Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsDP-300Exam Questions

Microsoft · Free Practice Questions · Last reviewed May 2026

DP-300 Exam Questions and Answers

36real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

50 exam questions
120 min time limit
Pass: 700/1000 / 1000
6 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Plan and configure a high availability and disaster recovery environment2. Plan and implement data platform resources3. Monitor, configure, and optimize database resources4. Configure and manage automation of tasks5. Plan and configure high availability and disaster recovery6. Implement a secure environment
1

Domain 1: Plan and configure a high availability and disaster recovery environment

All Plan and configure a high availability and disaster recovery environment questions
Q1
mediumFull explanation →

Your company runs a mission-critical application on Azure SQL Database in the East US region. You need to ensure automatic failover with zero data loss in case of a regional outage. Which deployment option should you use?

A

Deploy a Business Critical tier database and configure an auto-failover group with a readable secondary in a paired region.

Business Critical supports synchronous replication and auto-failover groups, ensuring zero data loss on failover.

B

Deploy a General Purpose tier database with geo-replication.

C

Deploy a Hyperscale tier database with zone redundancy.

D

Deploy a Serverless tier database with active geo-replication.

Why: Option C is correct because Azure SQL Database Business Critical tier with zone-redundant configuration provides the highest level of availability within a region, but for cross-region disaster recovery with zero data loss, you need auto-failover groups with a readable secondary in another region, which is supported in Business Critical and Premium tiers. However, the question asks for automatic failover with zero data loss; this is achieved by configuring auto-failover groups with synchronous replication, which is supported in Business Critical and Premium tiers. Option A (Hyperscale) supports zone redundancy but not synchronous replication for failover groups. Option B (General Purpose) has asynchronous replication. Option D (Serverless) is not suitable for mission-critical workloads.
Q2
hardFull explanation →

You administer a SQL Managed Instance in the West Europe region. You need to create a disaster recovery replica in North Europe with automated failover. The replica must be readable and support backups. What should you configure?

A

Set up log shipping from West Europe to North Europe.

B

Configure active geo-replication between the instances.

C

Create a failover group, but note the secondary is not readable.

D

Create a failover group with the secondary instance in North Europe.

Failover groups provide automated failover and readable secondary for Managed Instance.

Why: Option B is correct because SQL Managed Instance supports failover groups, which provide automated failover and readable secondary instances. Geo-replication is not supported for Managed Instance. Option A is wrong because geo-replication is not supported. Option C is wrong because the secondary in a failover group is readable. Option D is wrong because log shipping is not supported.
Q3
easyFull explanation →

You have an Azure SQL Database in the Business Critical tier with a failover group to a secondary region. The primary region experiences a full outage. What is the expected recovery time objective (RTO) and recovery point objective (RPO) if you initiate a manual failover?

A

RTO of 5 minutes, RPO of 1 second.

B

RTO of 30 seconds, RPO of 5 seconds.

C

RTO of 1 hour, RPO of 5 minutes.

D

RTO of 30 seconds, RPO of 0.

Synchronous replication ensures zero data loss and fast failover.

Why: Option A is correct because Business Critical tier with failover groups offers an RTO of ~30 seconds and RPO of 0 (zero data loss) when using synchronous replication. Option B is wrong because RTO is lower. Option C is wrong because RPO is zero. Option D is wrong because RPO is zero.
Q4
mediumFull explanation →

Your company uses Azure SQL Database Hyperscale tier for a large data warehouse. You need to implement disaster recovery with the ability to perform point-in-time restore in the secondary region. What is the best approach?

A

Configure geo-replication to a secondary Hyperscale database in the secondary region.

Geo-replication provides a readable secondary and allows point-in-time restore in the secondary region.

B

Configure auto-failover groups between regions.

C

Use geo-restore of automated backups.

D

Create a failover group with manual failover.

Why: Option D is correct because Hyperscale databases support geo-replication (currently in preview but available) which provides a readable secondary and the ability to restore backups in the secondary region. Option A is wrong because failover groups are not supported for Hyperscale. Option B is wrong because geo-backup restore has a higher RPO. Option C is wrong because auto-failover groups are not supported.
Q5
easyFull explanation →

You are designing a high availability solution for an Azure SQL Database used by a critical application. The application requires no more than 5 seconds of data loss and automatic failover within 1 minute. Which service tier and configuration should you choose?

A

Hyperscale tier with geo-replication and auto-failover group.

B

Hyperscale tier with zone redundancy.

C

General Purpose tier with active geo-replication.

D

Business Critical tier with zone redundancy.

Zone redundancy provides automatic failover within region with zero data loss.

Why: Option C is correct because Business Critical tier with zone redundancy provides automatic failover within seconds and zero data loss. Option A is wrong because General Purpose does not meet RPO requirements. Option B is wrong because Hyperscale zone redundancy does not guarantee automatic failover on its own. Option D is wrong because Hyperscale geo-replication has a higher RTO.
Q6
hardFull explanation →

You have a SQL Server on Azure Virtual Machine running a critical OLTP workload. You need to achieve high availability with automatic failover and no shared storage. The solution must use Azure features and avoid complex clustering configurations. What should you implement?

A

Configure an Always On Availability Group with automatic failover.

Availability Groups provide automatic failover without shared storage.

B

Set up log shipping to a secondary VM.

C

Use database mirroring with automatic failover.

D

Deploy a Windows Server Failover Cluster Instance (FCI) using Azure Shared Disks.

Why: Option B is correct because SQL Server on Azure VMs supports Always On Availability Groups, which provide automatic failover with no shared storage. Option A (Failover Cluster Instance) requires shared storage. Option C (Log shipping) does not provide automatic failover. Option D (Database mirroring) is deprecated and not recommended.

Want more Plan and configure a high availability and disaster recovery environment practice?

Practice this domain
2

Domain 2: Plan and implement data platform resources

All Plan and implement data platform resources questions
Q1
mediumFull explanation →

A company is deploying Azure SQL Managed Instance and needs to ensure that the failover group provides automatic failover with zero data loss during a regional outage. The secondary region is 500 miles away. Which data replication mode should be configured?

A

Synchronous replication

Synchronous replication ensures zero data loss.

B

Geo-replication

C

Snapshot replication

D

Asynchronous replication

Why: Azure SQL Managed Instance failover groups require synchronous replication to guarantee zero data loss during automatic failover. Synchronous replication ensures that transactions are committed on both the primary and secondary replicas before acknowledging the commit, so no data is lost even if the primary region fails. This mode is mandatory for failover groups with the 'automatic failover' and 'zero data loss' requirements, despite the 500-mile distance which introduces latency.
Q2
hardFull explanation →

A retail company is migrating its on-premises SQL Server database to Azure SQL Database. The database has a table with 500 million rows and receives 10,000 INSERT operations per second during peak hours. The application requires read-committed snapshot isolation. Which Azure SQL Database tier and configuration should the DBA recommend to minimize cost while meeting performance requirements?

A

Business Critical tier with 8 vCores

B

Serverless tier with auto-pause

C

General Purpose tier with 2 vCores

D

Hyperscale tier with 4 vCores

Hyperscale supports high INSERT throughput and RCSI is enabled by default.

Why: The Hyperscale tier with 4 vCores is correct because it supports up to 100 TB of storage, provides fast scaling for high-volume INSERT workloads (10,000 rows/second), and natively supports read-committed snapshot isolation (RCSI) without additional configuration. It minimizes cost compared to Business Critical while offering the necessary performance and isolation level for a 500-million-row table.
Q3
easyFull explanation →

A DBA needs to create a new Azure SQL Database and wants to ensure that the database automatically fails over to a secondary region without manual intervention. The recovery point objective (RPO) is 5 seconds. What should the DBA configure?

A

Active geo-replication with failover group

Failover groups provide automatic failover and synchronous replication for RPO of 5 seconds.

B

Standard geo-replication

C

Local redundancy with automatic failover

D

Read-scale out

Why: Active geo-replication with a failover group is the correct choice because it provides automatic, customer-managed failover to a secondary region with an RPO of 5 seconds. The failover group orchestrates the failover of multiple databases simultaneously and supports automatic failover policies, meeting the requirement for zero manual intervention. Standard geo-replication does not support automatic failover, and other options do not provide cross-region disaster recovery.
Q4
hardFull explanation →

A company has an Azure SQL Managed Instance that is experiencing high CPU usage. The DBA observes that a specific query is causing high compile time due to parameter sniffing. The query is executed frequently with varying parameter values. Which approach should the DBA use to reduce CPU usage without changing the T-SQL code?

A

Create a plan guide to force a specific plan

B

Use optimize for ad hoc workloads

C

Add query store and force the last good plan

D

Enable forced parameterization for the database

Forced parameterization treats literals as parameters, reducing recompilations.

Why: Forced parameterization (Option D) converts literal values in the query to parameters, allowing SQL Server to reuse cached execution plans across different parameter values. This reduces CPU usage by eliminating frequent recompilations caused by parameter sniffing, without requiring any changes to the T-SQL code itself.
Q5
mediumFull explanation →

A healthcare company is required to encrypt all patient data at rest and in transit. They are deploying Azure SQL Database. Which combination of features should they implement to meet this requirement?

A

Transparent data encryption (TDE) and TLS 1.2

TDE encrypts data at rest, TLS encrypts data in transit.

B

Dynamic data masking and row-level security

C

Azure Active Directory authentication and firewall rules

D

Always Encrypted and transparent data encryption (TDE)

Why: Option A is correct because Transparent Data Encryption (TDE) encrypts data at rest by performing real-time I/O encryption and decryption of the database, data files, and transaction logs, while TLS 1.2 encrypts data in transit between the client and Azure SQL Database. Together, they satisfy the requirement to encrypt all patient data both at rest and in transit.
Q6
hardFull explanation →

A DBA is migrating a large on-premises database to Azure SQL Database using the Data Migration Assistant (DMA). The migration fails with an error indicating that the source database contains cross-database queries. What is the best remediation?

A

Use elastic database query to reference external tables

B

Create a linked server in Azure SQL Database

C

Migrate to Azure SQL Managed Instance instead

D

Refactor the application to eliminate cross-database queries or use elastic query

Refactoring or using elastic query resolves the issue.

Why: Azure SQL Database does not support cross-database queries natively. The Data Migration Assistant (DMA) blocks migrations that rely on such queries because the PaaS service lacks the necessary server-level context. The correct remediation is to refactor the application to eliminate cross-database dependencies or use elastic query, which provides a read-only, schema-bound mechanism to query remote databases via external data sources and external tables.

Want more Plan and implement data platform resources practice?

Practice this domain
3

Domain 3: Monitor, configure, and optimize database resources

All Monitor, configure, and optimize database resources questions
Q1
mediumFull explanation →

A production Azure SQL Database is experiencing high CPU usage during peak hours. The database uses the S3 service tier. You need to reduce CPU usage without changing the service tier. Which action should you take?

A

Increase the maximum number of concurrent workers.

B

Identify and create missing indexes.

Missing indexes cause table scans, increasing CPU usage; adding indexes reduces CPU.

C

Reduce MAXDOP to 1.

D

Increase MAXDOP to 8.

Why: High CPU usage in an S3 Azure SQL Database often stems from inefficient query plans caused by missing indexes. Creating appropriate indexes reduces the number of rows scanned and the CPU cycles needed for operations like key lookups and sorting, directly lowering CPU consumption without changing the service tier.
Q2
hardFull explanation →

You manage an Azure SQL Managed Instance with a large database. You notice that the automatic tuning recommendations are not being applied. You need to ensure that automatic tuning is enabled for the instance. Which PowerShell cmdlet should you run?

A

Set-AzSqlInstanceDatabase with -AutoTuningProperties

This is the correct cmdlet and parameter to enable auto-tuning on a Managed Instance database.

B

Set-AzSqlDatabase with -AutoTuningProperties

C

Set-AzSqlInstance with -DtcEnabled

D

Set-AzSqlServer with -AdministratorLogin

Why: The correct cmdlet is Set-AzSqlInstanceDatabase because Azure SQL Managed Instance uses instance-level databases, and automatic tuning properties are configured at the database level within the instance. The -AutoTuningProperties parameter directly enables or configures automatic tuning recommendations for the specified database in the managed instance.
Q3
easyFull explanation →

You have an Azure SQL Database that uses the General Purpose service tier. You notice that the log write throughput is consistently near the limit. What should you do to improve log write performance?

A

Migrate to the Business Critical service tier.

Business Critical provides higher log write throughput.

B

Enable accelerated database recovery.

C

Migrate to the Hyperscale service tier.

D

Increase the DTU purchase model to a higher tier.

Why: The General Purpose service tier in Azure SQL Database has a maximum log write throughput of 1.5 MB/s for the most common configurations. The Business Critical tier uses local SSD storage and a higher log I/O limit (up to 100 MB/s), which directly addresses log write throughput bottlenecks. Migrating to Business Critical is the correct action because it provides significantly higher log write throughput and lower latency for transaction log writes.
Q4
mediumFull explanation →

You are monitoring an Azure SQL Database using Query Performance Insight. You see a query with high duration and high CPU usage. The query plan shows a clustered index scan. What is the most likely cause and recommendation?

A

Fragmented clustered index; rebuild the clustered index.

B

Insufficient memory; increase the service tier.

C

Missing nonclustered index; create an index on the predicates.

An index seek would reduce CPU and duration.

D

Parameter sniffing; add OPTION (RECOMPILE).

Why: Query Performance Insight shows a query with high duration and CPU usage, and the query plan reveals a clustered index scan. A clustered index scan reads all rows in the table, which is inefficient when only a subset of rows is needed. The most likely cause is a missing nonclustered index on the columns used in the WHERE clause (predicates), which would allow a seek operation instead of a full scan, reducing both CPU and duration.
Q5
easyFull explanation →

You need to configure Azure SQL Database to automatically adjust indexing based on workload patterns. Which feature should you enable?

A

Azure Advisor

B

Intelligent Insights

C

Automatic tuning

Automatic tuning can automatically create and drop indexes.

D

Query Store

Why: Automatic tuning in Azure SQL Database continuously analyzes query execution plans and workload patterns, then automatically creates, drops, or rebuilds indexes to improve performance. It uses built-in intelligence to recommend and apply index changes without manual intervention, making it the correct feature for automatically adjusting indexing based on workload patterns.
Q6
mediumFull explanation →

You deploy a new Azure SQL Database and need to ensure that all queries are logged for performance analysis. Which configuration should you enable?

A

Data classification

B

Server-level audit

C

Diagnostic settings for SQLInsights

D

Query Store

Query Store captures query runtime statistics and plans.

Why: Query Store captures a history of query execution plans, runtime statistics, and wait statistics, enabling detailed performance analysis and troubleshooting. It is the correct choice because it is specifically designed to log query-level performance data for Azure SQL Database without requiring external storage or additional configuration.

Want more Monitor, configure, and optimize database resources practice?

Practice this domain
4

Domain 4: Configure and manage automation of tasks

All Configure and manage automation of tasks questions
Q1
mediumFull explanation →

A company uses Azure SQL Managed Instance. They need to automate index maintenance for all databases in the instance. The solution must minimize administrative overhead and use built-in Azure features. What should you do?

A

Use Azure Automation with a PowerShell runbook that connects to each database and runs index maintenance.

B

Configure a SQL Agent job on the instance to run index maintenance on the master database.

C

Create an elastic job agent with a T-SQL script for index maintenance targeting all databases.

Elastic job agent is designed for automating tasks across databases in a managed instance with minimal overhead.

D

Use Azure Data Factory to schedule a stored procedure execution for each database.

Why: Option C is correct because an elastic job agent is a built-in Azure feature designed specifically for automating administrative tasks across multiple databases in Azure SQL Managed Instance. It allows you to create a T-SQL script for index maintenance and target all databases in the instance with minimal overhead, as it manages scheduling, retries, and target group membership natively.
Q2
easyFull explanation →

You need to automatically scale an Azure SQL Database based on workload patterns. The solution must use built-in Azure features and minimize manual intervention. Which feature should you configure?

A

Use Azure Data Factory to scale the database based on pipeline triggers.

B

Create an Azure Automation runbook that scales the database on a schedule.

C

Configure autoscale settings for the Azure SQL Database.

Autoscale automatically adjusts resources based on workload.

D

Use an elastic pool and manually adjust eDTUs.

Why: Azure SQL Database supports built-in autoscale through the 'Autoscale' feature (serverless compute tier or DTU-based scaling policies), which automatically adjusts resources based on workload patterns without manual intervention. This is the only option that leverages a native Azure feature for dynamic, reactive scaling rather than scheduled or manual actions.
Q3
hardFull explanation →

You are responsible for automating backups of on-premises SQL Server databases to Azure Blob Storage. The solution must use the least administrative effort and provide point-in-time restore capability. What should you implement?

A

Configure SQL Server Managed Backup to Microsoft Azure.

Managed Backup automates backup scheduling and retention, and supports point-in-time restore.

B

Install Azure Backup Server on-premises and configure backup of SQL Server databases.

C

Use SQL Server Agent jobs to perform full, differential, and log backups to an Azure Blob Storage URL.

D

Use Azure Data Factory to copy database backups to Blob Storage.

Why: SQL Server Managed Backup to Microsoft Azure (also known as Managed Backup) is the correct choice because it provides automated, policy-based backup management with minimal administrative effort. It natively supports point-in-time restore by automatically scheduling full, differential, and transaction log backups to Azure Blob Storage, and it handles backup retention and recovery point management without requiring custom scripts or additional infrastructure.
Q4
mediumFull explanation →

You manage an Azure SQL Database that supports a critical application. You need to automate the process of rebuilding indexes that have fragmentation above 30% on a weekly basis. The solution must use built-in database features and minimize performance impact. What should you do?

A

Create a SQL Agent job that runs ALTER INDEX REBUILD on all indexes with fragmentation >30%.

B

Use Azure Automation to run a PowerShell script that checks fragmentation and rebuilds indexes.

C

Enable automatic tuning and set the 'Force plan' and 'Create index' options.

Automatic tuning automatically manages index creation and performance without manual intervention.

D

Schedule a weekly job using elastic jobs to reorganize all indexes.

Why: Option C is correct because Azure SQL Database's automatic tuning feature includes the 'Create index' option, which can automatically rebuild indexes with high fragmentation when enabled. This uses built-in database features without requiring external scripts or jobs, and it minimizes performance impact by leveraging the database engine's own intelligent scheduling and execution.
Q5
easyFull explanation →

You need to automate the deployment of schema changes to multiple Azure SQL Databases in different regions. The solution must support rollback and version control. Which technology should you use?

A

Use Azure Data Factory to run stored procedures for schema changes.

B

Use SQL Server Agent jobs to run deployment scripts on schedule.

C

Use Azure DevOps with a database project and release pipelines.

Provides CI/CD, version control, and ability to roll back changes.

D

Use Azure Automation with PowerShell scripts to execute T-SQL scripts.

Why: Azure DevOps with a database project and release pipelines is the correct choice because it provides source control for schema changes, automated deployment across multiple environments, and built-in rollback capabilities through pipeline versioning and deployment history. This approach aligns with infrastructure-as-code principles, enabling consistent, repeatable, and auditable schema deployments to Azure SQL Databases in different regions.
Q6
mediumFull explanation →

You are configuring automated backups for an Azure SQL Database. Which TWO settings can you configure?

A

Backup compression.

B

Backup frequency (full, differential, log).

C

Point-in-time restore interval.

D

Backup retention period (in days).

Configurable from 7 to 35 days.

E

Geo-redundant storage (GRS) for backups.

You can choose between LRS and GRS for backup storage.

Why: Option D is correct because the backup retention period (in days) is a configurable setting for Azure SQL Database automated backups. You can set the retention period for point-in-time restore (PITR) backups between 1 and 35 days, and for long-term retention (LTR) backups up to 10 years. This directly controls how far back you can restore your database.

Want more Configure and manage automation of tasks practice?

Practice this domain
5

Domain 5: Plan and configure high availability and disaster recovery

All Plan and configure high availability and disaster recovery questions
Q1
mediumFull explanation →

A company runs a critical Azure SQL Database in the West US region. To meet a Recovery Point Objective (RPO) of 5 seconds and a Recovery Time Objective (RTO) of 30 seconds during a regional outage, which deployment option should be used?

A

Use an Auto-Failover Group with a secondary in West US 2

B

Deploy the database in the Business Critical tier with zone-redundant configuration in West US

Zone-redundant Business Critical provides fast failover within seconds and RPO of 5 seconds.

C

Enable geo-zone-redundant backup storage and perform point-in-time restore

D

Configure Active Geo-Replication with a readable secondary in East US

Why: The Business Critical tier with zone-redundant configuration provides synchronous replication of data across three availability zones within the same Azure region, ensuring zero data loss (RPO=0) and automatic failover within seconds. This meets the stringent RPO of 5 seconds and RTO of 30 seconds during a regional outage because zone redundancy protects against zone-level failures, and the failover is automatic and fast. In contrast, other options either introduce asynchronous replication (which cannot guarantee an RPO of 5 seconds) or rely on cross-region failover that exceeds the required RTO.
Q2
easyFull explanation →

A company has an Azure SQL Managed Instance in the East US region. They need to implement disaster recovery with automatic failover to a paired region. The solution must minimize data loss to less than 5 seconds. Which feature should they use?

A

Active Geo-Replication with a secondary in East US 2

B

Enable geo-redundant backup storage and restore to West US

C

Configure an Auto-Failover Group with a secondary instance in West US

Auto-failover groups for managed instance provide automatic failover and RPO of 5 seconds.

D

Set up a Failover Group with manual failover to a secondary in West US

Why: Option C is correct because Auto-Failover Groups for Azure SQL Managed Instance provide automatic failover to a paired region (West US) with a replication lag target of less than 5 seconds when using the Readable Secondary option. This feature uses synchronous replication at the commit level to minimize data loss, meeting the RPO requirement of <5 seconds.
Q3
hardFull explanation →

A company runs SQL Server 2019 on Azure Virtual Machines in an availability set. They need to achieve high availability for a critical database with automatic failover and no shared storage. The solution must minimize downtime during planned maintenance. What should they implement?

A

Configure Log Shipping to a secondary VM

B

Deploy a Failover Cluster Instance using Azure Shared Disks

C

Create an Always On Availability Group with an availability group listener

Always On AG provides automatic failover and no shared storage.

D

Use Database Mirroring with automatic failover

Why: An Always On Availability Group (AG) with a listener provides high availability with automatic failover at the database level without requiring shared storage. This solution meets the requirement for automatic failover and minimizes downtime during planned maintenance by allowing manual failover to a synchronized secondary replica with minimal disruption.
Q4
mediumFull explanation →

A company uses Azure SQL Database Hyperscale tier for a large database. They need to perform a disaster recovery drill by failing over to a secondary region with minimal data loss. The secondary is in a paired region and is readable. Which approach should they use?

A

Restore a geo-redundant backup to the secondary region

B

Configure Active Geo-Replication to the secondary region

C

Create a named replica in the secondary region and fail over manually

D

Use an Auto-Failover Group with the secondary in the paired region

Auto-failover groups support Hyperscale and allow failover with minimal data loss.

Why: Auto-Failover Groups with Azure SQL Database Hyperscale provide automated, orchestrated failover to a secondary region with minimal data loss by using synchronous replication for the log service. This meets the requirement for a disaster recovery drill with a readable secondary and minimal data loss, as the secondary is kept in sync and can be failed over manually or automatically.
Q5
easyFull explanation →

Which TWO options are required to configure a SQL Server Always On Availability Group on Azure Virtual Machines?

A

Internal Load Balancer

Required for the listener.

B

Azure Files share for witness

C

Windows Server Failover Cluster

Required for availability group.

D

Azure SQL Database

E

VPN gateway between regions

Why: A is correct because an Internal Load Balancer is required to route traffic to the primary replica in a SQL Server Always On Availability Group (AG) deployed on Azure Virtual Machines. The listener uses the ILB's frontend IP and health probe to direct client connections to the current primary node, as the Windows Server Failover Cluster (WSFC) does not support the cluster IP address in Azure without a load balancer.
Q6
mediumFull explanation →

Which THREE factors should be considered when choosing between Azure SQL Database active geo-replication and auto-failover groups for disaster recovery?

A

Automatic failover capability

Auto-failover groups provide automatic failover; active geo-replication does not.

B

Recovery Point Objective (RPO) of 1 second

C

Number of readable secondary replicas required

Active geo-replication supports up to 4, auto-failover groups support only 1.

D

Support for SQL Server Authentication

E

Granular control over individual database failover

Active geo-replication allows per-database failover; auto-failover groups fail over all databases in the group.

Why: Option A is correct because auto-failover groups provide automatic failover capability, which is essential for minimizing downtime during a disaster. Active geo-replication, on the other hand, requires manual or custom scripting to initiate failover, making it less suitable for scenarios where rapid, unattended recovery is needed.

Want more Plan and configure high availability and disaster recovery practice?

Practice this domain
6

Domain 6: Implement a secure environment

All Implement a secure environment questions
Q1
mediumFull explanation →

You are configuring Azure SQL Database firewall rules for a new application. The application runs on Azure VMs in the same region. To minimize latency and security risk, which approach should you use?

A

Add a firewall rule allowing all Azure IP addresses.

B

Configure a virtual network service endpoint and a virtual network firewall rule.

Service endpoints provide secure, low-latency connectivity from the VNet to Azure SQL.

C

Add a firewall rule for each VM's public IP address.

D

Add a firewall rule allowing all Azure services to access the database.

Why: Option B is correct because using a virtual network service endpoint and a virtual network firewall rule allows Azure SQL Database to accept traffic only from the specific subnet hosting the application VMs, without exposing the database to the public internet. This minimizes latency by keeping traffic within the Azure backbone network and reduces the security risk by eliminating broad IP-based rules.
Q2
easyFull explanation →

You need to audit all successful and failed login attempts to an Azure SQL Database. Which feature should you enable?

A

Azure SQL Auditing

Auditing tracks database events and writes them to an audit log.

B

Advanced Threat Protection

C

Transparent Data Encryption (TDE)

D

SQL Vulnerability Assessment

Why: Azure SQL Auditing is the correct feature because it tracks database events, including both successful and failed login attempts, and writes them to an audit log in your Azure Storage account, Log Analytics workspace, or Event Hubs. This allows you to monitor and review authentication activity for compliance and security analysis. Other features like Advanced Threat Protection, TDE, and Vulnerability Assessment do not capture login event logs.
Q3
hardFull explanation →

Your company has a strict policy that Azure SQL Database backups must be encrypted with customer-managed keys stored in Azure Key Vault. You configure TDE with AKV integration. After a key rotation, you find that long-running queries start failing with encryption errors. What is the most likely cause?

A

The service principal used for AKV access has expired.

B

The previous key version was disabled or deleted in AKV.

TDE requires all previous key versions to be enabled to decrypt existing data.

C

The new key is in a different Azure region than the database.

D

The database is using service-managed TDE and cannot switch to customer-managed keys.

Why: When TDE is configured with Azure Key Vault (AKV) integration, the database uses the current key version from AKV to encrypt and decrypt data. If the previous key version is disabled or deleted during a key rotation, any long-running queries that still rely on that specific key version for decryption will fail with encryption errors. The database cannot automatically fall back to the new key version for in-flight operations that started before the rotation.
Q4
easyFull explanation →

You are designing a secure environment for Azure SQL Database. Which authentication method provides the strongest security and supports multi-factor authentication?

A

Certificate-based authentication

B

Azure Active Directory authentication

Azure AD authentication supports MFA and conditional access.

C

SQL authentication with strong passwords

D

Windows authentication

Why: Azure Active Directory (Azure AD) authentication is the recommended method for Azure SQL Database because it supports multi-factor authentication (MFA), conditional access policies, and identity-driven security. It eliminates the need for password management and leverages Azure AD's built-in security features, providing the strongest security posture for cloud-native environments.
Q5
hardFull explanation →

Your Azure SQL Database is configured with Advanced Threat Protection (ATP). You receive an alert about a SQL injection attack. After investigation, you confirm the attack was blocked. However, you need to ensure that future similar attacks are automatically prevented without manual intervention. What should you configure?

A

Enable Transparent Data Encryption (TDE).

B

Run SQL Vulnerability Assessment weekly.

C

Enable Azure SQL Auditing to log all queries.

D

Configure the firewall to automatically block the attacker's IP address.

The firewall can be set to block IPs after a detected attack.

Why: Option D is correct because configuring the Azure SQL Database firewall to automatically block the attacker's IP address provides a proactive, automated defense against future SQL injection attempts from the same source. Advanced Threat Protection (ATP) can be integrated with Azure Logic Apps or other automation to trigger a firewall rule update that denies traffic from the offending IP, thereby preventing manual intervention. This directly addresses the requirement for automatic prevention of similar attacks.
Q6
mediumFull explanation →

A developer reports that they cannot connect to an Azure SQL Database using Azure AD authentication. The developer is a member of an Azure AD group that has been granted db_datareader role in the database. The connection string uses Active Directory Password authentication. What is the most likely issue?

A

The Azure AD group has not been created as a database user.

Azure AD groups must be mapped to a database user using CREATE USER [group] FROM EXTERNAL PROVIDER.

B

The server firewall is blocking the connection.

C

The developer's IP address is not allowed.

D

Multi-factor authentication is required but not configured.

Why: The most likely issue is that the Azure AD group has not been created as a database user in the SQL Database. Even though the group has been granted the db_datareader role at the Azure AD level, Azure SQL Database requires that the group be explicitly mapped to a database user via the CREATE USER [group name] FROM EXTERNAL PROVIDER statement. Without this mapping, the group's membership does not translate into database-level permissions, and the developer's authentication will fail.

Want more Implement a secure environment practice?

Practice this domain

Frequently asked questions

How many questions are on the DP-300 exam?

The DP-300 exam has 50 questions and must be completed in 120 minutes. The passing score is 700/1000.

What types of questions appear on the DP-300 exam?

Scenario-based questions covering exam objectives with detailed answer explanations.

How are DP-300 questions organised by domain?

The exam covers 6 domains: Plan and configure a high availability and disaster recovery environment, Plan and implement data platform resources, Monitor, configure, and optimize database resources, Configure and manage automation of tasks, Plan and configure high availability and disaster recovery, Implement a secure environment. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual DP-300 exam questions?

No. These are original exam-style practice questions written against the official Microsoft DP-300 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 60 DP-300 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all DP-300 questionsTake a timed practice test