Common Traps on Show IP Route Output Practice Questions
- ·Longest-prefix match is checked before administrative distance.
- ·Connected and local routes can appear alongside dynamic or static routes.
- ·The selected route may not be the one with the lowest metric if the prefix length differs.
Sample Questions
Practice all 5 →A company has a policy that all Azure Storage accounts must have diagnostic settings enabled to send logs and metrics to a specific Log Analytics workspace. The governance team wants to automatically configure these diagnostic settings when a new storage account is created, without blocking the initial creation. The solution must not require manual intervention. Which Azure Policy effect should the team use in their policy definition?
Explanation: Azure Policy supports several effects. 'DeployIfNotExists' is used to automatically deploy a resource (like a diagnostic setting) when a condition is met and the resource does not already exist. In this scenario, the condition is the creation of a storage account, and the missing resource is the diagnostic setting. The other effects are not suitable because they either block creation (Deny), report compliance only (Audit), or cannot create entire resources (Append).
A company has a policy that every Azure virtual machine must have the Azure Monitor Agent installed and configured to send metrics to a central Log Analytics workspace. To enforce this requirement without relying on manual user action, the governance team wants to automatically deploy the agent to any existing or new VM that is missing it. They also need to generate a compliance report showing any VMs where the installation failed. Which Azure Policy effect should the team use to meet these requirements?
Explanation: Azure Policy can automatically remediate non-compliant resources using the 'DeployIfNotExists' effect. This effect evaluates resources after creation and deploys a defined resource template (in this case, the Azure Monitor Agent VM extension) if the required resource does not exist. It also logs compliance results for reporting. The 'AuditIfNotExists' effect would only report non-compliance without remediation. The 'Deny' effect would block creation of VMs without the agent but would not fix existing ones. The 'Modify' effect is used to change properties on the same resource, but deploying a VM extension is a separate resource, so DeployIfNotExists is appropriate.
A company has an Azure subscription with 200 virtual machines. The compliance team requires that all virtual machines have diagnostic settings enabled to send metrics and logs to a central Log Analytics workspace. The team wants Azure to automatically configure these diagnostic settings on any VM that currently lacks them, without manual intervention. Which Azure Policy effect should the team use in the policy definition?
Explanation: Azure Policy has several possible effects. The DeployIfNotExists effect is specifically designed to automatically deploy a required resource or configuration when the policy engine detects that it is missing. In this scenario, diagnostic settings are a child resource of a VM, and DeployIfNotExists will create them on any non-compliant VM. Audit only reports compliance status; it does not make any changes. Deny prevents the creation of non-compliant resources but does not fix existing ones. Modify can alter properties of an existing resource but is not the best fit for deploying child resources like diagnostic settings.
A hospital stores sensitive patient data in the cloud. They want to ensure that data remains secure and that the cloud provider has implemented strict physical security controls, such as biometric access and 24/7 surveillance at datacenters. Which aspect of the shared responsibility model does this describe?
Explanation: In the shared responsibility model, the cloud provider (Microsoft) is always responsible for the security of the physical infrastructure, including datacenters, hardware, and network. The customer is responsible for securing their data, identities, and configurations. This question clarifies that physical security is the provider's responsibility.
A manufacturing company is building a web-based dashboard to display real-time production metrics from sensors. The development team wants to deploy the application without managing the underlying infrastructure, including the web server and operating system. The application uses ASP.NET Core. Which Azure service should they use?
Explanation: Azure App Service is a fully managed platform as a service (PaaS) offering that supports ASP.NET Core, Java, Python, and other frameworks. It abstracts the underlying web server and OS, allowing developers to focus on code. Azure Functions is serverless but designed for event-driven, short-lived functions, not ideal for a full web dashboard. Azure Kubernetes Service provides container orchestration but requires management of clusters and containers. Azure Virtual Machines give full control but require the team to manage the OS and web server, which contradicts the requirement.
Related Topics
Frequently asked questions
How do "Show IP Route Output Practice Questions" appear on the real AZ-900?
Practise interpreting routing-table output, route selection, administrative distance, metrics, next hops and longest-prefix match. These appear throughout the AZ-900 and require you to apply your knowledge, not just recall facts.
How many scenario questions are on the AZ-900 exam?
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the AZ-900. Practicing each scenario type ensures you're ready for any format.
Are these AZ-900 scenario practice questions free?
Yes — all scenario practice on Courseiva is completely free. Sign up for a free account to track your progress and see which scenario types you've mastered.
Ready to practice this scenario type?
Launch a full Show IP Route Output Practice Questions session with instant scoring and detailed explanations.
Start Scenario Practice →