1.6 Using the Practice Bank, Labs, and Error Log
Key Takeaways
- The local AZ-104 practice bank currently contains 200 items across identity-governance, networking, compute, monitoring, and storage categories.
- Practice metadata that says 120 minutes or claims an estimated pass rate should be corrected to current Microsoft facts.
- Practice questions should be used with hands-on labs and an error log, not as a memorization script.
- The current local category distribution overrepresents identity-governance and networking compared with storage.
- An error log should record the missed concept, official domain, root cause, and corrective lab or note.
Use practice as evidence, not as the source of record
The local practice bank for this guide is public/data/question-bank/azure-az-104.json. The current local count is 200 items. Its categories are azure-identity-governance with 55 items, azure-networking with 55 items, azure-compute with 36 items, azure-monitoring with 34 items, and azure-storage with 20 items. That distribution is useful, but it is not the official exam blueprint. The official blueprint remains the Microsoft Learn skills outline dated April 17, 2026.
The source brief notes that the practice-bank metadata exists but the detail block still says 120 minutes and an estimated pass rate. That must be corrected wherever the public metadata is updated. The current facts for this guide are 100-minute assessment time, 120-minute seat duration for role-based exams without labs, 700 passing score, no public Microsoft pass-rate percentage, and renewal every 12 months. Do not let stale metadata leak into chapter text.
| Practice category | Local item count | Official domain relationship | Study caution |
|---|---|---|---|
| azure-identity-governance | 55 | Manage Azure identities and governance | Strong coverage, but still verify current RBAC and policy behavior. |
| azure-networking | 55 | Implement and manage virtual networking | Good for connectivity drills; add hands-on packet-path labs. |
| azure-compute | 36 | Deploy and manage Azure compute resources | Needs hands-on Bicep, VM, App Service, and container work. |
| azure-monitoring | 34 | Monitor and maintain Azure resources | Connect alerts and logs to real resources. |
| azure-storage | 20 | Implement and manage storage | Add extra storage labs because local item count is smaller. |
Practice-bank workflow
Start every practice session with a purpose. Do not click through 200 items hoping exposure will become mastery. Pick a domain, answer a timed set, review every explanation, then write down the operational rule behind each miss. If you cannot state the Azure behavior in your own words, the item is not complete.
A strong review note looks like this: "Missed storage SAS question because I confused account SAS with service SAS and ignored stored access policy revocation. Correct rule: stored access policies can help manage service SAS for supported services; access keys are broader and should not be shared for limited delegated access. Lab: create container, create stored access policy, generate SAS, revoke by changing policy." That note turns one miss into a repeatable admin skill.
Error-log template
| Field | Example |
|---|---|
| Date | 2026-05-05 |
| Domain | Implement and manage storage |
| Missed topic | SAS scope and revocation |
| Root cause | Chose broad key-based access instead of delegated limited access |
| Correct rule | Use the narrowest access mechanism that satisfies duration, permission, and revocation requirements. |
| Lab action | Generate limited SAS, test with AzCopy, revoke or expire access. |
| Retest date | 2026-05-08 |
The root-cause field is the most important part. Common root causes include not reading scope, confusing management-plane and data-plane permissions, ignoring "least privilege," missing a network dependency, assuming public access, confusing backup vault types, or treating a cost requirement as a performance requirement. If you write only "got it wrong," you will repeat the miss.
Lab pairing map
| Practice miss | Lab to run |
|---|---|
| RBAC scope confusion | Assign Reader at subscription, Contributor at resource group, and test inherited access. |
| Policy versus lock confusion | Create an audit policy, a deny policy, a delete lock, and a read-only lock; test effects. |
| Storage firewall miss | Restrict a storage account to selected networks and test allowed versus blocked access. |
| VM connectivity miss | Inspect NSG rules, effective routes, public IP, Bastion, and Network Watcher output. |
| Load balancer miss | Configure backend pool, rule, probe, and verify probe health. |
| App Service slot miss | Create staging slot, add slot setting, swap, and verify production behavior. |
| Alert miss | Create metric alert, action group, and alert processing rule. |
| Backup miss | Configure policy, trigger backup, restore item, and inspect vault reporting. |
Balancing local counts against official weights
The local bank has 55 identity-governance and 55 networking items, but storage has only 20. The official storage weight is still 15-20 percent, so do not under-study storage because of local item count. Add your own lab prompts for Azure Files, Blob lifecycle management, snapshots, versioning, object replication, firewall rules, private access, SAS, stored access policies, Storage Explorer, and AzCopy.
Compute has 36 local items but carries a 20-25 percent official weight. That means compute needs hands-on reinforcement. Read Bicep and ARM examples, deploy a small VM, change disk and size decisions in notes, create a scale set concept map, push an image to Azure Container Registry in a lab account if available, compare Azure Container Instances with Azure Container Apps, and configure App Service slots, TLS, backup, and networking.
Monitoring has 34 local items and a 10-15 percent official weight, but it should be practiced throughout the other domains. Every lab should end with a validation step: metrics, logs, alerts, activity log, effective rules, connection check, backup status, or Advisor recommendation. That habit mirrors real administration and improves exam performance.
Study-session checklist
- Pick one official domain and one operational goal.
- Answer a short timed set from the practice bank.
- Review every item, including correct guesses.
- Write error-log entries for misses and lucky guesses.
- Run or outline the corrective lab.
- Update a domain score trend rather than relying on one score.
- Re-test mixed domains after remediation.
Minimum readiness signals
You are closer to ready when your explanations are stable. You should be able to say why a deny policy is different from a lock, why a private endpoint differs from a service endpoint, why a user needs data-plane permission for blob access, why an App Service plan affects scale, why a health probe matters to a load balancer, and why a Recovery Services vault policy affects restore options.
You are not ready if your score depends on recognizing practice wording. Change the wording, change the resource names, or reverse the requirement and see whether you still choose correctly. AZ-104 rewards transferable administration patterns. The practice bank, labs, and error log are the tools that build those patterns.
What is the current local AZ-104 practice-bank item count in the source brief?
Which practice-bank metadata claim must be removed or corrected?
Why should storage receive extra lab attention even though the local bank has 20 storage items?