🌐 Azure Virtual Networks - AZ-104 Practice Questions

Configure VNets, subnets, IP addressing, network security groups, and service endpoints.

10Questions Available
1Exam Domains

Practice Virtual Networks Questions Now

Start a timed practice session focusing on Azure Virtual Networks topics from the AZ-104 question bank.

Start AZ-104 Practice Quiz →

AZ-104 Virtual Networks Question Bank (10 Questions)

Browse all 10 practice questions covering Azure Virtual Networks for the AZ-104 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Implement and manage virtual networking

    Two Azure virtual networks in the same region — VNet-A (10.1.0.0/16) and VNet-B (10.2.0.0/16) — need to communicate privately. VNet-A has a VPN Gateway. A VM in VNet-B must reach resources in an on-premises network via VNet-A's gateway. What must be enabled on the VNet peering configuration?

    AEnable 'Allow gateway transit' on VNet-A's peering and 'Use remote gateway' on VNet-B's peering
    BEnable 'Allow forwarded traffic' only on VNet-A's peering
    CDeploy a VPN Gateway in VNet-B as well
    DConfigure a User-Defined Route in VNet-B pointing to VNet-A's gateway

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  2. Question 2Implement and manage virtual networking

    What is the difference between a 'subnet' and an 'address space' in Azure Virtual Networks?

    AThey are the same concept
    BAddress space defines the VNet's total CIDR range; subnets divide that address space into smaller segments for deploying resources
    CAddress space is assigned to individual VMs; subnets are for the VNet
    DSubnets define routing; address space defines DNS settings

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  3. Question 3Implement and manage virtual networking

    How many IP addresses does Azure reserve in each subnet?

    A2 addresses (network and broadcast)
    B5 addresses: network address, Azure gateway, Azure DNS (×2), and broadcast
    C3 addresses
    DNo addresses — all IPs are available

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  4. Question 4Implement and manage virtual networking

    What is a 'gateway subnet' in Azure Virtual Networks?

    AA subnet for internet-facing resources
    BA dedicated subnet required by Virtual Network Gateways (VPN or ExpressRoute) named 'GatewaySubnet'
    CA subnet for Azure Bastion
    DA subnet for Azure Firewall

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  5. Question 5Implement and manage virtual networking

    An Azure VM in a subnet hosts a web server that must accept HTTPS traffic on port 443 from the internet and allow outbound access to Azure SQL on port 1433. All other inbound traffic must be blocked. Which NSG inbound rule configuration achieves this with least privilege?

    AAllow all inbound traffic (priority 100), then deny HTTPS (priority 200)
    BAllow TCP port 443 from Internet (priority 100), deny all inbound from Any (priority 4000)
    CAllow TCP port 443 from VirtualNetwork (priority 100), deny all (priority 4000)
    DAllow all ports from Internet (priority 100) and rely on the OS firewall

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  6. Question 6Implement and manage virtual networking

    Which Azure networking component allows you to control routing of traffic between subnets within a VNet or to external destinations?

    ANetwork Security Groups (NSG)
    BUser Defined Routes (UDR) in a Route Table
    CAzure Load Balancer
    DAzure DNS

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  7. Question 7Implement and manage virtual networking

    Which Azure tool provides a visual map of the network topology showing VNets, subnets, VMs, and their connections?

    AAzure Monitor metrics
    BNetwork Watcher Network Topology
    CAzure Resource Graph
    DAzure Cost Management

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  8. Question 8Implement and manage virtual networking

    What is the purpose of Azure Private DNS zone 'virtual network links'?

    AConnecting two VNets together
    BAssociating a private DNS zone with a VNet so that resources in the VNet can resolve names in that zone
    CProviding DNS forwarding to on-premises
    DLinking public DNS zones to private zones

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  9. Question 9Implement and manage virtual networking

    Which feature in NSGs allows grouping multiple Azure VMs under a logical name for use in NSG rules without managing IP addresses?

    AService tags
    BUser-defined routing
    CApplication Security Groups (ASGs)
    DNetwork Policies

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz
  10. Question 10Implement and manage virtual networking

    What is the primary benefit of Azure Private DNS zones over custom DNS servers in a VNet?

    ALower cost
    BFully managed DNS resolution for Azure resources without deploying DNS servers
    CBetter performance
    DSupport for on-premises DNS forwarding

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-104 Quiz

Key Virtual Networks Concepts for AZ-104

vnetvirtual networksubnetip addressnsgservice endpointprivate endpointdns

AZ-104 Virtual Networks Exam Tips

Azure Virtual Networks questions in AZ-104 are typically scenario-based. Focus on day-to-day Azure administration, identity, network, compute, storage, and monitoring. Priority concepts: vnet, virtual network, subnet, ip address, nsg, service endpoint.

What AZ-104 Expects

  • Anchor your answer in prioritize operationally practical configurations and least-privilege administration.
  • Virtual Networks scenarios for AZ-104 are frequently mapped to Domain 4 (15-20%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where Virtual Networks interacts with identity, networking, governance, or monitoring patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value Virtual Networks Concepts

  • Know the core Virtual Networks building blocks cold: vnet, virtual network, subnet, ip address.
  • Review the edge-case features and limits for nsg, service endpoint; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Virtual Networks pairs with Load Balancing, VPN & ExpressRoute, VNet Peering in real deployment patterns.
  • For AZ-104, explain why the chosen Virtual Networks design meets reliability, security, and cost expectations better than the alternatives.

Common AZ-104 Traps

  • Watch for forgetting scope inheritance and RBAC precedence.
  • Questions in Implement and Manage Virtual Networking often include distractors that look correct for Virtual Networks but violate least-privilege, compliance, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Virtual Networks implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Implement and Manage Virtual Networking (15-20%) outcomes for AZ-104?
  • Can you explain security and access boundaries for Virtual Networks without relying on default-open assumptions?
  • Can you describe how Virtual Networks integrates with Load Balancing and VPN & ExpressRoute during failure, scaling, and monitoring events?

Exam Domains Covering Virtual Networks

Domain 4Implement and Manage Virtual Networking15-20%

Related Resources

🎯 Free AZ-104 Mock Exam Load Balancing Questions VPN & ExpressRoute Questions VNet Peering Questions

More AZ-104 Study Resources

← AZ-104 Study Hub30-Day Study PlanFull Practice Exam