AZ-204: Azure Developer Associate Practice Exam

What the AZ-204 exam covers

• Develop Azure Compute Solutions139 questions
• Develop for Azure Storage129 questions
• Implement Azure Security123 questions
• Monitor, Troubleshoot, and Optimize118 questions
• Connect to and Consume Azure Services120 questions

Free AZ-204 sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 629.

1. Question 1Develop Azure Compute Solutions

   You are deploying an ASP.NET Core web application to Azure App Service. The application requires a background process that runs continuously to process messages from a queue. Which feature should you use?

   • ACustom warm-up handlers
   • BDeployment slots
   • CWebJobs with the continuous typeCorrect
   • DApp Service built-in authentication
   ✓ Correct answer: C

   Azure App Service WebJobs with the continuous type are designed to run a background process that stays alive indefinitely, making them the ideal choice for long-running tasks such as continuously processing messages from a queue. Continuous WebJobs start automatically when the App Service starts and keep running until the App Service is stopped or the WebJob is disabled. They are commonly used in conjunction with the Azure WebJobs SDK to provide trigger-based processing of queue messages.

   Why the other options are wrong

   • ACustom warm-up handlers is incorrect because warm-up handlers are used to perform initialization tasks before an instance receives traffic during slot swaps or scale-out events. They do not provide continuous background processing capabilities.
   • BDeployment slots is incorrect because deployment slots are used for staging and swapping application deployments to enable zero-downtime releases. They are a deployment strategy feature and have no relation to running background processes.
   • DApp Service built-in authentication is incorrect because this feature, also known as Easy Auth, provides turn-key authentication and authorization for the web application. It handles identity verification for incoming requests and does not provide any background job processing functionality.
2. Question 2Develop Azure Compute SolutionsSelect all that apply

   You are configuring an Azure App Service deployment slot for staging. Which TWO settings are swapped when you perform a slot swap? (Select two.)

   • AConnection strings marked as slot settings
   • BApplication code and deployed contentCorrect
   • CGeneral handler mappingsCorrect
   • DCustom domain names bound to the slot
   ✓ Correct answer: B, C

   When you perform a slot swap in Azure App Service, certain settings travel with the code (are swapped) while others remain with the slot (are not swapped). Application code, deployed content, and general configuration settings such as handler mappings, framework versions, and web socket settings are swapped between slots. Handler mappings define how specific file extensions or paths are processed, and these are considered part of the application configuration that moves with the deployment during a swap.

   Why the other options are wrong

   • AConnection strings marked as slot settings is incorrect because when a connection string is explicitly marked as a "slot setting" (also called a sticky setting or deployment slot setting), it stays with the slot and is not swapped. This is by design so that staging slots can point to test databases while production slots point to production databases.
   • DCustom domain names bound to the slot is incorrect because custom domain bindings are sticky to the slot and are not swapped during a slot swap operation. This ensures that your production custom domain always points to the production slot regardless of which code version is running there.
3. Question 3Develop for Azure Storage

   You are configuring the consistency level for an Azure Cosmos DB account. Your application can tolerate reading slightly stale data but requires that reads never see out-of-order writes. Which consistency level should you select?

   • AConsistent prefixCorrect
   • BBounded staleness
   • CStrong
   • DSession
   ✓ Correct answer: A

   The Consistent prefix consistency level in Azure Cosmos DB guarantees that reads never see out-of-order writes. If writes are performed in the order A, B, C, a client will see either A, A-B, or A-B-C, but never an out-of-order sequence such as A-C or B-A. This level offers better performance and lower latency than stronger consistency levels while ensuring that the sequence of writes is always preserved. It does allow some staleness, meaning a reader might not see the very latest write immediately, but the order of writes observed will always be consistent.

   Why the other options are wrong

   • BBounded staleness is incorrect because while bounded staleness also guarantees read order and limits staleness to a specific time window or version count, it provides stronger guarantees than what the scenario requires. It is more appropriate when you need to bound the maximum lag rather than simply ensuring order preservation.
   • CStrong is incorrect because strong consistency guarantees linearizability, meaning reads always return the most recent committed write. This eliminates any staleness entirely, which exceeds the requirements and incurs higher latency and lower availability compared to consistent prefix.
   • DSession is incorrect because session consistency guarantees monotonic reads, monotonic writes, and read-your-writes within a single client session. However, across different sessions, reads may see out-of-order writes, which violates the stated requirement.
4. Question 4Develop for Azure Storage

   What is a partition key in Cosmos DB?

   • AA property that determines data distributionCorrect
   • BA backup key
   • CA primary key for SQL queries
   • DAn encryption key
   ✓ Correct answer: A

   A partition key in Azure Cosmos DB is a document property that you select when creating a container, and it determines how data is distributed across logical and physical partitions. Cosmos DB uses the partition key value to hash and route each document to the appropriate logical partition, ensuring that documents with the same partition key value are stored together. Choosing an effective partition key is critical for achieving even data distribution, avoiding hot partitions, and enabling efficient queries that target a single partition rather than requiring expensive cross-partition operations.

   Why the other options are wrong

   • BA backup key is incorrect because a partition key has no relationship to data backup or recovery operations. Azure Cosmos DB provides automatic backup and restore capabilities that operate independently of the partition key configuration.
   • CA primary key for SQL queries is incorrect because while the partition key is important for query performance, it is not a primary key in the traditional relational database sense. In Cosmos DB, the unique identifier for a document is the combination of the partition key and the id property, and the partition key's primary purpose is data distribution rather than uniquely identifying records.
   • DAn encryption key is incorrect because a partition key has no relationship to data encryption. Azure Cosmos DB provides encryption at rest and in transit using platform-managed or customer-managed keys, which are entirely separate from the partition key concept.
5. Question 5Implement Azure Security

   Trey Research has an Azure Function that needs to access both Azure SQL Database and Azure Blob Storage. They want to use a single identity that works across both services. Which approach should they use?

   • AStore SQL and Blob Storage connection strings in Key Vault
   • BCreate separate service principals for each service
   • CUse Microsoft Entra ID B2C for service-to-service authentication
   • DUse the function app's system-assigned managed identity and assign appropriate RBAC rolesCorrect
   ✓ Correct answer: D

   A system-assigned managed identity on the Azure Function provides a single identity that can be granted access to multiple Azure services through Azure RBAC role assignments. By assigning the appropriate roles to the managed identity — such as the Azure SQL Database Contributor or a custom database role for SQL Database, and Storage Blob Data Contributor for Blob Storage — the function app can authenticate to both services using the same identity without managing any credentials. The DefaultAzureCredential class in the Azure Identity SDK automatically detects and uses the managed identity to obtain tokens for each service, making the code clean and credential-free.

   Why the other options are wrong

   • AStore SQL and Blob Storage connection strings in Key Vault is incorrect because while Key Vault secures the connection strings, this approach still involves managing credentials (the connection strings themselves contain secrets). It also adds the complexity of accessing Key Vault first to retrieve the connection strings. Managed identities eliminate the need for connection strings with embedded credentials entirely.
   • BCreate separate service principals for each service is incorrect because managing multiple service principals increases operational complexity, requiring separate credential management, rotation, and monitoring for each. A single managed identity assigned the appropriate roles for each service is simpler and more maintainable.
   • CUse Microsoft Entra ID B2C for service-to-service authentication is incorrect because Azure AD B2C is a consumer identity management service designed for customer-facing applications to handle user sign-up, sign-in, and profile management. It is not intended for service-to-service authentication between Azure resources.
6. Question 6Monitor, Troubleshoot, and OptimizeSelect all that apply

   You are implementing a transient fault handling strategy for an application that calls an Azure SQL Database. Which TWO of the following are recommended approaches? (Choose two.)

   • AIncrease the database DTU tier to eliminate all transient faults
   • BRetry immediately without any delay between attempts
   • CUse the Polly library to configure retry policiesCorrect
   • DImplement exponential backoff retry logicCorrect
   ✓ Correct answer: C, D

   When calling Azure SQL Database, transient faults such as temporary connection issues, throttling, or brief service interruptions are common and should be handled with retry logic. The Polly library is a popular .NET resilience library that provides policy-based retry mechanisms with built-in exponential backoff support. Exponential backoff increases the delay between retry attempts progressively, reducing load on the service and improving the likelihood of successful reconnection after transient failures. These two approaches work together to implement a robust transient fault handling strategy.

   Why the other options are wrong

   • AIncrease the database DTU tier to eliminate all transient faults is incorrect because transient faults are not caused by insufficient resources; they are temporary Azure infrastructure issues that occur regardless of tier.
   • BRetry immediately without any delay between attempts is incorrect because retrying immediately without delay can worsen contention and cause the service to continue throttling or rejecting requests.
7. Question 7Monitor, Troubleshoot, and Optimize

   A developer has deployed a web application to Azure App Service and is using Application Insights for monitoring. The developer wants to track a custom business metric that counts the number of orders placed per minute. Which Application Insights SDK method should the developer use?

   • ATrackTrace to log order details
   • BTrackMetric to send the custom metric valueCorrect
   • CTrackDependency to track the order processing time
   • DTrackEvent to log each order as a custom event
   ✓ Correct answer: B

   The TrackMetric method in the Application Insights SDK is specifically designed for tracking custom numerical metrics with aggregation capabilities. When tracking orders per minute, TrackMetric allows you to send a metric value that will be automatically aggregated by Application Insights to compute statistics like average, sum, count, and standard deviation. This is the appropriate method because it captures numerical business metrics and provides built-in aggregation without storing individual event records, making it efficient for high-volume metric tracking. The metric can be queried and visualized in the Metrics explorer and used for alerts.

   Why the other options are wrong

   • ATrackTrace to log order details is incorrect because TrackTrace is for logging informational or diagnostic messages, not for tracking quantitative metrics.
   • CTrackDependency to track the order processing time is incorrect because TrackDependency is used to monitor calls to external services like databases or APIs, not to track business metrics.
   • DTrackEvent to log each order as a custom event is incorrect because while TrackEvent can track custom events, it creates individual event records that are not aggregated like metrics, making it inefficient for frequent high-volume metric tracking.
8. Question 8Connect to and Consume Azure ServicesSelect all that apply

   You are designing an application that uses Azure API Management (APIM). Which TWO of the following policies can be applied in the inbound processing pipeline? (Choose two.)

   • ATransform the response body from XML to JSON
   • BLog the response to Azure Event Hubs
   • CRate limiting (rate-limit-by-key) to throttle incoming requestsCorrect
   • DValidate JWT tokens for authenticationCorrect
   ✓ Correct answer: C, D

   In Azure API Management the inbound processing pipeline runs before the request is forwarded to the backend, so it is where you enforce request-level controls such as authentication and throttling. The validate-jwt policy verifies the bearer token's signature, audience, issuer, and claims to authenticate and authorize the caller, while rate-limit-by-key counts requests against a key (such as subscription or IP) to throttle traffic before it reaches the backend. Both protect the backend and must execute on the way in.

   Why the other options are wrong

   • ATransform the response body from XML to JSON is wrong because there is no response to transform during inbound processing; the body conversion can only happen in the outbound pipeline after the backend has returned a response.
   • BLog the response to Azure Event Hubs is wrong because logging the response requires the response to exist, which only occurs after the backend call, so it belongs to the outbound pipeline rather than inbound.
9. Question 9Develop Azure Compute Solutions

   When implementing Compute practices in Develop Azure Compute Solutions, which approach is recommended?

   • AKeep only the most recent version of each configuration file
   • BAllow direct edits to production without any tracking
   • CTrack changes in a spreadsheet updated manually
   • DUse version control for all configuration and code changesCorrect
   ✓ Correct answer: D

   Keeping all configuration and code in version control provides a complete, auditable history of every change, enables review and rollback, and lets teams reproduce and collaborate on infrastructure and application changes reliably. This practice underpins automated, repeatable deployments and reduces configuration drift in Azure compute solutions. It is the foundational recommendation for managing changes safely. The alternatives discard history, traceability, or accuracy.

   Why the other options are wrong

   • AKeeping only the most recent version of each configuration file destroys the change history needed to audit, compare, or roll back to a known-good state.
   • BAllowing direct edits to production without any tracking invites untraceable drift and outages, with no way to review or revert problematic changes.
   • CTracking changes in a manually updated spreadsheet is error-prone and quickly falls out of sync with the real system, offering none of the integrity guarantees of source control.
10. Question 10Develop for Azure StorageSelect all that apply

    A consultant is reviewing the blob versioning configuration at Litware Inc. Which two actions should be performed to optimize the implementation? (Choose two.)

    • ACosmos DB indexing policies
    • Bsoft deleteCorrect
    • Cstorage access policiesCorrect
    • Dblob snapshots
    • EDisable blob versioning monitoring
    ✓ Correct answer: B, C

    Optimizing blob versioning configuration requires implementing protective measures and access controls to realize full benefits. Soft delete complements versioning by automatically retaining deleted versions for a recovery period, protecting against accidental deletion of versioned blobs that might occur during operational changes. Storage access policies provide centralized control over which identities can access specific blob versions, enabling organizations to audit version access and prevent unauthorized retrieval of sensitive historical data stored in version history.

    Why the other options are wrong

    • ACosmos DB indexing policies is incorrect because indexing applies to Cosmos DB documents, not to blob versioning in Azure Storage.
    • Dblob snapshots is incorrect because snapshots create independent point-in-time copies, whereas versioning maintains an explicit version chain on the same blob.
    • EDisable blob versioning monitoring is incorrect because monitoring is critical for tracking version proliferation and understanding storage capacity consumption due to versioning overhead.

AZ-204 practice exam FAQ