CCNA Plan and manage an Azure AI solution Questions

68 of 218 questions · Page 3/3 · Plan and manage an Azure AI solution · Answers revealed

151
MCQeasy

You plan to use Azure AI Content Safety to detect hate speech in user-generated content. Which type of content safety is most appropriate for this scenario?

A.Custom categories
B.Image moderation
C.Prompt Shields
D.Text moderation
AnswerD

Detects hate speech and offensive language in text.

Why this answer

Text moderation is the correct choice because Azure AI Content Safety's text moderation API is specifically designed to detect and filter hate speech, along with other harmful content categories like violence and self-harm, in user-generated text. It uses machine learning classifiers trained on a vast corpus to assign severity scores across predefined categories, making it the direct and most appropriate tool for this scenario.

Exam trap

The trap here is that candidates may confuse the broad 'text moderation' capability with the more specialized 'Prompt Shields' feature, mistakenly thinking prompt injection protection is the same as hate speech detection, or assume 'custom categories' are needed when the built-in hate category already suffices.

How to eliminate wrong answers

Option A is wrong because custom categories allow you to define your own specific terms or patterns for blocking, but they are not the primary or most appropriate method for detecting broad, nuanced hate speech; the service's built-in text moderation categories already cover hate speech comprehensively. Option B is wrong because image moderation is designed to analyze visual content for adult, racy, or violent imagery, not to detect hate speech in text. Option C is wrong because Prompt Shields are a feature of Azure AI Content Safety that protects against prompt injection attacks in generative AI applications, not for detecting hate speech in general user-generated content.

152
MCQmedium

A company is using Azure Form Recognizer to extract data from invoices. The prebuilt model does not correctly extract a custom field that is specific to the company's invoices. What is the most appropriate action to improve extraction accuracy for this field?

A.Use the prebuilt model with a custom field mapping.
B.Train a custom model using labeled invoices that include the custom field.
C.Adjust the confidence threshold for the prebuilt model.
D.Retrain the prebuilt model with additional invoices.
AnswerB

A custom model with labeled examples can learn the custom field.

Why this answer

The prebuilt Form Recognizer model is designed for common invoice layouts and may not recognize company-specific fields. Training a custom model with labeled invoices that include the custom field allows the model to learn the field's location and semantics, significantly improving extraction accuracy for that specific field.

Exam trap

The trap here is that candidates may think prebuilt models can be customized via mapping or retraining, but Azure Form Recognizer prebuilt models are immutable and only custom models can be trained to recognize new fields.

How to eliminate wrong answers

Option A is wrong because prebuilt models do not support custom field mapping; they extract only predefined fields based on their training data. Option C is wrong because adjusting the confidence threshold only filters results based on confidence scores, it does not teach the model to recognize a new field. Option D is wrong because prebuilt models cannot be retrained; they are fixed by Microsoft and only custom models can be trained with additional data.

153
MCQmedium

A healthcare organization uses Azure AI Language to extract medical entities from clinical notes. The solution must comply with HIPAA and data residency requirements. Which configuration is essential?

A.Enable diagnostic logging for all operations.
B.Use a customer-managed key (CMK) for encryption.
C.Enable private endpoint for the AI resource.
D.Create the AI resource in the required Azure region.
AnswerD

Data stays in the region where the resource is provisioned, meeting residency.

Why this answer

Data residency requirements dictate that the Azure AI Language resource must be physically located in the specific Azure region where the clinical notes and extracted medical entities are permitted to reside. Creating the resource in the required Azure region ensures that all data at rest and in transit stays within that geographic boundary, which is a fundamental compliance step for HIPAA and data residency. Other configurations like encryption keys or private endpoints enhance security but do not satisfy the core residency requirement.

Exam trap

The trap here is that candidates often confuse network-level security (private endpoints) or encryption controls (CMK) with data residency, assuming any security measure automatically satisfies geographic compliance requirements.

How to eliminate wrong answers

Option A is wrong because enabling diagnostic logging captures operational telemetry but does not enforce data residency or HIPAA compliance; it may even introduce additional data handling concerns. Option B is wrong because using a customer-managed key (CMK) controls encryption keys but does not control where the data is stored or processed; data residency is a separate requirement. Option C is wrong because enabling a private endpoint restricts network access to the AI resource via a VNet but does not change the physical region where the resource and its data reside.

154
MCQmedium

Your team is building an AI-powered search application using Azure AI Search with semantic ranking. During testing, the search results are not showing the expected relevance improvements. What should you check first?

A.Verify that CORS is enabled for your application
B.Check that your index has an RBAC role assignment for semantic search
C.Confirm that the search service is at least Standard S1 and semantic ranking is enabled
D.Ensure the search service is on the Free tier
AnswerC

Semantic ranking requires Standard S1 or higher and must be enabled in the service configuration.

Why this answer

Semantic ranking in Azure AI Search requires a service tier of at least Standard S1 (or higher) and the feature must be explicitly enabled on the index. Without meeting these prerequisites, the search results will not benefit from semantic reranking, regardless of other configurations. Therefore, confirming the service tier and semantic ranking enablement is the first and most critical check.

Exam trap

The trap here is that candidates often assume semantic ranking is automatically available on any paid tier or that configuration issues like CORS or RBAC are the root cause, when in fact the service tier and explicit enablement are the strict prerequisites.

How to eliminate wrong answers

Option A is wrong because CORS (Cross-Origin Resource Sharing) controls browser-based cross-domain requests and has no impact on the relevance improvements provided by semantic ranking. Option B is wrong because RBAC (Role-Based Access Control) assignments manage permissions for accessing the search service, not the activation or functionality of semantic ranking itself. Option D is wrong because the Free tier does not support semantic ranking at all; it is a limited tier with no SLA and lacks the capacity for semantic reranking, so ensuring it is on the Free tier would actually prevent the feature from working.

155
Multi-Selecteasy

Which TWO Azure AI services can you use to implement a custom question-answering system?

Select 2 answers
A.Azure OpenAI Service
B.Azure AI Bot Service
C.Azure AI Translator
D.Azure AI Language
E.Azure AI Search
AnswersA, D

Azure OpenAI can be used to build custom Q&A with retrieval augmented generation.

Why this answer

Azure OpenAI Service is correct because it provides access to GPT models that can be fine-tuned or used with custom prompts to build a question-answering system. By leveraging the 'chat completions' API with a system message and context documents, you can implement a custom Q&A system that generates answers based on your proprietary data.

Exam trap

The trap here is that candidates often confuse Azure AI Search (a retrieval service) with a full question-answering system, forgetting that it only returns raw documents or passages and does not generate natural language answers, which requires a language model like Azure OpenAI Service or the custom question-answering feature in Azure AI Language.

156
MCQmedium

Your team uses Azure AI Studio to deploy a large language model endpoint. You need to monitor for prompt injection attacks. Which Azure AI safety feature should you enable?

A.Azure AI Content Safety
B.Azure AI Agent Service
C.Azure AI Search
D.Azure OpenAI Service
AnswerA

Azure AI Content Safety includes prompt injection detection.

Why this answer

Azure AI Content Safety is the correct feature because it provides built-in detection for prompt injection attacks by analyzing user inputs for malicious content, such as jailbreak attempts or indirect injection patterns. This service integrates directly with Azure AI Studio endpoints to filter harmful prompts before they reach the LLM, ensuring compliance with responsible AI practices.

Exam trap

The trap here is that candidates often confuse Azure OpenAI Service (the model hosting platform) with Azure AI Content Safety (the security layer), assuming the LLM endpoint itself includes built-in prompt injection filtering, when in fact it requires an explicit safety service to be enabled.

How to eliminate wrong answers

Option B is wrong because Azure AI Agent Service is designed for building and managing autonomous agents that can execute tasks, not for monitoring or filtering prompt injection attacks. Option C is wrong because Azure AI Search is a retrieval-augmented generation (RAG) service for indexing and querying data, lacking any built-in security filtering for prompt injection. Option D is wrong because Azure OpenAI Service provides the LLM endpoint itself but does not include native prompt injection detection; it relies on external services like Content Safety for such monitoring.

157
MCQeasy

Your chatbot uses Azure Bot Service and QnA Maker. Users can ask questions in natural language, and the bot returns answers from a knowledge base. Users report that the bot sometimes returns irrelevant answers. What should you do first?

A.Create multiple QnA Maker knowledge bases for different topics
B.Integrate LUIS to detect user intent
C.Use Azure AI Search to index the knowledge base
D.Review and edit the QnA pairs to add alternative phrasings
AnswerD

Adding more variations helps match user queries more accurately.

Why this answer

The core issue is that the bot returns irrelevant answers because the QnA Maker knowledge base lacks sufficient alternative phrasings to match the variety of user questions. By reviewing and editing QnA pairs to add alternative phrasings, you directly improve the synonym and paraphrase coverage, which increases the confidence score for correct matches and reduces irrelevant responses. This is the first and most fundamental troubleshooting step before considering more complex integrations.

Exam trap

The trap here is that candidates often jump to integrating LUIS or Azure AI Search as a 'smart' fix, but the exam expects you to first optimize the existing QnA Maker knowledge base by enriching it with alternative phrasings, which is the simplest and most direct solution for irrelevant answers.

How to eliminate wrong answers

Option A is wrong because creating multiple knowledge bases for different topics does not address the root cause of irrelevant answers; it may fragment the knowledge and still fail to match varied phrasings within each topic. Option B is wrong because integrating LUIS for intent detection is an advanced enhancement that adds complexity and is not the first step; the problem is with QnA Maker's own matching logic, not with missing intent recognition. Option C is wrong because Azure AI Search is used for indexing and full-text search over large datasets, but QnA Maker already has its own ranking and matching engine; adding Azure AI Search would not fix the core issue of insufficient alternative phrasings in the QnA pairs.

158
MCQhard

Refer to the exhibit. You run the Azure CLI command to list deleted cognitive services accounts. You need to recover the 'myTextAnalytics' account. Which command should you use?

A.az cognitiveservices account create --name myTextAnalytics --resource-group <rg> --kind TextAnalytics --location eastus
B.az cognitiveservices account restore --name myTextAnalytics --resource-group <rg> --location eastus
C.az cognitiveservices account recover --name myTextAnalytics --resource-group <rg> --location eastus
D.az cognitiveservices account undelete --name myTextAnalytics --resource-group <rg> --location eastus
AnswerC

The 'recover' command restores a soft-deleted account.

Why this answer

Option C is correct because the Azure CLI command `az cognitiveservices account recover` is specifically designed to restore a soft-deleted Cognitive Services account within the 90-day retention period. The command requires the account name, resource group, and location to identify the deleted resource for recovery.

Exam trap

The trap here is that candidates may confuse the Azure CLI verb 'recover' with 'restore' or 'undelete' from other Azure services (e.g., Azure SQL Database uses 'restore', Azure Storage uses 'undelete'), leading them to pick a non-existent or incorrect command for Cognitive Services recovery.

How to eliminate wrong answers

Option A is wrong because `az cognitiveservices account create` creates a new account, not recovers a deleted one, and would fail if the name is still reserved from the soft-deleted account. Option B is wrong because `az cognitiveservices account restore` is not a valid Azure CLI command for Cognitive Services; the correct verb is 'recover'. Option D is wrong because `az cognitiveservices account undelete` is not a valid Azure CLI command; the Azure CLI uses 'recover' for this operation, though 'undelete' exists in some other Azure resource providers like Storage.

159
MCQhard

You manage an Azure AI Search service that indexes legal documents. The search latency is high, and you need to improve query performance without reducing index size. Which action should you take?

A.Upgrade to a higher pricing tier
B.Increase the number of partitions
C.Reduce the number of searchable fields
D.Increase the number of replicas
AnswerD

Replicas handle more query requests in parallel, reducing latency.

Why this answer

Increasing the number of replicas distributes query load across multiple copies of the index, which directly improves query throughput and reduces latency. Replicas are designed for scaling query operations without changing the index size or storage capacity.

Exam trap

The trap here is that candidates often confuse partitions (which scale storage and indexing) with replicas (which scale query performance), leading them to incorrectly choose increasing partitions when the real need is to reduce query latency.

How to eliminate wrong answers

Option A is wrong because upgrading to a higher pricing tier increases both storage and compute capacity, but it is an overkill when the goal is specifically to improve query performance without reducing index size; partitions are the correct scaling unit for storage and indexing throughput. Option B is wrong because increasing the number of partitions improves indexing throughput and storage capacity, not query latency; partitions do not help with query concurrency or response time. Option C is wrong because reducing the number of searchable fields would shrink the index size, which violates the requirement to not reduce index size, and it may degrade search relevance rather than directly address query latency.

160
MCQhard

A healthcare organization is deploying an Azure AI Document Intelligence solution to extract medical record data. The solution must comply with HIPAA and process sensitive patient data. The data must be encrypted at rest and in transit, and access must be audited. The solution will be used by multiple departments, each requiring different levels of access. Which combination of Azure services should the architect recommend?

A.Azure AI Document Intelligence with public endpoint, Azure AD authentication, and Azure Storage with customer-managed keys (CMK).
B.Azure AI Document Intelligence with public endpoint, Azure AD authentication, and Azure Storage with encryption at rest using Microsoft-managed keys.
C.Azure AI Document Intelligence with private endpoints, managed identity authentication, Azure Storage with customer-managed keys (CMK), and Azure RBAC for access control.
D.Azure AI Document Intelligence with service endpoints, shared access signature (SAS) tokens, and Azure Storage with encryption at rest using Microsoft-managed keys.
AnswerC

Private endpoints secure data in transit, managed identities avoid keys, CMK provides encryption control, and RBAC enables granular access.

Why this answer

Option C is correct because it ensures HIPAA compliance by using private endpoints to keep traffic within the Azure backbone network, managed identity for secure authentication without storing credentials, customer-managed keys (CMK) for encryption at rest with full control over key rotation, and Azure RBAC to enforce least-privilege access across departments. This combination addresses encryption in transit (private endpoint + HTTPS), encryption at rest (CMK), and audited access (RBAC + Azure Monitor).

Exam trap

The trap here is that candidates often choose a public endpoint with Azure AD authentication (Option A or B) thinking it is secure enough, but HIPAA requires network-level isolation (private endpoints) for protected health information, not just authentication.

How to eliminate wrong answers

Option A is wrong because a public endpoint exposes the service to the internet, violating HIPAA's requirement to minimize attack surface for sensitive patient data. Option B is wrong because Microsoft-managed keys do not provide the customer-controlled encryption at rest required by many HIPAA compliance frameworks, and the public endpoint again fails security best practices. Option D is wrong because service endpoints are less secure than private endpoints (traffic still traverses the Microsoft network but not a private IP), SAS tokens can be leaked and do not support fine-grained RBAC, and Microsoft-managed keys lack customer control over encryption.

161
MCQeasy

You need to provide a team of data scientists with access to an Azure Machine Learning workspace. The data scientists should be able to create and run experiments, but they should not be able to delete the workspace or modify its configuration. Which built-in role should you assign?

A.Contributor
B.Reader
C.User Access Administrator
D.Owner
AnswerA

Contributor can manage resources but not delete the workspace or assign roles.

Why this answer

Option A is correct because the Contributor role allows creating and managing resources within the workspace but not deleting the workspace itself. Option B is wrong because Reader is read-only. Option C is wrong because Owner allows full control including deletion.

Option D is wrong because User Access Administrator focuses on permissions.

162
Multi-Selectmedium

You are planning an Azure AI solution that uses Azure AI Search with semantic ranker and a custom skill. The solution must meet the following requirements: - Process documents in multiple languages (English, Spanish, French). - Use a custom skill to extract entities via an Azure Function. - Ensure that the indexer can resume from failures. Which TWO actions should you include in your plan?

Select 2 answers
A.Generate a data change detection policy on the data source.
B.Configure separate indexer data sources for each language.
C.Set the indexer property 'failOnUnprocessedDocuments' to false.
D.Set the indexer property 'maxFailedItems' to a high value.
E.Enable Azure Monitor logs for the indexer to track failures.
AnswersA, C

A change detection policy allows the indexer to identify new/modified documents and resume from the last successful checkpoint.

Why this answer

Option A is correct because a data change detection policy (e.g., HighWaterMarkChangeDetectionPolicy or SqlIntegratedChangeTrackingPolicy) enables the indexer to track which documents have been modified or added. This allows the indexer to resume from failures by reprocessing only the changed or unprocessed documents, rather than starting over from scratch. Without this policy, a failure would require a full reindex, which is inefficient and violates the requirement to resume from failures.

Exam trap

The trap here is that candidates often confuse 'maxFailedItems' with a resume mechanism, but it only controls the tolerance for failures during a single run, not the ability to resume after a failure; the correct approach is to combine a change detection policy with 'failOnUnprocessedDocuments' set to false.

163
MCQhard

Your company uses Azure OpenAI Service to generate product descriptions. You need to reduce costs while maintaining response quality for common requests. What should you implement?

A.Use a smaller model variant (e.g., GPT-3.5 instead of GPT-4).
B.Batch multiple requests into a single API call.
C.Enable semantic caching to reuse responses for similar prompts.
D.Reduce the max_tokens parameter for all requests.
AnswerC

Caching reduces costs without sacrificing quality for common requests.

Why this answer

Semantic caching stores responses for semantically similar prompts, allowing Azure OpenAI Service to return cached results for common requests without incurring per-token inference costs. This directly reduces costs while preserving response quality, as the cached responses are identical to what the model would generate. Unlike other options, it avoids degrading output quality or requiring architectural changes.

Exam trap

The trap here is that candidates confuse semantic caching with simple request caching or assume batching is supported, overlooking that semantic caching specifically reuses responses for similar prompts without degrading quality, while other options either reduce quality or are technically infeasible.

How to eliminate wrong answers

Option A is wrong because using a smaller model variant (e.g., GPT-3.5 instead of GPT-4) reduces response quality and capability, contradicting the requirement to maintain response quality. Option B is wrong because Azure OpenAI Service does not support batching multiple requests into a single API call; each request is processed independently, and batching would require custom orchestration without cost savings. Option D is wrong because reducing max_tokens for all requests truncates responses, degrading quality for common requests that may require longer outputs, and does not address cost reduction for repeated or similar prompts.

164
Multi-Selecteasy

Which TWO of the following are valid ways to authenticate to Azure AI services?

Select 3 answers
A.Subscription key (API key)
B.Shared access signature (SAS) token
C.OAuth 2.0 client credentials flow with Microsoft Entra ID
D.Managed Identity with Microsoft Entra ID
E.X.509 certificate
AnswersA, C, D

API keys are a primary authentication method for Azure AI services.

Why this answer

Option A is correct because Azure AI services accept subscription keys (API keys) as a primary authentication method. When you create an Azure AI resource, the portal generates two keys that can be passed in the 'Ocp-Apim-Subscription-Key' header to authenticate requests. This is the simplest and most common method for initial development and testing.

Exam trap

The trap here is that candidates often confuse SAS tokens (which are for Azure Storage) with subscription keys (for AI services), and they may overlook that Managed Identity is a valid Entra ID authentication method, leading them to incorrectly select only one correct answer or pick SAS as a second option.

165
MCQeasy

You are using Azure AI Language to perform sentiment analysis on customer feedback. You need to monitor the number of requests sent to the endpoint per minute. Which Azure service should you use?

A.Azure Monitor
B.Azure Cost Management
C.Azure Advisor
D.Azure Log Analytics
AnswerA

Azure Monitor collects and analyzes metrics like requests per minute.

Why this answer

Azure Monitor is the correct service because it provides platform metrics, including the 'Requests Per Minute' metric for Azure AI Language endpoints. This metric is automatically collected and can be viewed in the Azure portal, set up alerts on, or queried via the Azure Monitor REST API. It directly answers the need to monitor request rate without additional configuration.

Exam trap

The trap here is that candidates often confuse Azure Monitor with Azure Log Analytics, assuming that all monitoring requires log ingestion, when in fact Azure Monitor provides built-in metrics without the need for logging or additional costs.

How to eliminate wrong answers

Option B (Azure Cost Management) is wrong because it focuses on tracking and optimizing cloud spending, not on real-time operational metrics like request rate. Option C (Azure Advisor) is wrong because it provides best-practice recommendations for cost, security, reliability, and performance, but does not expose per-minute request counts. Option D (Azure Log Analytics) is wrong because while it can ingest and query logs, it is not the primary service for out-of-the-box metrics; Azure Monitor collects metrics natively, and Log Analytics is used for log-based data, not for simple metric monitoring like requests per minute.

166
MCQeasy

You are deploying a chatbot using Azure AI Bot Service and Language Understanding (LUIS). The bot must understand user intent from free-text input. Which component should you train?

A.Language Understanding (LUIS) model
B.Speech-to-text model
C.QnA Maker knowledge base
D.Computer Vision model
AnswerA

LUIS extracts intents and entities from free-text input.

Why this answer

The Language Understanding (LUIS) model is the correct component to train because the bot needs to interpret free-text user input and extract intent. LUIS is a natural language processing service specifically designed for intent recognition and entity extraction from conversational phrases. Training the LUIS model with labeled utterances teaches it to map user expressions to predefined intents, enabling the bot to understand and respond appropriately.

Exam trap

The trap here is that candidates may confuse the role of LUIS with QnA Maker, assuming both handle any text input, but LUIS is for intent classification from free-text conversation, while QnA Maker is for retrieving answers from a fixed knowledge base, not for understanding dynamic user intents.

How to eliminate wrong answers

Option B is wrong because a Speech-to-text model converts audio to text, but the question specifies free-text input, not spoken input; training this model would be unnecessary and irrelevant for text-based intent understanding. Option C is wrong because QnA Maker knowledge base is designed for answering factual questions from a structured FAQ or document, not for understanding free-form intents from conversational input; it lacks the intent classification capability required here. Option D is wrong because a Computer Vision model processes images and video, not text; it has no role in interpreting user intent from free-text input.

167
MCQmedium

You are designing an Azure AI solution that uses Language Understanding (LUIS) for intent detection. The solution must handle multiple languages dynamically based on the user's locale. What should you do?

A.Use Azure Translator to translate user input to English before sending to LUIS.
B.Create separate LUIS applications for each language and route based on locale.
C.Train a single LUIS app with utterances in all languages.
D.Enable the 'Multi-Language' feature in the LUIS app.
AnswerB

This is the recommended approach for multi-language support.

Why this answer

Option B is correct because LUIS does not natively support multi-language within a single application; each LUIS app is designed for a single language. To handle multiple languages dynamically, you must create separate LUIS applications for each language and route user utterances based on the detected locale, ensuring accurate intent and entity recognition per language.

Exam trap

The trap here is that candidates assume LUIS has a built-in multi-language feature or that translation is a viable shortcut, but Microsoft explicitly requires separate LUIS apps per language and does not support multi-language training within a single app.

How to eliminate wrong answers

Option A is wrong because translating user input to English before sending to LUIS introduces translation latency, potential loss of nuance, and inaccuracies in intent detection, as LUIS is optimized for native language patterns. Option C is wrong because training a single LUIS app with utterances in multiple languages degrades performance, as LUIS expects consistent language structure and cannot distinguish between languages during prediction. Option D is wrong because there is no 'Multi-Language' feature in LUIS; the platform requires separate apps for each language, and enabling such a feature would not resolve the fundamental single-language limitation.

168
Multi-Selecthard

A company is planning to use Azure AI Document Intelligence to extract data from invoices. The solution must handle variations in invoice formats. Which TWO actions should be taken to improve accuracy?

Select 2 answers
A.Avoid using custom models; rely on prebuilt models only.
B.Include samples of different layouts in the training set.
C.Use a large number of unlabeled samples.
D.Use a single prebuilt model for all invoices.
E.Train a custom model with labeled invoice samples.
AnswersB, E

Diverse layouts improve generalization.

Why this answer

Option B is correct because including samples of different invoice layouts in the training set enables the custom model to learn variations in structure, field placement, and formatting. This improves the model's ability to generalize across diverse invoice formats, reducing extraction errors. Azure AI Document Intelligence custom models require labeled training data to adapt to specific document types, and diverse samples directly address format variability.

Exam trap

The trap here is that candidates often assume prebuilt models are sufficient for all invoice formats, ignoring that custom models with diverse labeled samples are necessary to handle layout variations and achieve high accuracy.

169
Multi-Selecthard

Which TWO of the following are best practices for managing Azure AI services costs?

Select 2 answers
A.Use the S0 pricing tier for production workloads
B.Always use the Free tier to avoid charges
C.Scale up partitions to improve performance
D.Increase batch size to reduce number of API calls
E.Set up budget alerts in Azure Cost Management
AnswersA, E

S0 provides predictable pricing for production.

Why this answer

Option A is correct because the S0 pricing tier is the standard paid tier for Azure AI services, such as Cognitive Services, and is designed for production workloads. It provides higher throughput, reliability, and support compared to lower tiers, making it a cost-effective choice for production scenarios where performance and availability are critical.

Exam trap

The trap here is that candidates often confuse cost-saving strategies (like using the Free tier or batching) with best practices for managing costs in production, overlooking that the Free tier is not for production and that batching may not be applicable or effective for all services.

170
MCQhard

You are planning an Azure AI solution that uses Azure AI Document Intelligence to extract data from scanned PDFs. The solution must support both structured and unstructured documents. The extracted data must be validated against a predefined schema before being stored in Azure Cosmos DB. What should you use for schema validation?

A.Azure Functions to parse and validate the extracted data.
B.Azure AI Document Intelligence custom extraction model with a defined schema.
C.Azure AI Document Intelligence prebuilt model for invoices.
D.Azure Logic Apps with a JSON schema validation step.
AnswerB

Custom extraction models allow defining a schema and validating extracted data.

Why this answer

Option B is correct because Azure AI Document Intelligence custom extraction models allow you to define a schema (field names, types, and relationships) that the service uses to extract and validate data from both structured and unstructured documents. This built-in schema validation ensures extracted data conforms to your predefined structure before it is stored in Azure Cosmos DB, eliminating the need for additional validation logic.

Exam trap

The trap here is that candidates often assume prebuilt models (like invoices) are sufficient for schema validation, but they lack the ability to enforce a custom schema across both structured and unstructured documents, which is the core requirement in this question.

How to eliminate wrong answers

Option A is wrong because Azure Functions would require custom code to parse and validate extracted data, adding complexity and maintenance overhead, whereas the schema validation should be handled natively by the extraction service. Option C is wrong because the prebuilt invoice model is designed only for structured invoice documents and cannot handle unstructured documents or support a custom predefined schema for validation. Option D is wrong because Azure Logic Apps with a JSON schema validation step validates the structure of the JSON payload after extraction, but does not validate the extracted data against the original document's schema or enforce business rules at the extraction point.

171
MCQhard

Your company has an existing Azure AI Search index used for e-commerce product search. The index is populated by an indexer that runs every hour. Recently, the product team added a new field 'promotionPrice' that should be searchable. You need to update the index to include this field without reindexing all documents. The field should be of type Edm.Double, searchable, filterable, and sortable. What should you do?

A.Add the new field to the data source mapping in the indexer. The indexer will automatically update the index schema.
B.Update the index schema to add the new field using the portal or REST API. Then update the indexer to map the field.
C.Change the indexer schedule to run every 5 minutes to pickup the new field faster.
D.Delete the index and recreate it with the new field. Then run the indexer to repopulate all documents.
AnswerB

No downtime; incremental update.

Why this answer

Option B is correct because Azure AI Search allows you to add new fields to an existing index schema without reindexing all documents, as long as the new field is nullable or has a default value. After updating the index schema via the portal or REST API, you must update the indexer's field mappings to map the new 'promotionPrice' field from the data source to the index. The indexer will then populate the field for existing documents on its next run, and new documents will include the field automatically.

Exam trap

The trap here is that candidates assume the indexer can automatically update the index schema when a new field is added to the data source, but Azure AI Search requires explicit schema updates before the indexer can map and populate the new field.

How to eliminate wrong answers

Option A is wrong because the indexer's data source mapping only defines how source fields map to index fields; it cannot modify the index schema itself. Option C is wrong because changing the indexer schedule does not add new fields to the index; the indexer can only write to fields that already exist in the index schema. Option D is wrong because deleting and recreating the index is unnecessary and causes downtime; Azure AI Search supports adding new fields to an existing index without full reindexing, provided the new field is nullable or has a default value.

172
MCQmedium

Your organization is using Azure OpenAI Service to generate content. You need to ensure that the content meets safety guidelines by filtering harmful outputs. What should you configure?

A.Enable the Responsible AI dashboard.
B.Configure the content filters in the Azure OpenAI Studio.
C.Use Azure AI Content Safety APIs to analyze outputs.
D.Set the system message to instruct the model to avoid harmful content.
AnswerB

Azure OpenAI provides configurable content filters.

Why this answer

Option B is correct because content filters in Azure OpenAI Studio allow you to define severity levels (safe, low, medium, high) for categories like hate, sexual, violence, and self-harm, which are enforced at the inference API level to block or flag harmful outputs before they reach the user. This is the primary configuration for filtering model-generated content in Azure OpenAI Service.

Exam trap

The trap here is that candidates often confuse the Responsible AI dashboard (a monitoring tool) with active content filtering, or they assume that system messages alone are sufficient for safety, when in fact content filters provide the only guaranteed enforcement layer at the API level.

How to eliminate wrong answers

Option A is wrong because the Responsible AI dashboard is a monitoring and reporting tool that provides visibility into model behavior and fairness metrics, but it does not actively filter or block harmful outputs in real-time. Option C is wrong because Azure AI Content Safety APIs are a separate service for analyzing user-generated or third-party content, not for filtering outputs from Azure OpenAI models directly; they would require an additional integration layer. Option D is wrong because system messages are instructional prompts that guide model behavior but are not a reliable enforcement mechanism—they can be overridden by adversarial inputs or model quirks, and they lack the deterministic filtering capabilities of content filters.

173
MCQmedium

You need to create a solution that extracts key-value pairs from scanned invoices using Azure AI Document Intelligence. The invoices have varying layouts. Which model should you use?

A.Layout model
B.Custom extraction model
C.Read model
D.Prebuilt invoice model
AnswerD

Prebuilt invoice model is trained on many invoice layouts and extracts key-value pairs.

Why this answer

The Prebuilt invoice model (Option D) is specifically designed to extract key-value pairs, line items, and other structured fields from invoices, even when layouts vary. It is trained on thousands of invoice samples and uses deep learning to handle diverse formats without requiring custom training, making it the correct choice for this scenario.

Exam trap

The trap here is that candidates often confuse the Layout model's ability to extract tables and text with the specific key-value pair extraction needed for invoices, leading them to choose Option A instead of the purpose-built Prebuilt invoice model.

How to eliminate wrong answers

Option A is wrong because the Layout model extracts text, tables, and selection marks but does not extract key-value pairs or invoice-specific fields like invoice number or vendor details. Option B is wrong because a Custom extraction model requires labeled training data and is overkill when a prebuilt model already exists for invoices; it is intended for documents not covered by prebuilt models. Option C is wrong because the Read model only extracts printed and handwritten text (OCR) without any structure or key-value pair extraction.

174
MCQmedium

Your team is developing a chatbot using Azure AI Bot Service with language understanding via Azure AI Language (CLU). You need to ensure that the chatbot can handle multiple intents in a single user utterance and return confidence scores for each. Which configuration should you use?

A.Use a Conversational Language Understanding (CLU) project with the 'Multiple intents' setting enabled.
B.Use an Orchestration workflow project that connects to multiple CLU projects.
C.Use a standard CLU project and manually combine intents.
D.Use Azure AI QnA Maker with custom logic to detect intents.
AnswerA

CLU supports multiple intents per utterance with confidence scores.

Why this answer

Option A is correct because Azure AI Language's Conversational Language Understanding (CLU) supports a 'Multiple intents' setting that allows the model to predict multiple intents from a single utterance, each with its own confidence score. This is the native way to handle multi-intent scenarios without requiring orchestration or custom logic.

Exam trap

The trap here is that candidates often confuse Orchestration workflow (which routes to different projects) with the ability to handle multiple intents within a single CLU project, leading them to choose Option B incorrectly.

How to eliminate wrong answers

Option B is wrong because an Orchestration workflow project routes utterances to different CLU projects or other services, but it does not enable multiple intents within a single CLU project; it selects one project per utterance. Option C is wrong because a standard CLU project without the 'Multiple intents' setting enabled will only return the top intent, not multiple intents with confidence scores; manually combining intents is not supported by the service. Option D is wrong because Azure AI QnA Maker is designed for FAQ-style question answering, not intent detection, and it lacks native multi-intent support; custom logic would be brittle and not leverage CLU's built-in capabilities.

175
MCQeasy

You need to monitor the costs of your Azure AI services across multiple subscriptions. Which Azure tool should you use to track spending and set budgets?

A.Azure Cost Management
B.Azure Portal
C.Azure Monitor
D.Azure Advisor
AnswerA

Cost Management provides cost analysis and budgets.

Why this answer

Azure Cost Management is the dedicated tool for monitoring, analyzing, and controlling cloud spending across multiple subscriptions. It provides cost analysis, budget creation, and alerting capabilities specifically designed for tracking Azure AI services costs at scale.

Exam trap

The trap here is that candidates often confuse Azure Monitor (which tracks resource metrics and logs) with cost monitoring, but Azure Monitor has no native capability to track financial spend or set budgets.

How to eliminate wrong answers

Option B is wrong because Azure Portal is the web-based management interface for provisioning and configuring resources, not a dedicated cost tracking and budgeting tool. Option C is wrong because Azure Monitor focuses on performance metrics, logs, and alerts for resource health and application diagnostics, not financial cost tracking. Option D is wrong because Azure Advisor provides best-practice recommendations for optimizing resource usage, security, and reliability, but it does not offer direct cost tracking or budget management features.

176
MCQhard

You deploy a Custom Vision object detection model to classify vehicles. The model works well in good lighting but fails in low-light conditions. What is the most appropriate action?

A.Add images with different lighting conditions to the training set
B.Increase the probability threshold
C.Increase the number of training iterations
D.Use a domain-specific model for vehicles
AnswerA

Including low-light images trains the model to handle such conditions.

Why this answer

Option A is correct because the core issue is a data distribution mismatch: the model was trained primarily on well-lit images and lacks exposure to low-light examples. Adding images with diverse lighting conditions directly addresses this by enriching the training dataset, enabling the model to learn robust features for low-light scenarios. This aligns with the fundamental principle that Custom Vision models are only as good as the training data they receive.

Exam trap

The trap here is that candidates often confuse model performance tuning (threshold, iterations) with data quality issues, mistakenly believing that adjusting hyperparameters can compensate for missing training scenarios.

How to eliminate wrong answers

Option B is wrong because increasing the probability threshold only adjusts the confidence level required to return a prediction; it does not improve the model's ability to detect objects in low light, and may actually reduce recall by filtering out correct but lower-confidence detections. Option C is wrong because increasing the number of training iterations (epochs) on the same dataset does not introduce new visual patterns; it risks overfitting to the existing well-lit images without addressing the low-light deficiency. Option D is wrong because domain-specific models in Custom Vision are pre-trained on generic vehicle images and do not inherently compensate for lighting variations; the problem is not the domain but the lack of representative lighting conditions in the training set.

177
MCQhard

You are an Azure AI engineer at Contoso Ltd. The company has an Azure AI solution that uses Azure AI Language to analyze customer feedback. The solution is deployed in the East US region and uses the S0 pricing tier. Recently, the volume of feedback has increased significantly, causing the service to throttle requests. The application logs show HTTP 429 (Too Many Requests) errors during peak hours. The development team has already implemented retry logic with exponential backoff, but the errors persist. You need to recommend a solution to handle the increased load without changing the application code. The solution must minimize cost. What should you do?

A.Upgrade the Azure AI Language resource to a higher pricing tier (e.g., S1) or create additional resources and load balance.
B.Use Azure Front Door to cache responses and reduce load on the service.
C.Switch the Azure AI Language resource to the Free tier to reduce costs.
D.Move the service to a different Azure region with higher capacity.
AnswerA

Higher tiers provide higher rate limits and throughput.

Why this answer

Upgrading to a higher pricing tier (e.g., S1) increases the transactions-per-second (TPS) limit, directly addressing the HTTP 429 throttling errors without requiring code changes. Creating additional resources and load-balancing also distributes the request volume, but upgrading the existing resource is the simplest and most cost-effective approach when retry logic already fails.

Exam trap

The trap here is that candidates may think caching (Azure Front Door) or region relocation can solve throttling, but they fail to recognize that throttling is a rate-limit issue tied to the pricing tier, not network latency or content caching.

How to eliminate wrong answers

Option B is wrong because Azure Front Door caches static content at the edge, but Azure AI Language API responses are dynamic and cannot be cached, so it does not reduce the number of API calls hitting the service. Option C is wrong because the Free tier has extremely low rate limits (e.g., 20 calls per minute) and would immediately throttle even more, making the problem worse. Option D is wrong because moving to a different region does not change the S0 tier's capacity limits; all regions offer the same TPS for a given tier, so throttling would persist.

178
MCQmedium

You are a security engineer for a financial services company. The company uses Azure AI Language to analyze customer communications for compliance. The solution processes sensitive personal data. You need to ensure that all data transmitted to the Azure AI Language service is encrypted in transit and that the service endpoint is not accessible from the public internet. Additionally, you must use Microsoft Entra ID for authentication. The current implementation uses API keys and the public endpoint. You need to reconfigure the solution. What should you do?

A.Configure a private endpoint and continue using the public endpoint for redundancy
B.Disable the public network access without configuring a private endpoint
C.Enable Microsoft Entra ID authentication but keep the public endpoint and API keys
D.Disable the public network access, configure a private endpoint, enable managed identity, and enforce HTTPS
AnswerD

Meets all security requirements.

Why this answer

Option D is correct because it addresses all three requirements: disabling public network access removes internet exposure, configuring a private endpoint ensures traffic stays within the Azure backbone and your virtual network, enabling managed identity allows Microsoft Entra ID authentication without API keys, and enforcing HTTPS guarantees encryption in transit via TLS. This combination fully secures the Azure AI Language service for sensitive personal data.

Exam trap

The trap here is that candidates may think disabling public network access alone is sufficient (Option B), but without a private endpoint, the service becomes unreachable, and they may overlook that managed identity is required to replace API keys for Microsoft Entra ID authentication.

How to eliminate wrong answers

Option A is wrong because continuing to use the public endpoint for redundancy still exposes the service to the public internet, violating the requirement that the endpoint not be accessible from the public internet. Option B is wrong because disabling public network access without a private endpoint leaves no way to connect to the service, as the service would be unreachable. Option C is wrong because keeping the public endpoint and API keys fails to restrict public internet access and does not eliminate the use of API keys, contradicting the requirement to use Microsoft Entra ID authentication exclusively.

179
MCQeasy

A developer is configuring an Azure AI Language resource for sentiment analysis. The solution must process social media posts in real-time with a throughput of 1000 requests per minute. After testing, the developer notices that the API returns a 429 (Too Many Requests) error when the load exceeds 500 requests per minute. What is the most likely cause and solution?

A.Scale out the resource by creating multiple Azure AI Language instances and load balancing requests.
B.Upgrade the Azure AI Language resource to a higher tier (e.g., Standard S) to increase the rate limit.
C.Implement retry logic with exponential backoff to handle 429 errors.
D.Use Azure API Management to cache responses and reduce calls.
AnswerB

The Free tier has a limit of 20 requests per minute; upgrading to Standard S allows up to 1000 requests per minute.

Why this answer

The 429 error indicates the request rate exceeds the resource's allocated tier limit. Azure AI Language resources have predefined rate limits per pricing tier; the Standard S tier offers higher throughput (e.g., 1,000 requests per minute) compared to lower tiers. Upgrading to Standard S directly increases the rate limit to match the required 1,000 requests per minute, making it the correct solution.

Exam trap

The trap here is that candidates often confuse rate limiting with transient errors and choose retry logic (C), not realizing that a consistent 429 at a specific threshold indicates a hard capacity cap that only a tier upgrade can resolve.

How to eliminate wrong answers

Option A is wrong because scaling out with multiple instances and load balancing does not increase the per-instance rate limit; it distributes load but each instance still enforces its own tier-based cap, and the 429 error originates from a single resource's limit being exceeded. Option C is wrong because retry logic with exponential backoff handles transient failures, not capacity limits; it would only delay inevitable errors if the rate consistently exceeds the tier's maximum. Option D is wrong because API Management caching reduces repeated calls for identical responses, but social media posts are unique and uncacheable; caching does not address the fundamental rate limit issue.

180
MCQhard

Refer to the exhibit. You are deploying an AI project in Microsoft Foundry using an ARM template. The deployment fails with an error indicating that the hub resource is not in the same region. What is the most likely cause?

A.The resource group for the hub is different from the project's resource group
B.The identity type is SystemAssigned, but the hub requires UserAssigned
C.The hub and project are in different Azure regions
D.The location property is misspelled in the template
AnswerC

Project must be in same region as its hub.

Why this answer

In Azure AI Foundry, the hub and project resources must reside in the same Azure region because the project is a child resource of the hub and relies on the hub's regional endpoint for metadata storage and compute orchestration. The ARM template deployment fails with a region mismatch error when the location property of the project specifies a different region than the hub's location, as Azure enforces regional affinity for child resources to ensure low-latency communication and data residency compliance.

Exam trap

The trap here is that candidates confuse resource group boundaries with regional boundaries, assuming that resources in different resource groups cannot be linked, when in fact Azure allows cross-resource-group parent-child relationships as long as the regions match.

How to eliminate wrong answers

Option A is wrong because the resource group can be different for the hub and project; Azure allows child resources to be in a separate resource group from the parent, so a resource group mismatch does not cause a region-related deployment failure. Option B is wrong because the identity type (SystemAssigned vs. UserAssigned) is unrelated to regional constraints; the hub does not require a specific identity type for region validation, and identity configuration affects authentication, not deployment location.

Option D is wrong because a misspelled location property would typically result in a validation error (e.g., 'Invalid template property') rather than a specific 'not in the same region' error; the error message explicitly indicates a regional mismatch, not a syntax issue.

181
Multi-Selectmedium

Which TWO Azure AI services can be used to implement a content moderation pipeline that detects hate speech and blocks violent images?

Select 2 answers
A.Azure AI Content Safety
B.Azure AI Translator
C.Azure AI Speech to Text
D.Azure AI Language sentiment analysis
E.Azure AI Vision Image Analysis
AnswersA, E

Detects hate speech and other offensive text.

Why this answer

Azure AI Content Safety is correct because it is specifically designed to detect hate speech, profanity, and other harmful text content, while Azure AI Vision Image Analysis can analyze images for violent or inappropriate visual content. Together, they form a comprehensive content moderation pipeline that addresses both text and image moderation requirements.

Exam trap

The trap here is that candidates may confuse Azure AI Language sentiment analysis (which only measures positive/negative sentiment) with Azure AI Content Safety (which specifically detects hate speech and harmful content), or assume Azure AI Translator can handle moderation tasks because it processes text.

182
MCQmedium

You are designing an Azure AI solution for a global e-commerce company. The solution must: (1) Translate product descriptions into 12 languages in real-time. (2) Detect sentiment in customer reviews for each language. (3) Extract key product attributes (e.g., color, size) from unstructured review text. (4) Store results in a centralized database for analytics. The solution must minimize latency and cost. You plan to use Azure AI services. Which combination of services should you use?

A.Azure AI Language for translation and sentiment, and Azure AI Computer Vision for attribute extraction.
B.Azure AI Speech for translation, Azure AI Language for sentiment, and Azure AI Search for storage.
C.Azure AI Translator for translation, Azure AI QnA Maker for attribute extraction, and Azure SQL Database for storage.
D.Azure AI Translator for translation, Azure AI Language for sentiment and entity extraction, and Azure AI Search to index the results.
AnswerD

Translator provides real-time translation, Language provides sentiment and entity extraction, and Search stores results for analytics.

Why this answer

Option D is correct because Azure AI Translator provides real-time translation into 12 languages, Azure AI Language handles both sentiment analysis and entity extraction (for attributes like color and size) from unstructured text, and Azure AI Search indexes the results for low-latency analytics. This combination minimizes latency by using dedicated services for each task and avoids unnecessary overhead from services like Speech or Computer Vision that are not required for text-only processing.

Exam trap

The trap here is that candidates may confuse Azure AI Language's entity extraction with Azure AI Computer Vision or QnA Maker, assuming attribute extraction requires visual analysis or Q&A logic, when in fact it is a text-based NLP task handled by the Language service.

How to eliminate wrong answers

Option A is wrong because Azure AI Computer Vision is designed for image analysis, not for extracting attributes from unstructured text; attribute extraction from text is a job for Azure AI Language's entity extraction. Option B is wrong because Azure AI Speech is for speech-to-text and text-to-speech, not for text translation, and Azure AI Search is a search indexer, not a storage solution; storage should be a database like Cosmos DB or SQL Database. Option C is wrong because Azure AI QnA Maker is for building question-answer bots, not for extracting product attributes from review text; attribute extraction requires entity recognition, which Azure AI Language provides.

183
MCQmedium

You are designing a solution that uses Azure OpenAI Service to generate product descriptions based on product attributes (name, category, features). The solution must: - Use a GPT-4 model deployed in the West US region. - Implement content filtering to block inappropriate content. - Handle up to 100 requests per second. - Minimize latency. - Use managed identity for authentication. What should you include in the design?

A.Deploy multiple GPT-4 models across different regions to reduce latency.
B.Deploy a single GPT-4 model with sufficient capacity (e.g., 100K TPM). Enable content filtering. Use a system-assigned managed identity for authentication.
C.Use API key authentication stored in Azure Key Vault. Deploy two GPT-4 models to load balance requests.
D.Use Azure AI Content Safety in addition to Azure OpenAI to filter content.
AnswerB

Meets all requirements with minimal complexity.

Why this answer

Option B is correct because deploying a single GPT-4 model with sufficient capacity (e.g., 100K TPM) ensures the solution can handle up to 100 requests per second while minimizing latency by avoiding cross-region calls. Enabling content filtering directly on the Azure OpenAI deployment blocks inappropriate content without additional services, and using a system-assigned managed identity provides secure, keyless authentication that aligns with Azure best practices.

Exam trap

The trap here is that candidates often overcomplicate the solution by adding unnecessary redundancy (multiple models or regions) or extra services (Azure AI Content Safety), when the built-in capabilities of Azure OpenAI—content filtering, managed identity, and sufficient TPM—directly satisfy all requirements with minimal latency.

How to eliminate wrong answers

Option A is wrong because deploying multiple GPT-4 models across different regions would increase latency due to cross-region network hops and does not address the requirement to minimize latency, as the model must be in West US. Option C is wrong because using API key authentication stored in Azure Key Vault violates the requirement to use managed identity for authentication, and deploying two GPT-4 models for load balancing is unnecessary when a single model with sufficient TPM capacity can handle 100 requests per second. Option D is wrong because Azure AI Content Safety is an additional service that adds latency and complexity; Azure OpenAI’s built-in content filtering already meets the requirement to block inappropriate content without needing an extra component.

184
MCQhard

A healthcare company is using Azure AI Document Intelligence to extract patient data from forms. They need to ensure that all extracted data is encrypted at rest using a customer-managed key (CMK) and that the service endpoint is restricted to a specific virtual network. Which combination of steps should they take?

A.Use a service endpoint and configure a managed identity
B.Disable public network access and enable CMK via Azure Key Vault
C.Configure IP firewall rules and enable CMK via Azure Key Vault
D.Create a private endpoint and associate a customer-managed key in the resource encryption settings
AnswerD

Private endpoint secures network traffic; CMK encryption is configured in resource settings with Key Vault.

Why this answer

Option D is correct because it combines a private endpoint (which restricts the service endpoint to a specific virtual network by providing a private IP address within that VNet, eliminating public internet exposure) with a customer-managed key (CMK) in the resource encryption settings, which ensures data at rest is encrypted using a key stored in Azure Key Vault that the customer controls. This directly meets both requirements: network isolation via private endpoint and CMK-based encryption at rest.

Exam trap

The trap here is that candidates often confuse 'service endpoint' or 'IP firewall rules' with 'private endpoint' for VNet-specific access, but only a private endpoint provides a fully private IP within the VNet and meets the 'restricted to a specific virtual network' requirement, while the other options either allow public exposure or do not enforce VNet-level isolation.

How to eliminate wrong answers

Option A is wrong because using a service endpoint with a managed identity only secures network access at the subnet level and provides identity-based authentication, but it does not restrict the endpoint to a specific virtual network in the same way a private endpoint does, and it does not enable CMK for encryption at rest. Option B is wrong because disabling public network access alone does not restrict access to a specific virtual network; it only blocks all public traffic, and while enabling CMK via Azure Key Vault is correct for encryption, the network requirement is not met. Option C is wrong because configuring IP firewall rules only restricts access based on source IP addresses, not to a specific virtual network, and while CMK via Azure Key Vault is correct, the network isolation is insufficient for a VNet-specific restriction.

185
MCQmedium

Refer to the exhibit. You are configuring an Azure AI Foundry agent for customer support. The agent uses Azure AI Search for retrieval and Azure OpenAI for generation. Users report that the agent provides correct answers but sometimes includes inappropriate language. What is the most likely cause?

A.The content safety blocklist is not applied to the chat output
B.The OpenAI deployment 'gpt-4o' does not support content filtering
C.The content safety threshold should be set to 'low' to block more content
D.The semantic configuration is not optimized for safety
AnswerA

Content safety configuration in the JSON is for input but may not be applied to the generated output; need to configure output filtering.

Why this answer

The content safety threshold is set to 'high', which is the most restrictive level. Option B is correct because 'high' threshold blocks more content, but the issue is inappropriate language, so the threshold might be too low if it allows offensive content; actually, 'high' is strict, so the issue is that the content safety is not applied to the generation output. Option A is wrong because semantic search is for relevance, not safety.

Option C is wrong because the deployment name is irrelevant. Option D is wrong because the system message does not guarantee safety filtering.

186
MCQhard

You are using Azure AI Language's conversational language understanding (CLU). The above JSON is a request to a CLU endpoint. What is the purpose of this request?

A.To predict the intent and entities from the user utterance
B.To query a knowledge base for answers
C.To deploy the CLU model to production
D.To train a new CLU model
AnswerA

The analysisInput contains the utterance for prediction.

Why this answer

The JSON request is sent to the Azure AI Language CLU endpoint with a 'query' field containing the user utterance. The 'kind' field is set to 'Conversation', which triggers the CLU runtime to analyze the utterance against the deployed model. The purpose is to return a prediction of the top intent and any extracted entities, which is the core function of a conversational language understanding endpoint.

Exam trap

The trap here is that candidates confuse the CLU prediction endpoint with the training or deployment endpoints, mistakenly thinking a request with a 'query' field is used for model management rather than runtime inference.

How to eliminate wrong answers

Option B is wrong because querying a knowledge base for answers is the purpose of Azure AI Language's custom question answering (QnA Maker) or Azure Cognitive Search, not CLU. Option C is wrong because deploying a CLU model is a separate operation performed via the Azure portal, REST API (e.g., PUT on the deployment resource), or SDK; this request is a prediction call, not a deployment action. Option D is wrong because training a new CLU model requires a training API call (e.g., POST to the /train endpoint with a training dataset), not a prediction request to the runtime endpoint.

187
MCQhard

Your Azure AI Search index contains millions of documents. Users report that search results are slow for complex queries. You need to improve query performance without reducing result quality. Which action should you take?

A.Reduce the maximum number of results returned per query
B.Increase the number of replicas
C.Remove all facet fields from the index
D.Disable complex query types such as fuzzy and regex
AnswerB

Adding replicas allows load balancing and faster query responses.

Why this answer

Increasing the number of replicas in Azure AI Search distributes query load across multiple copies of the index, enabling parallel processing of complex queries. This directly improves query throughput and latency without altering the index schema or reducing result quality, as replicas provide dedicated resources for query execution.

Exam trap

The trap here is that candidates confuse replicas (which improve query performance and availability) with partitions (which improve indexing speed and storage capacity), leading them to choose options that degrade functionality instead of scaling resources.

How to eliminate wrong answers

Option A is wrong because reducing the maximum number of results per query (e.g., via $top) only limits the response payload and does not address the underlying computational cost of complex queries; it can also degrade user experience by hiding relevant results. Option C is wrong because removing facet fields eliminates aggregation capabilities and does not improve query performance—facets are computed during indexing, not at query time, and their removal would reduce result quality by removing navigation aids. Option D is wrong because disabling complex query types (fuzzy, regex) restricts search functionality and may reduce result relevance; while these queries are resource-intensive, the correct approach is to scale out via replicas rather than sacrifice search capabilities.

188
MCQeasy

You are implementing a chatbot using Microsoft Copilot Studio that helps employees find company policies. The chatbot must: - Use generative answers based on a SharePoint Online site. - Only respond with information from approved policy documents. - Include citations in responses. - Be accessible from Microsoft Teams. - Require no custom code. What should you do?

A.Use Power Automate to retrieve documents and feed them to Azure OpenAI. Build a custom connector for Teams.
B.In Copilot Studio, create a new copilot. Add the SharePoint site as a knowledge source. Enable generative answers with citations. Publish to Teams.
C.Build a bot using Azure Bot Service and QnA Maker. Train it with the policy documents. Deploy to Teams.
D.Create a custom GPT in Azure OpenAI Studio. Upload the policy documents. Deploy via Azure API Management and expose to Teams.
AnswerB

Simplest approach meeting all requirements.

Why this answer

Option B is correct because Microsoft Copilot Studio natively supports adding a SharePoint Online site as a knowledge source, enabling generative answers that retrieve and cite only approved policy documents. It requires no custom code, automatically includes citations in responses, and can be published directly to Microsoft Teams, fulfilling all stated requirements.

Exam trap

The trap here is that candidates may overcomplicate the solution by choosing Azure OpenAI or Azure Bot Service options, missing that Copilot Studio is the no-code, fully integrated tool designed specifically for this scenario with built-in SharePoint knowledge sources, citations, and Teams deployment.

How to eliminate wrong answers

Option A is wrong because it requires custom code (Power Automate flow, custom connector) and Azure OpenAI, which violates the 'no custom code' requirement and adds unnecessary complexity. Option C is wrong because QnA Maker is deprecated and does not support generative answers with citations from SharePoint; it also requires manual training and custom deployment to Teams. Option D is wrong because creating a custom GPT in Azure OpenAI Studio and deploying via Azure API Management involves custom code and infrastructure management, contradicting the 'no custom code' and 'accessible from Teams' requirements without additional integration.

189
Multi-Selecthard

Which THREE factors should you consider when choosing between Azure AI Document Intelligence prebuilt models and custom models for invoice processing?

Select 3 answers
A.Both model types can be deployed on-premises.
B.Prebuilt models require no training data.
C.Prebuilt models are always less accurate than custom models.
D.Custom models require a large set of labeled training invoices.
E.Custom models can handle non-standard invoice layouts.
AnswersB, D, E

Prebuilt models are ready to use immediately.

Why this answer

Option B is correct because Azure AI Document Intelligence prebuilt models are designed to extract common fields from standard invoice layouts without requiring any labeled training data. They are pretrained on a large corpus of documents, enabling immediate use for typical invoice structures.

Exam trap

The trap here is that candidates assume prebuilt models are always less accurate than custom models, but accuracy depends on the document's similarity to the training data; prebuilt models can outperform custom ones on standard layouts, especially when training data is limited.

190
MCQeasy

You need to provide a business analyst with access to create and manage Azure AI Language projects without granting them full subscription-level permissions. What role should you assign?

A.Cognitive Services Language Owner at the resource level
B.Reader at the resource group level
C.Contributor at the subscription level
D.Cognitive Services User at the resource level
AnswerA

Grants full management of Language projects within the resource.

Why this answer

The Cognitive Services Language Owner role at the resource level grants full permissions to create, read, update, and delete Azure AI Language projects and resources, including managing custom models and deployments, without granting any permissions outside that specific resource. This is the least-privilege role that satisfies the business analyst's need to manage Language projects while avoiding subscription-level access.

Exam trap

The trap here is that candidates often confuse the Cognitive Services User role (which only allows consumption of the service) with the Language Owner role, mistakenly thinking 'User' implies management capabilities, or they default to a broad Contributor role without considering resource-level scoping.

How to eliminate wrong answers

Option B is wrong because the Reader role at the resource group level provides read-only access, which does not allow creating or managing projects. Option C is wrong because Contributor at the subscription level grants full management access to all resources in the subscription, far exceeding the required scope and violating the least-privilege principle. Option D is wrong because Cognitive Services User at the resource level only allows using the service (e.g., calling APIs) but does not include permissions to create or manage projects, which require owner-level or contributor-level roles.

191
MCQmedium

Your company uses Azure AI Vision to analyze images. You receive an alert that the number of 429 (Too Many Requests) errors has increased significantly. What is the most likely cause?

A.The endpoint URL is incorrect.
B.The API key has expired.
C.The service principal does not have the correct role assignment.
D.The application is exceeding the transactions-per-second (TPS) limit.
AnswerD

429 errors occur when the request rate exceeds the allowed TPS.

Why this answer

HTTP 429 (Too Many Requests) is a rate-limiting response from Azure AI Vision when the client exceeds the allowed transactions-per-second (TPS) for the chosen pricing tier. The alert indicates the application is sending requests faster than the service's capacity, triggering throttling to protect backend resources.

Exam trap

The trap here is confusing HTTP 429 with authentication or authorization errors (401/403), leading candidates to incorrectly select options about API keys or role assignments when the real issue is rate limiting.

How to eliminate wrong answers

Option A is wrong because an incorrect endpoint URL would produce a 404 Not Found or connection error, not a 429 rate-limit error. Option B is wrong because an expired API key results in a 401 Unauthorized or 403 Forbidden response, not a 429. Option C is wrong because an incorrect role assignment on the service principal would cause 403 Forbidden errors due to missing RBAC permissions, not a 429 throttling response.

192
MCQmedium

A financial services company uses Azure AI Document Intelligence to process loan applications. The solution extracts data from uploaded PDFs and stores it in Azure Cosmos DB. Recently, extraction errors increased due to poor-quality scans. The company needs to improve accuracy without manual intervention. The solution must also handle varying document layouts. You need to recommend a plan. What should you do?

A.Increase the throughput (TPS) of the Document Intelligence resource.
B.Enable OCR enhancement in Document Intelligence.
C.Switch to Azure AI Language for entity extraction.
D.Train a custom document extraction model using labeled samples of poor-quality scans and different layouts.
AnswerD

Custom models learn from specific examples, improving accuracy on varied layouts and quality.

Why this answer

Option D is correct because training a custom document extraction model using labeled samples of poor-quality scans and varying layouts directly addresses the root cause of extraction errors. Azure AI Document Intelligence's custom model capability allows you to train on specific document types and quality issues, improving accuracy without manual intervention. This approach adapts to the company's need to handle diverse layouts and degraded image quality, which prebuilt models cannot reliably manage.

Exam trap

The trap here is that candidates may confuse throughput scaling (Option A) or generic OCR enhancement (Option B) with actual model improvement, overlooking that only custom training can adapt to specific data quality issues and layout variations.

How to eliminate wrong answers

Option A is wrong because increasing throughput (TPS) only affects the rate of processing requests, not the accuracy of extraction from poor-quality scans; it does not improve model performance. Option B is wrong because OCR enhancement in Document Intelligence is a built-in feature that applies to all documents, but it cannot be specifically tuned to handle poor-quality scans or varying layouts; it does not replace the need for a custom model trained on the company's specific data. Option C is wrong because Azure AI Language is designed for text analytics and entity extraction from clean text, not for processing scanned PDFs with layout variations and poor image quality; it lacks the document understanding capabilities of Document Intelligence.

193
MCQeasy

You deploy a custom vision model using Azure AI Custom Vision. After deployment, you notice the model has high accuracy on training data but low accuracy on new images. What is the most likely cause?

A.The training time was too short
B.The training dataset has too few images
C.The wrong domain was selected during training
D.The model is overfitted to the training data
AnswerD

Overfitting leads to high training accuracy but poor generalization.

Why this answer

High accuracy on training data but low accuracy on new images is the classic symptom of overfitting, where the model has memorized the training examples (including noise and irrelevant patterns) rather than learning generalizable features. In Azure AI Custom Vision, this typically occurs when the training dataset is too small, too homogeneous, or lacks sufficient variation, causing the model to fail on unseen data.

Exam trap

The trap here is that candidates confuse 'too few images' (a contributing factor) with the direct diagnosis of 'overfitting,' but the question asks for the most likely cause of the described symptom, which is the overfitting itself, not its root cause.

How to eliminate wrong answers

Option A is wrong because training time in Custom Vision is automatically managed by the service; extending it does not directly cause overfitting—the model stops when convergence is reached. Option B is wrong because having too few images can contribute to overfitting, but the question asks for the 'most likely cause' given the symptom, and overfitting is the direct description of the behavior, not the root cause of small dataset size. Option C is wrong because selecting the wrong domain (e.g., 'General' vs. 'Food' or 'Landmarks') affects feature extraction and may reduce accuracy overall, but it does not specifically produce the pattern of high training accuracy and low test accuracy—that pattern is the hallmark of overfitting.

194
MCQeasy

You are planning an Azure AI solution that uses Azure AI Document Intelligence to extract data from invoices. The solution must handle large volumes of documents with varying layouts. Which pricing tier should you choose to ensure scalability and high throughput?

A.Premium (P0)
B.Standard (S0)
C.Free (F0)
D.Basic (B0)
AnswerB

Standard tier provides scalable throughput for production workloads.

Why this answer

The Standard (S0) tier is correct because Azure AI Document Intelligence requires the S0 tier for production workloads that demand high throughput and scalability across varying document layouts. The S0 tier supports unlimited transactions per second (TPS) with auto-scaling, whereas lower tiers impose strict rate limits or lack the capacity to handle large volumes of invoices with diverse formats.

Exam trap

The trap here is that candidates may confuse Azure AI Document Intelligence's tier structure with other Azure AI services (like Cognitive Services) that offer a 'Premium' tier, or assume a 'Basic' tier exists for cost savings, when in fact Document Intelligence only has Free and Standard tiers.

How to eliminate wrong answers

Option A is wrong because Azure AI Document Intelligence does not offer a 'Premium (P0)' tier; the service uses Free (F0) and Standard (S0) tiers only. Option C is wrong because the Free (F0) tier is limited to 20 transactions per minute and is intended for evaluation and development, not for production-scale invoice processing with high throughput. Option D is wrong because Azure AI Document Intelligence does not have a 'Basic (B0)' tier; the only paid tier is Standard (S0), which provides the necessary scalability and throughput for large volumes.

195
MCQhard

You are deploying an Azure AI solution that uses Azure OpenAI Service. The solution must be deployed in a way that minimizes latency for users in Asia. However, the company's data residency policy requires data to stay in the United States. What should you do?

A.Use Azure CDN to cache the model responses in Asia.
B.Deploy the Azure OpenAI Service in an Asian region and use Azure Front Door to route traffic.
C.Deploy the service in multiple regions globally and use Traffic Manager for routing.
D.Deploy the service in a US region and use Azure Front Door with caching to reduce latency.
AnswerD

Front Door provides low-latency access while keeping data in US.

Why this answer

Option D is correct because it satisfies both requirements: data residency (deploying in a US region keeps data within the United States) and latency reduction for Asian users. Azure Front Door with caching stores frequently accessed model responses at edge locations closer to users in Asia, minimizing round-trip time without moving the origin data.

Exam trap

The trap here is that candidates assume caching (Option A) or global deployment (Option C) can solve latency without considering data residency, or they mistakenly think deploying in Asia (Option B) is acceptable despite the policy constraint.

How to eliminate wrong answers

Option A is wrong because Azure CDN caches static content, but Azure OpenAI Service responses are dynamic and often non-cacheable (e.g., unique prompts or streaming outputs); caching would not reduce latency for real-time inference. Option B is wrong because deploying in an Asian region violates the data residency policy requiring data to stay in the United States. Option C is wrong because deploying in multiple regions globally would require data replication outside the US, breaking the data residency constraint; Traffic Manager routes traffic but does not cache responses, so latency from a US region would remain high for Asian users.

196
Multi-Selectmedium

Which THREE practices should be followed to secure an Azure AI solution that uses Azure OpenAI Service and Azure AI Search?

Select 3 answers
A.Store API keys in Azure Key Vault but use them directly in application code.
B.Use managed identities to authenticate between Azure OpenAI and Azure AI Search.
C.Place all AI services in a DMZ subnet with public IP addresses.
D.Require that all client applications use HTTPS with TLS 1.2 or higher.
E.Enable firewall and private endpoints for all AI service endpoints.
AnswersB, D, E

Managed identities provide secure authentication without secrets.

Why this answer

Option B is correct because managed identities allow Azure OpenAI and Azure AI Search to authenticate securely without storing or rotating credentials. By assigning a managed identity to the Azure OpenAI service, you can grant it access to Azure AI Search via Azure RBAC, eliminating the need for API keys or shared access keys in code or configuration.

Exam trap

The trap here is that candidates often think storing keys in Key Vault is sufficient for security, but the question tests whether you understand that managed identities eliminate the need to handle keys altogether, and that public endpoints (even in a DMZ) are not secure for AI services.

197
MCQeasy

You are deploying a chatbot using Azure AI Bot Service integrated with Azure AI Language for natural language understanding. The bot must be able to handle multiple languages and route queries to the appropriate language model. What should you configure?

A.Deploy Azure AI Translator to translate all input to English before processing
B.Deploy the bot in multiple regions, each with a different language model
C.Use Azure AI Language with a multi-language project and enable language detection
D.Use Azure AI Search to route queries based on language
AnswerC

Azure AI Language supports multiple languages and can detect language automatically.

Why this answer

Option C is correct because Azure AI Language supports multi-language projects that allow you to train a single model to understand multiple languages. By enabling language detection, the bot can automatically identify the input language and route the query to the appropriate language-specific model or intent recognition within the same project, eliminating the need for separate deployments or translation steps.

Exam trap

The trap here is that candidates may assume translation (Option A) is necessary for multilingual support, but Azure AI Language's native multi-language capability eliminates the need for a separate translation step, directly handling multiple languages within a single project.

How to eliminate wrong answers

Option A is wrong because translating all input to English before processing introduces latency, potential loss of nuance, and is not a native NLU approach; Azure AI Language can directly handle multiple languages without translation. Option B is wrong because deploying the bot in multiple regions with different language models is unnecessary and inefficient; a single multi-language project in Azure AI Language can handle multiple languages without regional separation. Option D is wrong because Azure AI Search is a cognitive search service for indexing and querying data, not designed for language detection or routing queries based on language; it lacks the NLU capabilities required for this task.

198
MCQeasy

You need to monitor costs for an Azure AI solution that uses multiple Azure AI services. Which Azure tool should you use to set budgets and receive alerts?

A.Azure Advisor
B.Azure Monitor
C.Azure Service Health
D.Azure Cost Management
AnswerD

Azure Cost Management allows you to set budgets and configure alerts.

Why this answer

Azure Cost Management is the dedicated Azure tool for setting budgets, defining cost thresholds, and configuring alerts when spending exceeds those limits. It provides detailed cost analysis, forecasting, and policy enforcement across all Azure services, including AI services like Cognitive Services and Azure Machine Learning.

Exam trap

The trap here is that candidates confuse Azure Advisor's cost recommendations with actual budget management, or they mistakenly think Azure Monitor's alerting capabilities extend to financial cost thresholds rather than just operational metrics.

How to eliminate wrong answers

Option A is wrong because Azure Advisor provides personalized recommendations for cost optimization, security, and performance, but it does not allow you to set budgets or configure cost alerts. Option B is wrong because Azure Monitor collects and analyzes telemetry data (metrics, logs) for application performance and health, not for financial cost tracking or budget management. Option C is wrong because Azure Service Health provides information about service outages, planned maintenance, and health advisories for Azure services, not cost monitoring or budget alerts.

199
MCQmedium

A company plans to deploy an Azure AI solution that processes sensitive customer data. The solution must comply with GDPR and ensure data residency within the European Union. Which Azure resource configuration should be used?

A.Deploy the Azure AI services in multiple regions globally and use geo-replication.
B.Use the Azure AI services 'Data Residency' SKU.
C.Use the Free tier of Azure AI services.
D.Create an Azure AI services resource in a specific EU region and set the data residency option to 'EU'.
AnswerD

Azure AI services allow you to choose a region to control data residency.

Why this answer

Option D is correct because Azure AI services allow you to specify a data residency option when creating the resource in a specific EU region, ensuring that all customer data remains within the European Union as required by GDPR. This configuration explicitly restricts data processing and storage to the chosen geographic boundary, meeting compliance and residency mandates.

Exam trap

The trap here is that candidates confuse the 'Data Residency' option with a separate SKU or assume that geo-replication across EU regions is acceptable, but Azure requires explicit regional restriction to prevent data leaving the EU boundary.

How to eliminate wrong answers

Option A is wrong because deploying in multiple regions globally with geo-replication would replicate data outside the EU, violating GDPR data residency requirements. Option B is wrong because there is no 'Data Residency SKU' for Azure AI services; data residency is configured via the resource creation settings, not a separate SKU. Option C is wrong because the Free tier of Azure AI services does not provide any data residency guarantees and may process data in any Azure region, failing to meet EU residency compliance.

200
MCQhard

Refer to the exhibit. You are using Azure AI Document Intelligence with a layout model. The pipeline returns an empty tables array even though the document contains tables. The OCR step extracts text correctly. What is the most likely issue?

A.The OCR step is not recognizing table cells.
B.The table extraction step is misconfigured.
C.The output field mapping for tables is missing.
D.The layout extraction step is not correctly identifying table structures.
AnswerD

Layout extraction must detect tables; if it fails, tables are empty.

Why this answer

The layout model in Azure AI Document Intelligence performs OCR and then uses a layout extraction step to identify structural elements like tables. If the OCR extracts text correctly but the tables array is empty, it indicates that the layout extraction step failed to detect the table boundaries or cell structure, not that OCR missed the text. Option D correctly identifies this as the most likely issue.

Exam trap

The trap here is that candidates assume OCR and table extraction are the same step, but Azure AI Document Intelligence separates text recognition from structural layout analysis, so correct OCR does not guarantee correct table detection.

How to eliminate wrong answers

Option A is wrong because the OCR step extracts text correctly, as stated in the question, so it is recognizing table cells as text; the issue is not with OCR recognition. Option B is wrong because the layout model does not have a separate 'table extraction' configuration that can be misconfigured; table extraction is an inherent part of the layout analysis, and the pipeline is using the standard layout model. Option C is wrong because output field mapping is used for custom extraction models (like prebuilt or custom neural models), not for the layout model, which returns raw structural elements like tables and cells directly in the JSON output without requiring field mapping.

201
MCQhard

Your company uses Azure OpenAI to generate code snippets. Developers need to ensure that the generated code does not contain security vulnerabilities. What should you implement?

A.Set usage quotas to limit the number of code generation requests
B.Fine-tune the model on a dataset of secure code examples
C.Configure Azure OpenAI content filters to block vulnerable code
D.Integrate a static code analysis tool into the CI/CD pipeline to scan generated code
AnswerD

Static analysis tools can detect vulnerabilities in generated code before deployment.

Why this answer

Option D is correct because integrating a static code analysis tool (e.g., Microsoft Defender for DevOps, SonarQube, or Checkmarx) into the CI/CD pipeline allows automated scanning of generated code for security vulnerabilities before deployment. This approach directly addresses the requirement to ensure generated code is free of vulnerabilities, as Azure OpenAI content filters are not designed to detect code-level security flaws like SQL injection or buffer overflows.

Exam trap

The trap here is that candidates confuse Azure OpenAI content filters (which handle text-level safety) with code-level security scanning, leading them to incorrectly select Option C, while the correct approach requires a dedicated security analysis tool integrated into the development pipeline.

How to eliminate wrong answers

Option A is wrong because setting usage quotas only limits the number of requests, not the security quality of the generated code; it prevents abuse but does not scan for vulnerabilities. Option B is wrong because fine-tuning on secure code examples improves the model's output quality but does not guarantee that every generated snippet is vulnerability-free, as the model can still produce insecure patterns not present in the training data. Option C is wrong because Azure OpenAI content filters are designed to block harmful or policy-violating content (e.g., hate speech, violence), not to detect code-specific security vulnerabilities like cross-site scripting or insecure cryptographic practices.

202
Multi-Selectmedium

Which THREE of the following are capabilities of Azure AI Content Safety?

Select 3 answers
A.Sexual content detection
B.Hate speech detection
C.Self-harm detection
D.Sentiment analysis
E.Personally identifiable information (PII) detection
AnswersA, B, C

Sexual content is one of the four categories in Content Safety.

Why this answer

Azure AI Content Safety is specifically designed to detect harmful content across four categories: sexual content, hate speech, self-harm, and violence. Option A is correct because sexual content detection is one of the four core content categories that the service is trained to identify, using multi-class classification models to flag explicit or suggestive material.

Exam trap

The trap here is that candidates confuse Azure AI Content Safety with other Azure AI services that handle sentiment analysis or PII detection, leading them to select options that belong to Azure AI Language or Azure AI Search instead of the specific content moderation service.

203
MCQhard

Refer to the exhibit. The indexer using this skillset fails with an error that the skill cannot be executed. The Azure Function is deployed and responds correctly when tested directly. What is the most likely cause?

A.The context is set incorrectly to '/document'.
B.The input source '/document/content' is invalid.
C.The skill endpoint is using HTTP instead of HTTPS.
D.The skill's output targetName does not match the index field.
AnswerC

Azure AI Search requires HTTPS for custom skill endpoints.

Why this answer

Azure AI Search indexers that invoke custom skills via Azure Functions require the endpoint to use HTTPS. If the endpoint is configured with HTTP, the indexer will fail with a 'skill cannot be executed' error, even if the function itself works when tested directly. This is because the indexer enforces secure communication to protect data in transit.

Exam trap

The trap here is that candidates may assume a working function tested directly (often via HTTP) will work in the indexer, overlooking the indexer's strict HTTPS requirement for custom skill endpoints.

How to eliminate wrong answers

Option A is wrong because setting the context to '/document' is standard for document-level skills and does not cause a 'cannot execute' error; it would instead affect how the skill's output is mapped. Option B is wrong because '/document/content' is a valid input source for a document's content field, and if it were invalid, the error would be about missing input data, not skill execution failure. Option D is wrong because a mismatch in output targetName would cause a mapping or indexing error, not a 'skill cannot be executed' error, which occurs before output mapping is evaluated.

204
MCQhard

Your organization deploys an Azure AI Foundry solution for a customer service chatbot. The chatbot uses a large language model (LLM) hosted on Azure OpenAI Service with a GPT-4 model. Requirements: (1) The chatbot must only use information from the company's internal knowledge base, not general internet knowledge. (2) Responses must include citations from the knowledge base. (3) The solution must filter out any toxic or harmful content. (4) The chatbot must be deployed in a secure environment with network isolation. You have an Azure AI Foundry project with a connected Azure OpenAI resource. The knowledge base is stored in Azure AI Search. You need to configure the solution. What should you do?

A.Use Azure OpenAI with function calling to retrieve knowledge base documents, and enable content filtering.
B.Use prompt engineering with system messages to restrict knowledge, and enable content filtering.
C.Use Azure OpenAI on your data with Azure AI Search as the data source, enable content filtering, and configure the model to use the search index with strict grounding.
D.Fine-tune the GPT-4 model on the knowledge base and deploy with content filtering.
AnswerC

Azure OpenAI on your data grounds responses in the knowledge base, content filtering ensures safety, and strict grounding enforces citations.

Why this answer

Option C is correct because it uses Azure OpenAI on your data with Azure AI Search as the data source, which ensures the model only retrieves and generates responses from the indexed knowledge base, meeting the requirement to avoid general internet knowledge. Enabling content filtering satisfies the toxicity requirement, and configuring strict grounding ensures responses include citations from the search index. The secure environment with network isolation is achieved through Azure AI Foundry's managed network capabilities, which are compatible with this configuration.

Exam trap

The trap here is that candidates often confuse fine-tuning (Option D) with RAG, not realizing that fine-tuning cannot provide citations and still risks hallucination, while RAG with Azure AI Search directly satisfies the grounding and citation requirements.

How to eliminate wrong answers

Option A is wrong because function calling allows the model to call external functions but does not restrict the model to only use the knowledge base; it can still generate responses from its training data, violating the requirement to avoid general internet knowledge. Option B is wrong because prompt engineering with system messages is a soft constraint that can be overridden by the model, and it does not guarantee that responses are grounded in the knowledge base or include citations; content filtering alone does not enforce knowledge base usage. Option D is wrong because fine-tuning the GPT-4 model on the knowledge base embeds the data into the model's weights, but it does not provide a mechanism for citing sources, and the model may still hallucinate or use pre-training knowledge; additionally, fine-tuning does not inherently support network isolation or content filtering as a built-in feature.

205
MCQeasy

Your team is developing a chatbot using Azure AI Bot Service. You need to ensure that the bot can handle multiple languages and respond appropriately. Which Azure AI service should you integrate to perform language detection?

A.Azure AI Language
B.Azure AI Speech
C.Azure AI Content Safety
D.Azure AI Translator
AnswerA

Azure AI Language includes language detection.

Why this answer

Azure AI Language provides pre-built language detection capabilities as part of its natural language processing (NLP) features. By integrating this service, the bot can analyze incoming text and identify the language, enabling it to route responses appropriately or trigger language-specific logic.

Exam trap

The trap here is that candidates often confuse Azure AI Translator's built-in language detection (which is a secondary capability) with the dedicated language detection service, leading them to choose Option D instead of the correct Azure AI Language.

How to eliminate wrong answers

Option B is wrong because Azure AI Speech focuses on speech-to-text, text-to-speech, and speaker recognition, not on detecting the language of text input. Option C is wrong because Azure AI Content Safety is designed to detect harmful or inappropriate content (e.g., hate speech, self-harm) in text or images, not to identify the language. Option D is wrong because Azure AI Translator is used to translate text between languages, but it does not perform standalone language detection; while Translator can sometimes infer language during translation, the dedicated language detection feature is part of Azure AI Language.

206
MCQhard

Your organization uses Azure AI Document Intelligence to extract data from invoices. The solution must identify custom fields not present in the prebuilt models, such as 'purchase order number' located in varying positions across documents. What should you do?

A.Use the layout model and apply manual post-processing.
B.Use Azure AI Forms Recognizer with prebuilt receipt model.
C.Use the prebuilt invoice model with field merging.
D.Train a custom extraction model using labeled sample invoices.
AnswerD

Custom models learn to extract user-defined fields.

Why this answer

Option D is correct because Azure AI Document Intelligence (formerly Form Recognizer) allows you to train a custom extraction model using labeled sample invoices. This approach enables the model to learn custom fields like 'purchase order number' that appear in varying positions, which prebuilt models cannot handle. By providing labeled examples, the model generalizes to extract the field accurately from new documents.

Exam trap

The trap here is that candidates may assume the prebuilt invoice model can be extended with custom fields via configuration or merging, but Azure AI Document Intelligence requires explicit custom model training to recognize fields not present in prebuilt schemas.

How to eliminate wrong answers

Option A is wrong because the layout model only extracts text and structure (tables, lines) without semantic field recognition; manual post-processing would be inefficient and error-prone for custom fields. Option B is wrong because the prebuilt receipt model is designed for receipts, not invoices, and cannot extract custom fields like 'purchase order number'. Option C is wrong because the prebuilt invoice model does not support field merging; it only extracts predefined fields and cannot learn new custom fields.

207
MCQhard

A company plans to use Azure Cognitive Search to index a large number of PDF documents stored in Azure Blob Storage. The documents contain sensitive personally identifiable information (PII). The search results should only be accessible to authorized users based on their Azure Active Directory (Azure AD) group membership. Which combination of features should the company implement?

A.Generate shared access signatures (SAS) for each document and include them in the search index.
B.Index the documents and use security filters with Azure AD group-based access control.
C.Use Azure RBAC to assign permissions to users for the search service and configure field-level security.
D.Store Azure AD group membership in a field in the search index and configure an indexer to map the field.
AnswerB

Security filters allow restricting search results based on Azure AD group membership stored in the index.

Why this answer

Option B is correct because Azure Cognitive Search supports security trimming via OAuth 2.0 and Azure AD group-based access control. By storing group identifiers in a search index field and using a security filter, only users whose Azure AD group membership matches the stored group IDs can see the corresponding search results. This ensures that sensitive PII in PDF documents is only returned to authorized users without exposing the documents themselves.

Exam trap

The trap here is that candidates confuse Azure RBAC (which controls management-plane permissions) with data-plane security trimming, or they assume that storing group membership in the index alone is sufficient without implementing a query-time filter to enforce it.

How to eliminate wrong answers

Option A is wrong because embedding shared access signatures (SAS) in the search index would expose direct document access URLs to all users who can query the index, bypassing any authorization check; SAS tokens are for delegated access to storage, not for per-user security trimming. Option C is wrong because Azure RBAC controls management-plane access to the search service itself (e.g., who can create indexes or manage the service), not data-plane access to individual search results; field-level security in Cognitive Search is a separate feature that restricts which fields are returned, not which documents are visible based on user identity. Option D is wrong because storing Azure AD group membership in a field alone does not enforce security; the indexer can map the field, but without a security filter applied at query time (e.g., using the `$filter` parameter with the user's group IDs), all documents remain visible to any authenticated user.

208
Multi-Selecteasy

Which TWO monitoring metrics should you track to ensure the health and performance of an Azure AI Search service used for a customer-facing product catalog?

Select 2 answers
A.Throttled search queries count.
B.Indexer execution history and duration.
C.Storage used in GB.
D.Search latency (average and P99).
E.Number of successful search requests.
AnswersA, D

Throttling indicates capacity bottlenecks.

Why this answer

Throttled search queries count (Option A) is a critical health metric because it directly indicates when the search service is under excessive load, causing requests to be rate-limited. For a customer-facing product catalog, throttling degrades user experience and can lead to failed searches. Tracking this metric helps you decide when to scale up replicas or partitions to maintain service level agreements.

Exam trap

The trap here is that candidates often confuse operational metrics (like indexer duration or storage usage) with customer-facing performance metrics, leading them to select indexer execution history instead of search latency.

209
MCQmedium

You need to implement content moderation for a social media platform using Azure AI Content Safety. The solution must block hate speech and self-harm content while allowing mild profanity. Which configuration should you use?

A.Enable all categories with severity threshold 0 (block all)
B.Enable all categories with severity threshold 2
C.Enable hate speech and self-harm categories; disable profanity
D.Enable hate speech and self-harm with severity threshold 4; enable profanity with severity threshold 6
AnswerD

Threshold 4 blocks high-severity hate/self-harm; threshold 6 allows mild profanity.

Why this answer

Option D is correct because Azure AI Content Safety allows you to set severity thresholds per category (0-6). By enabling hate speech and self-harm with a threshold of 4, you block content at severity level 4 or higher (e.g., severe hate speech and self-harm), while enabling profanity with a threshold of 6 means only the most extreme profanity (level 6) is blocked, allowing mild profanity through. This matches the requirement to block hate speech and self-harm but allow mild profanity.

Exam trap

The trap here is that candidates assume disabling a category (like profanity) is the only way to allow it, but Azure AI Content Safety uses severity thresholds to allow mild content while blocking severe content, so disabling the category removes all control over that content type.

How to eliminate wrong answers

Option A is wrong because setting all categories to severity threshold 0 blocks all content, including mild profanity, which violates the requirement to allow mild profanity. Option B is wrong because enabling all categories with severity threshold 2 blocks content at severity level 2 or higher for all categories, including profanity, which would block mild profanity (since mild profanity often falls at severity 2-4). Option C is wrong because disabling the profanity category entirely means no profanity is blocked, but the requirement is to allow mild profanity, not all profanity; disabling the category removes the ability to block any profanity, which could allow severe profanity through.

210
Multi-Selecthard

Which THREE are required when planning to use Azure OpenAI Service for a generative AI application that must comply with responsible AI principles?

Select 3 answers
A.Restrict the model to a maximum of 1000 tokens.
B.Implement content filters to block harmful outputs.
C.Design with human-in-the-loop for critical decisions.
D.Enable rate limiting to prevent abuse.
E.Establish data governance policies for training data.
AnswersB, C, E

Required for safety.

Why this answer

Option B is correct because Azure OpenAI Service provides built-in content filtering that can block harmful outputs such as hate speech, violence, or self-harm. This is a core requirement for responsible AI compliance, as outlined in Microsoft's Responsible AI Standard, and must be configured to prevent the model from generating unsafe content.

Exam trap

The trap here is that candidates confuse operational controls (like token limits or rate limiting) with responsible AI requirements, which are specifically about fairness, safety, transparency, and accountability, not performance or security.

211
MCQmedium

Refer to the exhibit. You are configuring an agent in Azure AI Foundry. The agent fails to start because the specified model is not available in the current Azure OpenAI resource. What should you do to resolve the issue?

A.Modify the system_prompt to include the model version
B.Deploy the gpt-4-0613 model in the Azure OpenAI resource
C.Change the connection_type to 'Weak'
D.Change the provider to 'AzureAI'
AnswerB

The model must be deployed before use.

Why this answer

The agent fails to start because the specified model (likely gpt-4-0613) is not deployed in the Azure OpenAI resource. In Azure AI Foundry, agents require an existing model deployment to invoke; you cannot use a model that hasn't been deployed. Option B correctly resolves this by deploying the required model in the Azure OpenAI resource.

Exam trap

The trap here is that candidates might think modifying the system_prompt or changing a connection setting can fix a missing model deployment, but Azure OpenAI requires explicit model deployment before any resource can use it.

How to eliminate wrong answers

Option A is wrong because the system_prompt defines the agent's behavior and instructions, not the model version or deployment; modifying it cannot make an undeployed model available. Option C is wrong because connection_type is not a valid configuration for Azure OpenAI resources; 'Weak' is not a recognized connection type and does not affect model availability. Option D is wrong because the provider is already Azure (Azure OpenAI) and changing it to 'AzureAI' is not a valid provider option; the issue is the missing model deployment, not the provider.

212
MCQmedium

You are designing a chatbot using Azure AI Language. The chatbot must understand user intents and also extract entities like dates and locations. Which feature combination should you use?

A.Conversational Language Understanding (CLU) with entities
B.Sentiment analysis and entity linking
C.Custom text classification and key phrase extraction
D.Orchestration Workflow and custom text classification
AnswerA

CLU handles both intents and entities for chatbots.

Why this answer

Conversational Language Understanding (CLU) is the correct Azure AI Language feature for building a chatbot that understands user intents and extracts entities like dates and locations. CLU is specifically designed for natural language understanding (NLU) tasks, providing prebuilt and custom entity extraction alongside intent recognition, which directly matches the requirement.

Exam trap

The trap here is that candidates often confuse entity linking (which maps to external knowledge bases) with entity extraction (which pulls values directly from the utterance), leading them to choose Option B despite it lacking intent recognition.

How to eliminate wrong answers

Option B is wrong because sentiment analysis evaluates the emotional tone of text, not user intents, and entity linking maps named entities to a knowledge base (e.g., Wikipedia), not extracting arbitrary entities like dates and locations. Option C is wrong because custom text classification assigns predefined labels to entire documents, not user intents in a conversational context, and key phrase extraction identifies key terms but does not extract structured entities like dates and locations. Option D is wrong because Orchestration Workflow routes requests between different language services (e.g., CLU, QnA Maker) but does not itself perform intent recognition or entity extraction; custom text classification also does not handle entity extraction.

213
MCQhard

You are reviewing the ARM template snippet for an Azure AI Foundry hub. After deployment, you notice that the hub cannot connect to the storage account. What is the most likely cause?

A.The hub uses a managed network that blocks outbound traffic to the storage account
B.The location 'eastus' does not support AI Foundry hubs
C.The storage account name contains invalid characters
D.The key vault is not configured with a firewall rule
AnswerA

Managed networks can block access to resources without proper firewall rules.

Why this answer

The most likely cause is that the hub uses a managed network which, by default, blocks outbound traffic to the storage account unless explicitly allowed via outbound rules or private endpoints. Azure AI Foundry hubs enforce network isolation for security, and if the storage account is not configured as an approved destination, the hub cannot establish the required connections for data access.

Exam trap

The trap here is that candidates assume connectivity issues are due to resource naming or regional availability, when the real cause is the managed network's default outbound blocking behavior, which is a common security feature in Azure AI services.

How to eliminate wrong answers

Option B is wrong because 'eastus' is a fully supported region for Azure AI Foundry hubs, with no regional restrictions documented. Option C is wrong because storage account names are validated at deployment time; if the name contained invalid characters, the ARM template deployment would fail entirely, not cause a post-deployment connectivity issue. Option D is wrong because the key vault firewall rule is unrelated to the hub's ability to connect to the storage account; key vault is used for secrets, not for storage connectivity.

214
MCQeasy

A developer is tasked with integrating Azure OpenAI Service into an application that generates product descriptions. The developer needs to ensure that the generated content does not contain offensive language. Which Azure AI service should be used in addition to Azure OpenAI?

A.Azure AI Search
B.Azure AI Vision
C.Azure AI Language
D.Azure AI Content Safety
AnswerD

Azure AI Content Safety detects offensive language and other harmful content.

Why this answer

Azure AI Content Safety (D) is the correct service because it provides built-in content moderation capabilities that can detect and filter offensive, inappropriate, or harmful language in text and images. By integrating Azure AI Content Safety with Azure OpenAI, the developer can automatically screen generated product descriptions for profanity, hate speech, or other offensive content before they are displayed to users, ensuring compliance with content policies.

Exam trap

The trap here is that candidates may confuse Azure AI Language's text analytics features (like sentiment analysis) with content moderation, but Azure AI Language does not include dedicated offensive language filtering, which is a distinct capability of Azure AI Content Safety.

How to eliminate wrong answers

Option A is wrong because Azure AI Search is a cognitive search service used for indexing and retrieving data, not for content moderation or filtering offensive language. Option B is wrong because Azure AI Vision is designed for image analysis tasks such as object detection, OCR, and facial recognition, and does not include text-based content safety features. Option C is wrong because Azure AI Language provides natural language processing capabilities like sentiment analysis, key phrase extraction, and language understanding, but it does not offer dedicated content moderation or offensive language detection; that functionality is specifically handled by Azure AI Content Safety.

215
MCQeasy

A company is deploying an Azure AI solution that uses Azure Cognitive Services. The solution must comply with data residency requirements that mandate all customer data be stored within a specific geographic region. Which action should the company take when creating the Cognitive Services resource?

A.Apply a resource tag that specifies the region.
B.Configure the endpoint URL to point to a regional endpoint.
C.Set the SKU to a tier that supports regional restrictions.
D.Select the appropriate region during resource creation.
AnswerD

The resource location determines where data is stored at rest.

Why this answer

Data residency requirements are satisfied by physically storing customer data within a specific geographic boundary. When creating an Azure Cognitive Services resource, selecting the appropriate region (e.g., 'West Europe' or 'East US') during the provisioning process ensures that all data processed and stored by that service instance remains within that Azure datacenter region. This is the fundamental and only guaranteed method to enforce data residency at the resource level.

Exam trap

The trap here is that candidates confuse network-level controls (like endpoint configuration or tagging) with physical data storage guarantees, mistakenly believing that a regional endpoint or a tag can enforce data residency when only the initial region selection during resource creation can do so.

How to eliminate wrong answers

Option A is wrong because resource tags are metadata labels used for organization, cost tracking, or policy enforcement; they do not influence where the underlying service stores data. Option B is wrong because the endpoint URL is automatically generated based on the chosen region and cannot be manually configured to redirect storage; it only determines the network access point, not the physical data location. Option C is wrong because the SKU tier (e.g., S0, F0) determines throughput limits and feature availability, not geographic restrictions; no SKU tier enforces regional data storage.

216
MCQmedium

Your organization uses Microsoft Purview to govern AI models. You need to ensure that data used for training complies with internal policies. What should you configure?

A.Set up Data Estate Insights to monitor data usage
B.Use Microsoft Purview Data Map to catalog training data
C.Apply sensitivity labels to training data
D.Enable Microsoft Purview Information Protection
AnswerA

Provides governance and compliance monitoring.

Why this answer

Data Estate Insights in Microsoft Purview provides monitoring and analytics over data estate health, including data usage patterns. By configuring Data Estate Insights, you can track how training data is accessed and used, enabling you to verify compliance with internal policies on data consumption for AI model training.

Exam trap

The trap here is confusing data cataloging (Data Map) or classification (sensitivity labels) with usage monitoring, leading candidates to select options that address data discovery or protection rather than compliance monitoring.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Map is used for metadata scanning, classification, and lineage tracking of data assets, not for monitoring data usage compliance. Option C is wrong because applying sensitivity labels classifies data based on sensitivity but does not monitor or enforce usage policies for training data. Option D is wrong because Microsoft Purview Information Protection focuses on data protection through encryption and access controls, not on monitoring data usage for compliance.

217
MCQmedium

You have an Azure AI solution that uses Azure AI Language to perform sentiment analysis. The solution is experiencing high latency. Which action should you take to reduce latency?

A.Move the service to a different Azure region.
B.Use the Free tier of the Azure AI Language service.
C.Increase the request timeout value.
D.Scale the service by increasing the number of instances or using a higher pricing tier.
AnswerD

More capacity reduces queuing and latency.

Why this answer

Option D is correct because scaling the Azure AI Language service by increasing the number of instances or moving to a higher pricing tier (e.g., from Standard S0 to a tier with higher throughput) directly addresses high latency by providing more capacity to handle concurrent requests. High latency often results from hitting the service's rate limits or throughput constraints, and scaling alleviates this bottleneck without changing the underlying architecture.

Exam trap

The trap here is that candidates often confuse network latency (solved by region proximity) with service throughput latency (solved by scaling), leading them to incorrectly choose Option A when the real bottleneck is capacity, not geography.

How to eliminate wrong answers

Option A is wrong because moving the service to a different Azure region primarily reduces network latency due to geographic proximity, but it does not resolve high latency caused by insufficient service capacity or throttling; the core issue is throughput, not distance. Option B is wrong because the Free tier has strict rate limits (e.g., 5,000 transactions per month) and lower throughput, which would likely worsen latency under load rather than reduce it. Option C is wrong because increasing the request timeout value does not reduce latency; it only allows the client to wait longer for a response, masking the symptom without addressing the underlying performance issue.

218
MCQhard

You are deploying an Azure AI multi-agent solution on Microsoft Foundry. The solution uses three agents that must share context and pass tasks among themselves. To ensure reliable orchestration and traceability, which agent pattern should you implement?

A.Parallel agent pattern
B.Sequential agent pattern
C.Sub-agent pattern
D.Custom agent pattern
AnswerB

Sequential pattern ensures ordered task execution with clear handoffs and traceability.

Why this answer

The sequential agent pattern is correct because the scenario requires agents to share context and pass tasks among themselves in a reliable, traceable manner. In Microsoft Foundry, the sequential pattern ensures each agent executes in a defined order, passing state and results to the next agent, which provides clear orchestration and full traceability of the workflow.

Exam trap

The trap here is that candidates often confuse the sequential pattern with the parallel pattern, assuming that 'sharing context' implies concurrent execution, but the question's emphasis on 'reliable orchestration and traceability' explicitly requires ordered, non-concurrent task handoff.

How to eliminate wrong answers

Option A is wrong because the parallel agent pattern executes agents concurrently, which does not guarantee ordered task passing or shared context across agents in a sequential dependency. Option C is wrong because the sub-agent pattern is used for delegating subtasks to a child agent from a parent, not for peer-to-peer context sharing and task handoff among multiple agents. Option D is wrong because the custom agent pattern is a generic term for user-defined agent logic, not a specific orchestration pattern that ensures reliable sequential task passing and traceability.

← PreviousPage 3 of 3 · 218 questions total

Ready to test yourself?

Try a timed practice session using only Plan and manage an Azure AI solution questions.