AZ 104 ACTUAL RENEWAL EXAM QUESTIONS AND ANSWERS UPDATED 2025 A+ GUARANTEED
COURSE
AZ 104
Question 1: Azure Storage
You have an Azure Storage account and need to grant users access to files stored in a blob
container. Which of the following methods should you use to securely share files with users?
a) Shared Access Signature (SAS)
b) Azure Active Directory (Azure AD)
c) Azure Key Vault
d) Azure Virtual Network
Answer:
Correct Answer: a) Shared Access Signature (SAS)
Rationale: A Shared Access Signature (SAS) allows you to grant time-limited, restricted
access to resources in your storage account, such as files in a blob container. Azure AD is
used for user authentication, but SAS is specifically designed for controlled access to
storage. Azure Key Vault is for secrets management, and Virtual Network doesn't directly
relate to file sharing.
Question 2: Virtual Machines (VMs)
You need to ensure that a virtual machine (VM) in Azure automatically shuts down at a specific
time each day. Which Azure feature should you configure?
a) Azure Automation
b) Azure Resource Manager (ARM)
c) Azure Virtual Machine Scale Sets
d) Azure Logic Apps
Answer:
Correct Answer: a) Azure Automation
Rationale: Azure Automation can be used to automate the start and shutdown of virtual
machines based on a schedule. ARM is the platform that deploys and manages
resources, and Virtual Machine Scale Sets are used for scaling, not for scheduling
, shutdowns. Logic Apps can automate tasks, but Automation is specifically designed for
VM management tasks.
Question 3: Identity and Access Management
Which of the following Azure services can be used to control access to resources in Azure based
on the role of the user?
a) Azure AD
b) Azure Role-Based Access Control (RBAC)
c) Azure Policy
d) Azure Key Vault
Answer:
Correct Answer: b) Azure Role-Based Access Control (RBAC)
Rationale: Azure Role-Based Access Control (RBAC) enables you to manage who has
access to Azure resources, what actions they can perform, and to which resources. Azure
AD is for identity management, Azure Policy is for compliance, and Azure Key Vault is for
managing secrets and keys.
Question 4: Networking
You need to connect two Azure virtual networks (VNets) in different regions. Which Azure
service should you use?
a) Virtual Network Gateway
b) VNet Peering
c) ExpressRoute
d) Load Balancer
Answer:
Correct Answer: b) VNet Peering
Rationale: VNet Peering connects two VNets in the same or different regions, allowing
them to communicate as if they were part of the same network. A Virtual Network
Gateway is used for site-to-site VPN connections, ExpressRoute is for private
connections, and Load Balancer is for distributing traffic across resources within a VNet.
,Question 5: Monitoring and Alerts
You need to receive alerts when an Azure virtual machine's CPU usage exceeds 80% for more
than 5 minutes. Which Azure service should you use to configure this alert?
a) Azure Monitor
b) Azure Logic Apps
c) Azure Automation
d) Azure Security Center
Answer:
Correct Answer: a) Azure Monitor
Rationale: Azure Monitor is used to collect, analyze, and act on telemetry from your
Azure resources. It can be used to create custom alerts based on performance metrics
such as CPU usage. Azure Logic Apps and Automation can automate processes but aren't
used for setting up performance-based alerts. Azure Security Center focuses on security
alerts.
Question 6: High Availability
You are configuring an Azure solution for high availability of a web application. Which of the
following should you use to ensure that traffic is evenly distributed between multiple web
servers?
a) Azure Load Balancer
b) Azure Traffic Manager
c) Azure Application Gateway
d) Azure Site Recovery
Answer:
Correct Answer: a) Azure Load Balancer
Rationale: Azure Load Balancer distributes incoming traffic across multiple virtual
machines to ensure high availability and reliability. Azure Traffic Manager is for managing
traffic between multiple regions, while Application Gateway provides load balancing
with application-level routing, and Site Recovery is for disaster recovery.
Question 7: Storage Management
, You need to store a large amount of unstructured data, such as media files, in Azure. Which
Azure service is most appropriate for this scenario?
a) Azure Blob Storage
b) Azure SQL Database
c) Azure Disk Storage
d) Azure Table Storage
Answer:
Correct Answer: a) Azure Blob Storage
Rationale: Azure Blob Storage is designed for storing large amounts of unstructured
data, such as media files, logs, and backups. Azure SQL Database is for relational data,
Azure Disk Storage is for VM disks, and Azure Table Storage is for NoSQL data.
Question 8: Backup Solutions
Which Azure service should you use to back up virtual machines running in Azure to ensure
their restoration in case of data loss?
a) Azure Backup
b) Azure Site Recovery
c) Azure Storage Account
d) Azure Monitor
Answer:
Correct Answer: a) Azure Backup
Rationale: Azure Backup is the solution designed to back up virtual machines and
restore them in the event of data loss or disaster. Azure Site Recovery is used for disaster
recovery, Azure Storage Account is used for storing data, and Azure Monitor is used for
monitoring and alerts.
Question 9: Virtual Network Configuration
Which of the following actions can be performed using an Azure Network Security Group (NSG)?
a) Encrypt data in transit between virtual machines
b) Filter inbound and outbound traffic to Azure resources
COURSE
AZ 104
Question 1: Azure Storage
You have an Azure Storage account and need to grant users access to files stored in a blob
container. Which of the following methods should you use to securely share files with users?
a) Shared Access Signature (SAS)
b) Azure Active Directory (Azure AD)
c) Azure Key Vault
d) Azure Virtual Network
Answer:
Correct Answer: a) Shared Access Signature (SAS)
Rationale: A Shared Access Signature (SAS) allows you to grant time-limited, restricted
access to resources in your storage account, such as files in a blob container. Azure AD is
used for user authentication, but SAS is specifically designed for controlled access to
storage. Azure Key Vault is for secrets management, and Virtual Network doesn't directly
relate to file sharing.
Question 2: Virtual Machines (VMs)
You need to ensure that a virtual machine (VM) in Azure automatically shuts down at a specific
time each day. Which Azure feature should you configure?
a) Azure Automation
b) Azure Resource Manager (ARM)
c) Azure Virtual Machine Scale Sets
d) Azure Logic Apps
Answer:
Correct Answer: a) Azure Automation
Rationale: Azure Automation can be used to automate the start and shutdown of virtual
machines based on a schedule. ARM is the platform that deploys and manages
resources, and Virtual Machine Scale Sets are used for scaling, not for scheduling
, shutdowns. Logic Apps can automate tasks, but Automation is specifically designed for
VM management tasks.
Question 3: Identity and Access Management
Which of the following Azure services can be used to control access to resources in Azure based
on the role of the user?
a) Azure AD
b) Azure Role-Based Access Control (RBAC)
c) Azure Policy
d) Azure Key Vault
Answer:
Correct Answer: b) Azure Role-Based Access Control (RBAC)
Rationale: Azure Role-Based Access Control (RBAC) enables you to manage who has
access to Azure resources, what actions they can perform, and to which resources. Azure
AD is for identity management, Azure Policy is for compliance, and Azure Key Vault is for
managing secrets and keys.
Question 4: Networking
You need to connect two Azure virtual networks (VNets) in different regions. Which Azure
service should you use?
a) Virtual Network Gateway
b) VNet Peering
c) ExpressRoute
d) Load Balancer
Answer:
Correct Answer: b) VNet Peering
Rationale: VNet Peering connects two VNets in the same or different regions, allowing
them to communicate as if they were part of the same network. A Virtual Network
Gateway is used for site-to-site VPN connections, ExpressRoute is for private
connections, and Load Balancer is for distributing traffic across resources within a VNet.
,Question 5: Monitoring and Alerts
You need to receive alerts when an Azure virtual machine's CPU usage exceeds 80% for more
than 5 minutes. Which Azure service should you use to configure this alert?
a) Azure Monitor
b) Azure Logic Apps
c) Azure Automation
d) Azure Security Center
Answer:
Correct Answer: a) Azure Monitor
Rationale: Azure Monitor is used to collect, analyze, and act on telemetry from your
Azure resources. It can be used to create custom alerts based on performance metrics
such as CPU usage. Azure Logic Apps and Automation can automate processes but aren't
used for setting up performance-based alerts. Azure Security Center focuses on security
alerts.
Question 6: High Availability
You are configuring an Azure solution for high availability of a web application. Which of the
following should you use to ensure that traffic is evenly distributed between multiple web
servers?
a) Azure Load Balancer
b) Azure Traffic Manager
c) Azure Application Gateway
d) Azure Site Recovery
Answer:
Correct Answer: a) Azure Load Balancer
Rationale: Azure Load Balancer distributes incoming traffic across multiple virtual
machines to ensure high availability and reliability. Azure Traffic Manager is for managing
traffic between multiple regions, while Application Gateway provides load balancing
with application-level routing, and Site Recovery is for disaster recovery.
Question 7: Storage Management
, You need to store a large amount of unstructured data, such as media files, in Azure. Which
Azure service is most appropriate for this scenario?
a) Azure Blob Storage
b) Azure SQL Database
c) Azure Disk Storage
d) Azure Table Storage
Answer:
Correct Answer: a) Azure Blob Storage
Rationale: Azure Blob Storage is designed for storing large amounts of unstructured
data, such as media files, logs, and backups. Azure SQL Database is for relational data,
Azure Disk Storage is for VM disks, and Azure Table Storage is for NoSQL data.
Question 8: Backup Solutions
Which Azure service should you use to back up virtual machines running in Azure to ensure
their restoration in case of data loss?
a) Azure Backup
b) Azure Site Recovery
c) Azure Storage Account
d) Azure Monitor
Answer:
Correct Answer: a) Azure Backup
Rationale: Azure Backup is the solution designed to back up virtual machines and
restore them in the event of data loss or disaster. Azure Site Recovery is used for disaster
recovery, Azure Storage Account is used for storing data, and Azure Monitor is used for
monitoring and alerts.
Question 9: Virtual Network Configuration
Which of the following actions can be performed using an Azure Network Security Group (NSG)?
a) Encrypt data in transit between virtual machines
b) Filter inbound and outbound traffic to Azure resources
