In this article, we will discuss how to prepare yourself for the Microsoft Azure Administrator certification exam.

Exam Overview

The Microsoft Azure Administrator certificate exam measures your knowledge of five main areas. This includes:

• How to manage Azure identities and governance, with relative questions weight in the exam up to 20%
• How to implement and manage storage, with relative questions weight in the exam up to 15%
• How to deploy and manage Azure compute resources, with relative questions weight in the exam up to 30%
• How to configure and manage virtual networking, with relative questions weight in the exam up to 35%
• How to monitor and back up Azure resources, with relative questions weight in the exam up to 15%

Officially, there are no prerequisites for that Microsoft Azure exam. But it is recommended to go through, and better to take, the Microsoft Azure Fundamentals (AZ-900) exam if you are new to the Microsoft Azure world.

After passing the Microsoft Azure Administrator exam, you will be certified as an Azure Administrator Associate. For more information about Microsoft Azure certificates, check It is time to specify your Microsoft Certifications path.

The Microsoft Azure Administrator certificate exam can be scheduled from the Microsoft Azure Administrator certificate page.

Certificate Candidate

This exam is mainly designed for the intermediate level Azure Administrators with at least six months of hands-on experience administering Azure, with a good understanding of core Azure services, Azure workloads, security, and governance.

Azure Administrators are responsible for administrating the company cloud’s infrastructure. This includes implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, whenever required.

The role of the Azure Administrator requires good knowledge and experience in different aspects, including:

• Operating systems installation and configuration
• Active Directory concepts, including domains, forests, domain controllers, replication, Kerberos protocol, and Lightweight Directory Access Protocol (LDAP)
• Virtualization, including: VMs, virtual networking, and virtual hard disks
• Cloud infrastructure
• Storage structures
• Networking, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies
• Resilience and disaster recovery, including backup and restore operations

Study Guideline

In order to prepare yourself for that exam, you can easily go through the 6-module Microsoft Azure Administrator self-study course, provided by Microsoft that provides you with the basic knowledge to pass that exam. But make sure you practice every step by yourself.

If you prefer to attend an online course or watch related videos, you can easily subscribe to any online Microsoft Azure Administrator course, such as the ones provided by Udemy and PLURALSIGHT.

While preparing for this exam, you will see that it includes many subjects that need a long time to master. But to pass this exam, good knowledge and practical skills in previously mentioned subjects will be enough. As a trainer and consultant, you need to be fully prepared for such an exam in order to be able to understand and cover any trainee or customer requirement by gaining all needed knowledge and digging deeper.

In this article, I will provide links for the official Microsoft articles, that discuss all the measured skills in this exam. I recommend you to go through this article, practice it and read further about any subject you find it new or harder for you:

Manage Azure identities and governance

In this section, the following skills will be measured:

• Manage Azure AD objects
  • Create Azure users and groups in Azure Active Directory
  • Manage users and groups in Azure Active Directory
  • Secure Azure Active Directory users with Multi-Factor Authentication
  • Allow users to reset their password with Azure Active Directory self-service password reset
  • Secure your application by using OpenID Connect and Azure AD
• Manage role-based access control (RBAC)
  • Secure your Azure resources with role-based access control (RBAC)
  • Create custom roles for Azure resources with role-based access control (RBAC)
  • Manage access to an Azure subscription by using Azure role-based access control (RBAC)
  • Secure your Azure resources with role-based access control (RBAC)
• Manage subscriptions and governance
  • Apply and monitor infrastructure standards with Azure Policy
  • Analyze costs and create budgets with Azure Cost Management
  • Predict costs and optimize spending for Azure
  • Control and organize Azure resources with Azure Resource Manager

Implement and manage storage

In this section, the following skills will be measured:

• Manage storage accounts
  • Create an Azure Storage account
  • Secure your Azure Storage account
  • Make your application storage highly available with read-access geo-redundant storage
  • Monitor, diagnose, and troubleshoot your Azure storage
• Manage data in Azure Storage
  • Copy and move blobs from one container or storage account to another from the command line and in code
  • Move large amounts of data to the cloud by using Azure Data Box family
• Configure Azure files and Azure blob storage
  • Optimize storage performance and costs using Blob storage tiers
  • Create an Azure file share
  • Planning for an Azure File Sync deployment

Deploy and manage Azure compute resources

In this section, the following skills will be measured:

• Configure VMs for high availability and scalability
  • Build a scalable application with virtual machine scale sets
• Automate deployment and configuration of VMs
  • Core Cloud Services – Manage services with the Azure portal
  • Control and organize Azure resources with Azure Resource Manager
  • Build Azure Resource Manager templates
  • Automate Azure tasks using scripts with PowerShell
  • Manage virtual machines with the Azure CLI
  • Deploy Azure virtual machines from VHD templates
  • Create and deploy ARM templates by using the Azure portal
  • Create a Windows virtual machine from a Resource Manager template
• Create and configure VMs
  • Choose the right disk storage for your virtual machine workload
  • Add and size disks in Azure virtual machines
  • move VMs from one resource group to another
  • Sizes for virtual machines in Azure
  • Virtual networks and virtual machines in Azure
  • Protect your virtual machine settings with Azure Automation State Configuration
• Create and configure containers
  • Introduction to Azure Kubernetes Service
  • Run Docker containers with Azure Container Instances
• Create and configure Web Apps
  • Host a web application with Azure App service
  • Stage a web app deployment for testing and rollback by using App Service deployment slots
  • Scale an App Service web app to efficiently meet demand with App Service scale up and scale out
  • Dynamically meet changing web app performance requirements with autoscale rules
  • Capture and view page load times in your Azure web app with Application Insights

Configure and manage virtual networking

In this section, the following skills will be measured:

• Implement and manage virtual networking
  • Fundamentals of computer networking
  • Distribute your services across Azure virtual networks and integrate them by using virtual network peering
  • Design an IP addressing schema for your Azure deployment
• Configure name resolution
  • Azure DNS Documentation
  • Create an Azure private DNS zone using the Azure portal
• Secure access to virtual networks
  • Secure and isolate access to Azure resources by using network security groups and service endpoints
  • Deploy and configure Azure Firewall using the Azure portal
  • Create an Azure Bastion host using the portal
• Configure load balancing
  • Manage and control traffic flow in your Azure deployment with routes
  • Improve application scalability and resiliency by using Azure Load Balancer
  • Load balance your web service traffic with Application Gateway
  • Enhance your service availability and data locality by using Azure Traffic Manager
• Monitor and troubleshoot virtual networking
  • Network Performance Monitor solution in Azure
  • Network Watcher
• Integrate an on-premises network with an Azure virtual network
  • Connect your on-premises network to Azure with VPN Gateway
  • Connect your on-premises network to the Microsoft global network by using ExpressRoute
  • Create a Site-to-Site connection using Azure Virtual WAN

Monitor and back up Azure resources

In this section, the following skills will be measured:

• Monitor resources by using Azure Monitor
  • Analyze your Azure infrastructure by using Azure Monitor logs
  • Improve incident response with alerting on Azure
  • Monitor the health of your Azure virtual machine by collecting and analyzing diagnostic data
  • Monitor, diagnose, and troubleshoot your Azure storage
• Implement backup and recovery
  • Protect your virtual machines by using Azure Backup
  • Back up and restore your Azure SQL database
  • Protect your Azure infrastructure with Azure Site Recovery
  • Protect your on-premises infrastructure from disasters with Azure Site Recovery

Practicing

After completing the required material in the Microsoft Azure Administrator certificate exam, it is the best time to measure your skills using a practice test. If this is your first Microsoft certification exam, I recommend you go through the Microsoft certificates Exam Formats and Questions Types and check the Microsoft exams questions shape, which mainly measure your understanding and practicing on the skills mentioned previously.

You can find on the internet many sites that provide free practice tests, such as the ExamTopics site. You can also go through my previous article Microsoft Azure Administrator scenario-related Interview Questions and Answers and evaluate your skills in the measured subjects.

Below, I will discuss sample questions from the official training that I used to use in measuring the skills of the trainees in the Microsoft Azure Administrator course. You can test your skills with it and always expect new interesting questions in the exam.

1. Assume that your users want to sign-in to devices, apps, and services from anywhere. They want to sign-in using an organizational work or school account instead of a personal account. In order to ensure that the corporate assets are protected and that devices meet standards for security and compliance, you should:

   Join the device to Azure AD.

2. In order to add a user who has a Microsoft account to your subscription, the type of the used user account should be:

   Guest User.

3. The role that allows the user to manage all the groups in the Microsoft Azure AD Teams tenants and be able to assign other administrator roles:

   Global administrator

4. What should you do to target policies and review spend budgets across several subscriptions you manage?

   Create management groups

5. In order to categorize resources and billing for different departments like IT and HR, consolidate the billing across multiple resource groups and ensure that everyone complies with the solution, you should:

   Create tags for each department

   Create an Azure policy

6. Your company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services, you should create:

   A budget and a spending threshold

7. If your organization has several Azure policies that they would like to create and enforce for a new branch office, you should create:

   Create a policy initiative

8. You have three virtual machines (VM1, VM2, and VM3) in a resource group. You hire a new employee. The new employee must be able to modify the settings on VM3, but not on VM1 and VM2. The permission that should be assigned to the new employee:

   Contributor role on VM3

9. Your company is planning to store log data, crash dump files, and other diagnostic data for Azure VMs in Azure, where these files will be browsed in the File Explorer and accessed over SMB 3.0 must be supported. The storage type that meets these requirements:

   Azure Files

10. Your company started using a cloud software to audit administrative access in Microsoft Azure resources. The software logs all administrative actions to log files. The storage type that can be used to store the software log files:

    Blob storage using append blobs

11. You need to provide a contingent staff employee temporary read-only access to the contents of an Azure storage account container named Test. In order to grant access while adhering to the security principle of least-privilege, you should:

    Generate a shared access signature (SAS) token for the container

12. In order to move thousands of photos requiring over 500 TB of storage to Azure blob storage from your datacenter data, ensuring that the security of the data including chain of custody logs and 256-bit encryption is required, you should use:

    Data Box Heavy

13. You have a service that is hosted on two Azure virtual machines. You discover that occasional outages cause your service to fail. In order to minimize the impact of the outages, you should:

    Add a load balancer

    Put the virtual machines in an availability set

14. A Microsoft Azure administrator creates an Azure virtual machine scale set with 5 VMs. The VMs are all running at max capacity with the CPU being fully consumed, without deploying new VMs to the scale set. In order to ensure that additional VMs are deployed when the CPU is 75% consumed, you should:

    Enable the autoscale option

15. You are deploying a critical business application to Microsoft Azure, with the uptime of the application is of utmost importance. The application has 2 web servers, 2 application servers and 2 database servers. Each VM in a tier must run on different hardware. To meet the requirements, you should:

    Deploy the VMs from each tier into a dedicated availability set for the tier.

16. If your organization has a security policy that prohibits exposing SSH ports to the outside world. How could you connect to an Azure Linux virtual machine and install software?

    Configure the Bastion service

17. Your company has an existing Microsoft Azure tenant. The company wants to start using it for their Azure resources. You add a custom domain to Azure. Now, you need to add a DNS record to prepare for verifying the custom domain, then you should:

    Add a TXT or MX record to the DNS zone

18. You’re currently using network security groups (NSGs) to control how your network traffic flows in and out of your virtual network subnets and network interfaces. You want to customize how your NSGs work. For all incoming traffic, you need to apply your security rules to both the virtual machine and the subnet level. To achieve that, you should:

    Create rules for both NICs and subnets with an allow action

    Add rules with a higher priority than the default rules

19. In order to ensure that Microsoft Azure DNS can resolve names for your registered domain, you should use:

    Zone delegation

20. You are configuring the Microsoft Azure Firewall. In order to allow Windows Update network traffic through the firewall, you should use:

    Application rules

21. You are preparing to implement a Site-to-Site VPN to Microsoft Azure. You already have an Azure subscription, an Azure virtual network, and an Azure gateway subnet. Now you should prepare the On-premises and Microsoft Azure environment for the Site-to-Site VPN by:

    Obtaining a VPN device for the on-premises environment

    Creating a virtual network gateway (VPN) and the local network gateway in Azure

    Obtaining a public IPv4 IP address without NAT for the VPN device

22. You are configuring VNet Peering across two Azure two virtual networks, VNET1 and VNET2. You are configuring the VPN Gateways. You want VNET2 to be able to use to VNET1’s gateway to get to resources outside the peering. To achieve that you should:

    Select allow gateway transit on VNET1 and use remote gateways on VNET2

23. In order to redirect all Internet traffic back to your company’s on-premises servers for packet inspection, you can use:

    User-Defined Routes

    Forced Tunneling

24. Your company provides customers a virtual network in the cloud. You have dozens of Linux virtual machines in another virtual network. The Azure load balancer that can be used to direct traffic between the virtual networks:

    Install an internal load balancer

25. You have several websites and are using Traffic Manager to distribute the network traffic. You are bringing a new endpoint online but are not sure that it is ready to accept a full load of requests. The Traffic Manager routing algorithm that should be used:

    Weighted

26. You are working as a Microsoft Azure Administrator in a company. You are deploying the Application Gateway and want to ensure incoming requests are checked for common security threats like cross-site scripting and crawlers. To achieve that, you should:

    Install the Web Application Firewall

27. The Kubernetes agent that processes the orchestration requests from the cluster master, and schedules running the requested containers:

    kubelet

28. The method that the Microsoft Azure App Service use to obtain credentials for users attempting to access an app:

    redirection to a provider endpoint

29. You are responsible for creating a disaster recovery plan for your data center. You must be able to recreate virtual machines from scratch. This includes the Operating System, its configuration settings, and patches. The backup tool that provides a bare metal backup of your machines:

    Azure Backup Server

30. You are working as a Microsoft Azure Administrator in a company. You plan to use Azure Backup to protect your virtual machines and data and are ready to create a backup. The first step that you should perform is:

    Create a Recovery Services vault.

31. You deploy several virtual machines (VMs) to Azure. You are responsible for backing up all data processed by the VMs. In the event of a failure, you need to restore the data as quickly as possible. In order to restore the entire virtual machine or files on the virtual machine, you should use:

    Virtual machine backup

32. Your organization has an app, and the performance of this app is critical to day to day operations. You have configured an alert and need to ensure the administrators are notified if there is a problem. You should provide the administrator email addresses in the:

    Action Group

33. You are working as a Microsoft Azure Administrator in a company. You are analyzing the company virtual network and think it would be helpful to get a visual representation of the networking elements. The feature that can be used here is:

    Network Watcher Topology

34. The tool that can help to identify high VM CPU utilization, DNS resolution failures, firewall rules that are blocking traffic, and misconfigured routes:

    Network Watcher Connection Troubleshoot

35. You are working as a Microsoft Azure Administrator in a company. You are reviewing the Alerts page and notice an alert has been Acknowledged. This means that:

    An administrator has reviewed the alert and started working on it

Good Luck.

Table of contents

It is time to specify your Microsoft Certifications path

Data Engineer Interview Questions and Answers: SQL Workload Migration to Microsoft Azure Database Platforms

How to prepare for the Exam AZ-900: Microsoft Azure Fundamentals

How to prepare for the Exam DP-300: Administering Relational Databases on Microsoft Azure

How to prepare for the Exam DP-200: Implementing an Azure Data Solution

How to prepare for the Exam DP-201: Designing an Azure Data Solution

How to prepare for the Exam AZ-104: Microsoft Azure Administrator

• Author
• Recent Posts

Ahmad Yaseen
Ahmad Yaseen is a Microsoft Big Data engineer with deep knowledge and experience in SQL BI, SQL Server Database Administration and Development fields.

He is a Microsoft Certified Solution Expert in Data Management and Analytics, Microsoft Certified Solution Associate in SQL Database Administration and Development, Azure Developer Associate and Microsoft Certified Trainer.

Also, he is contributing with his SQL tips in many blogs.

View all posts by Ahmad Yaseen

Latest posts by Ahmad Yaseen (see all)
• Azure Data Factory Interview Questions and Answers - February 11, 2021
• How to monitor Azure Data Factory - January 15, 2021
• Using Source Control in Azure Data Factory - January 12, 2021

Related posts:

1. Exporting SSRS reports to multiple worksheets in Excel
2. Getting started with Azure SQL Database using Azure CLI
3. Impact of dropping a login in the active directory tied to SQL Server Always On Availability Groups
4. SQL Server 2017: Columnstore Indexes and Trivial Plan
5. Digging deeper into Azure Data Studio: Extensions and Azure SQL DB Development