5 exercises — VNets and NSGs, Entra ID and Conditional Access, AKS autoscaling, ARM templates, and managed identities for Azure certification exams.
0 / 5 completed
1 / 5
An AZ-104 practice question asks: "A company needs to isolate network traffic between two departments within the same Azure subscription, while still allowing controlled communication between them." Which Azure construct is being described?
VNet (Virtual Network) is Azure's software-defined network boundary — the foundation for network isolation. A VNet is divided into subnets, and traffic between subnets or VNets is controlled by Network Security Groups (NSGs), which act as a stateful firewall with allow/deny rules based on IP, port, and protocol.
VNet peering connects two VNets so resources in each can communicate using private IP addresses, without traversing the public internet — commonly used exactly for this scenario: separate network boundaries per department/environment, with explicit, auditable rules for any cross-boundary traffic.
Exam vocabulary distinction: an Azure AD tenant is about identity and access management, not network isolation — a common AZ-104 distractor that tests whether you can tell network-layer concepts apart from identity-layer concepts.
2 / 5
You see this term in Azure documentation: "Configure Conditional Access policies in Entra ID to require MFA for users signing in from outside the corporate network." What is Entra ID, and what does this sentence describe?
Entra ID is Microsoft's rebrand of Azure Active Directory (Azure AD) — the identity platform behind sign-in, user/group management, and access control across Microsoft 365 and Azure resources. Many exam questions and real-world docs still use "Azure AD" interchangeably with "Entra ID" — recognise both terms.
Conditional Access is a policy engine that evaluates signals (user, device, location, application, sign-in risk) and applies controls (require MFA, block access, require a compliant device) accordingly. "Outside the corporate network" is a common condition — it means requests not coming from a defined trusted IP range.
MFA (Multi-Factor Authentication) — requiring more than one proof of identity (e.g. password plus a phone app code) — is the most common control paired with Conditional Access policies in both AZ-900 and AZ-104 exam scenarios.
3 / 5
An AKS (Azure Kubernetes Service) exam scenario states: "The cluster should scale the number of nodes automatically based on pending pod resource demands." Which Azure feature satisfies this requirement, and how is it distinct from Horizontal Pod Autoscaler?
AKS exam questions frequently test the distinction between scaling pods and scaling nodes — these solve different problems and are easy to conflate.
Horizontal Pod Autoscaler (HPA) — increases or decreases the number of pod replicas for a deployment based on metrics like CPU or custom metrics, within the capacity of existing nodes.
Cluster Autoscaler — watches for pods that can't be scheduled because no node has enough free capacity ("pending" pods) and adds new nodes to the node pool to accommodate them; it also removes underutilised nodes when safe to do so, to control cost.
In practice these work together: HPA decides "we need more pod replicas," and if the existing nodes don't have room, Cluster Autoscaler provisions more nodes so those new pods can actually be scheduled. A scenario mentioning "pending pods" and "adding nodes" specifically points to Cluster Autoscaler, not HPA.
4 / 5
You're reading an ARM template exam scenario: "Deploy the same set of resources consistently across dev, staging, and production environments, with environment-specific values for VM size and instance count." What Azure concept does this describe?
ARM templates are Azure's native Infrastructure-as-Code (IaC) format — a JSON document describing what resources to create and their configuration, submitted to the Azure Resource Manager API for deployment. Bicep is a newer, more readable domain-specific language that compiles down to ARM JSON — exam material increasingly favours Bicep syntax while still testing ARM concepts underneath.
Parameters let a single template be reused across environments: the resource definitions (what a VM looks like, how it's networked) stay identical, while values like vmSize or instanceCount are injected per environment (e.g. Standard_B2s for dev, Standard_D4s_v5 for production).
This pattern — "consistent structure, environment-specific values, avoid manual portal clicks" — is the core exam signal for "this is an IaC/ARM template question," regardless of which specific resource type the scenario describes.
5 / 5
An exam question describes: "The application needs to authenticate to Azure Key Vault to retrieve a database connection string, without storing any credentials in code or configuration files." Which Azure feature is being tested?
Managed identity is one of the most commonly tested AZ-104/AZ-900 security concepts, because it directly solves the classic "secret zero" problem: how does an application authenticate to get its other secrets, without itself needing a hardcoded secret?
Azure automatically creates and manages the identity's credentials behind the scenes — the developer never sees or stores a password/key. Two types: system-assigned (tied to the lifecycle of one resource, deleted when the resource is deleted) and user-assigned (a standalone identity that can be attached to multiple resources).
Once a managed identity is assigned to a resource, you grant it access via RBAC (e.g. "Key Vault Secrets User" role) — RBAC alone answers "what can this identity do," but the managed identity itself answers "how does the app authenticate without stored credentials," which is specifically what this question asks.
What will I practice in "Azure Certification Vocabulary — AZ-900 & AZ-104 Exam Terms"?
This is a Certification Prep exercise set. It walks through 5 scenario-based multiple-choice questions built around real usage of Certification Prep terminology that IT professionals encounter on the job.
Is this exercise free to use?
Yes. Every exercise on CoderSlingo, including this one, is free to complete with no account, sign-up, or paywall.
How many questions are in this exercise?
This set contains 5 questions. Each one shows immediate feedback and a detailed explanation after you answer, so you learn the correct usage right away rather than waiting for a final score.
Do I need prior experience to complete this exercise?
No prior experience is required. Each question includes a full explanation covering the reasoning behind the correct answer, so the exercise itself teaches the Certification Prep vocabulary as you go.
Can I retry the exercise if I get questions wrong?
Yes — use the "Try again" button on the results screen to reset your answers and go through all the questions again. There is no limit on attempts.
Is my progress saved?
Your answers and score for the current session are tracked in the browser as you go. No account or login is needed, and there is nothing to install.
What if I don't understand a term used in a question?
Read the explanation shown after you answer each question — it breaks down the correct term in plain English with a real-world example. You can also check the site Glossary for quick definitions.
How is this different from reading a blog article on the topic?
Exercises like this one are interactive drills that test and reinforce specific vocabulary through multiple-choice questions, while blog articles explain concepts in prose. Practising here after reading builds active recall, not just passive recognition.
Where can I find more Certification Prep exercises?
See the Certification Prep exercises hub for the full set of related pages, or browse all exercise categories from the main Exercises index.
Can I use this exercise to prepare for a technical interview?
Yes — Certification Prep vocabulary comes up often in technical discussions and interviews. Pair this exercise with our dedicated Interview Preparation section for role-specific practice.