Free practice test · no sign-up

Azure AZ-104Free Microsoft Azure Administrator practice test

  • ✓ 10 free questions
  • ✓ Instant answers & explanations
  • ✓ No sign-up, no email

10 real Azure AZ-104 practice questions with instant answers and explanations — no account, no credit card, no email. Score yourself, then unlock the full bank of 500 questions whenever you’re ready. The Azure AZ-104 passing score is 700 / 1000.

Question 1 of 10

A company needs to deploy a Windows Server 2022 VM in Azure that requires a minimum of 32 vCPUs, 256 GiB RAM, and local NVMe SSD storage for temporary scratch space with extremely low latency. The VM must reside in East US. Which VM series should the administrator select?

Answer key

All 10 Azure AZ-104 questions & answers

Prefer to just read the answers and explanations? Here’s the full key for this free Azure AZ-104 test.

Q1. A company needs to deploy a Windows Server 2022 VM in Azure that requires a minimum of 32 vCPUs, 256 GiB RAM, and local NVMe SSD storage for temporary scratch space with extremely low latency. The VM must reside in East US. Which VM series should the administrator select?

Correct answer: B. Lsv3-series

Lsv3-series VMs are storage-optimized with directly attached local NVMe SSDs designed for high-throughput, low-latency storage workloads. Dsv5-series is general-purpose and does not provide local NVMe storage. Esv5-series is memory-optimized but also lacks local NVMe. Bsv2-series is burstable and intended for workloads with variable CPU needs, not high-speed local storage.

Q2. An administrator provisions a Linux VM and attaches a new Premium SSD managed data disk. After the VM reboots, the disk is not mounted. What must the administrator do to ensure the data disk automatically mounts on every boot?

Correct answer: B. Add an entry for the disk in /etc/fstab using the disk's UUID

Linux uses /etc/fstab to define filesystems that should be mounted at boot time. Adding an entry with the disk's UUID ensures the data disk mounts automatically after reboot. Disk caching settings affect I/O performance, not mount behavior. Replacing the OS disk is disruptive and unrelated to mounting data disks. Write Accelerator is a feature for M-series VMs to accelerate log writes, not a mount mechanism.

Q3. A team is deploying a VM Scale Set (VMSS) that must automatically scale out when average CPU utilization across instances exceeds 75% for 10 minutes, and scale in when it drops below 30% for 15 minutes. The VMSS must never drop below 2 instances or exceed 20 instances. Which combination of VMSS settings achieves this?

Correct answer: A. Set min count 2, max count 20; create a scale-out rule CPU > 75% over 10 min and a scale-in rule CPU < 30% over 15 min on the autoscale profile

Azure VMSS autoscale profiles support metric-based rules with configurable thresholds, evaluation windows, and instance count boundaries (min/max). Setting scale-out on CPU > 75% over 10 min and scale-in on CPU < 30% over 15 min with min 2 / max 20 exactly matches the requirement. Scheduled autoscale acts on time patterns, not live CPU metrics. Predictive autoscale alone cannot enforce the threshold-triggered windows specified. A custom script extension is a fragile anti-pattern that duplicates built-in platform capability.

Q4. A virtual machine in the East US region must be moved to the West Europe region. The VM uses a Premium SSD managed OS disk and two Standard SSD managed data disks. The VM does not have a public IP address. What is the correct Azure-native approach?

Correct answer: A. Use Azure Resource Mover to move the VM resource and its dependent disks to West Europe

Azure Resource Mover is the purpose-built service for moving VMs and their dependent resources (disks, NICs, NSGs) between Azure regions while validating dependencies. The snapshot-export-recreate approach works but is a manual multi-step workaround rather than the recommended Azure-native path. The Azure portal Move button on a resource group only supports subscription or resource group moves within the same region, not cross-region. VM region is an immutable property; it cannot be changed via CLI without recreating the resource.

Q5. An organization requires that all data written to managed disks attached to production VMs is encrypted using keys the organization controls, without any dependency on Azure Key Vault premium tier. The encryption must apply at the physical host level, not just at the storage service level. Which feature should the administrator enable?

Correct answer: B. Encryption at host

Encryption at host encrypts data at rest on the physical host before it is written to Azure Storage, covering the VM's OS disk, data disks, and temp disk in a single setting. It supports customer-managed keys stored in Azure Key Vault Standard tier (Premium tier is not required), and operates at the host layer rather than inside the guest OS. ADE encrypts volumes inside the guest OS using BitLocker or dm-crypt and requires Key Vault, but does not encrypt the temp disk by default and operates at a different layer. SSE-PMK is automatic storage-level encryption with Microsoft-managed keys, not customer-controlled. Confidential disk encryption is specific to Confidential VMs and ties encryption to a vTPM, which is a different security model.

Q6. A company hosts a critical web application on three VMs in Azure. The SLA requirement is 99.99% uptime. The application is stateless and can tolerate VM restarts. What deployment configuration meets the uptime SLA?

Correct answer: B. Deploy all three VMs across two Availability Zones in the same region

Azure guarantees a 99.99% VM uptime SLA when two or more instances are deployed across two or more Availability Zones in the same region. Availability Zones are physically separate datacenters with independent power, cooling, and networking. An Availability Set provides a 99.95% SLA against hardware and planned maintenance events within a single datacenter, which does not meet 99.99%. Deploying all VMs in the same Availability Zone provides no redundancy against zone-level failures. A proximity placement group reduces network latency but provides no uptime SLA guarantee.

Q7. An administrator needs to deploy an Azure Container Registry (ACR) in a hub-and-spoke network. The registry must be accessible only from VMs in the spoke VNets; no public internet access should reach the registry. Which combination of ACR features achieves this?

Correct answer: B. Disable public network access on the ACR, create a private endpoint in the hub VNet, and configure private DNS zone resolution in all spoke VNets

Disabling public access and using a private endpoint places the registry on the Azure private network; the private DNS zone ensures spoke VMs resolve the registry hostname to a private IP rather than the public endpoint. Peered spoke VNets inherit DNS resolution from the hub when configured correctly, making the registry reachable only from within the network. Service endpoints with firewall rules still expose the public endpoint and are a weaker isolation model. Allowlisting individual VM IPs is operationally fragile and does not prevent all public internet paths. Geo-replication addresses availability and latency, not network isolation.

Q8. A developer team pushes container images to an Azure Container Registry (Premium tier) using Docker. The security team requires that older, untagged image layers (dangling manifests) be automatically purged every 7 days to save storage costs and reduce attack surface. What is the most operationally efficient way to configure this?

Correct answer: B. Enable the ACR built-in retention policy to purge untagged manifests after 7 days

ACR Premium tier includes a built-in retention policy that automatically deletes untagged manifests after a configurable number of days (1–365), with no custom code or external orchestration required. This feature is exclusive to the Premium SKU. A Logic App calling the REST API achieves the same result but requires custom workflow maintenance. An Azure Function triggered by Event Grid fires per push event, not on a retention schedule, and would require additional logic. While 'az acr purge' via a Container Instance is a valid workaround, it is more complex than the native retention policy and requires scheduling infrastructure.

Q9. An administrator needs to deploy a single containerized web API that must start in under 30 seconds, requires no persistent storage, will serve sporadic bursty traffic, and must not incur charges when idle. Which Azure compute option best fits these requirements?

Correct answer: C. Azure Container Apps with the Consumption workload profile

Azure Container Apps with the Consumption workload profile scales to zero when idle (zero cost at idle), scales out rapidly on incoming requests, and supports container-native workloads without managing orchestration infrastructure. ACI is serverless and fast to start but does not natively scale to zero based on traffic patterns the way Container Apps do; billing continues for the full duration the container is running. AKS requires node pool management and incurs VM costs even at zero traffic. App Service Free tier does not support custom containers on a truly serverless consumption model.

Q10. A web application on Azure App Service is experiencing high memory utilization causing crashes. The current plan is Standard S2 (2 vCPUs, 3.5 GiB RAM). The team wants to increase RAM without changing the number of instances or adding horizontal scale. What action resolves this?

Correct answer: B. Scale up the App Service Plan to Standard S3 (4 vCPUs, 7 GiB RAM)

Scaling up (vertical scaling) upgrades the App Service Plan to a larger SKU with more vCPUs and RAM, which directly addresses the memory exhaustion without adding instances. Scaling out adds more instances of the same size and does not increase per-instance RAM. Memory-based autoscale would add instances rather than increase per-instance memory, leaving the root cause unresolved. Moving to an ASE provides network isolation and higher limits but is a major infrastructure change that is disproportionate to the stated problem.

Exam facts and objectives sourced from the official Microsoft certification page. Last reviewed June 2026.

Ready for the full Azure AZ-104 bank? Start free.

500 questions, timed mock exams, and missed-question review — 30 free questions, no card.

Start free trial
Azure AZ-104 study guide & details →