Welcome to a new episode of Cyber Work Hacks. The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick, clear, and actionable solution, as well as new insights into how to utilize InfoSec products and training to achieve your work and career goals.

My guest today, Wilfredo Lanz, is an InfoSec instructor specifically for our Microsoft Azure Dual Certification Bootcamp. Azure is an industry-dominant cloud computing platform, whose knowledge is crucial for a wide range of job roles—from cloud administrator to cloud security, to GRC and many others.

Wilfredo is going to talk us through some study strategies for Azure certification, and he's also prepared some practice questions so you can find out at home if you’re ready to start learning about Azure. So thank you for joining me today, Wilfredo. I appreciate it.

Thank you.

Wilfredo, can you break down the different types of exam questions on these Azure certifications? Are these slanted toward multiple choice, hands-on problem-solving questions, or other types of questions?

Absolutely. For both exams, the majority of the questions are multiple choice, in which you get a question and then four or five different choices to select from. In most cases, they may ask you to select two or three options.

That’s the majority of the questions. However, other questions on the exam are dropdown menu-based, where you're asked a question with multiple options and must select one from a dropdown menu.

All exams include drag-and-drop type questions because many of them are related to configuration and setup, testing whether you understand how to deploy configurations and if you have hands-on experience.

There are also questions where they show you a screenshot—for example, a container configuration or a storage account—and then you have to click on the area that needs modification based on the question. You identify the problem in a troubleshooting question.

The exam also has lab-style questions. They're not too long—maybe five minutes max—but they ask you to deploy a resource. For example, they may ask you to complete the deployment of a virtual machine with specific settings or to identify a problem with a storage account or network connection.

So there will be questions that require hands-on commands to answer.

That's really cool. I think that can be potentially intimidating, so I’m glad you’ve brought us some sample questions. These are in the style of the exam questions, but created by Wilfredo himself.

Wilfredo, when you’re ready, if you want to share your screen, we can take a look at some of the questions you brought for us.

Absolutely. Let’s do that. Just a couple of questions here.

Great.

Okay, so here is the type of question I’ll show you, and I’ll also show how we handle these questions. For example, here’s a sample question for the AZ-104 exam. The question gives you an Azure subscription and a network security group and asks which two resources can be associated with a network security group.

Out of five options, two are correct. In our training, we teach how to handle these configurations because this question could also be part of a hands-on task in which you’re asked how to apply that security group to network interfaces and subnets.

Let me show you the answer: it's C and D—network interfaces and subnets.

In the Azure portal, I have a network security group. On the exam, you can’t just guess. You need to know how to navigate to the settings of the network security group and see the two correct options that answer the question: network interface and subnet.

It’s important to have hands-on experience to be able to answer these questions properly.

That’s great. That’s something you might not know unless you've actually explored Azure’s interface and remember the configuration details. It's easy to guess incorrectly without that knowledge.

Absolutely. The hands-on experience is very important.

Here’s another question. This one is about creating a storage account with specific requirements. The exam may state that you need a storage account that spans multiple regions and allows both primary and secondary read access.

The only storage option that satisfies this requirement is Geo-redundant storage (RA-GRS).

This isn’t something you can just memorize—you need to know how to test and verify it in Azure.

In my Azure account, when I navigate to a storage account and view the redundancy settings, I can see the primary and secondary regions and the read-access indicator. It shows that data from the primary region is replicated to the secondary region, and both can be read.

This is how we confirm the correct answer to that question.

So you're not just recognizing the answer by memory—you need to understand how to create and verify the right account configuration.

Exactly. Understanding the hands-on aspect allows you to answer with confidence.

Here’s one more question. We have two virtual networks named VNet1 and VNet2. By default, a VNet in Azure does not allow connectivity to another VNet unless you configure something between them. The question asks: what is that "something"?

The answer is Virtual Network Peering.

In our training, we show how to set this up. I have two VNets—East VNet and West VNet—in different regions. I show how to configure peering between the two.

When I go into the VNet properties and click on Peering, I can see that the East and West VNets are fully connected and synchronized.

Knowing how to identify and configure VNet peering helps prepare you for the exam.

That’s helpful. These are all examples of typical AZ-104 Azure Administrator exam questions.

Yes, and we also have examples for the security-focused AZ-500 exam.

Great. As we mentioned, in the Administrator exam, you learn how to manage and deploy resources operationally. In the Security exam, you learn how to protect them.

Here’s an example: the question asks, “I need to ensure that User1 can create data in Container1. What role should you assign to User1?”

These questions can be tricky because Azure has hundreds of built-in and custom roles. In this case, you want to apply the principle of least privilege.

Too much access would be risky, and too little would be ineffective.

We demonstrate this by going to the Azure portal, opening the storage account, and then looking at the container named "reports." We go into Identity and Access Management and browse the roles. There are many—46 direct roles in this case.

The one we need is “Storage Blob Data Contributor.”

We find this role and review its permissions. Azure allows us to view and filter by permissions for each role, confirming whether the role has the necessary capabilities to write data to a container.

This is why hands-on experience is key—we don’t just memorize answers. We validate them by doing the actual tasks.

Absolutely. That makes sense.

Here’s another question: “Which services can Microsoft Defender for Cloud monitor?”

People may assume it’s just for Azure, but that’s not true. You can use it to monitor Amazon Web Services, GitHub, on-premises resources, and Azure DevOps.

From Defender for Cloud, you can add your AWS account, enter credentials, and manage those resources from a security perspective.

That’s true for other platforms too, like GitLab and Azure DevOps.

We show students how to configure this so they fully understand how Defender for Cloud integrates with multi-cloud and hybrid environments.

Great. And the last question is about Microsoft Entra, formerly Azure Active Directory.

Correct. Microsoft Entra is the new name for what used to be called Azure AD. It’s a directory service.

This question asks how to configure account lockout threshold and duration. The correct place is under Microsoft Entra Password Protection.

We show how to find this in the Azure portal: go to Microsoft Entra, then to the Security section, then Authentication, and finally to Password Protection.

There, you can configure lockout policies and thresholds.

By doing the hands-on work, these questions become much easier.

There’s no way to guess those answers from the wording alone—you really need platform familiarity.

Exactly.

Is that all the questions?

Yes, to keep it short.

Okay, great. You can stop sharing your screen.

Now, just a couple more questions. Can you tell our listeners a little more about what the experience of doing the InfoSec Azure Dual Certification Bootcamp with you is like? How will they learn, and what can they expect?

The bootcamp we do with InfoSec is a comprehensive approach to learning and preparing for the exams. It’s an intense, fast-moving training—four or five days, or seven for two certifications—covering all Microsoft-required objectives.

From day one, we focus on labs and practice questions like the ones we reviewed here. For every question, we show how to do it. Memorization doesn’t work well for these exams—they require actual hands-on understanding.

The bootcamp is very hands-on and concentrated on relevant exam topics. InfoSec also provides training recordings, practice questions, and content support. Students have access for several months after the class ends.

It’s a comprehensive approach targeted at exam success.

Now, do students typically go straight from the bootcamp into the exam, or do they wait?

That’s very personal. We tell people: go when you feel ready.

My recommendation is to test at the end of the bootcamp if possible. We offer that option—on-site and online. During the bootcamp, we concentrate on labs and practice questions, so if someone follows the system, they should be ready to test by the end of the week.

One last question: do you have any advice for exam day itself?

Yes. Do a little bit of preparation every day. Don’t cram the night before—that usually doesn’t work and leaves you exhausted.

On exam day, arrive 15 minutes early. Microsoft allows early logins, so take advantage of that. Do the system checks early and be ready.

When taking the test, flag any question you’re unsure about and return to them later. Don’t get stuck on the first five questions. If a question is tough, mark it, skip it, and come back later.

Getting a few easy wins early builds confidence. If the exam includes labs, watch your time—they may take longer than multiple-choice questions.

That’s great advice. Thank you again, Wilfredo. I think this will inspire many listeners to start their Azure journey.

Thank you.

And thank you for watching and listening to Cyber Work Hacks. If this video helped you, please share it with colleagues or anyone preparing for Azure or other cloud certifications.

For more tips and long-form conversations with cybersecurity leaders, check out Cyber Work on YouTube or your favorite podcast app. We have episodes on everything from disaster recovery plans to building a home cybersecurity lab.

Until next time, this is Chris and Wilfredo saying: good luck, and happy learning.