Yes, No, No

C) No, Yes, No

D) Yes, Yes, No

E) No, Yes, Yes

32 / 42

32. You have an Azure DNS zone named preparationlabs.com.
You need to delegate a subdomain named research.preparationlabs.com to a different DNS server in Azure.
What should you do?

A) Create an NS record named research in the preparationlabs.com zone.

B) Create an PTR record named research in the preparationlabs.com zone.

C) Modify the SOA record of preparationlabs.com.

D) Create an A record named *.research in the preparationlabs.com zone.

33 / 42

33. You have an Azure subscription that contains a resource group named TestRG.
You use TestRG to validate an Azure deployment. TestRG contains the following resources:

You need to delete TestRG.
What should you do first?

A) Modify the backup configurations of VM1 and modify the resource lock type of VNET1

B) Remove the resource lock from VNET1 and delete all data in Vault1

C) Turn off VM1 and remove the resource lock from VNET1

D) Turn off VM1 and delete all data in Vault1

34 / 42

34. You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.

In which subnet, the services in the AKS cluster will be assigned an IP address?

A) 10.244.0.0/16

B) 10.0.0.0/16

C) 172.17.0.1/16

35 / 42

35. You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.

In which subnet, the containers will be assigned an IP address?

A) 10.244.0.0/16

B) 10.0.0.0/16

C) 172.17.0.1/16

36 / 42

36. You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
Subnet: 10.0.0.0/24
Availability set: AVSet
Network security group (NSG): None
Private IP address: 10.0.0.4 (dynamic)
Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1.
You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1?

A) Before you create backend pool on slb1, you must: Create and assign an NSG to VM1

B) Before you create backend pool on slb1, you must: Remove the public IP address from VM1

C) Before you create backend pool on slb1, you must: Change the private IP address of VM1 to static

D) Before you can connect to VM1 from slb1, you must: Create and configure an NSG

E) Before you can connect to VM1 from slb1, you must: Remove the public IP address from VM1

F) Before you can connect to VM1 from slb1, you must: Change the private IP address of VM1 to static

37 / 42

37. You have an Azure subscription that contains the resources shown in the following table.

You need to create a network interface named NIC1.
In which location can you create NIC1?

A) East US and North Europe only

B) East US only

C) East US, West Europe, and North Europe

D) East US and West Europe only

38 / 42

38. You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
Task2: Validate outbound connectivity from an Azure virtual machine to an external host.
Which feature should you use for task2?

A) Connection Troubleshoot

B) Next hop

C) NSG flow logs

D) Traffic Analytics

39 / 42

39. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?

A) True

B) False

40 / 42

40. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther441 inbound security rule.
Does this meet the goal?

A) True

B) False

41 / 42

41. You have an Azure virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.
Which four actions should you perform in sequence?

A) From the Azure portal, click Restore VM from the vault Select a restore point that contains the delete files Download and run the script to mount a drive on the local computer Copy the files by using File Explorer

B) From the Azure portal, click File Recovery from the vault Select a restore point that contains the delete files Download and run the script to mount a drive on the local computer Copy the files by using File Explorer

C) From the Azure portal, click File Recovery from the vault Select a restore point that contains the delete files Download and run the script to mount a drive on the local computer Copy the files by using AzCopy

42 / 42

42. You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do?

A) Location in which to store the backups: A blob container

B) Location in which to store the backups: A fileshare

C) Location in which to store the backups: A Recovery services vault

D) Location in which to store the backups: A storage account

E) Object to use to configure the protection for VM1: A batch schedule

F) Object to use to configure the protection for VM1: A batch schedule

Your score is

The average score is 59%

0%