AZ 104 Renewal Exam Questions and Answer -
s () (Verified Answer -s)
AZ-104 Renewal Exam – 400 Key Practice Questions
1. You need to grant a colleague the ability to manage virtual machines in a resource group without
giving access to the subscription. Which role should you assign?
A. Owner
B. Contributor
C. Virtual Machine Contributor
D. Reader
Answer -: C
Explanation: The Virtual Machine Contributor role allows management of VMs without giving full
subscription access.
2. Which Azure service provides centralized identity management and single sign-on for cloud and on-
premises applications?
A. Azure Key Vault
B. Azure AD
C. Azure Monitor
D. Azure Policy
Answer -: B
Explanation: Azure Active Directory (AD) manages identities and enables SSO for users.
3. You need to store secrets like API keys securely. Which service should you use?
A. Azure Storage
B. Azure Key Vault
C. Azure AD
D. Azure App Service
,Answer -: B
Explanation: Azure Key Vault stores secrets, keys, and certificates securely.
4. Which Azure feature enforces organizational policies, such as allowed VM sizes or regions?
A. Role-Based Access Control
B. Azure Policy
C. Azure Monitor
D. Resource Locks
Answer -: B
Explanation: Azure Policy allows you to enforce rules on resources, like allowed locations or SKU sizes.
5. You want to implement a solution that automatically shuts down VMs at night to save costs. Which
service do you use?
A. Azure Automation
B. Azure Monitor Alerts
C. Azure Logic Apps
D. Azure Functions
Answer -: A
Explanation: Azure Automation can schedule tasks such as VM shutdowns to save costs.
6. You need to create a network connection between two Azure virtual networks in different regions.
Which feature should you use?
A. VNet Peering
B. VPN Gateway
C. ExpressRoute
D. Azure Bastion
Answer -: A
Explanation: VNet Peering connects virtual networks, even across regions, allowing full connectivity.
7. You want to implement multi-factor authentication (MFA) for all users. Which Azure AD feature
should you configure?
A. Conditional Access
B. Privileged Identity Management
C. Access Reviews
D. Azure AD Identity Protection
Answer -: A
Explanation: Conditional Access policies enforce MFA and access conditions.
,8. Your company wants to track resource costs and budgets across multiple subscriptions. Which
service should you use?
A. Azure Monitor
B. Azure Cost Management + Billing
C. Azure Advisor
D. Azure Policy
Answer -: B
Explanation: Azure Cost Management + Billing helps track costs, create budgets, and monitor spending.
9. Which Azure feature provides just-in-time (JIT) VM access to reduce exposure to attacks?
A. Azure Firewall
B. Azure Bastion
C. Azure Security Center / Defender for Cloud
D. Network Security Groups
Answer -: C
Explanation: Defender for Cloud includes JIT access for VMs to reduce unnecessary exposure.
10. You want to monitor the performance and availability of an Azure web app. Which service should
you use?
A. Azure Monitor + Application Insights
B. Azure Log Analytics
C. Azure AD
D. Azure Security Center
Answer -: A
Explanation: Application Insights monitors apps for performance, usage, and availability issues.
11. Which storage type is optimized for unstructured, large binary data like video or logs?
A. Azure File Share
B. Blob Storage
C. Table Storage
D. Queue Storage
Answer -: B
Explanation: Blob Storage is used for unstructured data like images, videos, and logs.
12. You need to protect storage accounts from accidental deletion. Which feature do you enable?
A. Soft Delete
, B. Resource Locks
C. Azure Policy
D. RBAC
Answer -: B
Explanation: Resource Locks prevent accidental deletion or modification of critical resources.
13. You want to allow users to log in to Azure using their on-premises AD credentials. Which service
should you use?
A. Azure AD Connect
B. Azure AD B2C
C. Azure AD Identity Protection
D. Azure Key Vault
Answer -: A
Explanation: Azure AD Connect synchronizes on-premises AD with Azure AD.
14. You want to allow an app to read secrets from Key Vault without using a username or password.
Which method should you use?
A. Managed Identity
B. Service Principal with username/password
C. Shared Access Signature
D. OAuth 1.0
Answer -: A
Explanation: Managed Identity provides secure authentication for Azure resources without storing
credentials.
15. You need to implement high availability for a critical VM. Which feature helps?
A. Availability Sets
B. Availability Zones
C. Both A and B
D. Resource Locks
Answer -: C
Explanation: Availability Sets and Availability Zones both provide fault domain redundancy for VMs.
16. You need to automate resource deployment using infrastructure as code. Which service do you
use?
A. Azure CLI
B. Azure Resource Manager (ARM) templates
s () (Verified Answer -s)
AZ-104 Renewal Exam – 400 Key Practice Questions
1. You need to grant a colleague the ability to manage virtual machines in a resource group without
giving access to the subscription. Which role should you assign?
A. Owner
B. Contributor
C. Virtual Machine Contributor
D. Reader
Answer -: C
Explanation: The Virtual Machine Contributor role allows management of VMs without giving full
subscription access.
2. Which Azure service provides centralized identity management and single sign-on for cloud and on-
premises applications?
A. Azure Key Vault
B. Azure AD
C. Azure Monitor
D. Azure Policy
Answer -: B
Explanation: Azure Active Directory (AD) manages identities and enables SSO for users.
3. You need to store secrets like API keys securely. Which service should you use?
A. Azure Storage
B. Azure Key Vault
C. Azure AD
D. Azure App Service
,Answer -: B
Explanation: Azure Key Vault stores secrets, keys, and certificates securely.
4. Which Azure feature enforces organizational policies, such as allowed VM sizes or regions?
A. Role-Based Access Control
B. Azure Policy
C. Azure Monitor
D. Resource Locks
Answer -: B
Explanation: Azure Policy allows you to enforce rules on resources, like allowed locations or SKU sizes.
5. You want to implement a solution that automatically shuts down VMs at night to save costs. Which
service do you use?
A. Azure Automation
B. Azure Monitor Alerts
C. Azure Logic Apps
D. Azure Functions
Answer -: A
Explanation: Azure Automation can schedule tasks such as VM shutdowns to save costs.
6. You need to create a network connection between two Azure virtual networks in different regions.
Which feature should you use?
A. VNet Peering
B. VPN Gateway
C. ExpressRoute
D. Azure Bastion
Answer -: A
Explanation: VNet Peering connects virtual networks, even across regions, allowing full connectivity.
7. You want to implement multi-factor authentication (MFA) for all users. Which Azure AD feature
should you configure?
A. Conditional Access
B. Privileged Identity Management
C. Access Reviews
D. Azure AD Identity Protection
Answer -: A
Explanation: Conditional Access policies enforce MFA and access conditions.
,8. Your company wants to track resource costs and budgets across multiple subscriptions. Which
service should you use?
A. Azure Monitor
B. Azure Cost Management + Billing
C. Azure Advisor
D. Azure Policy
Answer -: B
Explanation: Azure Cost Management + Billing helps track costs, create budgets, and monitor spending.
9. Which Azure feature provides just-in-time (JIT) VM access to reduce exposure to attacks?
A. Azure Firewall
B. Azure Bastion
C. Azure Security Center / Defender for Cloud
D. Network Security Groups
Answer -: C
Explanation: Defender for Cloud includes JIT access for VMs to reduce unnecessary exposure.
10. You want to monitor the performance and availability of an Azure web app. Which service should
you use?
A. Azure Monitor + Application Insights
B. Azure Log Analytics
C. Azure AD
D. Azure Security Center
Answer -: A
Explanation: Application Insights monitors apps for performance, usage, and availability issues.
11. Which storage type is optimized for unstructured, large binary data like video or logs?
A. Azure File Share
B. Blob Storage
C. Table Storage
D. Queue Storage
Answer -: B
Explanation: Blob Storage is used for unstructured data like images, videos, and logs.
12. You need to protect storage accounts from accidental deletion. Which feature do you enable?
A. Soft Delete
, B. Resource Locks
C. Azure Policy
D. RBAC
Answer -: B
Explanation: Resource Locks prevent accidental deletion or modification of critical resources.
13. You want to allow users to log in to Azure using their on-premises AD credentials. Which service
should you use?
A. Azure AD Connect
B. Azure AD B2C
C. Azure AD Identity Protection
D. Azure Key Vault
Answer -: A
Explanation: Azure AD Connect synchronizes on-premises AD with Azure AD.
14. You want to allow an app to read secrets from Key Vault without using a username or password.
Which method should you use?
A. Managed Identity
B. Service Principal with username/password
C. Shared Access Signature
D. OAuth 1.0
Answer -: A
Explanation: Managed Identity provides secure authentication for Azure resources without storing
credentials.
15. You need to implement high availability for a critical VM. Which feature helps?
A. Availability Sets
B. Availability Zones
C. Both A and B
D. Resource Locks
Answer -: C
Explanation: Availability Sets and Availability Zones both provide fault domain redundancy for VMs.
16. You need to automate resource deployment using infrastructure as code. Which service do you
use?
A. Azure CLI
B. Azure Resource Manager (ARM) templates
