Free practice test · no sign-up
Azure AZ-204Free Microsoft Azure Developer Associate practice test
- ✓ 10 free questions
- ✓ Instant answers & explanations
- ✓ No sign-up, no email
10 real Azure AZ-204 practice questions with instant answers and explanations — no account, no credit card, no email. Score yourself, then unlock the full bank of 500 questions whenever you’re ready. The Azure AZ-204 passing score is 700 / 1000.
A developer imports an OpenAPI 2.0 specification into Azure API Management and immediately tests an endpoint from the developer portal. The call returns HTTP 500. The backend service is healthy and accessible from the APIM instance. Which APIM policy is the most likely first place to look for a misconfiguration that would cause this error?
Answer key
All 10 Azure AZ-204 questions & answers
Prefer to just read the answers and explanations? Here’s the full key for this free Azure AZ-204 test.
Q1. A developer imports an OpenAPI 2.0 specification into Azure API Management and immediately tests an endpoint from the developer portal. The call returns HTTP 500. The backend service is healthy and accessible from the APIM instance. Which APIM policy is the most likely first place to look for a misconfiguration that would cause this error?
Correct answer: B. set-backend-service policy pointing to an incorrect URL in the inbound section
A set-backend-service policy with an incorrect backend URL would cause APIM to forward the request to the wrong host, resulting in a connection failure surfaced as HTTP 500. Rate-limit errors return 429, CORS misconfigurations return 403 or affect browser preflight not direct portal calls, and a missing Event Hub logger would generate a policy evaluation warning but would not block the request with a 500.
Q2. Your team exposes an API through Azure API Management. You want anonymous callers to receive a maximum of 10 calls per minute per IP address, while authenticated subscribers can make up to 100 calls per minute using their subscription key. Which combination of policies achieves this with the least management overhead?
Correct answer: C. A choose policy that evaluates context.Subscription.Key and applies rate-limit-by-key keyed on IpAddress (limit 10) when no key is present, or keyed on the subscription key (limit 100) when a key is present
A choose (conditional) policy can inspect whether a subscription key is present and then apply different rate-limit-by-key rules in one policy block, covering both scenarios in a single product without duplicating product configuration. Separate products (option B) require managing two product lifecycles and do not share a single endpoint. Option A applies both limits to every caller simultaneously. Option D cannot enforce per-IP throttling because the IP restriction policy blocks IPs entirely rather than rate-limiting them.
Q3. A developer needs to validate JWT tokens issued by Azure Active Directory before requests reach the backend API in Azure API Management. The tokens use RS256 signing and the tenant ID is known. Which policy element and placement are correct?
Correct answer: B. validate-jwt in the inbound section, specifying the openid-config URL for the AAD tenant
The validate-jwt policy must be placed in the inbound section so that the token is validated before the request is forwarded to the backend. Specifying the openid-config URL for the AAD tenant lets APIM automatically retrieve the RS256 public signing keys. Placing it in the outbound section would validate after the backend call, providing no protection. authentication-basic handles HTTP Basic credentials, not JWTs. check-header only verifies header presence, not token validity or claims.
Q4. An APIM-hosted API receives identical GET requests for slowly changing product catalog data. Backend response times are high. You want responses cached for 60 seconds based on the full request URL without writing any custom code in the backend. Which policy accomplishes this?
Correct answer: B. cache-lookup and cache-store policies in the inbound and outbound sections respectively, with a 60-second duration and vary-by-query-parameter set to *
The cache-lookup policy (inbound) checks whether a cached response exists and short-circuits to the outbound pipeline if found, while cache-store (outbound) saves the backend response. Setting vary-by-query-parameter to * ensures the cache key includes all query string parameters, making the cache URL-specific. cache-store-value stores arbitrary values in the cache but is not designed for full HTTP response caching. forward-request controls request forwarding timeouts, not caching. set-variable is pipeline-scoped and does not persist across requests.
Q5. A single-page application hosted on https://app.contoso.com calls an API exposed through Azure API Management at https://api.contoso.com. Browsers block the calls with a CORS error. What is the minimal APIM policy change required to fix this?
Correct answer: B. Add a cors policy in the inbound section listing https://app.contoso.com as an allowed origin
APIM's built-in cors policy injects the appropriate Access-Control-Allow-Origin response headers and handles OPTIONS preflight requests. Listing the specific origin https://app.contoso.com satisfies the browser's Same-Origin Policy requirements. The Developer Portal CORS setting applies only to calls made from the Developer Portal's interactive console, not to application traffic. set-header and rewrite-uri do not affect cross-origin browser enforcement.
Q6. During API development, a frontend team needs to start integration work before the backend is ready. The APIM operation already has a response schema defined in the OpenAPI spec. Which APIM policy allows the frontend to receive realistic responses without a live backend?
Correct answer: B. mock-response policy enabled in the inbound section, which uses the example or schema defined in the API spec
The mock-response policy reads the example or schema from the OpenAPI specification attached to the operation and returns a synthesized response without calling the backend. This is the purpose-built feature for this scenario. return-response can also short-circuit, but requires manually specifying the response body in the policy XML rather than deriving it from the spec. set-body modifies responses that already came from a backend. forward-request with timeout 0 would immediately fail, not return a mock.
Q7. A company publishes two tiers of its APIM API: a free tier with limited operations and a premium tier with full access. Developers must self-subscribe and receive a unique key per tier. Which APIM construct should be used to model this?
Correct answer: B. Two APIM Products, each containing the appropriate API operations, with subscription approval configured per product
APIM Products are the correct abstraction for bundling APIs/operations and controlling access tiers. Each Product issues its own subscription key, and approval can be set to automatic or manual per product. API versioning (v1/v2) is for managing API evolution, not access tiers. Separate APIM instances add unnecessary operational overhead and cost. Named Values are configuration stores, not access-control mechanisms.
Q8. You are publishing an API through Azure API Management and want to delegate user sign-up and subscription management to your own website rather than using the built-in Developer Portal forms. Which APIM feature enables this?
Correct answer: B. The Delegation feature in APIM, which redirects sign-up and subscription events to a configured webhook URL on your site
APIM's Delegation feature is specifically designed to hand off user registration, sign-in, and product subscription workflows to an external website by redirecting the user with a signed token that your site can verify and act upon. Custom domain configuration changes the portal URL but keeps APIM's own forms. validate-jwt enforces authentication on API calls, not portal workflows. Exporting the portal as a static site still relies on APIM's own user management unless delegation is also configured.
Q9. A developer is configuring OAuth 2.0 authorization for an APIM API so that the Developer Portal's interactive console sends access tokens automatically. After registering both the APIM application and the backend application in Azure AD and configuring the OAuth 2.0 server in APIM, what additional step is needed to make the Developer Portal console send a Bearer token?
Correct answer: B. Enable the OAuth 2.0 user authorization setting on the API definition within APIM
After setting up the OAuth 2.0 server definition in APIM, you must explicitly associate it with the API by enabling the OAuth 2.0 authorization server on the API's Security settings. This tells the Developer Portal console to acquire and send a Bearer token for that API. validate-jwt validates tokens on incoming requests but does not instruct the portal to obtain them. The subscription key header is unrelated to OAuth token transmission. Named Values holding secrets are not how the portal is instructed to initiate OAuth flows.
Q10. An application must react within seconds whenever a new blob is uploaded to Azure Blob Storage in a specific container. The reaction logic is implemented as an Azure Function. Which Azure service and trigger type provide the lowest-latency event delivery with the least infrastructure to manage?
Correct answer: B. Azure Event Grid system topic for the storage account with an Event Grid trigger on the Azure Function
Event Grid natively integrates with Azure Blob Storage as a system event source and delivers BlobCreated events typically within seconds. An Azure Function with an Event Grid trigger receives the event directly with no polling or additional infrastructure. Service Bus requires a separate component to translate storage events into messages. Event Hubs Capture writes blob data to storage but does not emit upload events for individual blobs. Timer-based polling introduces latency up to the polling interval and wastes resources when no uploads occur.
Exam facts and objectives sourced from the official Microsoft certification page. Last reviewed June 2026.
Ready for the full Azure AZ-204 bank? Start free.
500 questions, timed mock exams, and missed-question review — 30 free questions, no card.
Start free trial