CCNA Deploy and Manage Azure Compute Questions

54 of 204 questions · Page 3/3 · Deploy and Manage Azure Compute · Answers revealed

151
Multi-Selectmedium

An administrator wants to deploy the same set of Azure VMs every sprint from source control and make code reviews capture every infrastructure change. Which three approaches meet this requirement? Select three.

Select 3 answers
A.Store a Bicep file in source control and use it as the deployment definition.
B.Store an ARM template JSON file in source control and deploy that template consistently.
C.Use Azure PowerShell or Azure CLI to deploy the checked-in template from the repository.
D.Create the VMs manually in the Azure portal each sprint and document the clicks afterward.
E.Export the resources after deployment and treat the export as the only authoritative source.
AnswersA, B, C

Bicep is a declarative infrastructure-as-code language that works well with source control and code review. It makes the deployment definition readable, repeatable, and versioned alongside application code.

Why this answer

Option A is correct because Bicep is a domain-specific language (DSL) for deploying Azure resources declaratively. Storing a Bicep file in source control allows you to version infrastructure as code, and code reviews can capture every change before deployment, ensuring consistency across sprints.

Exam trap

The trap here is that candidates may think exporting resources after deployment (Option E) is a valid IaC approach, but it produces a one-time snapshot that lacks idempotency and cannot be used for consistent, reviewable deployments across sprints.

152
MCQhard

A Windows VM must install IIS after provisioning and then run a script that registers the server with an internal API by using the VM's managed identity. The same steps must run automatically whenever the VM is deployed from Bicep. What should be added to the deployment?

A.A read-only resource lock on the VM resource group
B.A Custom Script Extension on the VM
C.An availability set containing the VM
D.A proximity placement group for the VM
AnswerB

The Custom Script Extension runs scripted configuration during deployment and is suitable for post-provisioning setup.

Why this answer

The Custom Script Extension (CSE) is the correct choice because it allows you to run PowerShell or Bash scripts on an Azure VM after provisioning, enabling the installation of IIS and execution of a registration script that leverages the VM's managed identity. Since the requirement specifies that these steps must run automatically whenever the VM is deployed from Bicep, the CSE can be declared as a resource in the Bicep template, ensuring it executes on every deployment. This directly addresses the need for post-deployment configuration without manual intervention.

Exam trap

The trap here is that candidates often confuse resource locks or availability sets with automation capabilities, mistakenly thinking they can trigger scripts, when in reality only extensions like Custom Script Extension or Desired State Configuration can perform post-deployment configuration tasks.

How to eliminate wrong answers

Option A is wrong because a read-only resource lock prevents modifications or deletions of the resource group but does not execute any scripts or install software on the VM. Option C is wrong because an availability set is a logical grouping for high availability across fault and update domains, not a mechanism for running post-deployment scripts. Option D is wrong because a proximity placement group reduces network latency between VMs by ensuring they are physically close, but it has no capability to install IIS or run scripts.

153
MCQeasy

A Windows VM must install an agent and copy a configuration file automatically after provisioning. The administrator wants Azure to run the setup step without logging into the VM manually. Which feature should be used?

A.Boot diagnostics
B.VM extension
C.Managed disk encryption
D.Availability set
AnswerB

VM extensions are designed to perform post-deployment configuration tasks on Azure VMs. A custom script extension can install software, run commands, and place files on the machine without requiring the administrator to sign in manually. This makes it a practical choice for first-boot setup, configuration hardening, and lightweight automation tasks.

Why this answer

VM extensions are the correct Azure feature to automatically install agents and apply configurations during or after provisioning without manual login. The Custom Script Extension (CSE) specifically can execute a PowerShell or Bash script to install the agent and copy the configuration file, running as a post-deployment task via Azure Resource Manager (ARM) templates, Azure CLI, or PowerShell.

Exam trap

The trap here is that candidates confuse Boot diagnostics (which is for troubleshooting) with a feature that can run scripts, or assume that Managed disk encryption or Availability sets can perform automated setup tasks, when only VM extensions are designed for post-deployment configuration and software installation.

How to eliminate wrong answers

Option A is wrong because Boot diagnostics captures serial console output and screenshots for troubleshooting boot failures, not for executing post-provisioning setup scripts. Option C is wrong because Managed disk encryption (Azure Disk Encryption) uses BitLocker or DM-Crypt to encrypt OS/data disks, not to install agents or copy configuration files. Option D is wrong because an Availability set is a logical grouping of VMs to protect against rack-level failures and provide higher SLA, not a mechanism for running setup steps.

154
Multi-Selecthard

An application runs on two identical VMs in a region that does not support availability zones. The app must keep running through planned maintenance and a single hardware fault, and the team does not want to add a second region. Which two deployment choices are appropriate? Select two.

Select 2 answers
A.Place the VMs in an availability set.
B.Use a standard virtual machine scale set in the same region.
C.Put both VMs in the same fault domain to simplify patching.
D.Deploy the workload in availability zones anyway.
E.Use a second Azure region for the primary failover design.
AnswersA, B

An availability set spreads VMs across fault and update domains within the same datacenter scale unit, which protects against planned maintenance and single hardware failures. That matches the region’s lack of zones and the no-second-region requirement.

Why this answer

A is correct because an availability set distributes VMs across multiple fault domains (up to 3) and update domains (up to 20) within the same datacenter. This ensures that during planned maintenance (update domain isolation) or a hardware fault (fault domain isolation), at least one VM remains available, meeting the requirement without needing availability zones or a second region.

Exam trap

The trap here is that candidates might think an availability set is only for legacy scenarios, but it is the correct choice when availability zones are not supported, and a scale set is also valid because it inherently provides fault and update domain isolation without requiring zones.

155
MCQeasy

An operations team wants to deploy the same set of Azure VMs every month from source control. The deployment should be readable, repeatable, and stored as code. What should they use?

A.Bicep template
B.Manual portal deployment
C.Azure Advisor recommendation
D.Azure Resource Explorer
AnswerA

Bicep is a declarative infrastructure-as-code language that is easier to read than raw ARM JSON. It is well suited for storing deployment definitions in source control and reusing them consistently across environments. Because it compiles to ARM templates, it still uses the Azure-native deployment engine while improving maintainability.

Why this answer

Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources as code. It provides readability, repeatability, and version control integration, making it ideal for deploying the same set of VMs monthly from source control. Unlike ARM templates, Bicep offers cleaner syntax and modularity, but both are valid infrastructure-as-code solutions.

Exam trap

The trap here is that candidates may confuse Azure Advisor (a recommendation engine) or Resource Explorer (a read-only browser) with deployment tools, or assume manual portal deployment is acceptable despite the explicit 'stored as code' requirement.

How to eliminate wrong answers

Option B is wrong because manual portal deployment is not repeatable, not stored as code, and introduces human error, violating the requirements for readability and source control. Option C is wrong because Azure Advisor provides optimization recommendations (e.g., cost, performance) but cannot deploy or manage infrastructure as code. Option D is wrong because Azure Resource Explorer is a read-only tool for browsing existing resources and their properties; it cannot create or deploy new resources.

156
MCQeasy

You need to resize a VM to a larger size, but Azure says the target size is not available while the VM is running. What should you do first?

A.Delete the VM and recreate it from the image.
B.Deallocate the VM, then retry the resize.
C.Attach a new data disk first.
D.Create an availability set for the VM.
AnswerB

Deallocating releases the VM from the current host cluster and often allows Azure to place it on hardware that supports the new size.

Why this answer

When a VM is running, Azure may not have the target VM size available in the cluster hosting the VM. Deallocating the VM releases the underlying hardware resources and removes the VM from its current cluster, allowing Azure to select a new cluster that supports the desired size. After deallocation, the resize operation can succeed because the VM is no longer pinned to a specific host or cluster.

Exam trap

The trap here is that candidates often think they must delete and recreate the VM or perform complex workarounds, when the simple and correct first step is to deallocate the VM to free it from its current cluster constraint.

How to eliminate wrong answers

Option A is wrong because deleting the VM and recreating it from an image is unnecessarily destructive and time-consuming; it would lose the VM's current state, disks, and configurations, whereas a simple deallocation and resize preserves all settings. Option C is wrong because attaching a new data disk does not change the VM's size or the availability of the target size in the current cluster; it is unrelated to the resize constraint. Option D is wrong because creating an availability set does not resolve the cluster-level size unavailability; availability sets are for high availability across fault domains, not for changing the VM's hardware configuration.

157
MCQeasy

You want to preview what a Bicep deployment will change before you apply it to a resource group. Which command should you use?

A.az deployment group what-if
B.az vm create
C.az monitor metrics list
D.az deployment group create --mode Complete
AnswerA

The what-if command shows the planned create, modify, and delete operations before you run the deployment.

Why this answer

The `az deployment group what-if` command allows you to preview the changes a Bicep deployment will make to a resource group before actually applying them. It returns a list of resources that will be created, modified, or deleted, enabling you to validate the deployment's impact without committing any changes. This is the correct tool for a dry-run or validation scenario.

Exam trap

The trap here is that candidates may confuse `az deployment group what-if` with `az deployment group validate` (which checks template syntax but does not show resource-level changes), or they might think `az deployment group create --mode Complete` provides a preview, when in fact it executes the deployment immediately.

How to eliminate wrong answers

Option B is wrong because `az vm create` is used to provision a new virtual machine, not to preview deployment changes. Option C is wrong because `az monitor metrics list` retrieves metric data for Azure resources, which is unrelated to deployment previews. Option D is wrong because `az deployment group create --mode Complete` performs an actual deployment in Complete mode, which can delete resources not in the template, and does not provide a preview before applying changes.

158
MCQmedium

A container group runs a nightly processing job in Azure Container Instances. The job should exit after completing successfully and should not restart automatically. Which restart policy should you configure?

A.Always
B.Never
C.OnFailure
D.Automatic
AnswerB

Never lets the container exit and stay stopped, which matches a completed batch workload.

Why this answer

The 'Never' restart policy ensures that the container group runs once and does not restart after it exits, regardless of the exit code. This is ideal for a nightly batch job that should complete and then stop permanently without automatic restarts.

Exam trap

The trap here is that candidates may confuse 'OnFailure' with 'Never' for successful jobs, not realizing that 'OnFailure' still restarts on failure, while the question requires no restart at all after successful completion.

How to eliminate wrong answers

Option A is wrong because 'Always' restarts the container indefinitely regardless of exit code, which would cause the job to run repeatedly instead of stopping after completion. Option C is wrong because 'OnFailure' restarts the container only if it exits with a non-zero exit code, but the question specifies the job should exit after completing successfully and not restart at all. Option D is wrong because 'Automatic' is not a valid restart policy in Azure Container Instances; the valid policies are Always, Never, and OnFailure.

159
MCQmedium

A reporting server will run an in-memory analytics workload that needs 8 vCPUs and 64 GiB RAM. CPU usage is expected to stay moderate, but the application benefits most from memory capacity. Which VM family should the administrator choose as the starting point?

A.B-series
B.D-series
C.F-series
D.E-series
AnswerD

E-series provides memory-optimized VM sizes that better match workloads needing high RAM relative to CPU.

Why this answer

The E-series (memory-optimized) VM family is designed for in-memory analytics workloads that require high memory-to-CPU ratios. With 8 vCPUs and 64 GiB RAM, the workload demands 8 GiB per vCPU, which aligns with E-series specifications (typically 8–16 GiB per vCPU). D-series offers a balanced ratio (4 GiB per vCPU) and would not provide sufficient memory capacity for this workload.

Exam trap

The trap here is that candidates often default to D-series (general purpose) for any 'moderate CPU' workload, overlooking the specific memory requirement that dictates the need for a memory-optimized family like E-series.

How to eliminate wrong answers

Option A is wrong because B-series (burstable) VMs are intended for workloads with low average CPU usage and occasional spikes, not for sustained in-memory analytics requiring consistent high memory capacity. Option B is wrong because D-series (general purpose) provides a balanced vCPU-to-memory ratio (4 GiB per vCPU), which would yield only 32 GiB RAM for 8 vCPUs, half the required 64 GiB. Option C is wrong because F-series (compute optimized) prioritizes high CPU performance with a low memory ratio (2 GiB per vCPU), offering only 16 GiB RAM for 8 vCPUs, far below the 64 GiB requirement.

160
MCQmedium

An online transaction app uses two identical VMs in an Azure region that supports availability zones. The business wants the app to stay available if an entire datacenter in the region fails. What should the administrator deploy?

A.An availability set with the VMs placed in different update domains.
B.Two VMs placed in different availability zones within the region.
C.A proximity placement group so both VMs stay physically close together.
D.A single VM with Premium SSD storage and automatic restart.
AnswerB

Availability zones place resources in separate datacenters inside the same region, so the workload can survive a complete zone or datacenter failure. For a requirement that explicitly includes datacenter-level resilience, zones are the correct choice. They provide stronger isolation than availability sets, which only protect against update domain and fault domain issues within a datacenter.

Why this answer

Option B is correct because deploying VMs in different availability zones protects against an entire datacenter failure. Each availability zone is a physically separate datacenter within an Azure region, with independent power, cooling, and networking. If one zone fails, the VM in the other zone remains available, ensuring business continuity for the app.

Exam trap

The trap here is that candidates confuse availability sets (which protect against rack-level failures within a single datacenter) with availability zones (which protect against entire datacenter failures), leading them to choose Option A instead of B.

How to eliminate wrong answers

Option A is wrong because an availability set with different update domains only protects against planned maintenance and some hardware failures within a single datacenter, not against an entire datacenter failure. Option C is wrong because a proximity placement group keeps VMs physically close to reduce latency, which actually increases the risk of both VMs failing if that single location fails. Option D is wrong because a single VM with Premium SSD and automatic restart cannot survive a datacenter failure; it still represents a single point of failure at the datacenter level.

161
MCQhard

A Windows VM fails to start after a configuration change. You need to capture screenshots and serial console output to troubleshoot the boot problem. Which feature should you use?

A.Azure Backup
B.Boot diagnostics
C.Just-in-Time VM access
D.Autoscale
AnswerB

Boot diagnostics provides screenshots and serial console output to troubleshoot startup issues.

Why this answer

Boot diagnostics captures serial console output and screenshots of a VM during boot, which is essential for troubleshooting boot failures after a configuration change. This feature provides logs and visual data from the VM's boot process, accessible via the Azure portal or CLI, without requiring guest OS access.

Exam trap

The trap here is that candidates confuse boot diagnostics with Azure Backup or recovery services, assuming that restoring from a backup is the primary troubleshooting step for boot failures, rather than using the built-in diagnostic feature that captures real-time boot data.

How to eliminate wrong answers

Option A is wrong because Azure Backup is a disaster recovery and data protection service that creates recovery point snapshots, not a tool for real-time boot troubleshooting or capturing serial console output. Option C is wrong because Just-in-Time (JIT) VM access is a security feature that controls inbound traffic to VMs via network security groups, unrelated to boot diagnostics. Option D is wrong because Autoscale is a scaling feature for VM scale sets or App Service plans that adjusts capacity based on metrics, not a diagnostic tool for individual VM boot issues.

162
MCQmedium

You need to deploy 30 identical Azure virtual machines for a web application and scale the instance count automatically based on CPU demand. Which Azure compute feature should you use?

A.An availability set
B.A Virtual Machine Scale Set
C.A Recovery Services vault
D.Boot diagnostics
AnswerB

Scale Sets provide grouped deployment and autoscaling.

Why this answer

Virtual Machine Scale Sets (VMSS) are designed specifically to deploy and manage a group of identical, load-balanced VMs that can automatically scale in or out based on CPU demand or other metrics. This matches the requirement for 30 identical VMs and autoscaling, making B the correct choice.

Exam trap

The trap here is that candidates often confuse availability sets (which provide high availability) with scale sets (which provide both high availability and autoscaling), leading them to pick A when the question explicitly requires automatic scaling based on demand.

How to eliminate wrong answers

Option A is wrong because an availability set only provides high availability by distributing VMs across fault and update domains; it does not support autoscaling or deployment of identical VMs as a group. Option C is wrong because a Recovery Services vault is used for backup and disaster recovery, not for deploying or scaling compute resources. Option D is wrong because boot diagnostics captures serial console output and screenshots for troubleshooting VM boot failures; it has no role in scaling or deploying multiple VMs.

163
MCQeasy

Based on the exhibit, the operations team wants to store the VM deployment definition in source control and deploy the same group of Azure VMs every sprint. The code should be readable and easy to review. What should they use?

A.Bicep template files stored in source control.
B.Manual creation in the Azure portal.
C.A one-time Azure CLI command typed into Cloud Shell.
D.A resource lock on the subscription.
AnswerA

Bicep is a declarative infrastructure-as-code format that is concise, readable, and easy to review in pull requests. It is well suited to repeatable Azure deployments from source control and supports modular design for VM infrastructure. This matches the team’s requirement for a readable, versioned deployment definition.

Why this answer

Bicep is a domain-specific language (DSL) for deploying Azure resources that provides a cleaner, more readable syntax compared to ARM JSON templates. Storing Bicep files in source control enables versioning, code review, and repeatable deployments via CI/CD pipelines, which aligns with the requirement to deploy the same VM group every sprint. The declarative nature of Bicep ensures the deployment definition is both human-readable and machine-executable.

Exam trap

The trap here is that candidates may confuse a deployment tool (like Bicep or ARM templates) with a management tool (like resource locks) or assume that a one-time CLI command is sufficient for repeatable deployments, overlooking the need for version-controlled, reviewable infrastructure-as-code.

How to eliminate wrong answers

Option B is wrong because manual creation in the Azure portal is not repeatable, not version-controlled, and introduces human error, making it unsuitable for deploying the same group of VMs every sprint. Option C is wrong because a one-time Azure CLI command is not stored in source control and cannot be easily reviewed or reused across sprints without manual re-entry or scripting, which defeats the purpose of a version-controlled deployment definition. Option D is wrong because a resource lock on the subscription prevents accidental deletion or modification but does not define or deploy any VM infrastructure; it is a governance tool, not a deployment mechanism.

164
MCQmedium

A stateless Linux API should start with 2 instances, scale out to 6 when average CPU stays above 75 percent for 10 minutes, and scale back in when load drops. Which Azure compute resource should the administrator deploy?

A.An availability set with manual VM resizing.
B.A virtual machine scale set with autoscale rules.
C.A single Standard D-series VM with scheduled shutdown.
D.A load balancer in front of two unmanaged VMs.
AnswerB

A virtual machine scale set is built for identical compute instances that need to scale horizontally. Autoscale rules can watch CPU, adjust the instance count automatically, and maintain the minimum and maximum capacity you define. This fits stateless services very well because any instance can handle incoming requests once traffic is distributed across the set.

Why this answer

A virtual machine scale set (VMSS) with autoscale rules is the correct choice because it natively supports scaling out and scaling in based on performance metrics like average CPU percentage. The requirement for a stateless Linux API with a minimum of 2 instances, scaling to 6 when CPU exceeds 75% for 10 minutes, and scaling back in when load drops is exactly the use case VMSS is designed for. Autoscale rules can be configured to use a scale-out and scale-in policy with a cool-down period, ensuring the application remains responsive while optimizing cost.

Exam trap

The trap here is that candidates may confuse an availability set with autoscaling, not realizing that availability sets only provide redundancy and fault tolerance, not dynamic scaling, or they may think a load balancer with two VMs is sufficient, overlooking the requirement for automatic scaling based on CPU thresholds.

How to eliminate wrong answers

Option A is wrong because an availability set provides high availability through fault and update domains but does not include any autoscaling capability; manual VM resizing requires administrator intervention and cannot automatically scale out or in based on CPU thresholds. Option C is wrong because a single Standard D-series VM with scheduled shutdown cannot scale out to multiple instances; it only provides a fixed compute capacity and cannot handle variable load by adding or removing instances. Option D is wrong because a load balancer in front of two unmanaged VMs provides load distribution and some redundancy but lacks autoscaling; scaling would require manual provisioning of additional VMs and updating the load balancer backend pool, which does not meet the requirement for automatic scaling based on CPU metrics.

165
MCQmedium

You need to deploy several identical virtual machines and ensure that the failure of a single Azure host does not affect all of them. Which feature should you use?

A.An availability set
B.A proximity placement group
C.A private endpoint
D.A custom script extension
AnswerA

Availability sets distribute VMs across fault and update domains to improve resilience.

Why this answer

An availability set distributes virtual machines across multiple fault domains (physical hosts) and update domains within an Azure datacenter. By placing VMs in an availability set, you ensure that a failure of a single Azure host (fault domain) does not affect all VMs, as each VM is placed on a different physical host. This meets the requirement for isolation from a single host failure.

Exam trap

The trap here is that candidates often confuse availability sets with availability zones, thinking zones are required for host failure isolation, but availability sets provide fault domain isolation within a single datacenter, which is sufficient for the stated requirement.

How to eliminate wrong answers

Option B is wrong because a proximity placement group is used to reduce network latency by placing VMs close together, not to isolate them from host failures. Option C is wrong because a private endpoint provides a private IP address for a service within a virtual network, and has no impact on VM placement or host failure resilience. Option D is wrong because a custom script extension is used to run scripts on a VM after deployment for configuration purposes, and does not affect the physical placement or fault tolerance of the VMs.

166
MCQmedium

A development environment uses temporary test VMs that can be rebuilt at any time. The administrator wants the operating system disk to provide the lowest practical latency and does not need the disk data to survive a deallocate operation. Which OS disk option should be selected?

A.Standard HDD managed disk.
B.Premium SSD managed disk.
C.Ephemeral OS disk.
D.Ultra Disk managed disk.
AnswerC

Ephemeral OS disks are intended for transient VMs and use local storage for very fast OS disk performance.

Why this answer

Ephemeral OS disks use the local VM storage (temporary disk) rather than remote managed storage, which provides the lowest possible latency because data is stored directly on the host node. Since the test VMs can be rebuilt at any time and the disk data does not need to survive a deallocate operation, the ephemeral disk is ideal—it is automatically deleted when the VM is deallocated or deleted, and it avoids the cost and performance overhead of managed disks.

Exam trap

The trap here is that candidates often choose Premium SSD (B) because they associate 'lowest latency' with premium managed disks, forgetting that ephemeral OS disks use local storage which is inherently faster and also meets the 'no persistence' requirement, while managed disks always persist data across deallocations.

How to eliminate wrong answers

Option A is wrong because Standard HDD managed disks are remote storage with high latency and are not optimized for low-latency workloads; they also persist data across deallocations, which is unnecessary here. Option B is wrong because Premium SSD managed disks, while low-latency, are still remote managed disks that persist data across deallocations and incur higher cost without providing the absolute lowest latency of local storage. Option D is wrong because Ultra Disk managed disks are remote, high-performance storage designed for extreme IOPS/latency but are overkill for temporary test VMs, persist data across deallocations, and are significantly more expensive than ephemeral disks.

167
MCQeasy

A line-of-business app will run on a single Azure virtual machine in a region that supports availability zones. The business wants the VM to keep running if one datacenter in the region fails. Which deployment choice should you use?

A.Place the VM in an availability set
B.Deploy the VM in an availability zone
C.Use a larger VM size
D.Use a custom image
AnswerB

An availability zone places the VM in a physically separate datacenter within the same Azure region. That design gives better resilience against a datacenter-level failure than an availability set. For a single VM, choosing a zone is the direct way to improve protection from one zone or datacenter going offline. It is the right operational choice when the region supports zones and the requirement is survivability during a datacenter outage.

Why this answer

Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying the VM in an an availability zone ensures that if one datacenter fails, the VM remains operational because it is hosted in a different zone. This directly meets the requirement for resilience against a single datacenter failure.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures within a datacenter) with availability zones (which protect against entire datacenter failures), leading them to incorrectly select availability set as the answer.

How to eliminate wrong answers

Option A is wrong because an availability set protects against failures within a single datacenter (e.g., rack or update domain failures) but does not protect against an entire datacenter outage. Option C is wrong because increasing the VM size only provides more compute resources (CPU/RAM) and has no impact on availability or fault tolerance. Option D is wrong because using a custom image affects the VM's operating system configuration but does not provide any redundancy or protection against datacenter failures.

168
MCQeasy

Two application VMs are in the same Azure region. They must stay available during planned host maintenance, but the business does not require protection from a full datacenter outage. Which placement option should you use?

A.Availability set
B.Availability zone
C.Shared disk
D.Snapshot set
AnswerA

An availability set spreads VMs across fault and update domains so planned maintenance affects only part of the group at a time.

Why this answer

An availability set distributes VMs across multiple fault domains (up to 3) and update domains (up to 20) within a single Azure datacenter. This ensures that during planned host maintenance, only one update domain is taken offline at a time, keeping the application VMs available. Since the requirement does not include protection from a full datacenter outage, an availability set is the correct and cost-effective placement option.

Exam trap

The trap here is that candidates often choose Availability zones because they see 'high availability' and assume it's always the best option, missing the explicit constraint that only planned host maintenance needs to be covered, not a full datacenter outage.

How to eliminate wrong answers

Option B (Availability zone) is wrong because it protects against a full datacenter outage by placing VMs in physically separate zones within a region, which is overkill and incurs additional inter-zone data transfer costs when the stated requirement only needs protection from planned host maintenance. Option C (Shared disk) is wrong because it is a storage configuration that allows multiple VMs to attach the same managed disk concurrently, not a placement option that controls fault or update domain isolation. Option D (Snapshot set) is wrong because Azure has no such concept as a 'snapshot set' for VM placement; snapshots are point-in-time copies of disks used for backup or recovery, not for high availability during maintenance.

169
MCQmedium

A web tier must use identical VMs, keep the desired instance count if one instance becomes unhealthy, and allow future horizontal expansion without creating VMs one by one. What should the administrator deploy?

A.An availability set because it automatically replaces unhealthy instances.
B.A virtual machine scale set with health-based instance management.
C.An Azure Dedicated Host to keep the VMs on one physical server.
D.A proximity placement group to ensure the VMs are distributed evenly.
AnswerB

A virtual machine scale set provides a managed pool of identical VMs and is the right choice when you want Azure to maintain instance count and support horizontal growth. It works well for web tiers because the platform can replace unhealthy instances and let you scale up or down as demand changes. This removes the need to create and maintain each VM individually.

Why this answer

A virtual machine scale set with health-based instance management is correct because it automatically maintains a desired number of identical VM instances, replaces unhealthy instances based on health probes, and supports horizontal scaling without manual VM creation. This aligns with the requirements for identical VMs, automatic instance replacement, and future expansion.

Exam trap

The trap here is that candidates often confuse an availability set's fault domain protection with automatic instance replacement, not realizing that availability sets only provide redundancy, not health-based remediation.

How to eliminate wrong answers

Option A is wrong because an availability set does not automatically replace unhealthy instances; it only provides high availability by distributing VMs across fault domains and update domains, but instance replacement requires manual intervention or additional automation. Option C is wrong because an Azure Dedicated Host places VMs on a single physical server for compliance or licensing, but it does not provide automatic instance replacement or scaling capabilities. Option D is wrong because a proximity placement group ensures VMs are physically close for low latency, but it does not manage instance health or enable horizontal scaling without manual VM creation.

170
MCQmedium

You need to reduce compute cost for a development virtual machine that is used only during business hours on weekdays. Which option provides the most direct built-in cost optimization?

A.Place the VM in an availability set.
B.Enable auto-shutdown on the VM.
C.Convert the OS disk to premium SSD v2.
D.Create a site-to-site VPN.
AnswerB

Auto-shutdown stops the VM on a schedule and directly reduces unnecessary runtime cost.

Why this answer

B is correct because enabling auto-shutdown on the VM directly stops the VM during non-business hours (e.g., evenings and weekends), eliminating compute costs (which are billed per second while the VM is running). This is a built-in Azure feature that requires no additional infrastructure or manual intervention, making it the most direct cost-optimization method for a development VM with a predictable usage schedule.

Exam trap

The trap here is that candidates may confuse high-availability features (availability sets) or connectivity features (VPN) with cost optimization, or mistakenly think upgrading to premium storage reduces costs, when in fact the most direct built-in method for compute cost reduction is stopping the VM during idle periods via auto-shutdown.

How to eliminate wrong answers

Option A is wrong because placing the VM in an availability set provides high availability by distributing VMs across fault and update domains, but it does not reduce compute costs—it may even increase costs if multiple VMs are required. Option C is wrong because converting the OS disk to premium SSD v2 increases storage cost (premium SSD v2 is more expensive per GB than standard HDD/SSD) and does not affect compute (vCPU/memory) billing; it is a performance upgrade, not a cost-saving measure. Option D is wrong because creating a site-to-site VPN establishes encrypted connectivity between on-premises and Azure, incurring VPN gateway hourly charges and data transfer costs, with no impact on the VM's compute billing.

171
MCQeasy

A team has an approved Windows VM that already includes patches, a monitoring agent, and line-of-business software. They want future VMs to start from that same build. What should they use?

A.A custom image
B.A snapshot of the OS disk
C.An availability set
D.A larger VM size
AnswerA

A custom image is the best option when you want future VMs to start from an approved, preconfigured build. The image captures the operating system plus installed software and settings so you can deploy consistent new VMs from the same baseline. This is a common way to standardize environments and speed up repeat deployments.

Why this answer

A custom image captures the exact state of a VM, including installed patches, monitoring agents, and line-of-business software, allowing you to create multiple identical VMs from that golden image. Unlike a snapshot, which is tied to a specific disk and requires manual steps to create a VM, a custom image is stored as a managed image resource that can be used directly during VM provisioning via the Azure portal, CLI, or ARM templates.

Exam trap

The trap here is confusing a snapshot (which is a disk-level backup) with a custom image (which is a deployable template that includes the OS and all software), leading candidates to choose the snapshot option because they think it can be used directly to create a VM with the same configuration.

How to eliminate wrong answers

Option B is wrong because a snapshot of the OS disk is a point-in-time copy of a disk, not a deployable image; you would need to create a managed disk from the snapshot and then attach it to a new VM, which does not provide the streamlined, repeatable deployment process of a custom image. Option C is wrong because an availability set is a logical grouping of VMs for high availability and fault tolerance, not a mechanism to capture or replicate a VM configuration or software state. Option D is wrong because a larger VM size changes the hardware resources (vCPUs, memory) but does not capture or replicate the software configuration, patches, or agents installed on the original VM.

172
MCQmedium

An operations team must administer Windows and Linux VMs that have no public IP addresses. They want to connect from a browser without installing a VPN client and without exposing RDP or SSH to the internet. Which Azure service should they deploy?

A.Azure Load Balancer
B.Azure Bastion
C.VPN Gateway point-to-site only
D.Application Gateway
AnswerB

Azure Bastion provides secure browser-based RDP and SSH access to VMs in a virtual network without needing public IP addresses on the VMs. It also avoids exposing management ports directly to the internet and does not require the user to install a VPN client. This makes it a strong fit for controlled administrative access in locked-down environments.

Why this answer

Azure Bastion provides secure, seamless RDP and SSH connectivity to virtual machines directly from the Azure portal over TLS, without requiring a public IP address on the VM, a VPN client, or exposing RDP/SSH ports to the internet. It uses a hardened bastion host inside the virtual network, proxying connections via the browser, which satisfies the requirement for browser-based access without additional client software.

Exam trap

The trap here is that candidates often confuse Azure Bastion with a VPN gateway or jump box, mistakenly thinking a VPN client or public IP is required for administrative access, when Bastion eliminates both by proxying connections directly from the Azure portal.

How to eliminate wrong answers

Option A is wrong because Azure Load Balancer distributes inbound traffic across backend resources but does not provide secure administrative access to VMs; it operates at Layer 4 (TCP/UDP) and cannot proxy RDP/SSH sessions through a browser. Option C is wrong because VPN Gateway point-to-site requires installing a VPN client on each connecting device and does not offer browser-based access; it also exposes the VPN endpoint to the internet. Option D is wrong because Application Gateway is a Layer 7 HTTP/HTTPS load balancer and web application firewall, not designed for RDP/SSH proxying; it cannot provide browser-based administrative connectivity to VMs.

173
MCQhard

A stateless web app runs on two Ubuntu VMs behind an Azure Load Balancer. The region supports availability zones. The business wants the app to survive a full datacenter outage and also avoid having both VMs on the same maintenance boundary. Which deployment should you choose?

A.Place both VMs in a single availability set.
B.Deploy one VM and rely on Azure Backup for recovery.
C.Place the VMs in separate availability zones in the same region.
D.Deploy both VMs without any fault-domain configuration.
AnswerC

Availability zones place workloads in physically separate datacenters within the same region. That design protects against a full zone or datacenter outage and also gives you a stronger isolation boundary than an availability set. Because the app has two VMs behind a load balancer, you can distribute them across zones and maintain service if one zone becomes unavailable.

Why this answer

Option C is correct because deploying the VMs in separate availability zones ensures they are placed in physically distinct datacenters within the same region, protecting against a full datacenter outage. Additionally, each availability zone has its own fault and update domains, so the VMs will never share the same maintenance boundary, meeting both business requirements.

Exam trap

The trap here is that candidates often confuse availability sets (which protect within a datacenter) with availability zones (which protect across datacenters), and fail to recognize that only zones can survive a full datacenter outage while also avoiding shared maintenance boundaries.

How to eliminate wrong answers

Option A is wrong because an availability set only protects against failures within a single datacenter by distributing VMs across fault domains and update domains, but it cannot survive a full datacenter outage. Option B is wrong because relying on Azure Backup for recovery does not provide high availability; it only enables data recovery after a failure, resulting in significant downtime and potential data loss. Option D is wrong because deploying both VMs without any fault-domain configuration means they could be placed on the same physical host or rack, making them vulnerable to simultaneous failure from a single hardware or maintenance event.

174
MCQeasy

Based on the exhibit, the business wants two Azure VMs to stay available if a host is patched or fails. A full datacenter outage is not part of the requirement. What should you use?

A.Deploy the VMs in an availability set.
B.Deploy the VMs in the same availability zone.
C.Use a virtual machine scale set with autoscale only.
D.Place both VMs on a dedicated host.
AnswerA

An availability set is designed to protect VMs from host-level issues such as planned maintenance and individual hardware failures. It spreads VMs across update and fault domains, which fits the requirement exactly when datacenter-level protection is not needed.

Why this answer

An availability set protects against failures within a single datacenter by distributing VMs across multiple fault domains (physical racks with separate power and network) and update domains (groups that are patched sequentially). This ensures that during host patching or a host failure, at least one VM remains available, meeting the requirement without needing to survive a full datacenter outage.

Exam trap

The trap here is that candidates often confuse availability zones (which protect against datacenter-level failures) with availability sets (which protect against host-level failures), leading them to choose zones even when the requirement explicitly excludes a full datacenter outage.

How to eliminate wrong answers

Option B is wrong because deploying VMs in the same availability zone places them in the same physical datacenter within a region, which does not protect against a host failure or patching event within that zone; availability zones are designed for datacenter-level redundancy, not host-level. Option C is wrong because a virtual machine scale set with autoscale only provides scaling based on demand but does not inherently distribute VMs across fault or update domains unless configured with an availability set or zones, and autoscale alone does not guarantee availability during host patching or failure. Option D is wrong because placing both VMs on a dedicated host means they share the same physical server; if that host is patched or fails, both VMs go down, violating the availability requirement.

175
Multi-Selectmedium

You are designing a highly available application on Azure that will run on multiple virtual machines. The solution must meet the following requirements: • Distribute VMs across multiple fault domains and update domains within a single Azure region. • Guarantee that at least one VM instance is available during planned maintenance. • Support automatic recovery of VMs if a physical server fails. • Keep the VMs in the same datacenter to minimize latency. Which three options should you configure? (Choose three.)

Select 4 answers
.Place the VMs in an availability set.
.Place the VMs in an availability zone.
.Configure the VMs to use managed disks.
.Configure the VMs to use unmanaged disks stored in a single storage account.
.Configure the application to use an Azure Load Balancer with a health probe.
.Configure the VMs to use a proximity placement group.

Why this answer

An availability set distributes VMs across multiple fault domains and update domains within a single Azure region, ensuring that at least one VM instance is available during planned maintenance and that VMs are in the same datacenter to minimize latency. Managed disks are required for VMs in an availability set to support automatic recovery if a physical server fails, as they provide higher durability and independent fault domains. A proximity placement group is needed to guarantee that VMs in the availability set are placed in the same datacenter, minimizing latency between them.

Exam trap

The trap here is that candidates often confuse availability zones with availability sets, not realizing that availability zones separate VMs across different datacenters (increasing latency), while availability sets keep VMs in the same datacenter but across different fault and update domains.

176
Multi-Selecteasy

A managed data disk was accidentally deleted from a VM. A snapshot taken the day before is still available. Which two actions should the administrator perform to recover the data? Select two.

Select 2 answers
A.Create a new managed disk from the snapshot.
B.Attach the new managed disk to the VM.
C.Mount the snapshot directly as a data disk.
D.Redeploy the VM and reinstall the operating system.
E.Delete the snapshot after verifying it exists.
AnswersA, B

A snapshot must be turned into a managed disk before it can be attached to a running VM.

Why this answer

Option A is correct because a snapshot is a point-in-time, read-only copy of a managed disk. To recover the data, you must create a new managed disk from the snapshot using the `az disk create --source` command or the Azure portal. This new disk will contain the exact data as it existed when the snapshot was taken.

Exam trap

The trap here is that candidates confuse snapshots with disks, assuming a snapshot can be directly attached to a VM, when in fact Azure requires an explicit disk creation step from the snapshot before attachment.

177
MCQhard

An Azure VM backup job starts failing immediately after protection is enabled. The error states that the VM agent is not ready. The VM was created from a custom image and no extensions have ever installed successfully. What should the administrator verify first?

A.That the Recovery Services vault is in the same resource group as the VM.
B.That the Azure VM Agent service is installed and running inside the guest OS.
C.That soft delete is enabled on the vault.
D.That the subscription has enough free Azure Backup storage capacity.
AnswerB

Azure VM Backup depends on the VM guest agent to coordinate extensions and backup integration. If the agent is missing, stopped, or unhealthy, backup jobs can fail immediately with a readiness message. Verifying the agent state is the correct first troubleshooting step before looking at policy, retention, or vault configuration.

Why this answer

The error 'VM agent not ready' indicates that the Azure Backup extension cannot communicate with the VM agent inside the guest OS. Since the VM was created from a custom image and no extensions have ever installed successfully, the most likely cause is that the Azure VM Agent service is not installed or not running. The agent is required for backup extensions to function, so verifying its status inside the guest OS is the first troubleshooting step.

Exam trap

The trap here is that candidates often assume the issue is a vault configuration or capacity problem, but the 'VM agent not ready' error specifically points to a missing or non-functional guest agent, which is a common oversight when using custom images.

How to eliminate wrong answers

Option A is wrong because the Recovery Services vault does not need to be in the same resource group as the VM; it only needs to be in the same region and subscription. Option C is wrong because soft delete is a data protection feature for backup items, not a prerequisite for backup job initiation or agent readiness. Option D is wrong because insufficient backup storage capacity would cause a different error (e.g., 'Insufficient storage quota'), not a 'VM agent not ready' error.

178
Multi-Selecthard

A reporting server must be resized from 4 vCPU to 8 vCPU for a four-hour batch window. The VM name, NIC, private IP, and attached managed disks must stay the same, and the team accepts a brief outage during the change. Which two actions should you choose? Select two.

Select 2 answers
A.Deallocate the VM before changing its size.
B.Resize the VM to a larger supported size.
C.Delete the VM and recreate it with a new size.
D.Generalize the VM first to preserve the existing configuration.
E.Take a snapshot of the OS disk instead of resizing.
AnswersA, B

Most VM size changes require the VM to be deallocated first. This step preserves the VM resource and attached managed disks while allowing Azure to move the compute allocation.

Why this answer

Option A is correct because deallocating the VM (stopping it in the Azure portal) releases the underlying hardware reservation, which is required before changing the VM size to a different SKU. This ensures the VM can be resized to a supported size without conflicts, and the brief outage is acceptable as stated in the scenario.

Exam trap

The trap here is that candidates may think resizing a VM can be done while it is running (hot resize) for all sizes, but Azure only supports hot resize for certain VM series; for most size changes, deallocation is required, and the question explicitly states a brief outage is acceptable, making deallocation the correct approach.

179
Multi-Selecthard

A stateless web service runs on identical VMs and must keep serving traffic if Microsoft takes one datacenter out of service in the region. The load must also scale out automatically during peak hours, and instances should be spread across independent zone boundaries. Which two configurations should the administrator use? Select two.

Select 2 answers
A.Virtual machine scale set
B.Availability zones
C.Availability set
D.Proximity placement group
E.Dedicated host
AnswersA, B

This supports automatic scale-out and simplifies running multiple identical VM instances.

Why this answer

A is correct because Virtual Machine Scale Sets (VMSS) provide built-in autoscaling capabilities that automatically adjust the number of VM instances based on demand (e.g., CPU or memory metrics), ensuring the web service scales out during peak hours. Additionally, VMSS supports spreading instances across availability zones, which protects against a single datacenter failure by distributing VMs across independent zone boundaries within a region.

Exam trap

The trap here is that candidates often confuse Availability Sets (which protect against rack-level failures within one datacenter) with Availability Zones (which protect against full datacenter outages), leading them to select Availability Set instead of Availability Zones for cross-datacenter resilience.

180
MCQhard

A virtual machine scale set must increase instance count when average CPU exceeds 75 percent and decrease when it stays below 30 percent. What Azure feature should you configure?

A.Availability zones
B.Autoscale settings
C.Azure Policy
D.Update management
AnswerB

Autoscale handles metric-based scale-out and scale-in for a VM scale set.

Why this answer

Autoscale settings are the correct feature because they allow you to define scale-out and scale-in rules based on performance metrics like average CPU percentage. In this scenario, you would configure a scale-out rule to increase the instance count when average CPU exceeds 75% and a scale-in rule to decrease it when CPU stays below 30%.

Exam trap

The trap here is that candidates may confuse Autoscale with Availability zones, thinking that distributing instances across zones automatically handles scaling, but zones only provide redundancy, not dynamic capacity adjustment based on load.

How to eliminate wrong answers

Option A is wrong because Availability zones are a high-availability feature that distributes instances across physically separate datacenters within a region, not a mechanism for scaling based on CPU thresholds. Option C is wrong because Azure Policy is used to enforce organizational standards and compliance rules on resources, not to dynamically adjust instance counts based on performance metrics. Option D is wrong because Update management is a feature for managing OS updates and patches on VMs, not for scaling instances based on CPU utilization.

181
MCQmedium

You need to run a script on VM-App02 immediately after deployment to install a custom monitoring agent. The solution should not require opening additional inbound management ports. What should you use?

A.Boot diagnostics
B.Custom Script Extension
C.An inbound NSG rule for WinRM
D.A proximity placement group
AnswerB

This is designed to run post-deployment scripts on the VM.

Why this answer

The Custom Script Extension (CSE) is the correct choice because it allows you to run a script on a VM immediately after deployment without opening any inbound management ports. CSE downloads and executes scripts on the VM via the Azure fabric, using the VM's outbound connectivity to Azure storage or GitHub, and does not require any inbound port (like RDP or WinRM) to be open. This meets the requirement of not opening additional inbound management ports while enabling post-deployment configuration.

Exam trap

The trap here is that candidates often confuse the Custom Script Extension with other VM management features like boot diagnostics or inbound port rules, mistakenly thinking they need to open a port (like WinRM or SSH) to run a script, when the extension uses the VM's outbound-only communication channel.

How to eliminate wrong answers

Option A is wrong because Boot diagnostics captures serial console output and screenshots for troubleshooting boot failures, but it cannot execute scripts or install software on the VM. Option C is wrong because an inbound NSG rule for WinRM would open port 5985/5986, which is an inbound management port, directly violating the requirement to not open additional inbound management ports. Option D is wrong because a proximity placement group is used to reduce network latency between VMs by placing them close together in an Azure datacenter; it has no capability to run scripts or install software.

182
MCQmedium

You plan to deploy two virtual machines that run the same line-of-business application. The VMs must remain available during planned maintenance of the Azure platform, but autoscaling is not required. What should you use?

A.A Virtual Machine Scale Set.
B.An availability set.
C.Azure Container Apps.
D.A private endpoint.
AnswerB

This is the classic fit for a small set of highly available VMs.

Why this answer

An availability set ensures that VMs are distributed across multiple fault domains and update domains within an Azure datacenter. This protects against both hardware failures (fault domains) and planned Azure platform maintenance (update domains), as only one update domain is rebooted at a time. Since autoscaling is not required, an availability set is the correct choice for high availability during planned maintenance.

Exam trap

The trap here is that candidates often confuse availability sets (for planned maintenance and hardware fault tolerance) with Virtual Machine Scale Sets (for autoscaling and load balancing), leading them to select the scale set even when autoscaling is explicitly not required.

How to eliminate wrong answers

Option A is wrong because a Virtual Machine Scale Set provides autoscaling and load balancing capabilities, which are explicitly not required here, and it is overkill for simply ensuring availability during planned maintenance. Option C is wrong because Azure Container Apps is a serverless container platform for microservices, not designed for running traditional VMs with a line-of-business application that requires VM-level availability during maintenance. Option D is wrong because a private endpoint provides secure, private connectivity to Azure PaaS services over a private IP address; it does not provide any availability or redundancy for VMs during platform maintenance.

183
MCQmedium

A Windows Azure VM must download configuration data from Azure Key Vault during first boot. Security policy forbids storing passwords, certificates, or client secrets on the VM. What should the administrator configure?

A.Create a service principal and place its secret in the VM's startup script.
B.Enable a system-assigned managed identity on the VM and grant it Key Vault access.
C.Attach a custom script extension that embeds the Key Vault password in plain text.
D.Use an Entra ID user account and sign in interactively after deployment.
AnswerB

A system-assigned managed identity gives the VM an automatically managed identity with no stored credentials. The VM can authenticate to Key Vault through Azure AD and receive only the permissions it needs. Because the identity is tied to the VM lifecycle, it is ideal for first-boot configuration tasks that must avoid passwords, certificates, and client secrets.

Why this answer

A system-assigned managed identity provides an automatically managed service principal in Entra ID, tied to the VM's lifecycle. Granting this identity the appropriate Key Vault access policy (e.g., Get, List secrets) allows the VM to authenticate to Key Vault without any stored credentials, satisfying the security policy. The VM can then retrieve configuration data during first boot using the Azure Instance Metadata Service (IMDS) endpoint.

Exam trap

The trap here is that candidates may think a service principal with a stored secret (Option A) is required for automated access, overlooking that managed identities eliminate the need for any stored credentials.

How to eliminate wrong answers

Option A is wrong because placing a service principal secret in the VM's startup script violates the security policy that forbids storing passwords, certificates, or client secrets on the VM, and the secret would be exposed in the script. Option C is wrong because embedding the Key Vault password in plain text within a custom script extension directly violates the security policy and exposes the credential in the script and potentially in logs. Option D is wrong because using an Entra ID user account for interactive sign-in is not automated for first-boot configuration and would require manual intervention, defeating the purpose of unattended deployment.

184
MCQeasy

After applying a custom image, a VM restarts to a black screen and never reaches the sign-in prompt. The administrator wants the fastest way to inspect the boot process without connecting to the guest OS. What should be used?

A.Azure Advisor
B.Boot diagnostics
C.Managed identity
D.Azure Policy
AnswerB

Boot diagnostics captures console output and screenshots from the VM startup process. When a VM fails before reaching the sign-in screen, this is often the fastest place to look for boot errors, driver issues, or configuration problems. It gives administrators visibility into what happened before the operating system completed startup, without requiring guest access.

Why this answer

Boot diagnostics captures serial console output and screenshots of the VM during the boot process, allowing you to inspect boot failures like a black screen without needing to connect to the guest OS. This is the fastest method because it provides immediate, out-of-band access to boot logs and visual state, even when the OS is unresponsive.

Exam trap

The trap here is that candidates may confuse Azure Advisor's 'diagnostic' recommendations with actual boot diagnostics, or assume Managed Identity can somehow 'log in' to inspect the OS, when only Boot Diagnostics provides host-level, out-of-band boot visibility.

How to eliminate wrong answers

Option A is wrong because Azure Advisor provides recommendations for cost, security, reliability, and performance, but it does not capture or expose boot-time logs or screenshots. Option C is wrong because Managed Identity is an Azure Active Directory feature for authenticating to Azure resources without secrets; it has no capability to inspect VM boot processes. Option D is wrong because Azure Policy enforces compliance rules on resource configurations (e.g., tagging, allowed SKUs) and cannot access or display boot diagnostics data.

185
MCQeasy

You are deploying a new Windows VM and want it to start with the same custom software and configuration that already exist on an approved production VM. What should you use as the source for the new VM?

A.A marketplace image
B.A custom image
C.A snapshot of the OS disk
D.An availability set
AnswerB

A custom image captures the OS and approved configuration so new VMs can be deployed with the same baseline.

Why this answer

A custom image captures the exact OS configuration, installed software, and settings from a source VM, allowing you to deploy new VMs with identical customizations. Unlike a marketplace image, which provides only a generic OS, a custom image preserves all modifications made to the approved production VM, including applications and system tweaks.

Exam trap

The trap here is that candidates often confuse a snapshot with a custom image, not realizing that a snapshot is a disk-level backup requiring additional steps to create a deployable VM, whereas a custom image is directly usable for VM creation with the exact software and configuration.

How to eliminate wrong answers

Option A is wrong because a marketplace image provides only a generic, unmodified OS or pre-configured template from Azure, not the specific custom software and configuration from your production VM. Option C is wrong because a snapshot of the OS disk captures a point-in-time copy of the disk but cannot be directly used as a source for deploying a new VM; it must first be converted into a managed disk or custom image. Option D is wrong because an availability set is a logical grouping for high availability and fault tolerance, not a source for VM deployment or configuration.

186
MCQhard

You need to ensure that a virtual machine is protected by Azure Backup and can be restored from centralized backup data if the VM is deleted. Which Azure resource should you configure first?

A.A Recovery Services vault
B.An availability set
C.A network security group
D.A public IP address
AnswerA

A Recovery Services vault is required to centrally manage Azure VM backups.

Why this answer

A Recovery Services vault is the foundational Azure resource for Azure Backup. It stores backup data and recovery points, enabling centralized backup management and restoration even if the original VM is deleted. Without first configuring a Recovery Services vault, you cannot define backup policies or initiate backups for the VM.

Exam trap

The trap here is that candidates may confuse high-availability resources (like availability sets) with backup/recovery resources, failing to recognize that a Recovery Services vault is the prerequisite for any Azure Backup operation.

How to eliminate wrong answers

Option B is wrong because an availability set is a logical grouping of VMs to ensure high availability across fault domains and update domains, not a backup or recovery resource. Option C is wrong because a network security group (NSG) filters inbound and outbound traffic to a VM or subnet, providing network security but no backup or restore capabilities. Option D is wrong because a public IP address is a networking resource for internet-facing communication, unrelated to backup or recovery operations.

187
MCQeasy

A Linux VM restarts after a configuration change and now stops before the sign-in prompt. The administrator cannot use SSH. Which Azure feature should be checked first to inspect the startup process?

A.Boot diagnostics
B.Network Watcher packet capture
C.Azure Advisor
D.Managed identity
AnswerA

Boot diagnostics provides a screenshot and console log for early VM startup troubleshooting.

Why this answer

Boot diagnostics captures serial console output and screenshots of the VM, allowing you to view kernel messages, boot logs, and the exact point where the startup process halts. Since SSH is unavailable and the VM stops before the sign-in prompt, this is the first Azure feature to check for troubleshooting the boot sequence.

Exam trap

The trap here is that candidates often confuse Boot diagnostics with Network Watcher or assume Azure Advisor can provide real-time troubleshooting, but only Boot diagnostics gives direct access to the VM's serial console and boot logs when SSH is unavailable.

How to eliminate wrong answers

Option B is wrong because Network Watcher packet capture is used for analyzing network traffic to and from the VM, not for inspecting the OS startup process or boot logs. Option C is wrong because Azure Advisor provides recommendations for cost, security, reliability, and performance, but it does not offer real-time boot-level diagnostics or access to serial console output. Option D is wrong because managed identity is an Azure Active Directory feature for authenticating to Azure resources without credentials; it has no role in inspecting the VM's boot sequence or startup logs.

188
MCQmedium

Based on the exhibit, which deployment change best meets the resilience requirement for the application VMs?

A.Keep both VMs in the same availability set to spread them across update domains only.
B.Place each VM in a different availability zone and keep the load balancer in front.
C.Deploy both VMs into a proximity placement group to reduce latency between them.
D.Move the VMs into a single availability set and add more managed disks for redundancy.
AnswerB

Availability zones provide isolation across datacenters within the same region. By placing the two VMs in different zones, the workload can continue if one zone or datacenter becomes unavailable. The load balancer can direct traffic to the surviving VM. This design matches the stated requirement more closely than an availability set, which only spreads VMs across fault and update domains inside a single datacenter cluster.

Why this answer

Option B is correct because deploying each VM into a different availability zone ensures that the VMs are physically separated across distinct data centers within an Azure region, protecting against zone-level failures. The load balancer in front distributes traffic across the VMs, providing high availability even if one zone goes offline. This meets the resilience requirement by eliminating a single point of failure at the data center level.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures within a single data center) with availability zones (which protect against full data center outages), leading them to choose Option A thinking it provides sufficient resilience.

How to eliminate wrong answers

Option A is wrong because keeping both VMs in the same availability set only spreads them across update domains (to handle planned maintenance) and fault domains (to handle rack-level failures), but it does not protect against a full data center or zone outage—both VMs could still be in the same zone. Option C is wrong because a proximity placement group is designed to reduce network latency between VMs by keeping them close together, which actually increases the risk of simultaneous failure and does not improve resilience. Option D is wrong because moving VMs into a single availability set and adding more managed disks does not provide zone-level redundancy; additional disks do not protect against VM or zone failure, and the VMs remain vulnerable to a single data center outage.

189
MCQmedium

An Azure virtual machine was moved to a host that is experiencing intermittent issues. You need to move the VM to a different Azure host while keeping the existing managed disks and configuration. Which action should you perform?

A.Stop
B.Restart
C.Redeploy
D.Capture
AnswerC

Redeploy moves the VM to a new host while preserving its disks and configuration.

Why this answer

Redeploying the VM (Option C) is the correct action because it moves the VM to a new Azure host node while preserving the existing managed disks, virtual network, and configuration. The Azure platform automatically selects a healthy host, resolves transient hardware issues, and maintains the VM's identity and associated resources.

Exam trap

The trap here is that candidates confuse 'Stop' (which deallocates but may not change the host) with 'Redeploy' (which explicitly forces a host migration), or they mistakenly think 'Restart' is sufficient to fix hardware issues when it only reboots the OS on the same faulty host.

How to eliminate wrong answers

Option A (Stop) is wrong because stopping the VM only deallocates it, releasing the compute resources but not forcing a migration to a different host; the VM may be placed back on the same problematic host when started. Option B (Restart) is wrong because a restart simply reboots the OS on the same host, which does not address underlying host hardware issues. Option D (Capture) is wrong because capturing creates a generalized image of the VM, which is intended for creating new VMs from a template, not for moving an existing VM to a different host while retaining its current state and configuration.

190
MCQeasy

A development VM is rebuilt often and does not need its operating system disk contents to survive deallocation. The team wants the lowest practical disk latency for the OS. Which disk option should the administrator choose?

A.Standard HDD managed disk
B.Ephemeral OS disk
C.Geo-redundant storage for the OS disk
D.A data disk formatted as the boot disk
AnswerB

An ephemeral OS disk is stored on the host and offers very low latency, which fits temporary or rebuildable VMs.

Why this answer

Ephemeral OS disks use the local VM storage (SSD) rather than Azure managed disks, providing the lowest latency for OS read/write operations. Since the VM is rebuilt often and disk persistence is not required, the ephemeral disk is ideal because its contents are lost when the VM is deallocated, eliminating the need for a separate managed disk.

Exam trap

The trap here is that candidates often choose Standard HDD (Option A) thinking it is the cheapest option, but they overlook that 'lowest practical disk latency' explicitly requires performance, not cost, and that Ephemeral OS disks provide both low latency and zero cost for the OS disk itself (since it uses local storage).

How to eliminate wrong answers

Option A is wrong because Standard HDD managed disks have significantly higher latency compared to local SSD storage, making them unsuitable for the lowest practical disk latency requirement. Option C is wrong because geo-redundant storage (GRS) is a replication option for managed disks that increases latency due to asynchronous replication across regions and does not address the need for low latency; it also persists data unnecessarily for a non-persistent workload. Option D is wrong because a data disk formatted as the boot disk is not a supported Azure configuration; the OS disk must be attached as the boot disk, and using a data disk for boot would require custom, unsupported setups that do not provide lower latency than an ephemeral OS disk.

191
MCQeasy

You deploy a Windows Server VM and need to run several PowerShell commands after deployment without signing in to the VM. Which Azure feature should you use?

A.Use the Custom Script Extension on the VM.
B.Put the VM in an availability zone.
C.Attach a managed identity and rely on Azure Policy.
D.Create a snapshot before startup.
AnswerA

The Custom Script Extension runs commands inside the guest after deployment and does not require interactive sign-in.

Why this answer

The Custom Script Extension (CSE) is the correct Azure feature because it allows you to run PowerShell or Bash scripts on a VM after deployment without requiring interactive sign-in. It executes the script via the Azure VM Agent, which runs as a local system process, making it ideal for post-deployment configuration tasks like installing software or running commands.

Exam trap

The trap here is confusing post-deployment script execution with other VM management features like availability zones or managed identities, which serve entirely different purposes (high availability and authentication, respectively).

How to eliminate wrong answers

Option B is wrong because availability zones are a high-availability feature that protects VMs from datacenter failures, not a mechanism for executing scripts. Option C is wrong because managed identities provide Azure AD authentication for accessing Azure resources, not a way to run scripts on a VM; Azure Policy enforces compliance rules but does not execute scripts. Option D is wrong because a snapshot captures the disk state for backup or recovery, not for running commands after deployment.

192
Matchingeasy

Match each image or placement term to the administrator need it supports.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Used to deploy multiple new VMs from a prepared standard build.

Used to create a new VM that keeps the source machine's existing state.

Helps protect against host or maintenance failures inside one datacenter.

Helps protect against a full datacenter outage in a region.

Why these pairings

Availability Set protects against rack failures; Availability Zone protects against datacenter failures; Proximity Placement Group reduces latency; Scale Set provides auto-scaling; VNet isolates network; Load Balancer distributes traffic.

193
MCQhard

A virtual machine named VM-App01 hosts a critical internal application. You need to protect the VM so that it can be restored if the VM is deleted or corrupted. The solution must provide centralized backup management and retention policies. What should you use?

A.Azure Backup with a Recovery Services vault.
B.Managed disk snapshots only.
C.Azure Site Recovery only.
D.Boot diagnostics.
AnswerA

This provides centralized VM protection, retention policies, and restore capabilities.

Why this answer

Azure Backup with a Recovery Services vault is the correct choice because it provides centralized backup management, configurable retention policies, and the ability to restore a VM even if it is deleted or corrupted. Unlike snapshots, Azure Backup stores backups in a separate vault, supports application-consistent backups via the Volume Shadow Copy Service (VSS), and offers long-term retention with backup policies.

Exam trap

The trap here is that candidates often confuse Azure Backup (for backup and retention) with Azure Site Recovery (for disaster recovery), or assume that disk snapshots alone are sufficient for full VM recovery, ignoring the need for centralized management and retention policies.

How to eliminate wrong answers

Option B is wrong because managed disk snapshots are stored in the same region as the source disk, do not provide centralized management or retention policies, and cannot restore a VM if the VM itself is deleted (snapshots are tied to the disk, not the VM configuration). Option C is wrong because Azure Site Recovery is designed for disaster recovery and replication to a secondary region, not for backup with retention policies or restoration from accidental deletion or corruption. Option D is wrong because boot diagnostics captures serial console logs and screenshots for troubleshooting boot failures, not backup or restore capabilities.

194
MCQmedium

You need to deploy 25 identical Azure virtual machines for a web application and scale the number of instances automatically based on CPU demand. Which Azure compute feature should you use?

A.An availability set
B.A Virtual Machine Scale Set
C.A Recovery Services vault
D.Boot diagnostics
AnswerB

VM Scale Sets provide group deployment and autoscaling for identical virtual machines.

Why this answer

A Virtual Machine Scale Set (VMSS) is the correct Azure compute feature because it allows you to deploy and manage a group of identical, load-balanced VMs whose number can automatically increase or decrease in response to CPU demand using autoscale rules. This directly meets the requirement for 25 identical VMs with automatic scaling based on CPU metrics.

Exam trap

The trap here is that candidates often confuse an availability set (which provides high availability) with a Virtual Machine Scale Set (which provides both identical deployment and autoscaling), leading them to select Option A because they focus on the 'identical VMs' requirement without recognizing that autoscaling is the key differentiator.

How to eliminate wrong answers

Option A is wrong because an availability set is a logical grouping of VMs that protects against hardware failures within a datacenter by distributing VMs across fault domains and update domains, but it does not provide any automatic scaling capability or the ability to deploy identical instances as a single unit. Option C is wrong because a Recovery Services vault is a storage entity in Azure used for backup and disaster recovery data (such as Azure Backup and Azure Site Recovery), not for deploying or scaling compute resources. Option D is wrong because boot diagnostics is a feature that enables troubleshooting of VM boot failures by capturing serial console output and screenshots; it has no role in deploying multiple VMs or scaling them automatically.

195
Multi-Selectmedium

Which three of the following are valid ways to achieve high availability for a virtual machine workload running in Azure? (Choose three.)

Select 3 answers
.Deploy the VM inside an Availability Set with two or more VMs.
.Use an Availability Zone by deploying VMs into different zones within the same region.
.Configure a VM Scale Set with a minimum instance count of 2 and spread across fault domains.
.Assign a public IP address to each VM to enable load balancing.
.Set the VM’s operating system disk to a Premium SSD tier to reduce disk latency.
.Enable Azure Backup on the VM to protect against regional disasters.

Why this answer

Deploying a VM inside an Availability Set with two or more VMs ensures high availability by placing the VMs across multiple fault domains and update domains within a single Azure datacenter. This protects against hardware failures and planned maintenance events, as at least one VM remains available during an outage or update cycle.

Exam trap

The trap here is confusing high-availability mechanisms (like redundancy and automatic failover) with performance improvements (Premium SSD) or data protection (Azure Backup), leading candidates to select options that improve speed or recovery but do not ensure continuous uptime.

196
MCQeasy

Based on the exhibit, which deployment choice should the administrator use to keep the application available if one datacenter in the Azure region fails?

A.Place both VMs in the same availability set.
B.Deploy the VMs across separate availability zones.
C.Use a proximity placement group for both VMs.
D.Use a larger VM size for each virtual machine.
AnswerB

Availability zones place resources in physically separate datacenters within the region. If one datacenter fails, the other zone can continue serving traffic. This matches the requirement for surviving a single datacenter outage and is the preferred Azure design when zone support is available.

Why this answer

Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying VMs across separate availability zones ensures that if one datacenter fails, the application remains available in the other zone, providing resilience against datacenter-level failures.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack failures) with availability zones (which protect against datacenter failures), leading them to incorrectly choose an availability set for datacenter-level resilience.

How to eliminate wrong answers

Option A is wrong because an availability set protects against rack-level failures within a single datacenter, not against a full datacenter failure. Option C is wrong because a proximity placement group is designed to reduce network latency by co-locating VMs, which actually increases the risk of simultaneous failure if the datacenter goes down. Option D is wrong because using a larger VM size does not provide any fault tolerance or redundancy; it only increases compute capacity, not availability.

197
Multi-Selecthard

A data disk on VM-Data01 was corrupted after a bad patch, and you already have a snapshot taken last night. The OS disk should remain unchanged. Which two actions should you take to restore only the data disk? Select two.

Select 2 answers
A.Create a managed disk from the snapshot.
B.Attach the restored managed disk to VM-Data01.
C.Redeploy the VM and expect the data disk to revert automatically.
D.Generalize the VM and redeploy it from the snapshot.
E.Replace the snapshot with the current data disk to roll back the VM.
AnswersA, B

A snapshot is not directly attached to a VM. You must first create a managed disk from the snapshot so Azure can present it as an attachable storage object.

Why this answer

Option A is correct because a snapshot is a point-in-time copy of a disk that can be used to create a new managed disk. Since you have a snapshot of the corrupted data disk from last night, creating a managed disk from that snapshot restores the data to its state at the time of the snapshot, leaving the OS disk untouched.

Exam trap

The trap here is that candidates may confuse redeploying a VM (which only moves the VM to a new host) with restoring disk data, or mistakenly think a snapshot can be directly attached to a VM without first creating a managed disk.

198
Multi-Selecthard

A build pipeline needs to run a Linux container for about 15 minutes whenever a request arrives. The job never needs inbound traffic, clustering, or persistent node management. A second workload is a public web app that needs built-in TLS, deployment slots, and autoscale. Which two Azure compute services should the administrator choose? Select two.

Select 2 answers
A.Azure Container Instances
B.Azure App Service
C.Azure Kubernetes Service
D.Azure Virtual Machines
E.Azure Functions
AnswersA, B

This is a serverless container host that fits short-lived, on-demand container jobs.

Why this answer

Azure Container Instances (ACI) is the correct choice for the first workload because it allows you to run a Linux container on demand without managing any underlying infrastructure, and it supports a 15-minute execution time perfectly with its per-second billing and no requirement for persistent nodes or inbound traffic. Azure App Service is correct for the second workload because it natively provides built-in TLS/SSL termination, deployment slots for staging and swapping, and autoscale capabilities out of the box, making it ideal for a public web app.

Exam trap

The trap here is that candidates often choose Azure Kubernetes Service for any container workload, overlooking that ACI is simpler and cheaper for ephemeral, single-container tasks, and they may also pick Azure Functions for the web app without realizing it lacks native deployment slots and built-in TLS management compared to App Service.

199
MCQeasy

Two app VMs must stay available during planned host maintenance in the same region. Datacenter-level redundancy is not required, but the VMs should be spread across update domains. What should you configure?

A.Availability set
B.Availability zone
C.Azure Backup
D.Managed disk
AnswerA

An availability set spreads VMs across fault and update domains to reduce the impact of host maintenance and hardware failure.

Why this answer

An availability set logically groups VMs to protect against planned maintenance events by distributing them across up to 3 fault domains and 20 update domains. This ensures that during host maintenance, only one update domain is taken offline at a time, keeping the other VMs available. Since datacenter-level redundancy is not required, an availability set is the correct choice.

Exam trap

The trap here is that candidates often confuse availability zones (which provide datacenter-level redundancy) with availability sets (which provide intra-datacenter fault and update domain distribution), leading them to select availability zones even when the question explicitly states datacenter-level redundancy is not required.

How to eliminate wrong answers

Option B is wrong because availability zones provide datacenter-level redundancy by placing VMs in physically separate datacenters within a region, which is explicitly not required. Option C is wrong because Azure Backup is a backup and restore service, not a high-availability or maintenance-resilience feature. Option D is wrong because managed disks are a storage management feature that simplifies disk management and provides durability, but they do not distribute VMs across update domains or protect against planned maintenance.

200
MCQeasy

A reporting server will run an in-memory analytics application that needs 8 vCPUs and 64 GiB of RAM. The administrator wants a VM family that is a good fit for memory-heavy workloads. Which VM family should be chosen?

A.Memory-optimized VM family
B.Burstable VM family
C.Compute-optimized VM family
D.Storage-optimized VM family
AnswerA

Memory-optimized sizes are designed for workloads that need a higher memory-to-vCPU ratio than general-purpose sizes. They are a practical fit for analytics engines, large caches, and in-memory databases where RAM is the main constraint. Choosing this family helps the team meet the workload requirement without paying for unnecessary specialized features that do not address the sizing need.

Why this answer

Memory-optimized VM families (e.g., Azure E-series) are designed for workloads that require a high memory-to-vCPU ratio, such as in-memory analytics applications. The requirement of 64 GiB of RAM for 8 vCPUs (8:1 ratio) aligns with the memory-optimized profile, which offers up to 8 GiB per vCPU or more, ensuring the application's data fits entirely in RAM for low-latency processing.

Exam trap

The trap here is that candidates may confuse 'memory-heavy' with 'compute-heavy' and choose compute-optimized VMs, overlooking the specific memory-to-vCPU ratio required for in-memory analytics.

How to eliminate wrong answers

Option B is wrong because burstable VM families (e.g., Azure B-series) are intended for workloads with variable CPU usage that can burst, not for consistent high-memory demands; they have limited memory per vCPU and are not suitable for memory-heavy analytics. Option C is wrong because compute-optimized VM families (e.g., Azure F-series) prioritize high CPU performance with a lower memory-to-vCPU ratio (typically 2 GiB per vCPU), which would not meet the 64 GiB requirement for 8 vCPUs. Option D is wrong because storage-optimized VM families (e.g., Azure L-series) are designed for high disk throughput and IOPS, not for large memory footprints, and they often have lower memory per vCPU compared to memory-optimized families.

201
MCQeasy

An application on an Azure VM needs more CPU and memory. The administrator wants to keep the same OS disk and installed apps, without redeploying the server. What should be done?

A.Resize the VM to a larger size
B.Reimage the VM
C.Move the VM into a different availability zone
D.Create a new storage account
AnswerA

Resizing the VM changes the allocated compute resources while keeping the same operating system disk and data disks. This is the usual way to give an existing VM more CPU and memory without rebuilding the server. In many cases, you only need to stop the VM briefly, choose a larger size, and start it again.

Why this answer

Resizing the VM (Option A) allows you to change the VM size to a SKU with more CPU and memory while preserving the OS disk, installed applications, and all data. This operation can be performed on a stopped (deallocated) VM and does not require redeployment or reimaging, making it the correct choice for scaling up resources without disruption to the existing configuration.

Exam trap

The trap here is that candidates may confuse 'resizing' with 'reimaging' or think that changing availability zones or storage accounts can affect compute resources, when in fact only changing the VM size directly modifies CPU and memory allocation.

How to eliminate wrong answers

Option B is wrong because reimaging the VM restores the OS disk to its original image state, which would erase all installed applications and custom configurations, not preserve them. Option C is wrong because moving the VM to a different availability zone changes its physical location for high availability but does not alter the VM's CPU or memory resources. Option D is wrong because creating a new storage account provides additional storage capacity but does not increase the compute resources (CPU/memory) of the existing VM.

202
MCQhard

Two backend VMs must remain available if an Azure host is patched or fails. A full datacenter outage is not part of the requirement, and the team wants the VMs to stay in the same region with predictable east-west latency. Which placement option should the administrator choose?

A.Availability zones in separate datacenters
B.An availability set
C.A proximity placement group
D.A single VM scale set instance
AnswerB

Availability sets protect against host and maintenance failures while keeping the VMs in one region and close together.

Why this answer

An availability set distributes VMs across multiple fault domains (separate physical racks with independent power, cooling, and network) within a single Azure datacenter. This protects against host patching and hardware failures while keeping VMs in the same datacenter, ensuring predictable east-west latency. The requirement explicitly excludes a full datacenter outage, so availability zones (which span separate datacenters) are unnecessary.

Exam trap

The trap here is that candidates confuse availability zones (which protect against datacenter failures) with availability sets (which protect against host failures within a single datacenter), leading them to choose zones even when the requirement explicitly excludes a full datacenter outage.

How to eliminate wrong answers

Option A is wrong because availability zones place VMs in physically separate datacenters within a region, which introduces cross-datacenter latency and is overkill for a requirement that excludes full datacenter outages. Option C is wrong because a proximity placement group is designed to reduce latency by co-locating VMs as close as possible, but it does not provide fault domain isolation against host patching or failures. Option D is wrong because a single VM scale set instance offers no redundancy; it is a single VM that fails if the host fails, and scale sets require multiple instances to provide availability.

203
Multi-Selecthard

A reporting application will run on a single Azure VM and needs 8 vCPUs, 64 GiB of RAM, and a temporary local disk for cache. The team wants a size that satisfies the requirement without oversizing memory or paying for an unnecessarily large specialty series. Which two VM sizes meet the requirement best? Select two.

Select 2 answers
A.E8as_v5
B.E8ds_v5
C.D8as_v5
D.F8s_v2
E.M8ms
AnswersA, B

This size provides 8 vCPUs and 64 GiB of memory, matching the workload requirement closely.

Why this answer

The E8as_v5 is correct because it provides 8 vCPUs and 64 GiB of RAM, matching the requirement exactly, and includes a temporary local disk (SSD) for cache. It belongs to the memory-optimized Esv5 series, which is designed for memory-intensive workloads without oversizing, and the 'as' variant includes local temporary storage.

Exam trap

The trap here is that candidates often overlook the local temporary disk requirement and select a VM size that meets vCPU and RAM but lacks local storage (e.g., D8as_v5 without 's' or F-series), or they choose an M-series VM that grossly oversizes memory, mistaking 'memory-optimized' as always appropriate for any memory need.

204
MCQeasy

An application uses two Azure VMs in the same datacenter and must continue through planned maintenance and a single hardware host failure. The administrator does not need separate datacenter protection. Which option should be used?

A.Availability zones
B.Availability set
C.Proximity placement group
D.Virtual machine scale set
AnswerB

An availability set is designed to spread VMs across update and fault domains within a datacenter. That reduces the chance that maintenance or a host failure takes down all instances at once. Because the scenario only requires protection from host-level and planned maintenance events, an availability set is the appropriate and cost-effective choice.

Why this answer

An availability set distributes VMs across multiple fault domains (hardware hosts) and update domains within a single Azure datacenter. This ensures that during planned maintenance (update domains) or a single hardware host failure (fault domains), at least one VM remains available. Since the requirement does not include separate datacenter protection, an availability set is the correct choice.

Exam trap

The trap here is that candidates often confuse availability zones (which offer datacenter-level redundancy) with availability sets (which offer host-level redundancy within a single datacenter), leading them to choose zones even when the requirement explicitly states no separate datacenter protection is needed.

How to eliminate wrong answers

Option A is wrong because availability zones provide protection across physically separate datacenters within a region, which exceeds the requirement of not needing separate datacenter protection and incurs additional cross-zone latency. Option C is wrong because a proximity placement group is designed to minimize network latency by co-locating VMs as close as possible, which actually increases the risk of simultaneous failure and does not provide fault or update domain isolation. Option D is wrong because a virtual machine scale set is primarily for auto-scaling and load balancing multiple identical VMs, and while it can use availability sets or zones, the base configuration without explicit fault domain placement does not guarantee protection against a single hardware host failure.

← PreviousPage 3 of 3 · 204 questions total

Ready to test yourself?

Try a timed practice session using only Deploy and Manage Azure Compute questions.