Azure AZ-204 Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for Microsoft Azure Developer Associate (AZ-204) topics such as Azure compute choices, App Service deployment slots, Azure Functions triggers, managed identities, Key Vault, Cosmos DB, Blob Storage, Event Grid, Service Bus, API Management, Application Insights, and troubleshooting. The prompts emphasize developer implementation decisions rather than isolated product recall.

Where these questions fit in the AZ-204 guide

The sample set below is part of the Microsoft Azure AZ-204 guide path:

• Microsoft certification hub
• Microsoft Azure guide hub
• AZ-204 exam guide
• AZ-204 cheat sheet
• AZ-204 study plan
• AZ-204 FAQ
• AZ-204 resources
• AZ-204 glossary

AZ-204 Azure developer sample questions

Work through each prompt before opening the explanation. AZ-204 questions usually reward answers that choose the right Azure service and the right developer-facing configuration.

---

Question 1

Topic: Safe App Service release

A team hosts a production API on Azure App Service. They need to deploy a new version, warm it up with production configuration, validate health checks, and swap it into production with a fast rollback path if errors increase. Which approach is strongest?

• A. Deploy directly to the production slot and restart the app manually.
• B. Use a deployment slot, configure slot-specific settings where needed, validate the staging slot, swap with production, and swap back if health checks fail.
• C. Create a new storage account and copy the application package there before each release.
• D. Scale the production plan up before every deployment so failed releases have more CPU.

Best answer: B

Explanation: Deployment slots are the AZ-204 release-safety pattern for App Service. They let developers warm up and validate a new version before swapping traffic, while preserving a fast rollback path.

Why the other choices are weaker:

• A exposes production directly and has weaker rollback behavior.
• C changes artifact storage, not production release safety.
• D addresses capacity, not deployment validation or rollback.

What this tests: App Service slots, slot settings, health validation, swap, and rollback.

Related topics: App Service; Deployment slots; Rollback; Compute

---

Question 2

Topic: Secretless access to Key Vault

An Azure Function must read a certificate from Azure Key Vault. Security does not want client secrets or connection strings stored in code or application settings. What should the developer configure?

• A. Enable a managed identity for the function app and grant it the required Key Vault permissions or role assignment.
• B. Store a service principal client secret in an app setting and rotate it manually every year.
• C. Download the certificate into the function package during deployment.
• D. Make the Key Vault public and allow anonymous reads.

Best answer: A

Explanation: Managed identity lets Azure-hosted code authenticate to Azure services without storing credentials. The identity still needs the correct Key Vault authorization.

Why the other choices are weaker:

• B keeps a stored secret and manual rotation burden.
• C bakes sensitive material into the deployment artifact.
• D is insecure and violates the access requirement.

What this tests: Managed identity, Key Vault authorization, secretless application access, and least privilege.

Related topics: Managed identity; Key Vault; Security; Azure Functions

---

Question 3

Topic: Choosing event integration

An application needs to react when a blob is created in a storage account. The handler should run only when the event occurs and should not poll the container. Which integration pattern is strongest?

• A. A timer-triggered Function that lists the container every minute.
• B. Event Grid event delivery from the storage account to an Azure Function or handler endpoint.
• C. A Service Bus queue that the storage account writes to automatically without event configuration.
• D. A daily Logic App that scans all blobs and compares timestamps.

Best answer: B

Explanation: Event Grid is the event-routing service for reacting to Azure resource events such as blob creation. It avoids polling and invokes the handler when the event is emitted.

Why the other choices are weaker:

• A uses polling even though the requirement asks for event-driven reaction.
• C invents automatic Service Bus behavior without configuring the event path.
• D is delayed and scan-based, not event-driven.

What this tests: Event Grid, storage events, Azure Functions triggers, and event-driven design.

Related topics: Event Grid; Blob Storage; Azure Functions; Integration

---

Question 4

Topic: Troubleshooting API latency

A web API on Azure App Service has intermittent latency spikes. The team needs request traces, dependency timing, failure rates, and correlation across calls to downstream services. Which first tool is strongest?

• A. Application Insights with distributed tracing and dependency collection.
• B. Azure Cost Management because latency is usually a billing issue.
• C. Static website hosting logs from the storage account.
• D. Manual browser refreshes during business hours.

Best answer: A

Explanation: Application Insights is the developer-facing telemetry lane for request performance, failures, dependencies, and trace correlation in Azure application workloads.

Why the other choices are weaker:

• B can help with spend analysis but not request tracing.
• C is unrelated to the App Service API path.
• D is anecdotal and does not produce diagnostic evidence.

What this tests: Application Insights, distributed tracing, dependency telemetry, and troubleshooting evidence.

Related topics: Application Insights; Monitoring; Dependencies; Troubleshooting

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by Microsoft or any certification body.