How to prepare for the Exam AZ-104: Microsoft Azure Administrator
In this article, we will discuss how to prepare yourself for the Microsoft Azure Administrator certification exam.
Exam Overview
The Microsoft Azure 104 Administrator certificate exam measures your knowledge of five main areas. This includes:
- How to manage Azure identities and governance, with relative questions weight in the exam up to 20%
- How to implement and manage storage, with relative questions weight in the exam up to 15%
- How to deploy and manage Azure compute resources, with relative questions weight in the exam up to 30%
- How to configure and manage virtual networking, with relative questions weight in the exam up to 35%
- How to monitor and back up Azure resources, with relative questions weight in the exam up to 15%
Officially, there are no prerequisites for that Microsoft Azure exam. But it is recommended to go through, and better to take, the Microsoft Azure Fundamentals (AZ-900) exam if you are new to the Microsoft Azure world.
After passing the Microsoft Azure Administrator exam, you will be certified as an Azure Administrator Associate.
The Microsoft Azure Administrator certificate exam can be scheduled from the Microsoft Azure Administrator certificate page.
Certificate Candidate
This exam is mainly designed for the intermediate level Azure Administrators with at least six months of hands-on experience administering Azure, with a good understanding of core Azure services, Azure workloads, security, and governance.
Azure Administrators are responsible for administrating the company cloud’s infrastructure. This includes implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, whenever required.
The role of the Azure Administrator requires good knowledge and experience in different aspects, including:
- Operating systems installation and configuration
- Active Directory concepts, including domains, forests, domain controllers, replication, Kerberos protocol, and Lightweight Directory Access Protocol (LDAP)
- Virtualization, including VMs, virtual networking, and virtual hard disks
- Cloud infrastructure
- Storage structures
- Networking, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies
- Resilience and disaster recovery, including backup and restore operations
Study Guideline
In order to prepare yourself for that exam, you can easily go through the 6-module Microsoft Azure Administrator self-study course, provided by Microsoft that provides you with the basic knowledge to pass that exam. But make sure you practice every step by yourself.
If you prefer to attend an online course or watch related videos, you can easily subscribe to any online Microsoft Azure Administrator course, such as the ones provided by Udemy.
While preparing for this exam, you will see that it includes many subjects that need a long time to master. But to pass this exam, good knowledge and practical skills in previously mentioned subjects will be enough.
In this article, I will provide links to the official Microsoft articles, that discuss all the measured skills in this exam. I recommend you to go through this article, practice it and read further about any subject you find new or harder for you:
Manage Azure identities and governance
In this section, the following skills will be measured:
Manage Azure AD objects
- Create Azure users and groups in Azure Active Directory
- Manage users and groups in Azure Active Directory
- Secure Azure Active Directory users with Multi-Factor Authentication
- Allow users to reset their password with Azure Active Directory self-service password reset
- Secure your application by using OpenID Connect and Azure AD
Manage role-based access control (RBAC)
- Secure your Azure resources with role-based access control (RBAC)
- Create custom roles for Azure resources with role-based access control (RBAC)
- Manage access to an Azure subscription by using Azure role-based access control (RBAC)
- Secure your Azure resources with role-based access control (RBAC)
Manage subscriptions and governance
- Apply and monitor infrastructure standards with Azure Policy
- Analyze costs and create budgets with Azure Cost Management
- Predict costs and optimize spending for Azure
- Control and organize Azure resources with Azure Resource Manager
Implement and manage storage
In this section, the following skills will be measured:
Manage storage accounts
- Create an Azure Storage account
- Secure your Azure Storage account
- Make your application storage highly available with read-access geo-redundant storage
- Monitor, diagnose, and troubleshoot your Azure storage
Manage data in Azure Storage
- Copy and move blobs from one container or storage account to another from the command line and in code
- Move large amounts of data to the cloud by using Azure Data Box family
Configure Azure files and Azure blob storage
- Optimize storage performance and costs using Blob storage tiers
- Create an Azure file share
- Planning for an Azure File Sync deployment
Deploy and manage Azure compute resources
In this section, the following skills will be measured:
Configure VMs for high availability and scalability
Automate deployment and configuration of VMs
- Core Cloud Services — Manage services with the Azure portal
- Control and organize Azure resources with Azure Resource Manager
- Build Azure Resource Manager templates
- Automate Azure tasks using scripts with PowerShell
- Manage virtual machines with the Azure CLI
- Deploy Azure virtual machines from VHD templates
- Create and deploy ARM templates by using the Azure portal
- Create a Windows virtual machine from a Resource Manager template
Create and configure VMs
- Choose the right disk storage for your virtual machine workload
- Add and size disks in Azure virtual machines
- move VMs from one resource group to another
- Sizes for virtual machines in Azure
- Virtual networks and virtual machines in Azure
- Protect your virtual machine settings with Azure Automation State Configuration
Create and configure containers
Create and configure Web Apps
- Host a web application with Azure App service
- Stage a web app deployment for testing and rollback by using App Service deployment slots
- Scale an App Service web app to efficiently meet demand with App Service scale up and scale out
- Dynamically meet changing web app performance requirements with autoscale rules
- Capture and view page load times in your Azure web app with Application Insights
Configure and manage virtual networking
In this section, the following skills will be measured:
Implement and manage virtual networking
- Fundamentals of computer networking
- Distribute your services across Azure virtual networks and integrate them by using virtual network peering
- Design an IP addressing schema for your Azure deployment
Configure name resolution
Secure access to virtual networks
- Secure and isolate access to Azure resources by using network security groups and service endpoints
- Deploy and configure Azure Firewall using the Azure portal
- Create an Azure Bastion host using the portal
Configure load balancing
- Manage and control traffic flow in your Azure deployment with routes
- Improve application scalability and resiliency by using Azure Load Balancer
- Load balance your web service traffic with Application Gateway
- Enhance your service availability and data locality by using Azure Traffic Manager
Monitor and troubleshoot virtual networking
Integrate an on-premises network with an Azure virtual network
- Connect your on-premises network to Azure with VPN Gateway
- Connect your on-premises network to the Microsoft global network by using ExpressRoute
- Create a Site-to-Site connection using Azure Virtual WAN
Monitor and back up Azure resources
In this section, the following skills will be measured:
Monitor resources by using Azure Monitor
- Analyze your Azure infrastructure by using Azure Monitor logs
- Improve incident response with alerting on Azure
- Monitor the health of your Azure virtual machine by collecting and analyzing diagnostic data
- Monitor, diagnose, and troubleshoot your Azure storage
Implement backup and recovery
- Protect your virtual machines by using Azure Backup
- Back up and restore your Azure SQL database
- Protect your Azure infrastructure with Azure Site Recovery
- Protect your on-premises infrastructure from disasters with Azure Site Recovery
Practicing
After completing the required material in the Microsoft Azure Administrator certificate exam, it is the best time to measure your skills using a practice test. If this is your first Microsoft certification exam, I recommend you go through the Microsoft certificates Exam Formats and Questions Types and check the Microsoft exam questions shape, which mainly measures your understanding and practice on the skills mentioned previously.
Below, I will discuss sample questions from the official training that I used to use in measuring the skills of the trainees in the Microsoft Azure Administrator course. You can test your skills with it and always expect new interesting questions in the exam.
Assume that your users want to sign-in to devices, apps, and services from anywhere. They want to sign-in using an organizational work or school account instead of a personal account. In order to ensure that the corporate assets are protected and that devices meet standards for security and compliance, you should: Join the device to Azure AD.
In order to add a user who has a Microsoft account to your subscription, the type of the used user account should be: Guest User.
The role that allows the user to manage all the groups in the Microsoft Azure AD Teams tenants and be able to assign other administrator roles: Global administrator
What should you do to target policies and review spend budgets across several subscriptions you manage?: Create management groups
In order to categorize resources and billing for different departments like IT and HR, consolidate the billing across multiple resource groups and ensure that everyone complies with the solution, you should: Create tags for each department, Create an Azure policy
Your company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services, you should create: A budget and a spending threshold
If your organization has several Azure policies that they would like to create and enforce for a new branch office, you should create: Create a policy initiative
You have three virtual machines (VM1, VM2, and VM3) in a resource group. You hire a new employee. The new employee must be able to modify the settings on VM3, but not on VM1 and VM2. The permission that should be assigned to the new employee: Contributor role on VM3
Your company is planning to store log data, crash dump files, and other diagnostic data for Azure VMs in Azure, where these files will be browsed in the File Explorer and accessed over SMB 3.0 must be supported. The storage type that meets these requirements: Azure Files
Your company started using cloud software to audit administrative access in Microsoft Azure resources. The software logs all administrative actions to log files. The storage type that can be used to store the software log files: Blob storage using append blobs
You need to provide a contingent staff employee temporary read-only access to the contents of an Azure storage account container named Test. In order to grant access while adhering to the security principle of least-privilege, you should: Generate a shared access signature (SAS) token for the container
In order to move thousands of photos requiring over 500 TB of storage to Azure blob storage from your datacenter data, ensuring that the security of the data including chain of custody logs and 256-bit encryption is required, you should use: Data Box Heavy
You have a service that is hosted on two Azure virtual machines. You discover that occasional outages cause your service to fail. In order to minimize the impact of the outages, you should: Add a load balancer, Put the virtual machines in an availability set
A Microsoft Azure administrator creates an Azure virtual machine scale set with 5 VMs. The VMs are all running at max capacity with the CPU being fully consumed, without deploying new VMs to the scale set. In order to ensure that additional VMs are deployed when the CPU is 75% consumed, you should: Enable the autoscale option
You are deploying a critical business application to Microsoft Azure, with the uptime of the application is of utmost importance. The application has 2 web servers, 2 application servers, and 2 database servers. Each VM in a tier must run on different hardware. To meet the requirements, you should: Deploy the VMs from each tier into a dedicated availability set for the tier.
If your organization has a security policy that prohibits exposing SSH ports to the outside world. How could you connect to an Azure Linux virtual machine and install software?: Configure the Bastion service
Your company has an existing Microsoft Azure tenant. The company wants to start using it for their Azure resources. You add a custom domain to Azure. Now, you need to add a DNS record to prepare for verifying the custom domain, then you should: Add a TXT or MX record to the DNS zone
You’re currently using network security groups (NSGs) to control how your network traffic flows in and out of your virtual network subnets and network interfaces. You want to customize how your NSGs work. For all incoming traffic, you need to apply your security rules to both the virtual machine and the subnet level. To achieve that, you should: Create rules for both NICs and subnets with an allow action, Add rules with a higher priority than the default rules
In order to ensure that Microsoft Azure DNS can resolve names for your registered domain, you should use: Zone delegation
You are configuring the Microsoft Azure Firewall. In order to allow Windows Update network traffic through the firewall, you should use: Application rules
You are preparing to implement a Site-to-Site VPN to Microsoft Azure. You already have an Azure subscription, an Azure virtual network, and an Azure gateway subnet. Now you should prepare the On-premises and Microsoft Azure environment for the Site-to-Site VPN by: Obtaining a VPN device for the on-premises environment, Creating a virtual network gateway (VPN) and the local network gateway in Azure, Obtaining a public IPv4 IP address without NAT for the VPN device
You are configuring VNet Peering across two Azure two virtual networks, VNET1 and VNET2. You are configuring the VPN Gateways. You want VNET2 to be able to use to VNET1’s gateway to get to resources outside the peering. To achieve that you should: Select allow gateway transit on VNET1 and use remote gateways on VNET2
In order to redirect all Internet traffic back to your company’s on-premises servers for packet inspection, you can use: User-Defined Routes, Forced Tunneling
Your company provides customers a virtual network in the cloud. You have dozens of Linux virtual machines in another virtual network. The Azure load balancer that can be used to direct traffic between the virtual networks: Install an internal load balancer
You have several websites and are using Traffic Manager to distribute the network traffic. You are bringing a new endpoint online but are not sure that it is ready to accept a full load of requests. The Traffic Manager routing algorithm that should be used: Weighted
You are working as a Microsoft Azure Administrator in a company. You are deploying the Application Gateway and want to ensure incoming requests are checked for common security threats like cross-site scripting and crawlers. To achieve that, you should: Install the Web Application Firewall
The Kubernetes agent that processes the orchestration requests from the cluster master, and schedules running the requested containers: kubelet
The method that the Microsoft Azure App Service use to obtain credentials for users attempting to access an app: redirection to a provider endpoint
You are responsible for creating a disaster recovery plan for your data center. You must be able to recreate virtual machines from scratch. This includes the Operating System, its configuration settings, and patches. The backup tool that provides a bare metal backup of your machines: Azure Backup Server
You are working as a Microsoft Azure Administrator in a company. You plan to use Azure Backup to protect your virtual machines and data and are ready to create a backup. The first step that you should perform is: Create a Recovery Services vault.
You deploy several virtual machines (VMs) to Azure. You are responsible for backing up all data processed by the VMs. In the event of a failure, you need to restore the data as quickly as possible. In order to restore the entire virtual machine or files on the virtual machine, you should use: Virtual machine backup
Your organization has an app, and the performance of this app is critical to day-to-day operations. You have configured an alert and need to ensure the administrators are notified if there is a problem. You should provide the administrator email addresses in the: Action Group
You are working as a Microsoft Azure Administrator in a company. You are analyzing the company virtual network and think it would be helpful to get a visual representation of the networking elements. The feature that can be used here is: Network Watcher Topology
The tool that can help to identify high VM CPU utilization, DNS resolution failures, firewall rules that are blocking traffic, and misconfigured routes: Network Watcher Connection Troubleshoot
You are working as a Microsoft Azure Administrator in a company. You are reviewing the Alerts page and notice an alert has been Acknowledged. This means that: An administrator has reviewed the alert and started working on it
Happy to help!!! Good luck!!!
Thank You!