EXAM: AZ-104 DATE TIME
TITLE: Microsoft Azure Administrator Flashcards — / — / —— 120 Min
◆
AZ-104 — Azure Administrator
Flashcard Assessment — Complete Set
ALL QUESTIONS ARE COMPULSORY
A MULTIPLE CHOICE — FLASHCARDS ◆ Complete
Choose the single best answer for each question.
1. A cloud-based identity and access management service used to access external resources is:
A. Azure DevOps Services
B. Microsoft Entra ID
C. Azure RBAC
D. Microsoft Intune
◆B — Microsoft Entra ID
RATIONALE: Microsoft Entra ID (formerly Azure AD) is the cloud-based identity and access management service for accessing external and internal resources. Azure RBAC (C)
manages access within Azure resources. Intune (D) is for endpoint management.
2. A private, isolated network in Azure allowing secure communication among resources, the internet, and on-premises networks is:
A. Azure ExpressRoute
B. Azure Virtual Network
C. Azure VPN Gateway
D. Azure Private Link
◆B — Azure Virtual Network
RATIONALE: Azure Virtual Network (VNet) is the fundamental building block for private networks in Azure. ExpressRoute (A) is a dedicated connection. VPN Gateway (C) provides
encrypted tunnels. Private Link (D) provides access to PaaS services via private endpoints.
3. A Layer 7 (HTTP/HTTPS) load balancer with SSL termination, URL-based routing, and WAF is:
A. Azure Load Balancer
B. Azure Application Gateway
C. Azure Traffic Manager
D. Azure Front Door
◆B — Azure Application Gateway
RATIONALE: Application Gateway operates at Layer 7 with SSL termination, URL routing, and WAF. Load Balancer (A) operates at Layer 4 (TCP/UDP). Traffic Manager (C) is DNS-
based. Front Door (D) is global, not regional.
4. A private, dedicated, high-throughput connection between on-premises and Azure, bypassing the public internet:
A. Azure VPN Gateway
B. Azure Site-to-Site VPN
C. Azure ExpressRoute
D. Azure Bastion
◆C — Azure ExpressRoute
RATIONALE: ExpressRoute provides dedicated private connections bypassing the public internet. VPN Gateway (A) and Site-to-Site VPN (B) use encrypted tunnels over the
internet. Bastion (D) provides secure RDP/SSH access to VMs.
5. A massively scalable object storage solution for unstructured data such as text, images, video, and backups:
A. Azure Files
B. Azure Table Storage
C. Azure Blob Storage
D. Azure Queue Storage
◆C — Azure Blob Storage
RATIONALE: Blob storage is optimized for unstructured data. Azure Files (A) provides SMB/NFS file shares. Table Storage (B) is NoSQL key-value. Queue Storage (D) is for
messaging.
6. A governance tool to enforce standards and compliance at scale for Azure resources is:
A. Azure RBAC
B. Azure Advisor
C. Azure Policy
D. Azure Arc
◆C — Azure Policy
RATIONALE: Azure Policy enforces organizational standards and compliance at scale. RBAC (A) manages access permissions. Advisor (B) provides recommendations. Arc (D)
extends Azure management to hybrid/multicloud.
Page 1 of 6
, 7. A service that helps safeguard cryptographic keys and secrets used by cloud applications:
A. Azure Recovery Services Vault
B. Azure Key Vault
C. Azure Backup
D. Azure Disk Encryption
◆B — Azure Key Vault
RATIONALE: Key Vault securely stores and manages cryptographic keys, secrets, and certificates. Recovery Services Vault (A) stores backup data. Azure Backup (C) is the backup
service. Disk Encryption (D) encrypts VM disks.
8. A feature of Azure SQL Database for replication across multiple regions for high availability and disaster recovery:
A. Azure Site Recovery
B. Geo-Replication
C. GRS (Geo-Redundant Storage)
D. Replication
◆B — Geo-Replication
RATIONALE: Geo-Replication is specific to Azure SQL Database for cross-region replication. Site Recovery (A) is for VM disaster recovery. GRS (C) is for storage accounts.
Replication (D) is a general term.
9. A fully managed file share accessible through SMB, NFS, and REST API:
A. Azure Blob
B. Azure Files
C. Azure File Sync
D. Azure Data Lake Storage
◆B — Azure Files
RATIONALE: Azure Files provides fully managed SMB/NFS file shares in the cloud. Blob (A) is object storage. File Sync (C) synchronizes on-premises file servers. Data Lake (D) is
for big data analytics.
10. JSON files that outline the infrastructure and configuration settings for your project:
A. Azure Policy definitions
B. Azure Resource Manager (ARM) templates
C. Azure Blueprints
D. Azure Automation runbooks
◆B — Azure Resource Manager (ARM) templates
RATIONALE: ARM templates are JSON files defining infrastructure and configuration for declarative deployment. Policy definitions (A) enforce rules. Blueprints (C) package
policies and RBAC. Runbooks (D) are automation scripts.
11. A fully managed backup service providing data protection for Azure VMs, databases, and on-premises machines:
A. Azure Site Recovery
B. Azure Backup
C. Azure Recovery Services Vault
D. Azure Backup Server
◆B — Azure Backup
RATIONALE: Azure Backup is the managed service for protecting VMs, databases, and on-premises workloads. Site Recovery (A) is for disaster recovery. Recovery Services Vault
(C) is where backups are stored. Backup Server (D) is the on-premises component.
12. A fully managed service enabling secure RDP and SSH access to VMs without public internet exposure:
A. Azure VPN Gateway
B. Azure Private Link
C. Azure Bastion
D. Azure ExpressRoute
◆C — Azure Bastion
RATIONALE: Bastion provides secure, browser-based RDP/SSH access to VMs without public IPs. VPN Gateway (A) connects networks. Private Link (B) provides private endpoints
for PaaS. ExpressRoute (D) is dedicated connectivity.
13. A globally distributed, multi-model database service supporting document, key-value, graph, and column-family data models:
A. Azure SQL Database
B. Azure Table Storage
C. Azure Cosmos DB
D. Azure Data Factory
◆C — Azure Cosmos DB
RATIONALE: Cosmos DB is a globally distributed, multi-model NoSQL database. SQL Database (A) is relational. Table Storage (B) is key-value only. Data Factory (D) is for
ETL/data integration.
Page 2 of 6
TITLE: Microsoft Azure Administrator Flashcards — / — / —— 120 Min
◆
AZ-104 — Azure Administrator
Flashcard Assessment — Complete Set
ALL QUESTIONS ARE COMPULSORY
A MULTIPLE CHOICE — FLASHCARDS ◆ Complete
Choose the single best answer for each question.
1. A cloud-based identity and access management service used to access external resources is:
A. Azure DevOps Services
B. Microsoft Entra ID
C. Azure RBAC
D. Microsoft Intune
◆B — Microsoft Entra ID
RATIONALE: Microsoft Entra ID (formerly Azure AD) is the cloud-based identity and access management service for accessing external and internal resources. Azure RBAC (C)
manages access within Azure resources. Intune (D) is for endpoint management.
2. A private, isolated network in Azure allowing secure communication among resources, the internet, and on-premises networks is:
A. Azure ExpressRoute
B. Azure Virtual Network
C. Azure VPN Gateway
D. Azure Private Link
◆B — Azure Virtual Network
RATIONALE: Azure Virtual Network (VNet) is the fundamental building block for private networks in Azure. ExpressRoute (A) is a dedicated connection. VPN Gateway (C) provides
encrypted tunnels. Private Link (D) provides access to PaaS services via private endpoints.
3. A Layer 7 (HTTP/HTTPS) load balancer with SSL termination, URL-based routing, and WAF is:
A. Azure Load Balancer
B. Azure Application Gateway
C. Azure Traffic Manager
D. Azure Front Door
◆B — Azure Application Gateway
RATIONALE: Application Gateway operates at Layer 7 with SSL termination, URL routing, and WAF. Load Balancer (A) operates at Layer 4 (TCP/UDP). Traffic Manager (C) is DNS-
based. Front Door (D) is global, not regional.
4. A private, dedicated, high-throughput connection between on-premises and Azure, bypassing the public internet:
A. Azure VPN Gateway
B. Azure Site-to-Site VPN
C. Azure ExpressRoute
D. Azure Bastion
◆C — Azure ExpressRoute
RATIONALE: ExpressRoute provides dedicated private connections bypassing the public internet. VPN Gateway (A) and Site-to-Site VPN (B) use encrypted tunnels over the
internet. Bastion (D) provides secure RDP/SSH access to VMs.
5. A massively scalable object storage solution for unstructured data such as text, images, video, and backups:
A. Azure Files
B. Azure Table Storage
C. Azure Blob Storage
D. Azure Queue Storage
◆C — Azure Blob Storage
RATIONALE: Blob storage is optimized for unstructured data. Azure Files (A) provides SMB/NFS file shares. Table Storage (B) is NoSQL key-value. Queue Storage (D) is for
messaging.
6. A governance tool to enforce standards and compliance at scale for Azure resources is:
A. Azure RBAC
B. Azure Advisor
C. Azure Policy
D. Azure Arc
◆C — Azure Policy
RATIONALE: Azure Policy enforces organizational standards and compliance at scale. RBAC (A) manages access permissions. Advisor (B) provides recommendations. Arc (D)
extends Azure management to hybrid/multicloud.
Page 1 of 6
, 7. A service that helps safeguard cryptographic keys and secrets used by cloud applications:
A. Azure Recovery Services Vault
B. Azure Key Vault
C. Azure Backup
D. Azure Disk Encryption
◆B — Azure Key Vault
RATIONALE: Key Vault securely stores and manages cryptographic keys, secrets, and certificates. Recovery Services Vault (A) stores backup data. Azure Backup (C) is the backup
service. Disk Encryption (D) encrypts VM disks.
8. A feature of Azure SQL Database for replication across multiple regions for high availability and disaster recovery:
A. Azure Site Recovery
B. Geo-Replication
C. GRS (Geo-Redundant Storage)
D. Replication
◆B — Geo-Replication
RATIONALE: Geo-Replication is specific to Azure SQL Database for cross-region replication. Site Recovery (A) is for VM disaster recovery. GRS (C) is for storage accounts.
Replication (D) is a general term.
9. A fully managed file share accessible through SMB, NFS, and REST API:
A. Azure Blob
B. Azure Files
C. Azure File Sync
D. Azure Data Lake Storage
◆B — Azure Files
RATIONALE: Azure Files provides fully managed SMB/NFS file shares in the cloud. Blob (A) is object storage. File Sync (C) synchronizes on-premises file servers. Data Lake (D) is
for big data analytics.
10. JSON files that outline the infrastructure and configuration settings for your project:
A. Azure Policy definitions
B. Azure Resource Manager (ARM) templates
C. Azure Blueprints
D. Azure Automation runbooks
◆B — Azure Resource Manager (ARM) templates
RATIONALE: ARM templates are JSON files defining infrastructure and configuration for declarative deployment. Policy definitions (A) enforce rules. Blueprints (C) package
policies and RBAC. Runbooks (D) are automation scripts.
11. A fully managed backup service providing data protection for Azure VMs, databases, and on-premises machines:
A. Azure Site Recovery
B. Azure Backup
C. Azure Recovery Services Vault
D. Azure Backup Server
◆B — Azure Backup
RATIONALE: Azure Backup is the managed service for protecting VMs, databases, and on-premises workloads. Site Recovery (A) is for disaster recovery. Recovery Services Vault
(C) is where backups are stored. Backup Server (D) is the on-premises component.
12. A fully managed service enabling secure RDP and SSH access to VMs without public internet exposure:
A. Azure VPN Gateway
B. Azure Private Link
C. Azure Bastion
D. Azure ExpressRoute
◆C — Azure Bastion
RATIONALE: Bastion provides secure, browser-based RDP/SSH access to VMs without public IPs. VPN Gateway (A) connects networks. Private Link (B) provides private endpoints
for PaaS. ExpressRoute (D) is dedicated connectivity.
13. A globally distributed, multi-model database service supporting document, key-value, graph, and column-family data models:
A. Azure SQL Database
B. Azure Table Storage
C. Azure Cosmos DB
D. Azure Data Factory
◆C — Azure Cosmos DB
RATIONALE: Cosmos DB is a globally distributed, multi-model NoSQL database. SQL Database (A) is relational. Table Storage (B) is key-value only. Data Factory (D) is for
ETL/data integration.
Page 2 of 6
