Two legacy application VMs must survive planned maintenance and a single host failure. The vendor requires both VMs to stay in the same region, and a datacenter outage is not part of the requirement. What should the administrator use?
Availability sets are designed for host-level resilience inside one datacenter. They spread VMs across fault domains and update domains, which helps reduce impact from hardware failures and planned maintenance. Because the requirement does not include surviving a full datacenter outage, an availability set is the right level of protection without the added complexity of zones.
Why this answer
An availability set protects against planned maintenance and single host failures by placing VMs in separate fault domains (different physical hardware) and update domains (different maintenance windows). This ensures that during planned Azure maintenance, only one VM is rebooted at a time, and if a host fails, only VMs in that fault domain are affected. Since the requirement specifies a single host failure (not a datacenter outage) and both VMs must stay in the same region, an availability set is the correct choice.
Exam trap
The trap here is that candidates confuse availability zones (which protect against datacenter outages) with availability sets (which protect against host and rack failures), leading them to choose zones even though the requirement explicitly excludes a datacenter outage.
How to eliminate wrong answers
Option B is wrong because availability zones place VMs in physically separate datacenters within a region, which protects against a datacenter outage—a requirement not specified here—and introduces cross-zone latency that the legacy application may not tolerate. Option C is wrong because a virtual machine scale set in a single zone does not provide fault domain isolation across separate physical hosts; it only scales within that zone and does not guarantee survival of both VMs during a single host failure. Option D is wrong because a proximity placement group only ensures low network latency by co-locating VMs, but it does not provide any fault or update domain protection against host failures or planned maintenance.