AZ 104 ACTUAL RENEWAL EXAM QUESTION
AND ANSWER UPDATED 2025 A+
GUARANTEED
Course
AZ 104 RENEWAL
Q1. You want to assign policies to multiple Azure subscriptions. What should you use?
A. Azure Policy Initiative
B. Management Group
C. Azure Blueprints
D. Resource Group
Answer: B. Management Group
Management Groups allow you to apply governance policies across multiple subscriptions.
Q2. You need to enforce a rule that all storage accounts must use HTTPS only. What
should you use?
A. Azure Policy
B. Azure RBAC
C. Azure Lock
D. Azure Firewall
Answer: A. Azure Policy
Azure Policy can enforce settings like HTTPS-only access at a resource or subscription level.
Q3. A VM needs to access an Azure SQL Database without storing credentials in code.
What should you implement?
A. Access keys
B. Shared access signature (SAS)
C. Managed Identity
D. Connection string in Azure Key Vault
Answer: C. Managed Identity
Managed identities allow services like VMs to securely authenticate to Azure services.
,Q4. You are tasked with creating a backup of an Azure VM. Which service should you
use?
A. Azure Site Recovery
B. Azure Backup
C. Azure Monitor
D. Recovery Services Vault
Answer: B. Azure Backup
Azure Backup handles VM-level backups using Recovery Services Vault.
Q5. You need to restrict traffic to a subnet in a VNet. What’s the best solution?
A. Network Security Group (NSG)
B. Route Table
C. Azure Firewall
D. Azure Front Door
Answer: A. Network Security Group (NSG)
NSGs allow granular control of inbound and outbound traffic at subnet or NIC level.
Q6. You want to view which users performed actions on a storage account. What should
you check?
A. Azure Monitor
B. Activity Log
C. Storage Analytics Logs
D. Network Watcher
Answer: B. Activity Log
Activity Log shows control-plane operations like who accessed or modified a resource.
Q7. A user reports they cannot access a VM over SSH. What’s the first tool you use?
,A. Azure Monitor
B. NSG Flow Logs
C. Connection Troubleshoot (Network Watcher)
D. Azure Diagnostics
Answer: C. Connection Troubleshoot (Network Watcher)
This tool helps you verify whether the VM is reachable on the specified port.
Q8. You want to apply updates to Azure VMs automatically during off-hours. What service
do you configure?
A. Azure Update Manager
B. Azure Automation
C. Log Analytics
D. Azure DevOps
Answer: A. Azure Update Manager
As of 2024, Azure Update Manager (formerly Update Management) schedules and manages
updates.
Q9. You need to ensure only users in the HR group can access the HR resource group.
What’s the best approach?
A. Azure Policy
B. Azure Role-Based Access Control (RBAC)
C. Resource Locks
D. Private Endpoint
Answer: B. Azure Role-Based Access Control (RBAC)
RBAC assigns permissions based on group membership.
Q10. You need to enable just-in-time VM access to reduce exposure to brute-force attacks.
What service do you use?
A. Azure Defender for Cloud
B. Azure Firewall
, C. Conditional Access
D. NSG
Answer: A. Azure Defender for Cloud
Just-In-Time access is configured via Microsoft Defender for Cloud.
Q11. You want to prevent accidental deletion of a production resource group. What should
you do?
A. Set a deny assignment
B. Apply a "ReadOnly" lock
C. Apply a "Delete" lock
D. Disable delete permissions in RBAC
Answer: C. Apply a "Delete" lock
Prevents deletion while allowing edits.
Q12. You need to allow an Azure VM to access a blob container securely. Which method is
recommended?
A. Shared Access Signature (SAS)
B. Storage Account Key
C. Managed Identity with RBAC
D. Public endpoint with firewall rules
Answer: C. Managed Identity with RBAC
More secure and manageable than SAS or keys.
Q13. Your app needs to trigger alerts based on CPU usage of an Azure VM. What should
you configure?
A. Activity Log alert
B. Log Analytics Workspace
C. Metric Alert
D. Diagnostic Setting
Answer: C. Metric Alert
Direct, fast alerts on performance metrics like CPU, memory, etc.
AND ANSWER UPDATED 2025 A+
GUARANTEED
Course
AZ 104 RENEWAL
Q1. You want to assign policies to multiple Azure subscriptions. What should you use?
A. Azure Policy Initiative
B. Management Group
C. Azure Blueprints
D. Resource Group
Answer: B. Management Group
Management Groups allow you to apply governance policies across multiple subscriptions.
Q2. You need to enforce a rule that all storage accounts must use HTTPS only. What
should you use?
A. Azure Policy
B. Azure RBAC
C. Azure Lock
D. Azure Firewall
Answer: A. Azure Policy
Azure Policy can enforce settings like HTTPS-only access at a resource or subscription level.
Q3. A VM needs to access an Azure SQL Database without storing credentials in code.
What should you implement?
A. Access keys
B. Shared access signature (SAS)
C. Managed Identity
D. Connection string in Azure Key Vault
Answer: C. Managed Identity
Managed identities allow services like VMs to securely authenticate to Azure services.
,Q4. You are tasked with creating a backup of an Azure VM. Which service should you
use?
A. Azure Site Recovery
B. Azure Backup
C. Azure Monitor
D. Recovery Services Vault
Answer: B. Azure Backup
Azure Backup handles VM-level backups using Recovery Services Vault.
Q5. You need to restrict traffic to a subnet in a VNet. What’s the best solution?
A. Network Security Group (NSG)
B. Route Table
C. Azure Firewall
D. Azure Front Door
Answer: A. Network Security Group (NSG)
NSGs allow granular control of inbound and outbound traffic at subnet or NIC level.
Q6. You want to view which users performed actions on a storage account. What should
you check?
A. Azure Monitor
B. Activity Log
C. Storage Analytics Logs
D. Network Watcher
Answer: B. Activity Log
Activity Log shows control-plane operations like who accessed or modified a resource.
Q7. A user reports they cannot access a VM over SSH. What’s the first tool you use?
,A. Azure Monitor
B. NSG Flow Logs
C. Connection Troubleshoot (Network Watcher)
D. Azure Diagnostics
Answer: C. Connection Troubleshoot (Network Watcher)
This tool helps you verify whether the VM is reachable on the specified port.
Q8. You want to apply updates to Azure VMs automatically during off-hours. What service
do you configure?
A. Azure Update Manager
B. Azure Automation
C. Log Analytics
D. Azure DevOps
Answer: A. Azure Update Manager
As of 2024, Azure Update Manager (formerly Update Management) schedules and manages
updates.
Q9. You need to ensure only users in the HR group can access the HR resource group.
What’s the best approach?
A. Azure Policy
B. Azure Role-Based Access Control (RBAC)
C. Resource Locks
D. Private Endpoint
Answer: B. Azure Role-Based Access Control (RBAC)
RBAC assigns permissions based on group membership.
Q10. You need to enable just-in-time VM access to reduce exposure to brute-force attacks.
What service do you use?
A. Azure Defender for Cloud
B. Azure Firewall
, C. Conditional Access
D. NSG
Answer: A. Azure Defender for Cloud
Just-In-Time access is configured via Microsoft Defender for Cloud.
Q11. You want to prevent accidental deletion of a production resource group. What should
you do?
A. Set a deny assignment
B. Apply a "ReadOnly" lock
C. Apply a "Delete" lock
D. Disable delete permissions in RBAC
Answer: C. Apply a "Delete" lock
Prevents deletion while allowing edits.
Q12. You need to allow an Azure VM to access a blob container securely. Which method is
recommended?
A. Shared Access Signature (SAS)
B. Storage Account Key
C. Managed Identity with RBAC
D. Public endpoint with firewall rules
Answer: C. Managed Identity with RBAC
More secure and manageable than SAS or keys.
Q13. Your app needs to trigger alerts based on CPU usage of an Azure VM. What should
you configure?
A. Activity Log alert
B. Log Analytics Workspace
C. Metric Alert
D. Diagnostic Setting
Answer: C. Metric Alert
Direct, fast alerts on performance metrics like CPU, memory, etc.
