Ahmad Yaseen

How to prepare for the Exam AZ-104: Microsoft Azure Administrator

September 28, 2020 by

In this article, we will discuss how to prepare yourself for the Microsoft Azure Administrator certification exam.

Exam Overview

The Microsoft Azure Administrator certificate exam measures your knowledge of five main areas. This includes:

  • How to manage Azure identities and governance, with relative questions weight in the exam up to 20%
  • How to implement and manage storage, with relative questions weight in the exam up to 15%
  • How to deploy and manage Azure compute resources, with relative questions weight in the exam up to 30%
  • How to configure and manage virtual networking, with relative questions weight in the exam up to 35%
  • How to monitor and back up Azure resources, with relative questions weight in the exam up to 15%

Officially, there are no prerequisites for that Microsoft Azure exam. But it is recommended to go through, and better to take, the Microsoft Azure Fundamentals (AZ-900) exam if you are new to the Microsoft Azure world.

After passing the Microsoft Azure Administrator exam, you will be certified as an Azure Administrator Associate. For more information about Microsoft Azure certificates, check It is time to specify your Microsoft Certifications path.

The Microsoft Azure Administrator certificate exam can be scheduled from the Microsoft Azure Administrator certificate page.

Certificate Candidate

This exam is mainly designed for the intermediate level Azure Administrators with at least six months of hands-on experience administering Azure, with a good understanding of core Azure services, Azure workloads, security, and governance.

Azure Administrators are responsible for administrating the company cloud’s infrastructure. This includes implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, whenever required.

The role of the Azure Administrator requires good knowledge and experience in different aspects, including:

  • Operating systems installation and configuration
  • Active Directory concepts, including domains, forests, domain controllers, replication, Kerberos protocol, and Lightweight Directory Access Protocol (LDAP)
  • Virtualization, including: VMs, virtual networking, and virtual hard disks
  • Cloud infrastructure
  • Storage structures
  • Networking, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies
  • Resilience and disaster recovery, including backup and restore operations

Study Guideline

In order to prepare yourself for that exam, you can easily go through the 6-module Microsoft Azure Administrator self-study course, provided by Microsoft that provides you with the basic knowledge to pass that exam. But make sure you practice every step by yourself.

If you prefer to attend an online course or watch related videos, you can easily subscribe to any online Microsoft Azure Administrator course, such as the ones provided by Udemy and PLURALSIGHT.

While preparing for this exam, you will see that it includes many subjects that need a long time to master. But to pass this exam, good knowledge and practical skills in previously mentioned subjects will be enough. As a trainer and consultant, you need to be fully prepared for such an exam in order to be able to understand and cover any trainee or customer requirement by gaining all needed knowledge and digging deeper.

In this article, I will provide links for the official Microsoft articles, that discuss all the measured skills in this exam. I recommend you to go through this article, practice it and read further about any subject you find it new or harder for you:

Manage Azure identities and governance

In this section, the following skills will be measured:

Implement and manage storage

In this section, the following skills will be measured:

Deploy and manage Azure compute resources

In this section, the following skills will be measured:

Configure and manage virtual networking

In this section, the following skills will be measured:

Monitor and back up Azure resources

In this section, the following skills will be measured:


After completing the required material in the Microsoft Azure Administrator certificate exam, it is the best time to measure your skills using a practice test. If this is your first Microsoft certification exam, I recommend you go through the Microsoft certificates Exam Formats and Questions Types and check the Microsoft exams questions shape, which mainly measure your understanding and practicing on the skills mentioned previously.

You can find on the internet many sites that provide free practice tests, such as the ExamTopics site. You can also go through my previous article Microsoft Azure Administrator scenario-related Interview Questions and Answers and evaluate your skills in the measured subjects.

Below, I will discuss sample questions from the official training that I used to use in measuring the skills of the trainees in the Microsoft Azure Administrator course. You can test your skills with it and always expect new interesting questions in the exam.

  1. Assume that your users want to sign-in to devices, apps, and services from anywhere. They want to sign-in using an organizational work or school account instead of a personal account. In order to ensure that the corporate assets are protected and that devices meet standards for security and compliance, you should:

    Join the device to Azure AD.

  2. In order to add a user who has a Microsoft account to your subscription, the type of the used user account should be:

    Guest User.

  3. The role that allows the user to manage all the groups in the Microsoft Azure AD Teams tenants and be able to assign other administrator roles:

    Global administrator

  4. What should you do to target policies and review spend budgets across several subscriptions you manage?

    Create management groups

  5. In order to categorize resources and billing for different departments like IT and HR, consolidate the billing across multiple resource groups and ensure that everyone complies with the solution, you should:

    Create tags for each department

    Create an Azure policy

  6. Your company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services, you should create:

    A budget and a spending threshold

  7. If your organization has several Azure policies that they would like to create and enforce for a new branch office, you should create:

    Create a policy initiative

  8. You have three virtual machines (VM1, VM2, and VM3) in a resource group. You hire a new employee. The new employee must be able to modify the settings on VM3, but not on VM1 and VM2. The permission that should be assigned to the new employee:

    Contributor role on VM3

  9. Your company is planning to store log data, crash dump files, and other diagnostic data for Azure VMs in Azure, where these files will be browsed in the File Explorer and accessed over SMB 3.0 must be supported. The storage type that meets these requirements:

    Azure Files

  10. Your company started using a cloud software to audit administrative access in Microsoft Azure resources. The software logs all administrative actions to log files. The storage type that can be used to store the software log files:

    Blob storage using append blobs

  11. You need to provide a contingent staff employee temporary read-only access to the contents of an Azure storage account container named Test. In order to grant access while adhering to the security principle of least-privilege, you should:

    Generate a shared access signature (SAS) token for the container

  12. In order to move thousands of photos requiring over 500 TB of storage to Azure blob storage from your datacenter data, ensuring that the security of the data including chain of custody logs and 256-bit encryption is required, you should use:

    Data Box Heavy

  13. You have a service that is hosted on two Azure virtual machines. You discover that occasional outages cause your service to fail. In order to minimize the impact of the outages, you should:

    Add a load balancer

    Put the virtual machines in an availability set

  14. A Microsoft Azure administrator creates an Azure virtual machine scale set with 5 VMs. The VMs are all running at max capacity with the CPU being fully consumed, without deploying new VMs to the scale set. In order to ensure that additional VMs are deployed when the CPU is 75% consumed, you should:

    Enable the autoscale option

  15. You are deploying a critical business application to Microsoft Azure, with the uptime of the application is of utmost importance. The application has 2 web servers, 2 application servers and 2 database servers. Each VM in a tier must run on different hardware. To meet the requirements, you should:

    Deploy the VMs from each tier into a dedicated availability set for the tier.

  16. If your organization has a security policy that prohibits exposing SSH ports to the outside world. How could you connect to an Azure Linux virtual machine and install software?

    Configure the Bastion service

  17. Your company has an existing Microsoft Azure tenant. The company wants to start using it for their Azure resources. You add a custom domain to Azure. Now, you need to add a DNS record to prepare for verifying the custom domain, then you should:

    Add a TXT or MX record to the DNS zone

  18. You’re currently using network security groups (NSGs) to control how your network traffic flows in and out of your virtual network subnets and network interfaces. You want to customize how your NSGs work. For all incoming traffic, you need to apply your security rules to both the virtual machine and the subnet level. To achieve that, you should:

    Create rules for both NICs and subnets with an allow action

    Add rules with a higher priority than the default rules

  19. In order to ensure that Microsoft Azure DNS can resolve names for your registered domain, you should use:

    Zone delegation

  20. You are configuring the Microsoft Azure Firewall. In order to allow Windows Update network traffic through the firewall, you should use:

    Application rules

  21. You are preparing to implement a Site-to-Site VPN to Microsoft Azure. You already have an Azure subscription, an Azure virtual network, and an Azure gateway subnet. Now you should prepare the On-premises and Microsoft Azure environment for the Site-to-Site VPN by:

    Obtaining a VPN device for the on-premises environment

    Creating a virtual network gateway (VPN) and the local network gateway in Azure

    Obtaining a public IPv4 IP address without NAT for the VPN device

  22. You are configuring VNet Peering across two Azure two virtual networks, VNET1 and VNET2. You are configuring the VPN Gateways. You want VNET2 to be able to use to VNET1’s gateway to get to resources outside the peering. To achieve that you should:

    Select allow gateway transit on VNET1 and use remote gateways on VNET2

  23. In order to redirect all Internet traffic back to your company’s on-premises servers for packet inspection, you can use:

    User-Defined Routes

    Forced Tunneling

  24. Your company provides customers a virtual network in the cloud. You have dozens of Linux virtual machines in another virtual network. The Azure load balancer that can be used to direct traffic between the virtual networks:

    Install an internal load balancer

  25. You have several websites and are using Traffic Manager to distribute the network traffic. You are bringing a new endpoint online but are not sure that it is ready to accept a full load of requests. The Traffic Manager routing algorithm that should be used:


  26. You are working as a Microsoft Azure Administrator in a company. You are deploying the Application Gateway and want to ensure incoming requests are checked for common security threats like cross-site scripting and crawlers. To achieve that, you should:

    Install the Web Application Firewall

  27. The Kubernetes agent that processes the orchestration requests from the cluster master, and schedules running the requested containers:


  28. The method that the Microsoft Azure App Service use to obtain credentials for users attempting to access an app:

    redirection to a provider endpoint

  29. You are responsible for creating a disaster recovery plan for your data center. You must be able to recreate virtual machines from scratch. This includes the Operating System, its configuration settings, and patches. The backup tool that provides a bare metal backup of your machines:

    Azure Backup Server

  30. You are working as a Microsoft Azure Administrator in a company. You plan to use Azure Backup to protect your virtual machines and data and are ready to create a backup. The first step that you should perform is:

    Create a Recovery Services vault.

  31. You deploy several virtual machines (VMs) to Azure. You are responsible for backing up all data processed by the VMs. In the event of a failure, you need to restore the data as quickly as possible. In order to restore the entire virtual machine or files on the virtual machine, you should use:

    Virtual machine backup

  32. Your organization has an app, and the performance of this app is critical to day to day operations. You have configured an alert and need to ensure the administrators are notified if there is a problem. You should provide the administrator email addresses in the:

    Action Group

  33. You are working as a Microsoft Azure Administrator in a company. You are analyzing the company virtual network and think it would be helpful to get a visual representation of the networking elements. The feature that can be used here is:

    Network Watcher Topology

  34. The tool that can help to identify high VM CPU utilization, DNS resolution failures, firewall rules that are blocking traffic, and misconfigured routes:

    Network Watcher Connection Troubleshoot

  35. You are working as a Microsoft Azure Administrator in a company. You are reviewing the Alerts page and notice an alert has been Acknowledged. This means that:

    An administrator has reviewed the alert and started working on it

  36. Good Luck.

    Table of contents

    It is time to specify your Microsoft Certifications path
    Data Engineer Interview Questions and Answers: SQL Workload Migration to Microsoft Azure Database Platforms
    How to prepare for the Exam AZ-900: Microsoft Azure Fundamentals
    How to prepare for the Exam DP-300: Administering Relational Databases on Microsoft Azure
    How to prepare for the Exam DP-200: Implementing an Azure Data Solution
    How to prepare for the Exam DP-201: Designing an Azure Data Solution
    How to prepare for the Exam AZ-104: Microsoft Azure Administrator
    Ahmad Yaseen
    Latest posts by Ahmad Yaseen (see all)