50 az 204 practice test Practice Questions: Question Bank 2025

You are developing an Azure Function that processes queue messages. During a deployment, you need to stop the function from processing new messages without deleting the function or changing code. What should you do?

You need to securely store an application secret and rotate it without redeploying your Azure App Service. The app must retrieve the secret at runtime. Which solution should you use?

You are building a web API that returns user-uploaded images stored in Azure Blob Storage. You want clients to download blobs directly from storage without exposing the storage account key. What should you use?

Your application uses Azure Service Bus queues. You want to ensure that if message processing fails, the message can be processed again and is not lost. Which message settlement should your receiver use?

You are using the Azure Storage Blob SDK to upload large files from an ASP.NET Core service. Uploads frequently fail due to transient network errors. What should you implement to increase reliability with minimal custom code?

An Azure App Service is timing out when calling a downstream API. You need to identify where most time is spent (App Service vs dependency) and view end-to-end transaction details. What should you use?

You are building an Azure Function that is triggered by Event Grid events. Some events are delivered more than once. You must ensure processing is idempotent and avoid duplicate side effects. What should you do?

Your team is adding authentication to a single-page app (SPA) that calls an ASP.NET Core Web API hosted on Azure. You want users to sign in with Microsoft Entra ID and the API to validate tokens without storing client secrets in the SPA. What should you implement?

You are processing orders using Azure Service Bus. A receiver intermittently fails after partially updating a database, causing duplicate updates when the message is retried. You must ensure that message processing and database changes are applied exactly once. What should you do?

Your Azure Function app must call an internal service hosted behind a private endpoint in an Azure VNet. The function must not be publicly accessible. Which hosting and networking configuration should you choose?

You are building an Azure Function that must process messages from an Azure Storage queue. You want the function to automatically scale based on queue length and minimize infrastructure management. Which hosting plan should you choose?

An API running in Azure App Service must access secrets (API keys and connection strings). You need to avoid storing secrets in source code or app settings in plain text. What is the recommended solution?

A developer is configuring an Azure Blob Storage trigger for an Azure Function. The function is not firing when blobs are uploaded. Which storage feature must be enabled or available for the trigger to work reliably?

You need to allow a web client (running in a browser) to upload large files directly to an Azure Blob container without routing traffic through your API. You must restrict permissions to write-only and limit access duration. What should you use?

A microservice publishes integration events that must be processed by multiple independent downstream services. Each downstream service needs its own copy of every message. Which Azure messaging design should you implement?

An ASP.NET Core API in App Service calls an internal service protected by Microsoft Entra ID. You want the API to call the downstream service without storing client secrets or certificates. What should you configure?

You use Azure Cosmos DB (Core/SQL) to store user profiles. A workflow must update a profile document only if it has not been modified since it was read to prevent lost updates. Which Cosmos DB feature should you use?

You are investigating intermittent latency spikes in an Azure Function that calls several HTTP dependencies. You need to correlate a single request across the function and its outgoing HTTP calls and view end-to-end timings in Azure. What should you use?

A background processor is implemented using an Azure Function triggered by Service Bus. Occasionally, message processing takes longer than expected and the same message is processed twice. You need to reduce duplicates while still allowing long processing times. What should you do?

Your company uses multiple Azure subscriptions. A build pipeline needs to deploy an App Service and assign it access to a Key Vault secret. The pipeline must authenticate without a stored password and should be limited to only the required resource actions. What is the best approach?

You are developing an ASP.NET Core API hosted on Azure App Service. You need to enable the API to call Microsoft Graph without storing any client secrets in code or configuration. What should you use?

You need to store large video files in Azure Blob Storage and allow a browser-based client to upload files directly to storage without exposing the storage account key. Uploads must be permitted only to a specific container and only for 15 minutes. What should you generate?

Your Azure Function (HTTP trigger) intermittently returns 500 errors under load. Application Insights shows many requests exceeding the configured function timeout. You want to reduce end-user latency by offloading long-running work while returning immediately. What should you implement?

You are building a multi-tenant SaaS app. Each tenant must be isolated at the database level, but you want to deploy and update the same API code for all tenants. Which approach best meets the requirement?

An Azure App Service uses Azure Key Vault references in application settings (e.g., @Microsoft.KeyVault(...)). After a Key Vault access policy change, the app continues using the old secret value for several minutes. You need the app to use the new value as quickly as possible without redeploying. What should you do?

You are developing a service that publishes messages to Azure Service Bus. A consumer reports receiving duplicate messages and asks you to prevent duplicates without changing their code. What should you enable on the Service Bus entity?

An API hosted on Azure App Service calls an external payment provider. Sometimes the provider throttles requests and returns transient failures. You want to implement a recommended resiliency approach in code. What should you do?

You are implementing an event-driven pipeline that must process events from an Azure Blob Storage container. The solution must guarantee that each event is delivered at least once and allow replaying events if the downstream processor fails. What should you use?

A .NET application uses Azure Cosmos DB (Core/SQL) and experiences intermittent 429 responses. You need to reduce these errors without increasing provisioned RU/s. What should you do first?

Your team uses Azure Container Apps to run a microservice. The service must call an internal API hosted behind Azure API Management in a VNet. The microservice must not be publicly reachable, and outbound traffic must route through the VNet. What is the best solution?

You are developing an Azure Function that is triggered by messages in an Azure Storage queue. The function sometimes processes the same message more than once due to retries. You need to ensure the processing is idempotent without disabling retries. What should you do?

You need to upload large files from a web client directly to Azure Blob Storage without routing the file through your API. The upload must be limited to a single container and must expire after a short time. Which approach should you use?

Your App Service needs to call an Azure SQL Database. Company policy prohibits storing credentials in configuration. What is the recommended solution?

You need to investigate why requests to an App Service are slow. You want to correlate a single user request across the web app and its downstream dependencies. What should you enable/use?

Your microservice publishes events that must be delivered to multiple independent consumers. Each consumer must receive every event, but consumers should not affect each other’s processing. Which Azure messaging feature should you use?

You are containerizing an API and deploying it to Azure Container Apps. You want zero-downtime updates while gradually shifting traffic to a new revision. What should you use?

You store application secrets in Azure Key Vault. You want your application to automatically start using the new value when a secret is rotated, without redeploying the app. Which approach is recommended?

An application writes JSON log entries. You need to query these logs with Kusto (KQL) and create alerts when error rates exceed a threshold. Where should you send the logs?

You need to ingest telemetry events at very high throughput from thousands of devices. Multiple downstream services must read the stream independently at their own pace, and you must retain the data for a period to allow reprocessing. Which service is the best fit?

You implement a long-running order workflow using the Durable Functions orchestrator pattern. The orchestration intermittently fails with non-deterministic behavior after code changes that add DateTime.Now and random GUID generation inside the orchestrator function. What should you do to fix the issue?

You are developing an Azure Function that processes queue messages. During a deployment slot swap, you notice a burst of duplicate processing. You need to ensure only a single instance processes a given message at a time and duplicates are minimized without changing the message producer. What should you do?

You are building a .NET API that calls a downstream service secured by Azure AD. The API must acquire an access token without storing any client secrets or certificates. The API is hosted on Azure App Service. What should you use?

You need to store application logs from multiple instances of an Azure App Service in a central location for querying with Kusto (KQL). What should you configure?

A web app stores user-uploaded images in Azure Blob Storage. Users must be able to upload directly from the browser without routing files through your server. You must restrict uploads to a specific container and allow uploads only for 10 minutes. What should you implement?

Your application must read secrets and connection strings from Azure Key Vault. The code runs in an Azure Container App with a system-assigned managed identity. You need to follow least privilege. Which Key Vault access approach should you use?

You are consuming messages from an Azure Service Bus queue using an SDK client. You want to ensure that if message processing fails, the message is retried and eventually moved to the dead-letter queue after repeated failures. Where should you configure the maximum delivery attempts?

Your team uses Azure API Management (APIM) in front of several backend APIs. You must enforce that every request includes a specific header and reject requests that do not. Where should you implement this requirement?

An Azure App Service is intermittently slow. You want to identify which dependency calls (SQL/HTTP) are contributing most to server response time, without modifying application code. What should you enable/configure?

You need to implement caching for frequently accessed product data in a .NET web API. The cache must support distributed access across multiple instances and provide low-latency reads. Which Azure service should you use?

You are deploying a containerized workload to Azure Kubernetes Service (AKS). The container needs to pull images from a private Azure Container Registry (ACR). You must avoid storing registry credentials in Kubernetes secrets. What is the recommended approach?