Browse Exams — Mock Exams & Practice Tests

AZ-104 Mock Exams & Practice Exam Questions | Microsoft Azure Administrator

AZ-104 mock exams and practice exam questions for Microsoft Azure Administrator. Timed practice sets and detailed explanations in the AWS Exam Prep app (web, iOS, Android).

On this page
Interactive Practice Center

Start a practice session for Microsoft Azure Administrator (AZ-104) below, or open the full app in a new tab. For the best experience, open the full app in a new tab and navigate with swipes/gestures or the mouse wheel—just like on your phone or tablet.

Open Full App in a New Tab

A small set of questions is available for free preview. Subscribers can unlock full access by signing in with the same account used on mobile.

Prefer to practice on your phone or tablet? Download the AWS Exam Prep – AWS, Azure, GCP & CompTIA exam prep app for iOS or AWS Exam Prep app on Google Play (Android) and then sign in with the same account on web to continue your sessions on desktop.

Tip: Begin with 20–25 question domain drills for weak areas, then move to mixed mocks. Aim for consistent ~75–80% before test day.

Suggested progression

  1. Domain drills (daily): 2× 20–25 question sets per day focused on a single AZ-104 domain.
  2. Mixed sets (alternate days): 1× 30–40 questions combining 2–3 domains.
  3. Full mock (final week): 2–3 complete exams that mirror live-exam tone/coverage. Review every miss and tag weak objectives.

Timeboxing

  • Domain set: ~35–40 minutes
  • Mixed set: ~60 minutes
  • Full mock: ~120 minutes (plan for realistic pacing and a buffer for flagged items)

Scoring & review

  • Mark + return: Flag uncertain items, then review after completing the set.
  • Pattern log: Track recurring miss themes (e.g., Private Endpoint vs service endpoints, RBAC vs Policy vs Locks, ZRS vs GZRS, LB vs App Gateway vs Front Door).
  • Turn misses into notes: Convert each theme into 1–2 bullet “rules of thumb” and re-drill that domain the next day.

Fast remediations (common weak spots)

  • Private access failures: Check Private DNS records and VNet links; confirm name resolution before blaming NSGs.
  • Scope mistakes: Verify you’re assigning RBAC at the smallest workable scope; use Policy for configuration guardrails, not access.
  • Resilience picks: Prefer Zones when supported; use VMSS + autoscale for scale-out; match redundancy (LRS/ZRS/GRS/GZRS) to SLA needs.
  • Monitoring blind spots: Set at least one metric alert and one log (KQL) alert per workload; wire Action Groups early.

What to pair with practice

  • Syllabus: Objective-by-domain outline → view
  • Cheatsheet: High-yield defaults, tables, and quick commands → open
  • Overview: Format, scoring, and study plan → read

Tips for exam-style pacing

  • First pass fast: Aim ~60–70 seconds per item; flag long scenario items for the end.
  • Draw the diagram: For networking/storage scenarios, sketch scopes (MG→Sub→RG→Resource), endpoints, and DNS flows.
  • Eliminate aggressively: Remove answers that violate least privilege, SLA, or zone awareness—even if you’re unsure of the remaining options.

Ready to drill?

Open the app above and choose:

  • Domain Drills: Identities/Governance • Storage • Compute • Networking • Monitoring/Backup
  • Mixed Sets: Combine 2–3 domains for transfer practice
  • Full Mocks: Exam-length simulations with review mode

Exam snapshot

  • Certification: Microsoft Azure Administrator (AZ-104)
  • Audience: Admins/engineers operating Azure workloads day-to-day (identity, compute, storage, networking, monitoring)
  • Experience target: ~6–12 months hands-on with Azure services and the Portal/CLI
  • Format: Multiple choice/multiple response, case sets, drag-and-drop, and short task-style questions
  • Timing: ~2 hours total appointment; question count varies by delivery form
  • Passing: Scaled score 700 (0–1000)

How to use this hub: Skim this Overview, then study the Syllabus objective-by-objective. Keep the Cheatsheet open for last-mile recall, and validate with Practice under timed conditions.

What AZ-104 measures (by domain)

1) Manage Azure identities, governance & access

  • Microsoft Entra ID tenants, users, groups, administrative units
  • Role-Based Access Control (built-in roles, custom roles, scopes), PIM basics
  • Subscriptions, management groups, policies/initiatives, tags, locks, landing-zone guardrails

2) Implement & manage storage

  • Storage accounts, redundancy (LRS/ZRS/GRS/GZRS), lifecycle & access tiers
  • Blob (containers, immutability, SAS), Files (SMB/NFS, AD/Entra auth)
  • Encryption, keys, endpoints, private access, cost & performance tuning

3) Deploy & manage compute

  • VMs and scale sets (images, extensions, availability sets/Zones)
  • Azure Compute Gallery, update/fault domains, backup & restore
  • Containers at admin level (ACR, ACI) and basics of App Service administration

4) Configure & manage virtual networking

  • VNets/subnets, IP addressing, NSGs/ASGs, routing/UDRs
  • Private Endpoints/Private Link, service endpoints, DNS, Bastion
  • Load balancing (LB/App Gateway/Front Door at admin depth), VPN/ExpressRoute fundamentals

5) Monitor, back up & maintain

  • Azure Monitor (metrics, alerts, action groups), Log Analytics & KQL basics
  • Update management, change tracking, inventory, Desired State/Guest Config overview
  • Backup/restore and recovery points; availability & resilience considerations

What’s actually hard on AZ-104

  • Scope creep: RBAC vs Policy vs Locks—know what each controls and where (resource → resource group → subscription → management group).
  • Private access patterns: When to choose Private Endpoint vs service endpoints; DNS plumbing for private access (zones, split-horizon).
  • Resilience knobs: Availability Sets vs Zones vs Scale Sets; SKU/region support and how it affects designs.
  • Storage trade-offs: Redundancy classes, access tiers, lifecycle rules, and cost/perf impacts.
  • Monitoring workflows: Metric vs log alerts, action groups, and “where the data lives” (workspace vs resource).

Readiness checklist

  • I can assign RBAC at the correct scope and verify effective permissions.
  • I can harden storage (private access, shared keys vs SAS, role-based auth).
  • I can place subnets and secure with NSGs/ASGs; I understand UDRs and routing gotchas.
  • I can choose redundancy (Zones, LRS/ZRS/GRS, zone-redundant SKUs) for a target SLA.
  • I can wire up monitoring (metrics/logs, alerts, action groups) and read basic KQL.
  • I can back up and restore VMs and storage with appropriate policies/retention.

Study plan (2–3 weeks, part-time)

Week 1 — Identity & Governance + Storage

  1. Syllabus: Identities/RBAC/Policy.
  2. Lab: create a sandbox subscription, RGs, tags, policies/initiatives, and RBAC assignments.
  3. Storage: create 2–3 storage accounts (different redundancy), enable lifecycle rules, set up a Private Endpoint and test access.

Week 2 — Networking + Compute

  1. VNets/Subnets/NSGs, UDRs, hybrid DNS (custom + Private DNS).
  2. Deploy VMs/Scale Sets with Zones; attach data disks; configure extensions; enable backups.
  3. Load balancing: internal vs public, health probes/rules; try App Gateway or Front Door end-to-end.

Week 3 — Monitoring & Review

  1. Azure Monitor + Log Analytics: build dashboards, alerts (metric + log), and action groups; practice KQL queries.
  2. Resilience review: redundancy options, region/zone implications; run a simple restore drill.
  3. Full Practice set, then targeted sprints on weak domains.

Exam-day tactics

  • First pass fast: Answer what you know; flag the rest and circle back.
  • Sketch the scope: For networking/storage scenarios, diagram resources, scopes, and endpoints.
  • Eliminate safely: Remove answers that violate least privilege, break SLA, or ignore zone-awareness.
  • Think operations: Prefer solutions that are operationally simple, cost-sensible, and auditable.

Continue to the next step