Try 10 focused AZ-104 questions on Monitor and Maintain Azure Resources, with explanations, then continue with IT Mastery.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
| Field | Detail |
|---|---|
| Exam route | AZ-104 |
| Topic area | Monitor and Maintain Azure Resources |
| Blueprint weight | 15% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Monitor and Maintain Azure Resources for AZ-104. Work through the 10 questions first, then review the explanations and return to mixed practice in IT Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 15% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Monitor and Maintain Azure Resources
Which TWO of the following statements about Azure Site Recovery planned and unplanned failover are NOT correct? (Select TWO.)
Options:
A. During unplanned failover, you choose from available recovery points, such as the latest processed or latest app-consistent snapshot.
B. Unplanned failover always performs a final synchronization from the primary site before starting the secondary VM, ensuring there is no data loss.
C. Planned failover is typically used for maintenance or migration when the primary site is still running, and Site Recovery first synchronizes any outstanding changes to avoid data loss.
D. Unplanned failover is used when the primary site has failed unexpectedly and may result in data loss up to the last successful replication point.
E. You can start a planned failover even if the primary VM is unreachable; Site Recovery will still guarantee zero data loss.
Correct answers: B and E
Explanation: Azure Site Recovery provides two main types of failover: planned and unplanned. Planned failover is used when you have control over timing, such as during maintenance or migration, and the primary site is still healthy and reachable. In this case, Site Recovery can perform a final synchronization of changes from the primary to the secondary, then cleanly shut down the source VM to achieve failover with no data loss, provided replication is healthy.
Unplanned failover is used when the primary site has failed unexpectedly (for example, a regional outage). Because the primary is unavailable, Site Recovery cannot perform a final synchronization. Instead, you recover the VM in the secondary region by choosing from existing recovery points, such as the latest processed or an app-consistent snapshot. Any writes that occurred after the chosen recovery point may be lost, so unplanned failover cannot guarantee zero data loss.
Understanding these behaviors is key: planned failover aims for no data loss and requires a healthy source, while unplanned failover prioritizes bringing workloads online despite potential data loss.
Topic: Monitor and Maintain Azure Resources
You manage an app that writes telemetry to a General Purpose v2 storage account. Users report frequent 503 errors during peak traffic. In Azure Monitor > Storage accounts > Insights > Performance for the last hour, you see:
| Metric (last hour) | Value |
|---|---|
| Avg Success E2E Latency | 45 ms |
| Avg Transactions/sec | 23,000 |
| Throttled Transactions | 18% |
| Availability | 100% |
Based on this information, what is the most likely cause of the issue?
Options:
A. The storage account is exceeding its request rate limits and is being throttled during peak load.
B. The storage account is nearly out of capacity and cannot accept new data writes.
C. Network latency between the application and storage account is excessively high.
D. There is an ongoing regional storage outage affecting availability of the account.
Best answer: A
Explanation: Azure Monitor’s Storage account Insights provide high-level views of performance, capacity, and availability. In the Performance tab, you can quickly see whether issues stem from service health, latency, or throttling.
In this scenario, the charts show normal average end-to-end latency (45 ms) and perfect availability (100%), but a significant portion of requests are marked as throttled (18%). This pattern is typical when a storage account reaches its scalability limits for requests per second or throughput. The service continues to operate normally for requests within the allowed limits, but extra requests are rejected or delayed with throttling errors, which the application surfaces as 503 or similar transient failures.
Because the core service is healthy and latency is low, network or regional outage explanations do not match the data. The most reasonable interpretation of these Insights metrics is that the workload is pushing the storage account beyond its provisioned or default performance limits during peak periods, causing throttling.
Topic: Monitor and Maintain Azure Resources
You manage a set of Azure virtual machines running a web API. One VM instance is reported as “slow” by users. You review 15-minute average Azure Monitor metrics for four VMs. You must identify the VM that is most likely CPU-bound and should be scaled up to a larger size rather than investigating storage or network issues. Which VM’s metric pattern BEST matches this requirement?
Options:
A. Percentage CPU stays below 30%; disk IOPS and network throughput are both low; utilization for all metrics is well under expected capacity.
B. Percentage CPU averages 55–60%; network throughput is close to the NIC’s documented limit; disk IOPS remain low.
C. Percentage CPU averages 35–40%; disk read/write IOPS are near the disk’s known limit with a growing disk queue; network throughput is low.
D. Percentage CPU is flat between 95–100%; disk IOPS and network throughput stay low to moderate and well below known limits.
Best answer: D
Explanation: Azure Monitor exposes key performance metrics such as Percentage CPU, disk IOPS, and network throughput for Azure virtual machines. To determine whether a VM is CPU-bound, you look for sustained high CPU utilization while other resource metrics (disk and network) remain within normal or low ranges. This pattern indicates that the processor is the limiting factor.
If another resource such as storage or network is saturated while CPU stays moderate or low, the bottleneck lies in that other resource. In that case, scaling CPU (moving to a larger VM size) will not significantly improve performance.
In the scenario, you are asked specifically to identify the VM that is CPU-bound and should be scaled up, so you must choose the description where CPU is consistently at or near maximum, with disk and network showing no significant constraint.
Topic: Monitor and Maintain Azure Resources
You manage an Azure virtual machine named AppVM that hosts a line-of-business API. Users report sluggish response times during business hours.
Azure Monitor shows the following average metrics for AppVM over the last 7 days (09:00–17:00):
| Metric | Observation |
|---|---|
| CPU utilization | 85–95% |
| Disk IOPS (OS+data disks) | 10–15% of provisioned IOPS |
| Disk queue length | ~0 |
| Network throughput | 5–10% of NIC capacity |
| Guest OS memory utilization | 70–80%, minimal paging |
You must improve application responsiveness during peak hours while avoiding unnecessary spend on over-provisioned storage. You cannot significantly change the application architecture.
Which of the following actions/solutions will meet these requirements? (Select TWO.)
Options:
A. Move the data disk from a Premium SSD tier with high IOPS (for example, P30) to a lower-cost Standard SSD tier, and continue to monitor disk metrics.
B. Add an additional data disk and stripe the volumes inside the guest OS to increase total available IOPS for the application.
C. Enable accelerated networking on AppVM and add a second NIC in a different subnet to increase total network throughput.
D. Resize AppVM to a larger VM size with more vCPUs in the same series to reduce sustained CPU utilization during business hours.
E. Migrate the workload to a virtual machine scale set and enable autoscale based on disk queue length during peak hours.
Correct answers: A and D
Explanation: The Azure Monitor metrics show that CPU utilization is consistently high (85–95%) during business hours, while disk IOPS, disk queue length, and network throughput are all low relative to their capacities. This pattern is typical of a CPU-bound workload.
When a VM is CPU-bound, the primary remedy is to provide more compute resources, such as more vCPUs or a higher-performance CPU in the same VM family. At the same time, the disk metrics show that the current storage provisioned IOPS significantly exceed actual usage, suggesting that the disks may be over-provisioned and costing more than necessary.
Therefore, the best combination of actions is to (1) scale up compute to relieve the CPU bottleneck and (2) right-size the disk tier to reduce unnecessary storage cost, both based directly on the observed metrics and within the constraint of not changing the overall application architecture.
Topic: Monitor and Maintain Azure Resources
You manage Azure Site Recovery for several virtual machines. The business requires a recovery point objective (RPO) of 15 minutes or less for all protected VMs.
You open the Replicated items blade and see the following:
| Protected item | Replication health | Last RPO (min) | Status |
|---|---|---|---|
| Prod-Web-01 | Healthy | 4 | Protected |
| Prod-SQL-01 | Warning | 12 | Protected |
| Dev-App-01 | Healthy | 27 | Protected |
Based only on the information in the exhibit, which statement is correct?
Options:
A. Prod-SQL-01 violates the RPO requirement because its replication health is Warning.
B. Only Dev-App-01 currently exceeds the 15-minute RPO requirement.
C. Both Prod-SQL-01 and Dev-App-01 exceed the 15-minute RPO requirement.
D. All protected VMs currently meet the 15-minute RPO requirement.
Best answer: B
Explanation: In Azure Site Recovery, the Last RPO (min) value on the Replicated items blade shows how far back in time the most recent recovery point is, relative to the current time. A smaller number means more recent data and therefore better alignment with a strict RPO requirement.
In the exhibit, the business requires an RPO of 15 minutes or less for all protected VMs. You simply compare each VM’s Last RPO value against that threshold:
Replication health (Healthy/Warning) is important for overall replication status but is not the same as the numeric RPO value. A VM can show Warning health while still meeting the RPO target, and conversely, a VM could be Healthy but have an RPO that violates a strict business requirement if the number is too high. The correct interpretation therefore depends on reading the Last RPO (min) field directly.
Topic: Monitor and Maintain Azure Resources
You manage Azure Monitor alerts for a production subscription. You plan to use alert processing rules to reduce noise and route critical incidents. You must avoid unsafe configurations. Which alert processing rule configuration is INCORRECT and you SHOULD NOT implement?
Options:
A. Create a processing rule that routes only Sev0 and Sev1 alerts for a mission-critical resource group to an on-call email group and ITSM connector 24x7.
B. Create a processing rule that suppresses only informational and low-severity alerts on a specific resource group during a planned weekly maintenance window.
C. Create a processing rule that temporarily suppresses all alerts for a single VM during a one-time in-place OS upgrade maintenance window, with a defined start and end time.
D. Create a processing rule that permanently suppresses all alert notifications for the entire production subscription, with no filters, to stop email noise.
Best answer: D
Explanation: Alert processing rules in Azure Monitor are designed to control how alerts are handled after they are fired. They can suppress, route, or modify alerts based on scope, conditions, and schedule. Used correctly, they reduce noise while keeping real issues visible.
Completely blocking all alert notifications for an entire production subscription, with no filters or time limits, is unsafe because it hides every alert, including critical incidents. Admins would have no visibility into outages or security issues. Proper use of alert processing rules always preserves visibility for important alerts or constrains suppression by time, severity, or scope.
Good patterns include limiting suppression to a maintenance window, to low-severity alerts, or to specific resources, and using routing rules to send high-severity alerts to the correct team or system for rapid response.
Topic: Monitor and Maintain Azure Resources
You plan to back up a production Azure virtual machine to a Recovery Services vault. The VM owner requires a restore point from any day in the last 30 days. Long-term retention (beyond 30 days) is not required. You must configure the backup policy to meet these requirements while minimizing backup storage costs and management overhead.
Which backup policy configuration should you use?
Options:
A. Configure daily backups at 02:00 with a daily retention of 30 days and no weekly, monthly, or yearly retention enabled.
B. Configure daily backups at 02:00 with a daily retention of 30 days and weekly retention of 12 weeks enabled.
C. Configure weekly backups on Sunday at 02:00 with a weekly retention of 4 weeks and no daily backups enabled.
D. Configure daily backups at 02:00 with a daily retention of 60 days and monthly retention enabled for 12 months.
Best answer: A
Explanation: Azure Backup policies in a Recovery Services vault let you define a backup schedule and separate retention ranges for daily, weekly, monthly, and yearly recovery points. In this scenario, the requirement is clear: you need to restore from any day in the last 30 days, and there is explicitly no need for long-term retention.
To minimize storage costs and management overhead, the policy should:
The configuration that uses a daily backup schedule with 30 days of daily retention and has all long-term retention options disabled satisfies the functional requirement and minimizes unnecessary storage usage and complexity.
Topic: Monitor and Maintain Azure Resources
An administrator enables Azure Network Watcher NSG flow logs and on-demand packet capture for a virtual machine subnet to investigate intermittent connectivity failures. The goal is to see which flows are allowed or denied and inspect packet details over time. Which cloud operations principle does this practice primarily support?
Options:
A. Improving observability and deep visibility into network behavior
B. Ensuring high availability of the workload during regional outages
C. Reducing overall cloud costs by minimizing resource usage
D. Automatically scaling the application to handle varying traffic loads
Best answer: A
Explanation: In the scenario, the administrator turns on NSG flow logs and packet capture to understand which network flows are being allowed or denied and to inspect packet details. These features belong to Azure Network Watcher and are mainly used for diagnostics and troubleshooting.
This activity directly enhances the administrator’s ability to observe the system: they can see real network traffic patterns, identify blocked or failed paths, and correlate issues with configuration changes. This aligns with the cloud operations principle of observability, which focuses on having sufficient telemetry (logs, metrics, traces) to understand and debug system behavior.
By contrast, principles like high availability, autoscaling, or cost optimization involve changing how resources are provisioned or architected. Flow logs and packet capture do not alter redundancy, capacity, or pricing models; they simply generate data that helps you understand what is happening in the environment so you can make informed decisions.
Topic: Monitor and Maintain Azure Resources
Which TWO of the following statements about configuring Azure Backup for Azure virtual machines and application workloads are INCORRECT? (Select TWO.)
Options:
A. You can assign an existing backup policy to multiple Azure VMs at once when you enable backup from a Recovery Services vault.
B. To protect SQL Server or SAP HANA workloads running in Azure VMs with Azure Backup, you must always rely only on full VM-level backups because Azure Backup does not support workload-aware backups inside VMs.
C. Backup policies in a Recovery Services vault define both the backup schedule (for example, daily or weekly) and how long recovery points are retained.
D. Each Azure virtual machine must have its own unique backup policy; a single backup policy cannot be reused across multiple VMs in the same Recovery Services vault.
E. If you change the backup policy assigned to a VM, future backups follow the new schedule and retention, but older recovery points still respect the retention rules that were in effect when they were created.
Correct answers: B and D
Explanation: Azure Backup uses backup policies defined in a Recovery Services vault to standardize protection for Azure virtual machines and certain application workloads (such as SQL Server and SAP HANA in Azure VMs). Policies specify when backups are taken and how long recovery points are kept, and the same policy is typically reused across many protected items.
VMs and supported workloads can be protected at scale by assigning an existing backup policy to multiple resources. When you later change the policy for a VM or workload, the new settings apply going forward, but existing recovery points continue to age out according to the rules that were in force at the time they were created.
Workload-aware backups (for example, Azure Backup for SQL Server in Azure VMs, or SAP HANA in Azure VMs) are supported and recommended for database-level restore flexibility and application-consistent protection, and they are also managed through policies in the Recovery Services vault.
Topic: Monitor and Maintain Azure Resources
An administrator configures Azure Backup for a non-critical development VM to run once per day, use locally redundant storage (LRS), and keep backups for 7 days to lower costs. The business accepts up to 24 hours of data loss. Which principle does this approach MOST exemplify?
Options:
A. Maximizing availability through aggressive redundancy and automatic failover
B. Achieving elastic scalability for variable workload demand
C. Enforcing least privilege by restricting backup permissions
D. Cost optimization by aligning backup RPO/RTO with business requirements
Best answer: D
Explanation: The scenario describes a non-critical development VM where the business explicitly accepts up to 24 hours of data loss. The administrator therefore configures backups to run once per day, uses locally redundant storage (LRS) instead of more expensive geo-redundant options, and keeps a short, 7-day retention period.
These choices reduce backup and storage costs but still satisfy the business’s stated recovery point objective (RPO) of 24 hours. Because the workload is non-critical, the organization deliberately avoids paying for more frequent backups or higher redundancy that it does not need.
This is a textbook example of cost optimization in backup and disaster recovery design: selecting backup frequency, redundancy, and retention that match business RPO/RTO requirements instead of defaulting to the maximum possible protection for every workload.
Other principles like high availability, least privilege, or scalability are important in Azure, but they are not the main idea in this configuration. The key tradeoff here is between protection level (RPO/RTO) and cost for a specific workload tier (non-critical dev).
Use the AZ-104 Practice Test page for the full IT Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try AZ-104 on Web View AZ-104 Practice Test
Read the AZ-104 Cheat Sheet on Tech Exam Lexicon, then return to IT Mastery for timed practice.