Implement and manage storage
Drill 20 practice questions focused entirely on Implement and manage storage for the Microsoft AZ-104 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
You need to migrate several hundred blobs from a container in one Azure Storage account to a container in a different storage account located in another region. The migration must be scriptable, run efficiently over the server-side network without downloading data to your local workstation, and be repeatable from a scheduled job. Which tool and approach should you use?
Your company stores a large amount of legal archive documents in an Azure Files share within a general-purpose v2 storage account. The documents are accessed only a few times per year during audits, but must remain instantly available when needed. You want to minimize storage costs for this file share. Which access tier should you configure for the file share?
Your company runs an on-premises Active Directory Domain Services (AD DS) environment that is synchronized to Microsoft Entra ID using Microsoft Entra Connect. You deploy an Azure file share and need domain-joined client computers to access it using existing on-premises AD DS credentials, with NTFS-style share and file permissions enforced. Which identity source should you configure for the storage account?
Your company uses a standard (GPv2) storage account with a single Azure file share named 'projects'. The finance department reports that the share consumed an unexpected amount of storage last month, and management wants to enforce a hard limit so that the share can never store more than 500 GiB of data. You need to implement this requirement with the least administrative effort. What should you do?
Your company stores project documents on an Azure file share named 'projects' in a general-purpose v2 storage account. Every night at 22:00 you configure Azure Backup to create a share snapshot. At 14:00 a user accidentally overwrites an important spreadsheet on the share with incorrect data. The user needs the version of the file as it existed the previous night, but all other files on the share must remain at their current state. What should you do?
Your company stores critical documents in an Azure file share named 'legal-docs'. You need to protect against accidental deletion of the entire file share so that if the share itself is deleted, you can restore it along with all its contents for up to 30 days. Which feature should you enable on the storage account?
Your company stores compliance documents in a blob container with individual blobs set to the Archive access tier. An auditor urgently requests a specific 2 GB blob and needs it available for download as quickly as possible. What must you do to make the blob readable?
A company hosts static image assets in a blob container named 'assets' within a general-purpose v2 storage account. The web development team needs anonymous, read-only access to individual blobs in this container so that images can be referenced directly by URL from a public marketing website, without requiring any SAS token or account key. The storage account currently has 'Allow Blob anonymous access' enabled at the account level. What should you configure on the container to meet the requirement with the least privilege?
Your company stores application log files in a blob container named 'logs' within a general-purpose v2 storage account. Compliance requires that log blobs be moved to the Cool tier 30 days after their last modification and permanently deleted 365 days after their last modification. You must automate this process without writing custom scripts. What should you configure?
Your company stores critical documents in a blob container within a general-purpose v2 storage account. An application accidentally overwrote a blob named contract.docx with an incorrect version an hour ago. Blob soft delete is enabled with a 14-day retention period, but blob versioning is NOT enabled on the account. You need to recover the original contents of contract.docx. What should you do?
You manage an Azure storage account that hosts a blob container used by a document management application. Developers frequently overwrite blobs during deployments, and the business now requires that every prior state of a blob be automatically retained so a specific earlier iteration can be restored on demand without relying on manual snapshots. Which feature should you enable on the storage account to meet this requirement?
Your company stores departmental documents on an Azure file share and mounts it on domain-joined Windows 10 devices. You must allow users to access the share using their existing on-premises Active Directory credentials, and you want to enforce granular NTFS permissions on files and folders. The organization uses an on-premises Active Directory Domain Services (AD DS) environment synchronized to Microsoft Entra ID. What should you configure to meet these requirements?
You are configuring object replication to copy block blobs from a source storage account in East US to a destination storage account in West US for disaster recovery reporting. When you attempt to create the replication policy in the Azure portal, the portal reports that a required feature is not enabled. Which setting must be enabled on BOTH the source and destination storage accounts before object replication can be configured?
Your company stores product images in a general-purpose v2 storage account named 'salesuseast' in the East US region. A new analytics team in West Europe needs a read-optimized copy of blobs in the 'images' container that is kept up to date automatically. You decide to configure object replication. Which action must you take before creating the replication policy?
Your company stores application connection strings that reference the primary access key (key1) of an Azure Storage account. Security policy requires you to rotate the storage account keys periodically without causing an outage for the running applications. What is the correct procedure to rotate the keys while minimizing downtime?
A developer needs to generate a shared access signature (SAS) that grants a partner application temporary access to only a single blob container in your storage account. The SAS must NOT allow access to file shares, queues, or table services, and it should not require access to management operations like creating new containers. Which type of SAS should you generate?
A partner application needs temporary read-only access to a single blob in your storage account. The access must expire in 24 hours and must only be usable from the partner's fixed public IP address (203.0.113.45). You want to grant this access without sharing your storage account keys or creating any new identities. What should you generate?
You manage a general-purpose v2 storage account that hosts a blob container. Analytics show that most blobs are read and written many times per day during their first two weeks, then rarely accessed afterward but must remain instantly available. You want to minimize storage costs while keeping data online. Which combination should you configure?
Your company's security policy requires that a general-purpose v2 storage account use encryption keys that your team controls and can rotate independently in Azure Key Vault, rather than keys managed by Microsoft. Which configuration should you enable on the storage account to meet this requirement?
Your company stores critical application data in a general-purpose v2 storage account currently configured with geo-redundant storage (GRS). During a recent regional outage simulation, the application team requested the ability to read data from the secondary region while Microsoft has NOT initiated a failover. What should you configure to meet this requirement with the least administrative effort?
More AZ-104 practice
Keep going with the other Microsoft Azure Administrator domains, or take a full timed mock exam.
← Back to AZ-104 overview