CCNA AZ Compute Questions

75 of 204 questions · Page 1/3 · AZ Compute topic · Answers revealed

1
MCQmedium

Two legacy application VMs must survive planned maintenance and a single host failure. The vendor requires both VMs to stay in the same region, and a datacenter outage is not part of the requirement. What should the administrator use?

A.An availability set that places the VMs in separate fault and update domains.
B.Availability zones with one VM in each zone.
C.A virtual machine scale set in a single zone.
D.A proximity placement group for both VMs.
AnswerA

Availability sets are designed for host-level resilience inside one datacenter. They spread VMs across fault domains and update domains, which helps reduce impact from hardware failures and planned maintenance. Because the requirement does not include surviving a full datacenter outage, an availability set is the right level of protection without the added complexity of zones.

Why this answer

An availability set protects against planned maintenance and single host failures by placing VMs in separate fault domains (different physical hardware) and update domains (different maintenance windows). This ensures that during planned Azure maintenance, only one VM is rebooted at a time, and if a host fails, only VMs in that fault domain are affected. Since the requirement specifies a single host failure (not a datacenter outage) and both VMs must stay in the same region, an availability set is the correct choice.

Exam trap

The trap here is that candidates confuse availability zones (which protect against datacenter outages) with availability sets (which protect against host and rack failures), leading them to choose zones even though the requirement explicitly excludes a datacenter outage.

How to eliminate wrong answers

Option B is wrong because availability zones place VMs in physically separate datacenters within a region, which protects against a datacenter outage—a requirement not specified here—and introduces cross-zone latency that the legacy application may not tolerate. Option C is wrong because a virtual machine scale set in a single zone does not provide fault domain isolation across separate physical hosts; it only scales within that zone and does not guarantee survival of both VMs during a single host failure. Option D is wrong because a proximity placement group only ensures low network latency by co-locating VMs, but it does not provide any fault or update domain protection against host failures or planned maintenance.

2
Matchingeasy

Match each Azure CLI command to the action it performs for a virtual machine.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Starts a stopped virtual machine without changing its disks or NICs.

Stops the VM and releases the compute host, which can reduce compute charges.

Moves the VM to a new Azure host to help resolve host-level issues.

Changes the VM size, such as moving from a smaller to a larger SKU.

Why these pairings

Each Azure CLI command performs the corresponding VM lifecycle action: create, start, stop, deallocate (releases resources), delete, or list.

3
MCQmedium

A team needs to deploy 25 identical Ubuntu VMs every month from source control. The deployment must be repeatable, and each VM must include a system-assigned managed identity at creation time. Which approach should be used?

A.Azure portal manual creation of each VM.
B.A Bicep template deployment.
C.An Azure Policy assignment at the subscription level.
D.An Azure Monitor alert rule that triggers VM creation.
AnswerB

Bicep is declarative, versionable in source control, and can define VM identity settings at deployment time.

Why this answer

A Bicep template is an Infrastructure as Code (IaC) solution that declaratively defines Azure resources, including VMs with system-assigned managed identities. It ensures repeatable, version-controlled deployments of 25 identical Ubuntu VMs every month, meeting the requirements for automation and identity assignment at creation time.

Exam trap

The trap here is confusing Azure Policy (which enforces compliance) with Azure Resource Manager templates (which deploy resources), leading candidates to select Policy thinking it can create VMs, when it only audits or remediates existing ones.

How to eliminate wrong answers

Option A is wrong because manual creation via the Azure portal is not repeatable, scalable, or source-control-friendly for 25 identical VMs each month, and it lacks automation. Option C is wrong because an Azure Policy assignment enforces compliance rules (e.g., requiring managed identities) but does not deploy VMs; it can only audit or remediate existing resources, not create them. Option D is wrong because an Azure Monitor alert rule triggers actions based on metrics or logs, not proactive VM deployment; it is designed for reactive responses, not scheduled or repeatable provisioning.

4
MCQeasy

Based on the exhibit, which OS disk option best fits a development VM that is rebuilt often and does not need the disk contents to survive deallocation?

A.A Standard HDD managed OS disk.
B.An ephemeral OS disk.
C.A premium managed data disk used as the OS disk.
D.A shared disk attached to multiple VMs.
AnswerB

An ephemeral OS disk is the best match because it provides very fast local storage for the operating system and does not need to preserve data after deallocation. This is ideal for rebuildable development VMs where performance matters more than retaining the OS disk contents.

Why this answer

An ephemeral OS disk is created on the local VM host and not stored in Azure Storage, so it provides lower latency and is automatically deleted when the VM is deallocated. This makes it ideal for development VMs that are rebuilt often and do not require disk persistence across deallocations.

Exam trap

The trap here is that candidates may assume a Standard HDD managed disk is the cheapest option for a development VM, overlooking that ephemeral disks incur no storage cost and automatically reset the OS on each rebuild, which is more cost-effective and operationally simpler for the described use case.

How to eliminate wrong answers

Option A is wrong because a Standard HDD managed OS disk persists in Azure Storage and survives VM deallocation, incurring ongoing costs and requiring manual cleanup for frequently rebuilt VMs. Option C is wrong because a premium managed data disk used as the OS disk would still be a persistent managed disk stored in Azure Storage, not ephemeral, and would survive deallocation, defeating the requirement. Option D is wrong because a shared disk attached to multiple VMs is designed for clustered workloads (e.g., SQL Server FCI) and cannot be used as an OS disk, as Azure does not support sharing the OS disk across VMs.

5
Multi-Selecthard

You are deploying a Windows Server VM for an internal app. The VM must support Secure Boot and vTPM later, its OS disk must survive host moves, and the team wants the lowest-cost managed disk tier that still behaves like a normal writable OS disk. Which two choices should you make? Select two.

Select 2 answers
A.Use a Generation 2 Windows Server Marketplace image.
B.Use an ephemeral OS disk to reduce storage cost.
C.Use a managed Standard SSD OS disk.
D.Use an unmanaged VHD stored in a storage account.
E.Use a Generation 1 image and enable Secure Boot after deployment.
AnswersA, C

Generation 2 images are the correct starting point when you may later enable security features such as Secure Boot and vTPM. They also align with modern Azure VM capabilities and avoid the limitations of older generation images.

Why this answer

Option A is correct because Secure Boot and vTPM are only supported on Generation 2 VMs in Azure. Generation 2 VMs use a UEFI-based boot architecture, which is required for these security features. A Generation 2 Windows Server Marketplace image provides the necessary UEFI firmware and GPT-partitioned OS disk to enable Secure Boot and vTPM.

Exam trap

The trap here is that candidates often assume Generation 1 VMs can be upgraded to support Secure Boot or that ephemeral disks are a cost-saving alternative that still meets durability requirements, but Azure explicitly restricts Secure Boot and vTPM to Generation 2 VMs and ephemeral disks are volatile by design.

6
MCQmedium

You need to deploy a group of identical Azure virtual machines and ensure they are distributed across fault domains and update domains to reduce the impact of host failures and planned maintenance. Which feature should you use?

A.An availability set
B.A proximity placement group
C.A private endpoint
D.A custom script extension
AnswerA

Availability sets distribute VMs across fault and update domains.

Why this answer

An availability set is the correct feature because it logically groups VMs to isolate them from each other during host failures and planned maintenance. It distributes VMs across up to 3 fault domains (each with separate power, cooling, and network) and up to 20 update domains (which are rebooted sequentially during maintenance), ensuring that not all VMs are impacted simultaneously.

Exam trap

The trap here is that candidates often confuse availability sets with availability zones, thinking zones are required for fault domain distribution, but availability sets provide fault and update domain isolation within a single Azure region without requiring multiple zones.

How to eliminate wrong answers

Option B is wrong because a proximity placement group is used to reduce network latency between VMs by placing them close together, not to distribute them across fault or update domains. Option C is wrong because a private endpoint provides a private IP address for secure connectivity to Azure PaaS services over the Microsoft backbone network, and it has no role in VM distribution or availability. Option D is wrong because a custom script extension is used to run scripts on VMs after deployment for configuration or software installation, and it does not affect the placement or fault/update domain distribution of VMs.

7
MCQeasy

A line-of-business application must keep running even if one datacenter in an Azure region has an outage. Which deployment option should you choose for the VMs?

A.An availability set
B.A single virtual machine with Premium SSD
C.Availability zones
D.A proximity placement group
AnswerC

Availability zones place VMs in separate physical datacenters within the same region. That gives the workload protection from a datacenter-level failure, which is stronger than an availability set. If one zone goes down, VMs in the other zones can continue serving traffic when the application is designed for zone-aware redundancy.

Why this answer

Availability zones (Option C) are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying VMs across two or more zones ensures that if one datacenter fails, the application continues running in the other zone, meeting the requirement for resilience against a single datacenter outage.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures) with availability zones (which protect against datacenter-level failures), leading them to choose Option A when the requirement is for datacenter outage resilience.

How to eliminate wrong answers

Option A is wrong because an availability set protects against failures within a single datacenter (e.g., rack or update domain failures) but does not provide redundancy if the entire datacenter goes down. Option B is wrong because a single VM, even with Premium SSD, is a single point of failure and cannot survive a datacenter outage. Option D is wrong because a proximity placement group is designed to reduce network latency by co-locating VMs, not to provide disaster recovery or datacenter-level fault tolerance.

8
MCQeasy

A team deploys a Linux VM that must read secrets from Azure Key Vault without storing any usernames, passwords, or client secrets on the VM. What should the administrator enable on the VM?

A.A system-assigned managed identity
B.A storage account access key
C.A service endpoint on the VM subnet
D.A user account in Entra ID with a stored password
AnswerA

A system-assigned managed identity gives the VM an Azure-managed identity that can authenticate to Azure services without embedded credentials. It is tied to the VM’s lifecycle, so there is no secret to rotate or store on the operating system. This is the simplest secure choice when one VM needs to access Key Vault and the identity should exist only while the VM exists.

Why this answer

A system-assigned managed identity enables the Linux VM to authenticate to Azure Key Vault without any stored credentials. Azure automatically creates a service principal in Entra ID for the VM, and the VM can obtain an access token from the Azure Instance Metadata Service (IMDS) endpoint (169.254.169.254) to authenticate to Key Vault. This eliminates the need to store usernames, passwords, or client secrets on the VM.

Exam trap

The trap here is that candidates often confuse service endpoints (which control network access) with managed identities (which provide identity-based access), leading them to select option C thinking it secures the VM's access to Key Vault without credentials.

How to eliminate wrong answers

Option B is wrong because a storage account access key is used to authenticate to Azure Storage, not to Key Vault, and storing it on the VM would violate the requirement of not storing secrets. Option C is wrong because a service endpoint on the VM subnet extends VNet connectivity to Azure service resources (e.g., Storage, SQL) but does not provide identity-based authentication to Key Vault; it only secures network traffic. Option D is wrong because a user account in Entra ID with a stored password would require the password to be stored on the VM, which directly contradicts the requirement to avoid storing any credentials.

9
MCQmedium

A company is deploying two Linux application VMs in Azure for a production workload. The region supports availability zones, and the business requires the workload to stay online if an entire datacenter in the region becomes unavailable. Which deployment choice best meets this requirement?

A.Place both VMs in the same availability set so Azure separates them across update domains.
B.Deploy the VMs across two availability zones in the same region.
C.Use a single larger VM size with premium SSD storage for better uptime.
D.Deploy the VMs in the same resource group and enable auto-shutdown.
AnswerB

Availability zones place resources in separate datacenters within the same Azure region. That design protects the workload if a full datacenter or zone experiences an outage. For production systems that must survive a zone failure, zones provide stronger resilience than availability sets. This is the best fit when the region supports zones and the application can run with zone-separated instances.

Why this answer

Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying the two Linux VMs across two different zones ensures that if an entire datacenter fails, the VM in the other zone remains online, meeting the requirement for resilience against a full datacenter outage.

Exam trap

The trap here is that candidates confuse availability sets (which protect within a datacenter) with availability zones (which protect against full datacenter failure), leading them to choose option A even though it cannot meet the stated requirement.

How to eliminate wrong answers

Option A is wrong because an availability set protects against hardware failures within a single datacenter (via fault domains) and planned maintenance (via update domains), but it cannot survive the loss of an entire datacenter. Option C is wrong because using a single larger VM with premium SSD improves performance and local redundancy but creates a single point of failure; if that VM's datacenter goes down, the workload is lost. Option D is wrong because placing VMs in the same resource group is a logical management boundary with no impact on availability, and auto-shutdown only schedules power-off times, which would actually cause downtime rather than prevent it.

10
Multi-Selecthard

A platform team has a generalized VM image that must be published to East US and West Europe today and patched later without overwriting the original build. They want Azure to keep version history and replicate the image to both regions. Which two actions or resources should they use? Select two.

Select 2 answers
A.Create an Azure Compute Gallery
B.Create an image definition and image version
C.Capture the VM as a single managed image and copy it manually to each region
D.Use an availability set to preserve the image
E.Take a snapshot of the OS disk and deploy VMs directly from the snapshot
AnswersA, B

This provides a managed place to store, version, and share VM images across regions.

Why this answer

Azure Compute Gallery (formerly Shared Image Gallery) allows you to store and manage VM image versions, including version history, and replicate them across multiple Azure regions. By creating an image definition and image version within the gallery, you can publish the generalized VM image to East US and West Europe today, and later create a new image version for patching without overwriting the original build, preserving the version history.

Exam trap

The trap here is that candidates often confuse a single managed image (Option C) with the Azure Compute Gallery’s image version, not realizing that a managed image lacks version history and automated multi-region replication, which are key requirements for this scenario.

11
MCQmedium

A production application runs on three Azure VMs in the same region. The business requires the service to stay available if one entire datacenter in the region becomes unavailable because of a power or network outage. Which configuration best meets the requirement?

A.Place the VMs in the same availability set.
B.Deploy the VMs across availability zones.
C.Use a proximity placement group for the VMs.
D.Attach the VMs to the same Azure Load Balancer backend pool.
AnswerB

Availability zones place VMs in separate datacenters within a region, improving resilience to a zone outage.

Why this answer

Availability Zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. By deploying VMs across three zones, the application can survive the failure of an entire datacenter because the other zones remain operational. This meets the requirement for high availability against a full datacenter outage.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures within a datacenter) with availability zones (which protect against full datacenter outages), leading them to choose Option A incorrectly.

How to eliminate wrong answers

Option A is wrong because an availability set protects against rack-level failures (e.g., hardware faults within a single datacenter) but does not protect against an entire datacenter outage — all VMs in an availability set reside in the same datacenter. Option C is wrong because a proximity placement group is designed to reduce network latency by co-locating VMs close together, which actually increases the risk of a single datacenter failure affecting all VMs. Option D is wrong because attaching VMs to the same Azure Load Balancer backend pool distributes traffic but does not inherently provide datacenter-level redundancy; the VMs could still all be in the same datacenter unless they are explicitly deployed across zones or regions.

12
MCQeasy

A container group runs a one-time import job in Azure Container Instances. After the job finishes successfully, it should not restart. Which restart policy should you choose?

A.Always
B.OnFailure
C.Never
D.Manual
AnswerC

Never is the correct restart policy for a one-time task that should run once and then stop. Azure Container Instances will not try to restart the container after it exits, even if it finishes successfully. That behavior matches import jobs, batch scripts, and other short-lived workloads that should complete and remain stopped.

Why this answer

The 'Never' restart policy ensures that the container group does not restart after the job completes, which is ideal for a one-time import job that should run exactly once. Azure Container Instances supports three restart policies: Always, OnFailure, and Never. For a job that must not restart after successful completion, 'Never' is the correct choice because it prevents any automatic restart regardless of the exit code.

Exam trap

The trap here is that candidates may confuse 'OnFailure' with 'Never' for a successful job, but 'OnFailure' still allows restarts on failure, which violates the 'should not restart' requirement; the question explicitly states the job finishes successfully, so the correct policy is 'Never' to guarantee no restart under any condition.

How to eliminate wrong answers

Option A is wrong because 'Always' restarts the container group regardless of the exit code, which would cause the import job to run repeatedly instead of once. Option B is wrong because 'OnFailure' restarts the container group only if the job fails (non-zero exit code), but the scenario specifies the job finishes successfully, so this policy would not trigger a restart; however, the requirement is that it should not restart at all, making 'OnFailure' inappropriate because it could restart on failure. Option D is wrong because 'Manual' is not a valid restart policy in Azure Container Instances; the only supported policies are Always, OnFailure, and Never.

13
MCQmedium

A developer packages an internal web app as a Linux container. The app must be published with built-in HTTPS, deployment slots, and autoscale, and the team does not want to manage OS patching or container hosts. Which Azure service should the administrator choose?

A.Azure Container Instances
B.Azure App Service
C.Azure Virtual Machines
D.Azure Kubernetes Service
AnswerB

App Service supports web hosting features such as HTTPS, deployment slots, autoscale, and no server management.

Why this answer

Azure App Service is the correct choice because it natively supports Linux containers, built-in HTTPS via TLS/SSL, deployment slots for staging and production swaps, and autoscale based on metrics or schedules. It also abstracts OS patching and container host management, meeting the team's requirement to avoid managing infrastructure.

Exam trap

The trap here is that candidates often choose Azure Kubernetes Service (D) for containerized apps, overlooking that App Service provides a simpler, fully managed solution with built-in deployment slots and autoscale, while AKS requires cluster management and lacks native slot support.

How to eliminate wrong answers

Option A is wrong because Azure Container Instances does not provide built-in deployment slots or autoscale; it is designed for simple, single-container scenarios without advanced deployment features. Option C is wrong because Azure Virtual Machines require the team to manage OS patching, container hosts, and autoscale configuration manually, contradicting the requirement to avoid such management. Option D is wrong because Azure Kubernetes Service involves managing a Kubernetes cluster (including node patching and scaling) and does not offer built-in deployment slots; it is more complex than needed for a single web app.

14
MCQmedium

After applying a custom image, a VM boots to a black screen with a blinking cursor. The OS never reaches the login prompt. The administrator needs the fastest way to inspect the boot process and view serial console output. What should be enabled or checked?

A.Azure Monitor metrics for the VM
B.Boot diagnostics
C.Network watcher packet capture
D.Azure Advisor recommendations
AnswerB

Boot diagnostics is the quickest way to review startup problems because it captures the VM screenshot and serial console output during the boot process. When the operating system is not reaching the login screen, this feature helps identify whether the failure happens before the guest OS loads successfully.

Why this answer

Boot diagnostics captures serial console output and screenshots of the VM during boot. When a VM boots to a black screen with a blinking cursor, the serial console log provides the exact kernel or bootloader messages (e.g., GRUB, initramfs errors) without requiring OS-level access. This is the fastest way to inspect the boot process because it works even when the OS is unresponsive.

Exam trap

The trap here is that candidates confuse boot diagnostics (which captures serial console output) with Azure Monitor metrics (which only track performance counters), leading them to choose a monitoring tool that cannot inspect the boot process.

How to eliminate wrong answers

Option A is wrong because Azure Monitor metrics collect performance counters (CPU, memory, disk I/O) but do not capture boot-time serial output or screen state; they are irrelevant to a black-screen boot failure. Option C is wrong because Network Watcher packet capture analyzes network traffic at the virtual network level, not the VM's boot process or console output. Option D is wrong because Azure Advisor provides best-practice recommendations for cost, security, and reliability, but it does not offer real-time or historical boot diagnostics.

15
Multi-Selectmedium

A reporting application must run on an Azure VM with at least 8 vCPUs and 64 GiB of RAM. The team also wants headroom for short spikes without falling below the requirement. Which two VM sizes meet or exceed the requirement? Select two.

Select 2 answers
A.Standard_E8s_v5
B.Standard_D8s_v5
C.Standard_F8s_v2
D.Standard_M8ms
E.Standard_B8ms
AnswersA, D

Meets the requirement exactly with 8 vCPUs and 64 GiB of memory.

Why this answer

Standard_E8s_v5 is correct because it provides 8 vCPUs and 64 GiB of RAM, meeting the minimum requirement exactly. The E-series is memory-optimized, offering a high memory-to-core ratio suitable for reporting workloads, and the v5 generation includes Intel Xeon Platinum 8370C processors with support for premium storage and accelerated networking, ensuring headroom for short spikes without dropping below the requirement.

Exam trap

The trap here is that candidates often overlook the RAM requirement and select sizes like Standard_D8s_v5 or Standard_B8ms because they see '8 vCPUs' and assume the RAM is sufficient, but the D-series and B-series provide only 32 GiB of RAM, not the required 64 GiB.

16
Multi-Selecteasy

A business wants a line-of-business VM workload to keep running if one Azure datacenter in the region goes offline. Which two deployment choices should the administrator use? Select two.

Select 2 answers
A.Deploy the VMs in different availability zones.
B.Place the VMs in the same availability set.
C.Choose an Azure region that supports availability zones.
D.Use a proximity placement group for the VMs.
E.Use a snapshot of the operating system disk.
AnswersA, C

Placing VMs in different availability zones separates them across datacenters within the region, which protects against a single datacenter outage.

Why this answer

Option A is correct because deploying VMs across different availability zones protects against a single datacenter failure. Each availability zone is a physically separate datacenter within an Azure region, with independent power, cooling, and networking. If one zone goes offline, the VM in the other zone remains operational, ensuring business continuity for the line-of-business workload.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures within a single datacenter) with availability zones (which protect against full datacenter outages), leading them to select option B instead of A and C.

17
MCQeasy

A build pipeline needs to run a Linux container for 10 to 15 minutes at a time. The team does not want to manage servers, clusters, or an always-on VM. Which Azure service should be used?

A.Azure Container Instances
B.Azure Kubernetes Service
D.Azure App Service
AnswerA

Azure Container Instances is well suited for short-lived, isolated container runs without cluster management. It lets the team start a container on demand, run the job, and stop paying for a continuously running server once the task is complete. For scheduled or event-driven container workloads that do not need orchestration features, it is a simple and practical choice.

Why this answer

Azure Container Instances (ACI) is the correct choice because it allows you to run a Linux container directly on Azure without provisioning or managing any underlying infrastructure. ACI is ideal for short-lived, burstable workloads like a build pipeline that runs for 10–15 minutes, as it supports per-second billing and automatic startup/shutdown without the overhead of a cluster or VM.

Exam trap

The trap here is that candidates often confuse Azure Container Instances with Azure Kubernetes Service, assuming that any container workload requires a full orchestration platform, but ACI is purpose-built for simple, short-lived container execution without cluster management.

How to eliminate wrong answers

Option B (Azure Kubernetes Service) is wrong because it requires managing a Kubernetes cluster (even if serverless options exist, it still involves cluster orchestration overhead) and is overkill for a single container that runs for only 10–15 minutes. Option C (Azure Virtual Machine) is wrong because it requires provisioning and managing an always-on VM, which contradicts the requirement to not manage servers or an always-on VM. Option D (Azure App Service) is wrong because it is designed for long-running web applications and requires an always-on plan or continuous deployment; it does not natively support running a single container on-demand for a short duration without incurring idle costs.

18
MCQeasy

A line-of-business app requires protection against a datacenter outage in a region that supports zones. You want the strongest placement resilience available for the VMs. What should you choose?

A.Availability set
B.Availability zone
C.Virtual machine scale set
D.Resource lock
AnswerB

Availability zones place resources in separate datacenters within a region, improving resilience against a datacenter outage.

Why this answer

Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying VMs across zones provides the strongest resilience against a datacenter outage because if one zone fails, the other zones remain operational. This is the highest level of protection available within a single region for IaaS VMs.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures) with availability zones (which protect against full datacenter outages), leading them to choose the weaker option when the question explicitly demands the strongest placement resilience.

How to eliminate wrong answers

Option A is wrong because an availability set only protects against hardware failures within a single datacenter (by distributing VMs across fault domains and update domains), not against a full datacenter outage. Option C is wrong because a virtual machine scale set is primarily for auto-scaling and load balancing, and while it can use availability zones, the question asks for the strongest placement resilience for VMs, not the scaling mechanism; a scale set without zones offers no datacenter outage protection. Option D is wrong because a resource lock prevents accidental deletion or modification of resources but provides no placement resilience or high availability whatsoever.

19
MCQhard

You need to run a stateless web workload on Azure virtual machines and automatically increase or decrease instance count based on demand. You also want a single management boundary for the VM instances. Which solution should you deploy?

A.A Virtual Machine Scale Set
B.An availability set with individual VMs
C.Azure Backup
D.A Recovery Services vault
AnswerA

VM Scale Sets support group management and autoscaling for identical VM instances.

Why this answer

A Virtual Machine Scale Set (VMSS) is the correct solution because it provides an autoscaling group of identical VMs that can automatically increase or decrease instance count based on demand (e.g., CPU or memory metrics). It also offers a single management boundary, allowing you to manage, monitor, and scale all instances as a unified resource rather than individually.

Exam trap

The trap here is that candidates often confuse an availability set (which provides high availability but no scaling) with a Virtual Machine Scale Set (which provides both scaling and a single management boundary), or they mistakenly think backup/recovery services can manage compute scaling.

How to eliminate wrong answers

Option B is wrong because an availability set with individual VMs does not provide autoscaling; it only ensures high availability by distributing VMs across fault domains and update domains, but each VM must be managed separately and scaled manually. Option C is wrong because Azure Backup is a data protection service for backing up VMs, files, and workloads; it has no capability to manage compute scaling or instance count. Option D is wrong because a Recovery Services vault is used for backup and disaster recovery (e.g., Azure Site Recovery), not for deploying or autoscaling compute instances.

20
MCQmedium

A developer wants to publish an internet-facing application from source code. Required capabilities include built-in HTTPS, deployment slots, and autoscale, but the team does not want to manage the operating system. Which Azure service should the administrator choose?

A.Azure Container Instances
B.Azure Virtual Machines
C.Azure App Service
D.Azure Kubernetes Service
AnswerC

Azure App Service is the best fit for a code-based internet-facing application that needs managed HTTPS, deployment slots, and autoscale without operating system administration. It provides a platform service for web hosting, which reduces operational work while supporting the common web app features named in the requirement.

Why this answer

Azure App Service is the correct choice because it provides a fully managed platform for hosting web applications with built-in HTTPS support, deployment slots for staging and swapping, and autoscale capabilities. It abstracts the underlying operating system, allowing the team to focus on code without managing infrastructure.

Exam trap

The trap here is that candidates often confuse Azure App Service with Azure Container Instances or Azure Kubernetes Service because they all support containers, but only App Service provides built-in deployment slots and OS abstraction without requiring container orchestration management.

How to eliminate wrong answers

Option A is wrong because Azure Container Instances does not provide built-in HTTPS, deployment slots, or autoscale; it is a container orchestration service for running individual containers without these application-level features. Option B is wrong because Azure Virtual Machines require the team to manage the operating system, including patching and configuration, which violates the requirement of not managing the OS. Option D is wrong because Azure Kubernetes Service involves managing the Kubernetes control plane and nodes, and while it can support HTTPS and autoscale, it does not offer built-in deployment slots and requires significant operational overhead for OS management.

21
MCQmedium

A stateless API must automatically add or remove identical VM instances when CPU usage crosses thresholds. The team also wants Microsoft to distribute instances across fault domains when possible. Which service should the administrator deploy?

A.An availability set
C.A virtual machine scale set
D.Azure App Service
AnswerC

A virtual machine scale set is designed for identical VM instances that can scale out and scale in automatically. It fits stateless workloads well and supports placement across fault domains in supported configurations, which helps improve resiliency while also meeting the demand-based scaling requirement.

Why this answer

A virtual machine scale set (VMSS) is the correct choice because it provides built-in autoscaling capabilities that automatically add or remove identical VM instances based on CPU usage thresholds. VMSS also supports automatic distribution of instances across fault domains when configured with a fault domain count greater than 1, meeting the requirement for Microsoft to distribute instances across fault domains.

Exam trap

The trap here is that candidates often confuse an availability set with a scale set, thinking that an availability set provides autoscaling, but it only offers fault domain distribution without any automatic instance management.

How to eliminate wrong answers

Option A is wrong because an availability set only provides high availability by distributing VMs across fault domains and update domains, but it does not support autoscaling or automatic addition/removal of VM instances based on CPU thresholds. Option B is wrong because Azure Load Balancer distributes incoming traffic across existing VM instances but has no native autoscaling capability to add or remove VMs based on CPU usage. Option D is wrong because Azure App Service is a platform-as-a-service (PaaS) offering for web applications, not for deploying and managing identical VM instances, and it does not provide the same level of control over VM-level autoscaling or fault domain distribution.

22
Multi-Selecthard

A build pipeline starts a Linux container once per request. Each run lasts about 12 minutes, never needs inbound connections, and should not leave an always-on server running afterward. Which two configuration choices best fit Azure Container Instances? Select two.

Select 2 answers
A.Use Azure Container Instances for the workload.
B.Set the container group's restart policy to Never.
C.Create an App Service plan with deployment slots.
D.Use a virtual machine scale set to host the container.
E.Place the workload in an availability set for host protection.
AnswersA, B

Correct. ACI is designed for short-lived container runs without managing hosts or clusters.

Why this answer

Azure Container Instances (ACI) is the correct choice because it is a serverless container platform that starts containers on demand, runs them for the duration of the workload (here ~12 minutes), and automatically stops and deallocates resources when the container exits. It requires no always-on infrastructure, supports Linux containers, and does not need inbound connections, making it ideal for ephemeral build pipeline tasks.

Exam trap

The trap here is that candidates may confuse Azure Container Instances with always-on services like App Service or VM-based solutions, failing to recognize that ACI's 'Never' restart policy perfectly matches the requirement for a single-run, ephemeral workload that leaves no server running afterward.

23
MCQmedium

A company runs two identical Linux VMs for a stateless web app in an Azure region that supports availability zones. The business requires protection from a full datacenter outage, not just planned host maintenance. Which deployment choice best meets this requirement?

A.Place both VMs in an availability set.
B.Deploy the VMs across availability zones.
C.Use a proximity placement group for both VMs.
D.Deploy both VMs in a single-zone virtual machine scale set.
AnswerB

Availability zones place resources in physically separate datacenters within the same region. If one zone becomes unavailable, the other zone can continue serving traffic. That makes zones the correct choice when the requirement is resilience to a datacenter-scale outage. They provide stronger isolation than availability sets, which mainly protect against host and maintenance failures inside a single datacenter boundary.

Why this answer

Option B is correct because deploying the two VMs across different availability zones ensures that each VM resides in a physically separate datacenter within the region. This architecture protects against a full datacenter outage, as an availability zone failure affects only one zone, leaving the other VM operational. Availability zones provide a 99.99% SLA for VMs when two or more instances are deployed across zones, which aligns with the requirement for protection beyond planned host maintenance.

Exam trap

The trap here is that candidates confuse availability sets (which protect against rack-level failures within a single datacenter) with availability zones (which protect against full datacenter outages), leading them to choose Option A incorrectly.

How to eliminate wrong answers

Option A is wrong because an availability set protects only against hardware failures within a single datacenter and planned maintenance events, not against a full datacenter outage, as all VMs in an availability set are placed within the same datacenter. Option C is wrong because a proximity placement group is designed to reduce network latency by co-locating VMs close together, which actually increases the risk of a single datacenter outage affecting both VMs, not providing protection. Option D is wrong because a single-zone virtual machine scale set places all VM instances within the same availability zone, so a full datacenter outage in that zone would take down all instances, failing to meet the protection requirement.

24
MCQhard

A customer runs two Windows VMs in a region that does not support availability zones. The app can lose one VM but must keep running through planned maintenance and a single host failure. Which deployment pattern should you use?

A.Use a single-instance deployment and add more backup jobs.
B.Place both VMs in an availability set.
C.Use availability zones because they always exist in every region.
D.Put both VMs on the same dedicated host to avoid migration during maintenance.
AnswerB

An availability set spreads VMs across fault domains and update domains within one datacenter boundary. That protects the application from planned maintenance and from a single host or rack failure. Because the region does not support availability zones, the availability set is the best way to improve uptime for two VMs that can tolerate one instance being unavailable.

Why this answer

An availability set ensures that VMs are placed on different fault domains (separate physical hardware) and update domains (separate maintenance batches). This protects against both a single host failure and planned Azure maintenance, meeting the requirement that the app can lose one VM but keep running.

Exam trap

The trap here is that candidates assume availability zones are always available or that a dedicated host provides isolation, but the question's constraint (region without zones) and the need for both fault domain and update domain protection point directly to an availability set.

How to eliminate wrong answers

Option A is wrong because a single-instance deployment with backup jobs does not provide high availability; backups restore data but do not prevent downtime during a host failure or maintenance. Option C is wrong because availability zones do not exist in every region, and the question explicitly states the region does not support them. Option D is wrong because placing both VMs on the same dedicated host means they share the same physical hardware, so a host failure or maintenance event would take both VMs down simultaneously.

25
MCQmedium

A stateless API runs on Azure VMs and experiences unpredictable traffic spikes during the day. The administrator must automatically add or remove identical VM instances based on CPU usage, and the platform should distribute instances across fault domains without manual placement. What should be used?

A.Availability set
B.Virtual machine scale set
C.Availability zone
D.Proximity placement group
AnswerB

A virtual machine scale set supports automatic instance scaling and distributes instances for better platform resilience.

Why this answer

Virtual machine scale sets (VMSS) automatically manage identical VM instances and can scale out/in based on CPU usage metrics via autoscale rules. They distribute instances across fault domains automatically without manual placement, ensuring high availability during unpredictable traffic spikes.

Exam trap

The trap here is that candidates often confuse availability sets with scale sets, thinking an availability set can also handle automatic scaling, but availability sets only provide fault domain distribution for a static set of VMs and lack autoscaling capabilities.

How to eliminate wrong answers

Option A is wrong because an availability set only provides fault domain and update domain distribution for a fixed set of VMs, but it does not support automatic scaling based on CPU usage or dynamic addition/removal of instances. Option C is wrong because an availability zone is a physically separate datacenter within a region used for disaster recovery, not a mechanism for automatic scaling or fault domain distribution within a single region. Option D is wrong because a proximity placement group is designed to reduce network latency by colocating VMs, but it does not provide automatic scaling or fault domain distribution across instances.

26
Multi-Selecthard

A stateless application must keep serving traffic if one datacenter in the region fails, and it must also add or remove instances during daily load spikes. Which two deployment choices should the administrator make? Select two.

Select 2 answers
A.Deploy the application on a virtual machine scale set.
B.Configure the deployment to use availability zones.
C.Use a single availability set with one VM to reduce complexity.
D.Use a proximity placement group for the workload.
E.Deploy one larger VM with a premium SSD instead of multiple instances.
AnswersA, B

Correct. A VM scale set supports adding and removing identical instances automatically as demand changes.

Why this answer

A virtual machine scale set (VMSS) allows automatic scaling of instances in response to load spikes, meeting the requirement to add or remove instances dynamically. Combined with availability zones, which distribute instances across physically separate datacenters within a region, the application remains available even if one entire datacenter fails. This pair ensures both high availability and elastic scaling for a stateless application.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures within a single datacenter) with availability zones (which protect against entire datacenter failures), leading them to pick a single availability set as sufficient for datacenter failure resilience.

27
MCQmedium

You need to run a PowerShell script inside a newly deployed Azure virtual machine to configure application settings immediately after deployment. Which feature should you use?

A.Azure Policy
B.A Custom Script Extension
C.Boot diagnostics
D.An availability set
AnswerB

A Custom Script Extension runs scripts inside the virtual machine.

Why this answer

The Custom Script Extension (CSE) is the correct choice because it allows you to run a PowerShell script on an Azure VM after deployment, making it ideal for configuring application settings. CSE downloads and executes scripts on the VM using the Azure VM agent, and it can be invoked during VM creation or post-deployment via ARM templates, Azure CLI, or PowerShell.

Exam trap

The trap here is that candidates confuse Azure Policy (which governs resource configuration at the Azure control plane) with the Custom Script Extension (which operates inside the guest OS), leading them to incorrectly select Azure Policy for post-deployment script execution.

How to eliminate wrong answers

Option A is wrong because Azure Policy enforces organizational rules and compliance across Azure resources (e.g., restricting VM SKUs or requiring tags), but it does not execute scripts inside a VM. Option C is wrong because Boot diagnostics captures serial console output and screenshots for troubleshooting VM boot failures, not for running configuration scripts. Option D is wrong because an availability set is a logical grouping of VMs to ensure high availability across fault and update domains, and it has no capability to execute scripts or configure applications.

28
MCQmedium

A line-of-business app runs on two VMs in an Azure region that supports availability zones. The business wants protection from a datacenter failure and wants the VMs placed in different physical locations within the region. Which deployment choice should be used?

A.An availability set with two fault domains
B.Two availability zones with one VM in each zone
C.A proximity placement group for both VMs
D.A single larger VM size with Premium SSD
AnswerB

Availability zones place resources in separate physical datacenters within a region, improving resilience to zone failure.

Why this answer

Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Placing one VM in each of two zones ensures that if one datacenter fails, the other VM remains available. This directly meets the requirement for protection from a datacenter failure with VMs in different physical locations.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack failures) with availability zones (which protect against datacenter failures), leading them to choose an availability set when the question explicitly requires different physical locations within the region.

How to eliminate wrong answers

Option A is wrong because an availability set with two fault domains protects against rack-level failures within a single datacenter, not against a full datacenter failure. Option C is wrong because a proximity placement group is designed to reduce network latency by co-locating VMs close together, which is the opposite of placing them in different physical locations. Option D is wrong because a single larger VM with Premium SSD does not provide any redundancy; it remains a single point of failure and does not address datacenter-level protection.

29
MCQmedium

Based on the exhibit, what should the administrator do first to restore the missing data disk?

A.Create a managed disk from the snapshot, then attach it to the VM.
B.Recreate the VM from the marketplace image and restore applications manually.
C.Convert the snapshot directly into an operating system disk and replace the VM.
D.Increase the VM size so that Azure automatically recreates the missing disk.
AnswerA

A snapshot is a point-in-time copy of a disk, and the normal recovery path is to create a new managed disk from that snapshot. After the disk is created, it can be attached to the VM or a recovery VM. This keeps the OS disk untouched and minimizes impact while restoring the missing data volume.

Why this answer

The snapshot represents the missing data disk, not the OS disk. To restore it, you must first create a managed disk from the snapshot (using Azure CLI, PowerShell, or portal), then attach that disk to the VM. This preserves the existing VM configuration and applications without redeployment.

Exam trap

The trap here is that candidates may confuse a data disk snapshot with an OS disk snapshot and attempt to replace the VM's OS disk, or assume that Azure automatically recreates missing disks when resizing the VM.

How to eliminate wrong answers

Option B is wrong because recreating the VM from a marketplace image would require manual reinstallation of all applications and does not restore the specific data disk snapshot. Option C is wrong because converting the snapshot directly into an OS disk would replace the VM's operating system, but the snapshot is of a data disk, not the OS disk, and this action would not restore the missing data disk. Option D is wrong because increasing the VM size does not trigger automatic recreation of a missing data disk; Azure does not regenerate disks from snapshots based on size changes.

30
Drag & Dropmedium

Arrange the steps to assign a custom RBAC role to a user in Azure.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Navigate to roles, create custom role with permissions and scopes, then assign at scope.

31
Multi-Selectmedium

One team needs to run a Linux container for about 15 minutes per request with no inbound traffic and no cluster to manage. Another team needs an internet-facing web app with built-in HTTPS, deployment slots, and autoscale. Which two Azure services should the administrator choose? Select two.

Select 2 answers
A.Azure Container Instances
B.Azure App Service
C.Azure Virtual Machines
D.Azure Kubernetes Service
E.Azure Batch
AnswersA, B

Runs isolated containers without requiring a cluster or server management.

Why this answer

Azure Container Instances (ACI) is the correct choice for the first team because it allows running a Linux container directly on Azure without managing any underlying infrastructure or cluster, and it supports a 15-minute execution time with no inbound traffic required. ACI is ideal for burstable, short-lived container workloads that do not need orchestration.

Exam trap

The trap here is that candidates may confuse Azure Container Instances with Azure Kubernetes Service, thinking orchestration is needed for any container, or they may overlook that Azure App Service natively supports deployment slots and autoscale without requiring additional services.

32
MCQmedium

A public web application runs on two identical VMs behind a load balancer. The region supports availability zones. The business wants the app to keep serving traffic if one datacenter in the region becomes unavailable. What should the administrator use?

A.An availability set with two VMs
B.Availability zones for the two VMs
C.A single virtual machine scale set instance
D.A proximity placement group
AnswerB

Availability zones are the right design when the business needs resiliency against a full datacenter or zone outage within a supported region. Placing the VMs in different zones keeps the application available if one zone has a failure, assuming the load balancer and application are designed accordingly.

Why this answer

Option B is correct because deploying the two VMs in different availability zones within the same region protects against a single datacenter failure. Each availability zone is a physically separate datacenter with independent power, cooling, and networking. If one zone goes down, the load balancer automatically routes traffic to the VM in the other zone, ensuring the application continues serving traffic.

Exam trap

The trap here is confusing an availability set (which protects against rack failures within a single datacenter) with availability zones (which protect against full datacenter outages), leading candidates to choose the cheaper but insufficient option A.

How to eliminate wrong answers

Option A is wrong because an availability set only protects against rack-level failures within a single datacenter, not against an entire datacenter outage. Option C is wrong because a single virtual machine scale set instance provides no redundancy; if the single VM fails or the datacenter hosting it goes down, the application becomes unavailable. Option D is wrong because a proximity placement group is designed to reduce network latency between VMs by placing them close together, which increases the risk of a single point of failure and does not provide datacenter-level fault isolation.

33
MCQmedium

You need to deploy 20 identical Azure virtual machines for a web application and automatically scale the number of instances based on CPU demand. Which Azure feature should you use?

A.An availability set
B.A Virtual Machine Scale Set
C.A Recovery Services vault
D.Boot diagnostics
AnswerB

Scale Sets provide grouped VM deployment and autoscaling.

Why this answer

A Virtual Machine Scale Set (VMSS) is the correct Azure feature because it allows you to deploy and manage a group of identical, load-balanced VMs that can automatically scale in or out based on CPU demand using autoscale rules. This directly meets the requirement for deploying 20 identical VMs with automatic scaling based on a performance metric like CPU utilization.

Exam trap

The trap here is that candidates often confuse an availability set (which provides high availability through fault domain distribution) with a Virtual Machine Scale Set (which provides both high availability and automatic scaling), leading them to select Option A when the question explicitly requires automatic scaling based on demand.

How to eliminate wrong answers

Option A is wrong because an availability set is a logical grouping of VMs that protects against hardware failures within a datacenter by distributing VMs across fault domains and update domains, but it does not provide any automatic scaling capability based on CPU demand. Option C is wrong because a Recovery Services vault is used for backup and disaster recovery scenarios, such as Azure Backup and Azure Site Recovery, not for deploying or scaling virtual machines. Option D is wrong because boot diagnostics is a feature that captures serial console output and screenshots of a VM to help troubleshoot boot failures; it has no role in deploying multiple VMs or scaling them automatically.

34
MCQeasy

A production application runs on three Azure VMs in a region that supports availability zones. The business wants the application to remain available if one datacenter in the region fails. What should the administrator use?

A.An availability set
B.Availability zones
C.A managed disk snapshot
D.A proximity placement group
AnswerB

Availability zones place VMs in separate datacenters within the same Azure region. If one datacenter or zone fails, the VMs in the remaining zones can continue running. This is the correct choice when the requirement is resilience against a zone-level or datacenter-level outage.

Why this answer

Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying the three VMs across different zones ensures that if one datacenter fails, the application remains available because the other zones continue to operate. This directly meets the requirement for resilience against a single datacenter failure.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures) with availability zones (which protect against datacenter-level failures), leading them to choose the wrong option when the question specifies a full datacenter failure.

How to eliminate wrong answers

Option A is wrong because an availability set protects against failures within a single datacenter (e.g., rack or update domain failures) but does not provide resilience if an entire datacenter fails. Option C is wrong because a managed disk snapshot is a point-in-time backup of a disk, not a high-availability mechanism; it cannot keep the application running during a datacenter outage. Option D is wrong because a proximity placement group is used to co-locate VMs for low network latency, not to distribute them for fault tolerance, and it offers no protection against a datacenter failure.

35
Matchingeasy

Match each Azure VM access feature to the task it supports.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Runs a script on a VM without opening inbound management ports.

Installs software or applies configuration during VM provisioning.

Lets users sign in to a VM with Entra identities.

Resets local administrator credentials or SSH configuration on a VM.

Why these pairings

Azure Bastion provides secure RDP/SSH without public IP; JIT restricts port access; NSGs filter traffic; Azure AD authentication enables identity-based login; Private Link ensures private connectivity; Firewall offers centralized control.

36
MCQmedium

You need to deploy 20 identical Azure virtual machines that host the same web application. The solution must support automatic scale-out based on CPU usage and should minimize administrative overhead. What should you deploy?

A.20 individual virtual machines in the same resource group.
B.A Virtual Machine Scale Set.
C.An availability set.
D.Azure Container Instances.
AnswerB

VM Scale Sets provide a managed group of identical VMs with autoscaling support.

Why this answer

A Virtual Machine Scale Set (VMSS) is the correct choice because it automates the deployment and management of identical VMs, supports autoscaling based on CPU usage metrics, and minimizes administrative overhead by handling VM creation, load balancing, and scaling policies as a single resource. This aligns with the requirement for 20 identical VMs with automatic scale-out based on CPU usage.

Exam trap

The trap here is that candidates often confuse an availability set (which provides high availability but no scaling) with a scale set (which provides both scaling and high availability), or they mistakenly think deploying individual VMs in a resource group is simpler, ignoring the requirement for automatic scale-out and reduced administrative overhead.

How to eliminate wrong answers

Option A is wrong because deploying 20 individual VMs in the same resource group does not provide automatic scale-out based on CPU usage; each VM must be managed separately, and scaling would require manual intervention or custom scripting, increasing administrative overhead. Option C is wrong because an availability set is designed to protect against hardware failures and updates by distributing VMs across fault and update domains, but it does not provide any autoscaling capability or reduce administrative overhead for deploying identical VMs. Option D is wrong because Azure Container Instances (ACI) is a container orchestration service for running individual containers, not for managing identical VMs; it does not support VM-level autoscaling based on CPU usage and is not suitable for deploying virtual machines.

37
MCQmedium

A Windows VM must automatically run a setup script after provisioning to install an agent, create a folder, and write configuration files. The administrator wants the script to be delivered through Azure management and run without a human signing in. What should be used?

A.Custom Script Extension
B.Availability set
D.Route table
AnswerA

Custom Script Extension can download and run setup commands on the VM after provisioning without interactive login.

Why this answer

The Custom Script Extension (CSE) is the correct Azure feature to automatically run a setup script on a Windows VM after provisioning. It downloads and executes scripts from Azure Storage or GitHub, runs as the local system account, and requires no user sign-in, making it ideal for post-deployment configuration like installing agents and writing files.

Exam trap

The trap here is that candidates may confuse the Custom Script Extension with VM-level configuration tools like Desired State Configuration (DSC) or automation accounts, but the question specifically asks for a simple script delivery method that runs without human sign-in, which CSE directly provides.

How to eliminate wrong answers

Option B is wrong because an availability set is a logical grouping of VMs to provide high availability across fault and update domains, not a mechanism to run scripts. Option C is wrong because Azure Load Balancer distributes incoming network traffic across multiple VMs and cannot execute scripts on a VM. Option D is wrong because a route table controls network traffic routing via user-defined routes and has no capability to run scripts or perform configuration tasks.

38
Matchingmedium

Match each Azure VM administration requirement on the left with the most appropriate Azure CLI command on the right. Use each answer once.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

az vm deallocate

az vm redeploy

az vm resize

az snapshot create

az vm disk attach

Why these pairings

Azure CLI commands for VM administration: 'az vm create' deploys, 'az vm resize' changes size, 'az vm start/stop/restart' controls state, and 'az vm delete' removes the VM.

39
MCQmedium

Based on the exhibit, what should the administrator do to meet the performance requirement without rebuilding the server?

A.Attach an additional data disk and move the application binaries to it.
B.Resize the VM to a larger SKU that provides more vCPU and RAM.
C.Redeploy the VM from a different marketplace image.
D.Place the VM in an availability set to spread processing across hosts.
AnswerB

Resizing a VM is the standard way to increase compute capacity while preserving the existing OS disk and installed applications. The exhibit shows sustained high CPU and memory pressure, so moving to a larger size such as a higher D-series SKU addresses the bottleneck directly. This avoids rebuilding the server and keeps the workload on the same VM configuration with more resources.

Why this answer

Resizing the VM to a larger SKU with more vCPU and RAM directly addresses the performance requirement by providing additional compute and memory resources to the existing server without requiring a rebuild. This is the correct approach because the VM's current SKU is insufficient for the workload, and Azure allows resizing within the same hardware family or to a compatible series, preserving the OS and application state.

Exam trap

The trap here is that candidates confuse performance scaling with high availability or storage optimization, mistakenly choosing to add a data disk or use an availability set when the real need is to increase compute capacity.

How to eliminate wrong answers

Option A is wrong because moving application binaries to an additional data disk improves storage I/O performance but does not increase vCPU or RAM, which are the likely bottlenecks for a performance issue. Option C is wrong because redeploying the VM from a different marketplace image would replace the OS and applications, effectively rebuilding the server, which contradicts the requirement to avoid a rebuild. Option D is wrong because placing the VM in an availability set provides high availability by distributing replicas across fault domains, but it does not increase the resources of the existing single VM and does not address performance constraints.

40
Multi-Selectmedium

A Windows VM needs a one-time command run immediately after deployment, and a second VM must automatically install an agent and copy configuration files during provisioning. Which two Azure compute features should the administrator use? Select two.

Select 2 answers
A.Run Command
B.Custom Script Extension
C.Azure Monitor agent
D.Azure Policy assignment
E.Azure Bastion
AnswersA, B

Executes a command on a running VM without interactive sign-in.

Why this answer

Run Command (A) is correct because it allows a one-time command to be executed immediately on a Windows VM after deployment, without requiring any agent or extension. Custom Script Extension (B) is correct because it enables automated installation of an agent and copying of configuration files during VM provisioning by running a script (e.g., PowerShell or Bash) as part of the deployment process.

Exam trap

The trap here is that candidates confuse Azure Monitor agent (a data-collection tool) with the ability to run scripts or install software, or they think Azure Policy can execute commands, when in fact it only audits or enforces configurations.

41
Multi-Selectmedium

A developer wants to keep application data separate from the operating system so the VM can be rebuilt without losing files. Before making a risky change, the administrator also wants a fast rollback point for that data disk. Which two actions should the administrator take? Select two.

Select 2 answers
A.Store the application data on a separate managed data disk
B.Create a snapshot of the data disk before the change
C.Use an ephemeral OS disk for the application files
D.Keep the files only on the OS disk and rely on reimaging
E.Delete and recreate the VM from the same image
AnswersA, B

Keeps data independent from the OS disk and VM rebuild process.

Why this answer

Option A is correct because storing application data on a separate managed data disk decouples the data from the OS disk. This allows the VM to be rebuilt or reimaged without affecting the application files, as the data disk persists independently. Option B is correct because a snapshot of the data disk provides a point-in-time, crash-consistent backup that can be used to quickly restore the data disk to its pre-change state, enabling fast rollback without needing to rebuild the entire VM.

Exam trap

The trap here is that candidates often confuse ephemeral OS disks with persistent data disks, mistakenly thinking ephemeral disks can retain data across VM rebuilds, or they overlook that a snapshot is the only fast rollback mechanism for a data disk, unlike VM reimaging or deletion.

42
MCQmedium

You need to redeploy an Azure virtual machine to a new host while keeping the VM configuration and attached disks. Which action should you use in the Azure portal?

A.Resize
B.Redeploy
C.Capture
D.Reapply
AnswerB

Redeploy moves the VM to a new host while keeping the configuration and disks.

Why this answer

The Redeploy action moves the VM to a new Azure host node while preserving the VM configuration, attached managed disks, and network resources. This is used to recover from underlying host failures or performance issues without losing the VM's state or data.

Exam trap

The trap here is that candidates confuse 'Redeploy' with 'Reapply' or 'Resize', assuming any action that changes the host qualifies, but only Redeploy explicitly moves the VM to a new host while keeping all configuration and disks intact.

How to eliminate wrong answers

Option A (Resize) is wrong because it changes the VM's SKU or size, which may require a different host but does not guarantee a move to a new host for recovery purposes. Option C (Capture) is wrong because it creates a generalized or specialized image from the VM, which is used to create new VMs, not to redeploy the existing VM to a new host. Option D (Reapply) is wrong because it reapplies the VM's current configuration (e.g., extensions, tags) without moving the VM to a new host; it is used to resolve provisioning state issues, not host failures.

43
MCQeasy

A container group runs a one-time import task and should stop after the task completes successfully. Which restart policy should you use?

A.Always
B.OnFailure
C.Never
D.Manual
AnswerC

Never lets the container run once and then stop, which fits a batch or import task that should not restart.

Why this answer

The 'Never' restart policy is correct because the container group is designed to run a one-time import task and should stop after successful completion. In Azure Container Instances (ACI), the 'Never' policy ensures the container runs exactly once and does not restart, regardless of the exit code. This is ideal for batch jobs or import tasks that should not be retried automatically.

Exam trap

The trap here is that candidates often confuse 'OnFailure' with 'Never' for one-time tasks, mistakenly thinking that 'OnFailure' will stop after success, but it actually restarts on failure, which is not the same as stopping unconditionally after completion.

How to eliminate wrong answers

Option A is wrong because 'Always' restarts the container regardless of exit code, which would cause the import task to run repeatedly even after success, wasting resources and potentially causing data duplication. Option B is wrong because 'OnFailure' restarts the container only if it exits with a non-zero code; while this might seem appropriate for a one-time task, it would restart on failure, which is not desired for a task that should stop after completion (even if successful). Option D is wrong because 'Manual' is not a valid restart policy in Azure Container Instances; ACI supports only 'Always', 'OnFailure', and 'Never'.

44
MCQmedium

A team needs to run a Linux container for 15 to 20 minutes at a time, triggered by an external system. They do not want to manage servers, clusters, or a web framework. Which Azure service is the best fit?

A.Azure Container Instances
B.Azure App Service
C.Azure Kubernetes Service
AnswerA

Azure Container Instances is the best fit for short-lived container execution without managing servers or a cluster. It is well suited for event-driven or scheduled jobs that run for a limited time and then exit, which matches the requirement to process work for only 15 to 20 minutes.

Why this answer

Azure Container Instances (ACI) is the best fit because it allows you to run a container directly in Azure without managing any underlying servers or orchestrators. The service is designed for short-lived, burst workloads (like 15–20 minutes) and can be triggered on-demand via an external system (e.g., HTTP request, Azure Logic Apps, or SDK). ACI automatically starts the container, runs it, and then stops and deallocates resources when the task completes, matching the exact requirement of no server, cluster, or web framework management.

Exam trap

The trap here is that candidates often choose Azure Kubernetes Service (AKS) because they associate containers with Kubernetes, overlooking that ACI is the simpler, serverless option for short-lived tasks without cluster management.

How to eliminate wrong answers

Option B (Azure App Service) is wrong because it is a fully managed platform for hosting web apps and APIs, not designed for ephemeral container tasks; it requires a web framework and runs continuously, not on-demand for 15–20 minutes. Option C (Azure Kubernetes Service) is wrong because it introduces unnecessary complexity with a managed Kubernetes cluster, requiring cluster management, node pools, and orchestration overhead, which contradicts the 'do not want to manage clusters' requirement. Option D (A virtual machine) is wrong because it requires managing the OS, patching, and scaling, and is not optimized for short-lived container workloads; it would also incur costs for idle time.

45
MCQeasy

An operations team must deploy 20 identical application VMs every sprint from source control and wants the deployment definition to be readable and repeatable. Which approach should they use?

A.Manually create each VM in the Azure portal
B.Use a Bicep template stored in source control
C.Capture a screenshot of the portal settings for future reference
D.Use Azure Policy to create the VMs automatically
AnswerB

Bicep is infrastructure as code, so the VM deployment can be versioned, reviewed, and deployed repeatedly.

Why this answer

B is correct because Bicep is a domain-specific language (DSL) for deploying Azure resources declaratively. Storing a Bicep template in source control ensures the deployment definition is readable (using concise syntax) and repeatable (via idempotent deployments), meeting the team's requirement for 20 identical VMs every sprint.

Exam trap

The trap here is that candidates may confuse Azure Policy with a deployment tool, but Azure Policy only audits or enforces rules (e.g., requiring a specific tag) and cannot provision resources like VMs, whereas Bicep is designed specifically for declarative infrastructure deployment.

How to eliminate wrong answers

Option A is wrong because manually creating each VM in the Azure portal is not repeatable, introduces human error, and cannot be version-controlled for consistent deployments across sprints. Option C is wrong because a screenshot of portal settings is not executable code; it cannot automate deployment and lacks the structured, machine-readable format needed for repeatable infrastructure provisioning. Option D is wrong because Azure Policy is used to enforce compliance rules (e.g., restricting VM sizes or locations) on existing or new resources, not to create VMs automatically; it cannot deploy 20 identical application VMs.

46
MCQeasy

A development team needs to run a Linux container for about 12 minutes each time a request is received. The team does not want to manage a server, cluster, or virtual machine. Which Azure service should the administrator use?

A.Azure Kubernetes Service
B.Azure Container Instances
C.Azure Virtual Machines
D.Azure App Service
AnswerB

ACI runs containers directly without managing servers or a Kubernetes cluster.

Why this answer

Azure Container Instances (ACI) is the correct choice because it allows the team to run a Linux container directly in Azure without managing any underlying infrastructure, such as servers, clusters, or virtual machines. ACI is ideal for short-lived, event-driven workloads like this 12-minute request-based container, as it supports rapid startup and automatic shutdown, aligning with the 'serverless' requirement.

Exam trap

The trap here is that candidates often choose Azure Kubernetes Service (AKS) because they associate containers with Kubernetes, but the question explicitly prohibits managing a cluster, making ACI the only serverless container option that meets the 'no management' requirement.

How to eliminate wrong answers

Option A is wrong because Azure Kubernetes Service (AKS) requires managing a Kubernetes cluster (control plane and nodes), which contradicts the 'no cluster management' requirement and is overkill for a single container running for 12 minutes. Option C is wrong because Azure Virtual Machines require provisioning and managing a full VM, including OS updates and scaling, which violates the 'no server or VM management' constraint. Option D is wrong because Azure App Service is designed for long-running web applications and services, not for ephemeral, request-triggered container runs; it also requires an App Service Plan (a managed server) and does not natively support running a container for exactly 12 minutes per request without additional configuration.

47
MCQeasy

A build pipeline must run a Linux container for about 10 minutes per request. The team does not want to manage servers or a Kubernetes cluster. Which Azure service should the administrator choose?

A.Azure Container Instances
B.Azure Virtual Machines
C.Azure App Service
D.Azure Kubernetes Service
AnswerA

Azure Container Instances runs containers on demand without managing servers or orchestration clusters.

Why this answer

Azure Container Instances (ACI) is the correct choice because it allows you to run a Linux container directly on Azure without managing any underlying servers or orchestrators. The 10-minute execution time fits perfectly within ACI's per-second billing model, and the service automatically starts and stops the container on demand, making it ideal for short-lived, ephemeral workloads like build pipeline tasks.

Exam trap

The trap here is that candidates often confuse Azure Container Instances with Azure Kubernetes Service, assuming that any container workload requires an orchestrator, but ACI is purpose-built for simple, serverless container execution without cluster management.

How to eliminate wrong answers

Option B is wrong because Azure Virtual Machines require you to manage the OS, updates, and scaling, which contradicts the requirement to not manage servers. Option C is wrong because Azure App Service is designed for hosting long-running web applications and APIs, not for running short-lived, ephemeral containers on demand. Option D is wrong because Azure Kubernetes Service (AKS) is a managed Kubernetes cluster that still requires cluster management and is overkill for a simple 10-minute container task.

48
MCQmedium

You need to restore a deleted file from a backed-up Azure virtual machine without restoring the entire VM. Which Azure Backup capability should you use?

A.Cross-region restore
B.File Recovery
C.Azure Site Recovery failover
D.Boot diagnostics
AnswerB

This is the feature designed for restoring specific files and folders.

Why this answer

Azure Backup's File Recovery capability allows you to mount the VM's recovery point as a drive on your local machine, enabling you to browse and restore individual files without restoring the entire VM. This is achieved by creating an iSCSI target from the recovery point snapshot, which you can connect to from a compatible OS. It is the correct choice for granular file-level recovery from a VM backup.

Exam trap

The trap here is that candidates often confuse Azure Backup's File Recovery with Azure Site Recovery's failover, mistakenly thinking failover can be used for granular file restoration, when in fact Site Recovery is for full VM replication and disaster recovery, not backup-based file recovery.

How to eliminate wrong answers

Option A is wrong because Cross-region restore is used to restore a VM or its data to a paired Azure region for disaster recovery or compliance, not for granular file-level recovery from a local backup. Option C is wrong because Azure Site Recovery failover is designed for orchestrating full VM replication and failover to a secondary site, not for restoring individual files from a backup. Option D is wrong because Boot diagnostics captures serial console logs and screenshots for troubleshooting VM boot failures, and has no role in file recovery from backups.

49
MCQeasy

A stateless web app on Azure must add or remove instances automatically when CPU usage changes. Which service should you deploy?

A.Virtual machine scale set with autoscale
C.Availability set
D.Managed disk
AnswerA

VM scale sets are designed for multiple identical instances and can scale automatically based on rules.

Why this answer

A virtual machine scale set (VMSS) with autoscale is the correct choice because it is designed to automatically increase or decrease the number of VM instances based on metrics like CPU usage. Autoscale rules can be configured to scale out when CPU exceeds a threshold (e.g., 75%) and scale in when it drops below a threshold, ensuring the stateless web app handles variable load without manual intervention.

Exam trap

The trap here is that candidates confuse high-availability constructs (availability sets) or storage components (managed disks) with autoscaling compute, or assume a single VM can be dynamically scaled horizontally, when only VMSS provides automated instance-level scaling based on metrics.

How to eliminate wrong answers

Option B is wrong because a single virtual machine cannot automatically add or remove instances; it is a fixed resource that can only be scaled vertically (changing size) and does not support horizontal scaling. Option C is wrong because an availability set is a logical grouping for high availability and fault tolerance, not an autoscaling mechanism; it does not add or remove instances based on CPU usage. Option D is wrong because a managed disk is a storage volume for VMs, not a compute service; it has no capability to manage instance count or respond to CPU metrics.

50
MCQhard

A container group must run an image from a private Azure Container Registry without embedding registry credentials in the deployment. The same authentication method should be reusable by future container groups, and the application must continue to work if the container group is recreated. Which identity approach should the administrator use?

A.A system-assigned managed identity for the container group.
B.A user-assigned managed identity assigned to the container group.
C.An ACR admin username and password stored in the container image.
D.A shared access signature token passed as an environment variable.
AnswerB

A user-assigned managed identity can be reused across container groups and survives recreation of the workload resource. After granting the identity AcrPull on the registry, the container group can authenticate without stored usernames, passwords, or registry secrets.

Why this answer

A user-assigned managed identity (B) is the correct approach because it is a persistent Azure AD identity that can be pre-created and assigned to any number of container groups. It decouples the identity from the container group's lifecycle, so if the container group is recreated, the same identity can be reassigned without reconfiguration. The container group uses this identity to authenticate to ACR via Azure AD token-based authentication, eliminating the need to embed registry credentials.

Exam trap

The trap here is that candidates often choose system-assigned managed identity (A) because it is simpler to configure, but they overlook the requirement for reusability across container group recreations, which only a user-assigned managed identity can satisfy due to its independent lifecycle.

How to eliminate wrong answers

Option A is wrong because a system-assigned managed identity is tied to the lifecycle of the container group; if the container group is deleted and recreated, a new identity is created, breaking the reusability requirement. Option C is wrong because using ACR admin credentials stored in the image violates the requirement to not embed credentials and is not reusable across future container groups without manual credential rotation. Option D is wrong because a shared access signature (SAS) token is used for Azure Storage access, not for authenticating to Azure Container Registry, and passing it as an environment variable would expose credentials.

51
MCQeasy

Based on the exhibit, what should the administrator do next so the VM can use the extra capacity on the resized data disk?

A.Resize the managed disk again in Azure.
B.Extend the partition or file system inside the VM.
C.Detach the disk and attach it to another VM.
D.Create a new virtual machine from the disk.
AnswerB

After Azure increases a managed disk, the guest operating system still needs to recognize the new space. Expanding the partition or file system inside the VM makes the newly allocated disk capacity available to applications.

Why this answer

After resizing a managed disk in Azure, the additional capacity is allocated at the Azure platform level but is not automatically available to the operating system. The administrator must extend the partition or file system inside the VM using tools like Diskpart (Windows) or fdisk/resize2fs (Linux) to make the new space usable. This is a standard post-resize step because the OS still sees the original partition boundaries.

Exam trap

The trap here is that candidates assume resizing the disk in Azure automatically makes the extra space available inside the VM, overlooking the required OS-level partition extension step.

How to eliminate wrong answers

Option A is wrong because resizing the disk again would only allocate more space at the Azure level without addressing the OS-level partition, and repeating the resize does not automatically extend the file system. Option C is wrong because detaching and reattaching the disk to another VM does not extend the partition; it only moves the unchanged disk to a different host. Option D is wrong because creating a new VM from the disk is unnecessary and wasteful—the existing VM can use the extra capacity after a simple partition extension, and this option does not solve the immediate issue.

52
MCQeasy

A reporting application needs an Azure VM with at least 8 vCPUs and 64 GiB of RAM. The workload is memory-heavy, and the team wants a reasonable starting point. Which VM family should the administrator choose?

A.B-series
B.D-series
C.E-series
D.F-series
AnswerC

E-series is memory optimized and is a strong fit for workloads that need higher RAM per vCPU.

Why this answer

The E-series (memory-optimized) VM family is designed for memory-intensive workloads, offering a high memory-to-CPU ratio. With a requirement of at least 8 vCPUs and 64 GiB of RAM, the E-series provides the necessary memory capacity (e.g., E8s_v3 offers 8 vCPUs and 64 GiB RAM) as a reasonable starting point for a memory-heavy reporting application.

Exam trap

The trap here is that candidates often confuse 'general purpose' (D-series) as sufficient for all workloads, overlooking the specific memory requirement of 64 GiB, which D-series cannot meet at 8 vCPUs.

How to eliminate wrong answers

Option A is wrong because B-series (burstable) VMs are intended for workloads with low-to-moderate baseline CPU utilization that can burst, not for consistent memory-heavy performance; they lack the high memory-to-CPU ratio required. Option B is wrong because D-series (general purpose) VMs offer a balanced CPU-to-memory ratio (e.g., D8s_v3 has 8 vCPUs but only 32 GiB RAM), which does not meet the 64 GiB requirement. Option D is wrong because F-series (compute-optimized) VMs prioritize high CPU performance with a low memory-to-CPU ratio (e.g., F8s_v2 has 8 vCPUs but only 16 GiB RAM), making them unsuitable for memory-heavy workloads.

53
Multi-Selectmedium

The operations team wants 3 to 8 identical Linux VM instances, with more instances added when average CPU stays above 70 percent for 10 minutes and removed when load falls. Which three settings should be configured? Select three.

Select 3 answers
A.Use a virtual machine scale set for the identical application instances.
B.Create an autoscale profile with a scale-out rule based on average CPU utilization.
C.Set minimum and maximum instance counts so the service cannot scale below 3 or above 8.
D.Place the VMs in an availability set instead of using a scale set.
E.Clone the VM manually whenever CPU rises and remove clones by hand later.
AnswersA, B, C

A VM scale set is the compute service built for multiple identical instances with centralized scaling and management. It is the correct foundation for a workload that expands and contracts over time.

Why this answer

A virtual machine scale set (VMSS) is the correct Azure service for deploying and managing a group of identical, load-balanced Linux VMs that can automatically scale in and out based on demand. It supports autoscaling rules that adjust the instance count within a defined range, meeting the requirement for 3 to 8 identical instances with automatic addition when average CPU exceeds 70% for 10 minutes and removal when load falls.

Exam trap

The trap here is that candidates may confuse availability sets with scale sets, thinking both provide scaling, but availability sets only offer redundancy and fault tolerance, not automatic scaling or instance count management.

54
MCQhard

A development VM is recreated from scratch every week. The team wants the operating system disk to boot as quickly as possible and does not need the OS disk contents to survive deallocation. Which disk choice should the administrator make?

A.A Premium SSD managed OS disk
B.An ephemeral OS disk
C.A Standard SSD managed OS disk
D.The VM temporary disk as the operating system disk
AnswerB

Ephemeral OS disks use local storage and provide very fast boot with no persistence requirement.

Why this answer

An ephemeral OS disk is created on the local VM host storage, not on Azure managed storage, which eliminates network latency and provides significantly faster boot times. Since the team does not need the OS disk contents to survive deallocation and recreates the VM weekly, ephemeral disks are ideal as they are reset to the original image state on each deployment.

Exam trap

The trap here is that candidates often choose Premium SSD for 'fastest boot' without realizing that ephemeral OS disks bypass network storage entirely, offering even lower latency for boot operations, and that the temporary disk cannot be used as an OS disk despite its local nature.

How to eliminate wrong answers

Option A is wrong because Premium SSD managed OS disks, while fast, still incur network I/O latency and are not optimized for the fastest possible boot; they also persist data across deallocations, which is unnecessary here. Option C is wrong because Standard SSD managed OS disks are slower than Premium SSD and ephemeral disks, and they also persist data, adding cost and complexity without benefit. Option D is wrong because the VM temporary disk (D: drive on Windows, /dev/sdb on Linux) is not supported as an operating system disk; it is a scratch disk for temporary data and cannot host the OS.

55
Multi-Selecteasy

A batch container in Azure Container Instances should stop after a successful run and may retry only when the process fails. Which two restart policies are correct for that style of workload? Select two.

Select 2 answers
A.Never
B.OnFailure
C.Always
D.Manual
E.Scheduled
AnswersA, B

Never lets the container exit and stay stopped, which is useful for one-time batch jobs.

Why this answer

Option A (Never) is correct because it ensures the container does not restart after a successful run, which aligns with the requirement to stop after completion. Option B (OnFailure) is correct because it allows the container to retry only when the process fails, meeting the condition of restarting solely on failure. In Azure Container Instances, these two restart policies directly support batch workloads that should not restart on success but may retry on failure.

Exam trap

The trap here is that candidates often confuse the 'OnFailure' policy with 'Always' or think 'Never' means no restarts at all, missing that 'OnFailure' is the only policy that retries exclusively on failure, while 'Always' would restart even after success, which is incorrect for this batch workload scenario.

56
MCQeasy

A data disk was accidentally deleted from a VM. You have a snapshot of that disk from before the deletion. What should you create first to restore the data with minimal impact to the VM's OS disk?

A.A new managed disk from the snapshot
C.A new availability set
D.A larger VM size
AnswerA

A snapshot is a backup point for a disk, but it must be turned into a managed disk before it can be attached to a VM. Creating a new managed disk from the snapshot restores the data in a recoverable form while leaving the VM's OS disk untouched. After the new disk is created, you can attach it as a data disk. This is the normal restore path for a deleted or lost managed data disk.

Why this answer

A is correct because creating a new managed disk from the snapshot is the direct and minimal-impact method to restore the deleted data disk. Once the new managed disk is created, you can attach it to the existing VM without affecting the OS disk or requiring a VM rebuild. This approach avoids any downtime beyond the brief attachment operation.

Exam trap

The trap here is that candidates may think they need to recreate the entire VM (Option B) to use the snapshot, not realizing that a snapshot can be converted directly into a managed disk and attached to the existing VM without any OS disk impact.

How to eliminate wrong answers

Option B is wrong because creating a new virtual machine would be unnecessarily disruptive, requiring reconfiguration of all settings and applications, and does not directly restore the specific data disk. Option C is wrong because an availability set is a logical grouping for high availability, not a mechanism to restore disk data. Option D is wrong because resizing the VM to a larger size only changes compute resources and does not recover the deleted disk or its data.

57
MCQmedium

You need to run a script inside an Azure virtual machine after deployment to install application prerequisites. Which feature should you use?

A.Azure Policy
B.A Custom Script Extension
C.Boot diagnostics
D.A proximity placement group
AnswerB

The Custom Script Extension runs scripts inside the VM.

Why this answer

The Custom Script Extension (CSE) is the correct feature because it allows you to run a script inside an Azure VM after deployment, making it ideal for installing application prerequisites. CSE downloads and executes scripts on the VM, supporting both Windows (via PowerShell) and Linux (via Bash) environments, and can be applied during initial provisioning or to an existing VM.

Exam trap

The trap here is that candidates often confuse Azure Policy (a governance tool) with the Custom Script Extension (a VM-level execution tool), mistakenly thinking Policy can run scripts to enforce configurations inside the VM, when in reality Policy only audits or remediates Azure resource properties, not guest OS actions.

How to eliminate wrong answers

Option A is wrong because Azure Policy is a governance tool that enforces compliance rules on Azure resources (e.g., requiring a specific VM size or tag), but it cannot execute scripts inside a VM. Option C is wrong because Boot diagnostics captures serial console output and screenshots for troubleshooting VM boot failures, not for running post-deployment scripts. Option D is wrong because a proximity placement group is used to reduce network latency between VMs by ensuring they are physically close in an Azure datacenter; it has no capability to execute scripts.

58
MCQhard

A data disk was accidentally deleted from a production VM. The team has a snapshot of that disk from the previous night and wants the fastest Azure-side recovery path with the least risk of overwriting the existing OS disk. What should the administrator do first?

A.Restore the entire virtual machine from the snapshot and overwrite the current instance.
B.Create a new managed disk from the snapshot, then attach that disk to the VM.
C.Convert the snapshot into a temporary storage account and copy the files back manually.
D.Recreate the VM from the same marketplace image and restore only the deleted disk later.
AnswerB

The snapshot contains the point-in-time disk state, so the correct first step is to create a new managed disk from it. Once the disk exists, it can be attached to the VM and the data recovered without disturbing the OS disk or other volumes.

Why this answer

Option B is correct because creating a new managed disk from the snapshot and attaching it to the VM is the fastest Azure-side recovery path. This approach directly reuses the existing OS disk without any risk of overwriting it, and the new data disk can be attached within minutes using the Azure portal, CLI, or PowerShell. It avoids any downtime for the VM beyond the brief attach operation.

Exam trap

The trap here is that candidates often assume restoring the entire VM from a snapshot is the fastest recovery method, but they overlook that this overwrites the OS disk and causes full downtime, whereas attaching a new disk from the snapshot is both faster and safer.

How to eliminate wrong answers

Option A is wrong because restoring the entire VM from the snapshot would overwrite the current OS disk, causing unnecessary downtime and risking data loss on the OS disk. Option C is wrong because converting a snapshot into a temporary storage account and manually copying files is inefficient, error-prone, and not a native Azure recovery method—snapshots are designed to create disks directly, not to be exported to storage accounts for manual file recovery. Option D is wrong because recreating the VM from a marketplace image would require reconfiguring the entire VM and then restoring the deleted disk later, which is slower and introduces more complexity and risk than simply attaching a disk from the snapshot.

59
Multi-Selecthard

A platform team maintains a hardened Windows VM with IIS, an agent, and local configuration files. They need to deploy 40 identical VMs in two regions, preserve version history, and roll back quickly if a new image causes problems. Which two actions should they take? Select two.

Select 2 answers
A.Generalize the source VM before capture by removing machine-specific state.
B.Create an image definition and image version in Azure Compute Gallery.
C.Place the target virtual machines in an availability set.
D.Attach a user-assigned managed identity to the source VM.
E.Enable boot diagnostics on the target virtual machines.
AnswersA, B

Correct. Generalizing removes unique computer-specific settings so the image can be safely cloned many times.

Why this answer

Option A is correct because generalizing the source VM with Sysprep (for Windows) removes machine-specific state like security identifiers (SIDs) and hostnames, making the VM suitable for creating a reusable, generalized image. This is a prerequisite for capturing an image that can be deployed to multiple VMs without conflicts. Without generalization, each VM would retain the original machine's identity, causing domain join and licensing issues.

Exam trap

The trap here is that candidates often confuse 'generalizing the source VM' with 'creating a snapshot' or 'using managed identities,' failing to recognize that Sysprep is mandatory for Windows images and that Azure Compute Gallery is the only service that provides versioning and cross-region replication for managed images.

60
MCQhard

You need to resize a production VM from Standard_D2s_v5 to Standard_D4s_v5 by using Azure CLI. `az vm list-vm-resize-options` shows the target size, but `az vm resize` fails while the VM is running. Which action should you take first?

A.Run `az vm stop`, then resize the VM.
B.Run `az vm deallocate`, then resize the VM, then start it again.
C.Run `az vm restart`, then resize the VM.
D.Run `az vm generalize`, then recreate the VM from the image.
AnswerB

Azure often requires the VM to be deallocated before a size change succeeds because the target size may need different host resources. Deallocation releases the current compute allocation, which lets Azure place the VM on compatible hardware. After resizing, you start the VM again and the new size takes effect. This is the key difference between stop and deallocate in Azure operations.

Why this answer

Option B is correct because resizing a VM to a different size often requires the VM to be in a deallocated state, especially when the new size is in a different hardware cluster or when the VM is currently running and the resize operation fails. The `az vm deallocate` command releases the underlying hardware resources, allowing the VM to be resized to any available size, including Standard_D4s_v5, and then you can start it again. This is a common requirement for production VMs when live resizing is not supported or fails.

Exam trap

The trap here is that candidates often confuse 'stop' with 'deallocate' — while both halt the VM, only deallocate releases the underlying hardware reservation, which is necessary for resizing across different hardware clusters or when live resize fails.

How to eliminate wrong answers

Option A is wrong because `az vm stop` only stops the VM but does not release the underlying hardware allocation, which may still prevent resizing to a different size if the target size is not available on the current host. Option C is wrong because `az vm restart` simply reboots the VM without changing its allocation state, so it does not resolve the underlying hardware constraint that caused the resize failure. Option D is wrong because `az vm generalize` prepares the VM for image creation by removing machine-specific information, which is unnecessary and destructive for a simple resize operation; it would require recreating the VM from the image, not just resizing it.

61
Multi-Selecthard

VM-App01 is responding slowly and appears to be on a degraded Azure host. You must keep the VM resource, keep its disks and NIC, and move it to fresh infrastructure before further troubleshooting. Which two actions can achieve that goal? Select two.

Select 2 answers
A.Redeploy the VM.
B.Delete the VM and recreate it from the OS disk.
C.Capture the VM into a generalized image.
D.Stop/deallocate the VM.
E.Convert the VM to an availability set.
AnswersA, D

Redeploying a VM instructs Azure to move it to new underlying infrastructure while preserving the VM resource and attached disks. It is a direct response when you suspect the current host is unhealthy.

Why this answer

Redeploying the VM (Option A) moves the VM to a new Azure host node while preserving the VM resource, its disks, and NIC. This is the correct action because it resolves host-level degradation without deleting or recreating the VM. Stopping/deallocating the VM (Option D) releases the underlying hardware lease, which forces the VM to be placed on a new host when started again, also preserving the VM resource, disks, and NIC.

Exam trap

The trap here is that candidates often confuse 'Redeploy' with 'Delete and recreate' or think that stopping the VM is insufficient, but in Azure, stop/deallocate is the standard way to force a host migration while keeping the VM resource intact.

62
MCQeasy

Based on the exhibit, a Windows VM must install IIS and run a configuration script automatically right after deployment. The administrator does not want to sign in to the VM manually. Which Azure feature should be used?

A.Azure Policy with a modify effect.
B.Virtual machine extension, such as the Custom Script Extension.
C.An availability set.
D.A private endpoint.
AnswerB

A VM extension is designed to run guest-level tasks after the VM is created. The Custom Script Extension can download and execute a script to install IIS or perform configuration without requiring manual sign-in. This is the standard Azure feature for simple post-deployment automation on a VM.

Why this answer

The Custom Script Extension (CSE) is the correct Azure feature because it allows you to run PowerShell or Bash scripts on a VM after deployment without manual sign-in. By specifying the script in the VM's deployment template or via Azure CLI/Portal, IIS can be installed and the configuration script executed automatically during provisioning. This aligns with the requirement for zero-touch post-deployment automation.

Exam trap

The trap here is that candidates often confuse Azure Policy (which can only audit or remediate resource configurations at the ARM level) with the ability to run guest OS scripts, mistakenly thinking a 'modify effect' can install software, when in fact it cannot execute code inside the VM.

How to eliminate wrong answers

Option A is wrong because Azure Policy with a modify effect is used to enforce compliance rules (e.g., ensuring a tag exists) and cannot execute arbitrary scripts like installing IIS or running a configuration script; it operates at the resource management layer, not inside the guest OS. Option C is wrong because an availability set is a logical grouping of VMs to ensure high availability across fault and update domains; it has no capability to run scripts or install software. Option D is wrong because a private endpoint provides a private IP address for secure connectivity to Azure PaaS services (e.g., Storage, SQL) over a virtual network; it does not execute scripts or configure the VM's operating system.

63
MCQeasy

Based on the exhibit, the team wants a readable, repeatable deployment definition stored in source control. Which approach should they use for the Azure resources?

A.Azure Policy because it enforces the deployment automatically.
B.Bicep because it provides a concise declarative syntax for Azure deployments.
C.A runbook in Azure Automation because it is always easier to read than templates.
D.A resource lock because it prevents unauthorized changes to the deployment.
AnswerB

Bicep is the best choice because it is a declarative Azure language that is easier to read and maintain than raw ARM JSON. It works well in source control, supports code review, and is commonly used to define repeatable infrastructure deployments.

Why this answer

Bicep is a domain-specific language (DSL) that provides a concise, declarative syntax for deploying Azure resources. It is designed to be more readable than ARM templates and can be stored in source control, enabling repeatable, version-controlled deployments. This directly meets the team's requirement for a readable, repeatable deployment definition.

Exam trap

The trap here is that candidates often confuse governance tools (Azure Policy) or operational scripts (runbooks) with infrastructure-as-code solutions, overlooking that Bicep is the native, declarative language designed specifically for repeatable Azure resource deployments.

How to eliminate wrong answers

Option A is wrong because Azure Policy is a governance tool that enforces compliance rules on existing resources, not a mechanism for defining and deploying infrastructure. Option C is wrong because runbooks in Azure Automation are primarily for process automation and orchestration tasks, not for declarative infrastructure deployment; they are typically written in PowerShell or Python and are less readable than Bicep templates for defining resources. Option D is wrong because a resource lock is a safeguard that prevents deletion or modification of resources, not a deployment definition or template.

64
MCQhard

You have a virtual machine scale set that must increase the number of instances automatically when average CPU utilization exceeds 75 percent and decrease when utilization drops below 30 percent. What should you configure?

A.An Azure Monitor autoscale rule on the scale set
B.A boot diagnostics configuration
C.An availability set
D.A custom script extension
AnswerA

Autoscale rules support scaling out and in based on CPU thresholds.

Why this answer

Azure Monitor autoscale rules allow you to define conditions for automatically scaling out (increasing instances) when average CPU utilization exceeds a threshold (e.g., 75%) and scaling in (decreasing instances) when it drops below a lower threshold (e.g., 30%). These rules are applied directly to the virtual machine scale set, enabling dynamic scaling based on performance metrics.

Exam trap

The trap here is that candidates may confuse autoscale rules with other VM configuration options like boot diagnostics or custom script extensions, not realizing that autoscaling is a dedicated feature of Azure Monitor applied to scale sets.

How to eliminate wrong answers

Option B is wrong because boot diagnostics configuration captures serial console output and screenshots for troubleshooting VM boot failures, not for scaling decisions. Option C is wrong because an availability set is a logical grouping of VMs for high availability within a single region, not a mechanism for autoscaling based on CPU utilization. Option D is wrong because a custom script extension runs scripts on VMs for post-deployment configuration or software installation, not for monitoring or triggering scale events.

65
MCQeasy

A line-of-business app runs on a single Azure VM in a region that supports availability zones. The business wants the VM to keep running if one datacenter in the region becomes unavailable. Which deployment choice best meets this requirement?

A.Availability set
B.Availability zone
C.Proximity placement group
D.Virtual machine scale set
AnswerB

An availability zone places the VM in a distinct datacenter within the region, helping the workload survive a datacenter-level outage.

Why this answer

An availability zone is a physically separate datacenter within an Azure region, with independent power, cooling, and networking. Deploying the VM to a specific zone ensures it remains operational if another zone's datacenter fails, meeting the requirement for single-VM resilience against a datacenter outage.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack-level failures) with availability zones (which protect against datacenter-level failures), leading them to choose the set when the question explicitly requires datacenter outage protection.

How to eliminate wrong answers

Option A is wrong because an availability set protects against rack-level failures within a single datacenter (e.g., hardware faults or updates), not against the loss of an entire datacenter. Option C is wrong because a proximity placement group is designed to reduce network latency by co-locating VMs, not to provide datacenter-level fault isolation. Option D is wrong because a virtual machine scale set provides scaling and high availability across zones or fault domains, but for a single VM it is unnecessary and does not inherently guarantee zone-level isolation unless explicitly configured with zones, which is not the simplest or most direct choice.

66
Multi-Selecteasy

An application needs more data disk capacity, but the VM can keep using the same managed disk. Which two statements are true when you resize a managed data disk? Select two.

Select 2 answers
A.You can increase the managed disk size without redeploying the VM.
B.You may need to extend the partition or filesystem inside the guest OS.
C.You must create a brand-new VM before resizing the disk.
D.Resizing a disk always shrinks it back to a smaller size.
E.The VM size must always change whenever disk capacity changes.
AnswersA, B

Managed disks can be expanded in Azure without rebuilding the VM or reinstalling the operating system.

Why this answer

Option A is correct because Azure managed disks support online resizing: you can increase the size of a managed data disk while the VM remains running, without any need to stop, deallocate, or redeploy the VM. This is possible because the underlying Azure storage infrastructure can extend the virtual hard disk (VHD) file without disrupting the VM's I/O operations. After the resize, the guest OS sees the new capacity, but the partition and filesystem must be extended manually.

Exam trap

The trap here is that candidates assume resizing a disk requires a VM restart or redeployment, but Azure allows online resizing for managed disks, and the only post-resize step is extending the partition inside the guest OS.

67
MCQmedium

A reporting server VM will run an analytics engine that uses a large in-memory cache. Required minimums are 8 vCPUs and 64 GiB of RAM, and the workload benefits more from memory than from extra compute. Which Azure VM series is the best fit?

A.B-series, because burstable credits handle temporary spikes economically
B.D-series, because it balances general-purpose CPU and memory
C.E-series, because it provides memory-optimized sizing for data-intensive workloads
D.F-series, because it is optimized for high CPU throughput
AnswerC

E-series VMs are memory optimized, which makes them a strong fit when the workload needs more RAM relative to CPU. A server running an in-memory cache or analytics engine benefits from that higher memory footprint, and the family includes sizes that satisfy the stated minimums.

Why this answer

The E-series (specifically Ev3, Esv3, or Ebsv5) is memory-optimized, offering the highest memory-to-vCPU ratio among Azure general-purpose families. With a requirement of 64 GiB RAM and only 8 vCPUs, the workload benefits more from memory than compute, making the E-series the best fit. D-series provides balanced ratios but not the memory density needed, while F-series and B-series are compute- or burst-oriented and lack sufficient memory per vCPU.

Exam trap

The trap here is that candidates see '8 vCPUs and 64 GiB RAM' and assume a general-purpose D-series is sufficient, overlooking that the workload benefits more from memory than compute, which directly points to the memory-optimized E-series as the most cost-effective and performant choice.

How to eliminate wrong answers

Option A is wrong because B-series is a burstable, general-purpose family designed for workloads with low average CPU usage and occasional spikes; it does not guarantee sustained 8 vCPUs or provide the high memory-to-vCPU ratio required for a large in-memory cache. Option B is wrong because D-series is a general-purpose family with a balanced CPU-to-memory ratio (typically 4 GiB per vCPU), which would require more vCPUs to reach 64 GiB RAM, wasting compute resources and cost. Option D is wrong because F-series is compute-optimized, offering high CPU throughput but only 2 GiB of RAM per vCPU, far below the 8 GiB per vCPU needed for this memory-intensive workload.

68
MCQeasy

A company has two application VMs in the same Azure region. The main requirement is to reduce downtime during planned host maintenance. The business does not require protection from a complete datacenter outage. Which option should you choose?

A.Availability zones
B.Availability set
C.Virtual machine scale set
D.Proximity placement group
AnswerB

An availability set spreads VMs across update domains and fault domains within a datacenter boundary. That helps reduce downtime during planned maintenance and some hardware issues. Since the requirement does not include protection from an entire datacenter outage, an availability set is the right and simpler choice.

Why this answer

An availability set distributes VMs across multiple fault domains and update domains within a single Azure datacenter. During planned host maintenance, Azure updates one update domain at a time, ensuring that only a subset of VMs are rebooted simultaneously, thereby reducing downtime. This meets the requirement of protecting against planned maintenance without needing cross-datacenter redundancy.

Exam trap

The trap here is that candidates often confuse availability zones (which protect against datacenter-level failures) with availability sets (which protect against rack-level failures and planned maintenance), leading them to over-engineer the solution with zones when the requirement explicitly excludes datacenter outage protection.

How to eliminate wrong answers

Option A is wrong because availability zones protect against a complete datacenter outage by placing VMs in physically separate datacenters within a region, which is unnecessary and more costly given the requirement only to reduce downtime during planned host maintenance. Option C is wrong because a virtual machine scale set is designed for auto-scaling and load balancing of identical VMs, not specifically for reducing downtime during planned maintenance; while it can use availability sets or zones, the core purpose and cost model are mismatched. Option D is wrong because a proximity placement group is used to minimize network latency between VMs by ensuring they are physically close, which does not address downtime during planned maintenance and can actually increase risk by placing VMs in the same failure domain.

69
MCQhard

A container group runs a one-time import job that writes data to an external system. If the job succeeds, the container must stop and stay stopped. If the job fails, it should automatically retry by restarting. Which restart policy should the administrator choose?

A.Always
B.Never
C.OnFailure
D.Manual
AnswerC

OnFailure matches a batch-style workload that should retry after an error but remain stopped after a successful run. It allows the container group to restart when the process exits unsuccessfully while avoiding unnecessary reruns after completion.

Why this answer

The OnFailure restart policy is correct because it instructs Azure Container Instances (ACI) to restart the container only when the process exits with a non-zero exit code, indicating failure. For a one-time import job that must stop permanently on success (exit code 0) and retry on failure, OnFailure matches this exact behavior without unnecessary restarts.

Exam trap

The trap here is that candidates often confuse 'OnFailure' with 'Always' for retry scenarios, not realizing that 'Always' restarts even after success, which would break the 'stop on success' requirement.

How to eliminate wrong answers

Option A (Always) is wrong because it would restart the container regardless of exit code, causing the successful job to run repeatedly instead of stopping. Option B (Never) is wrong because it would not restart the container on failure, leaving the job uncompleted without any retry. Option D (Manual) is wrong because Azure Container Instances does not support a 'Manual' restart policy; the valid policies are Always, Never, and OnFailure.

70
MCQmedium

An operations team maintains a hardened Windows Server image with application prerequisites and monitoring tools already installed. They want to deploy future VMs from the same versioned image in multiple subscriptions and promote a new build only after testing. Which Azure feature should they use?

A.A managed disk snapshot created from one of the VMs
B.An Azure Compute Gallery image version
C.A custom script extension installed during VM provisioning
D.An availability set containing the VMs
AnswerB

A gallery image version provides a reusable, versioned VM image that can be shared and deployed consistently.

Why this answer

An Azure Compute Gallery (formerly Shared Image Gallery) allows you to store and manage multiple versions of a custom VM image, replicate them across regions, and share them across subscriptions. This enables the team to maintain a hardened, versioned image, deploy VMs from it in multiple subscriptions, and promote a new build only after testing by creating a new image version.

Exam trap

The trap here is that candidates often confuse a managed disk snapshot with a reusable image, but snapshots lack versioning, cross-subscription sharing, and the ability to promote builds after testing, which are core requirements for this scenario.

How to eliminate wrong answers

Option A is wrong because a managed disk snapshot captures only the state of a single disk at a point in time and cannot be versioned, shared across subscriptions, or used to deploy VMs with application prerequisites and monitoring tools in a repeatable manner. Option C is wrong because a custom script extension runs during VM provisioning to install software or apply configurations, but it does not create a reusable, versioned image that can be shared across subscriptions and promoted after testing. Option D is wrong because an availability set is a logical grouping of VMs to provide high availability within a single subscription, and it has no role in image management, versioning, or cross-subscription deployment.

71
MCQeasy

A stateless web application needs a group of identical Azure VMs that can automatically add more instances during the workday and remove them at night based on CPU usage. What should the administrator deploy?

A.An availability set with two VMs
B.A virtual machine scale set with autoscale rules
C.A single VM with a larger disk
D.An Azure Policy assignment to increase CPU capacity
AnswerB

A scale set is designed for identical VMs that can expand or shrink automatically based on demand.

Why this answer

A virtual machine scale set (VMSS) with autoscale rules is the correct solution because it provides a group of identical, load-balanced VMs that can automatically scale out (add instances) during high CPU usage in the workday and scale in (remove instances) at night based on CPU thresholds. This matches the stateless, elastic requirement perfectly, as VMSS is designed for horizontal scaling of identical instances with autoscale policies tied to metrics like CPU percentage.

Exam trap

The trap here is that candidates often confuse availability sets (which provide fault tolerance but no scaling) with virtual machine scale sets (which provide both scaling and high availability), or they mistakenly think Azure Policy can dynamically adjust compute resources, when it only enforces configuration rules.

How to eliminate wrong answers

Option A is wrong because an availability set only provides high availability by distributing VMs across fault and update domains, but it does not support automatic scaling based on CPU usage; you would need to manually add or remove VMs. Option C is wrong because a single VM with a larger disk addresses vertical scaling (increasing resources of one instance), not horizontal scaling (adding/removing identical instances), and it cannot automatically adjust capacity based on CPU load. Option D is wrong because Azure Policy is a governance tool used to enforce compliance rules (e.g., restricting VM sizes), not to dynamically increase compute capacity or trigger autoscaling actions.

72
MCQeasy

A stateless web service must handle traffic spikes by adding or removing instances automatically based on CPU usage. Which Azure service fits best?

A.One larger standalone VM
B.Availability set with two VMs
C.Virtual machine scale set with autoscale
D.Recovery Services vault backup
AnswerC

A VM scale set with autoscale is designed for stateless workloads that need automatic instance scaling based on metrics.

Why this answer

A Virtual Machine Scale Set (VMSS) with autoscale is the correct choice because it automatically adjusts the number of VM instances based on CPU utilization metrics, enabling the stateless web service to handle traffic spikes by scaling out (adding instances) and scaling in (removing instances) as needed. This aligns with the requirement for a stateless, elastic, and automated scaling solution.

Exam trap

The trap here is that candidates often confuse high availability (provided by availability sets) with autoscaling, or assume a single large VM can handle spikes via vertical scaling, ignoring the need for horizontal, automated scaling for stateless workloads.

How to eliminate wrong answers

Option A is wrong because a single large standalone VM cannot scale out or in; it only supports vertical scaling (resizing), which requires downtime and cannot handle traffic spikes dynamically. Option B is wrong because an availability set provides high availability through fault and update domains but does not include autoscaling capabilities; it only distributes a fixed number of VMs across physical hardware. Option D is wrong because a Recovery Services vault is used for backup and disaster recovery, not for compute scaling or handling traffic spikes.

73
Multi-Selecthard

A customer-facing service needs to survive a single datacenter outage in a zone-supported region. You do not need cross-region failover, but you do need Azure to spread instances without manual placement errors. Which two deployment choices satisfy that goal? Select two.

Select 2 answers
A.Place the VMs in different availability zones within the same region.
B.Use an availability set and expect it to cover a zone outage.
C.Deploy the workload in a zone-enabled virtual machine scale set.
D.Keep all instances in one zone and rely on the load balancer.
E.Use a paired region for automatic in-region zone balancing.
AnswersA, C

Spreading the workload across multiple availability zones protects against a datacenter-level failure within the region. It also keeps traffic local to the region, which matches the requirement that cross-region failover is not needed.

Why this answer

Option A is correct because availability zones are physically separate datacenters within a region, each with independent power, cooling, and networking. Placing VMs in different zones ensures that a single datacenter outage does not affect all instances, meeting the survivability requirement without manual placement errors. Azure automatically distributes VMs across selected zones, eliminating human error in instance placement.

Exam trap

The trap here is confusing availability sets (which protect against rack failures within a single datacenter) with availability zones (which protect against full datacenter outages), leading candidates to incorrectly select Option B as a valid solution for zone-level resilience.

74
Multi-Selectmedium

A stateless web tier must survive a datacenter outage in a region that supports availability zones, and the number of instances should increase during business hours. Which three actions should the administrator take? Select three.

Select 3 answers
A.Deploy the workload as a virtual machine scale set instead of a standalone VM.
B.Enable zone distribution for the scale set in a region that supports availability zones.
C.Configure autoscale so the instance count can change according to demand.
D.Place all instances in a single availability set and scale them manually.
E.Deploy only one zonal VM and use snapshots to recover if the datacenter fails.
AnswersA, B, C

A VM scale set is the Azure compute service designed for identical, horizontally scalable instances. It gives the administrator a single resource to manage for deployment, scaling, and placement across multiple instances.

Why this answer

A virtual machine scale set (VMSS) provides automatic scaling and high availability across multiple instances, which is essential for a stateless web tier that must survive a datacenter outage. By deploying as a scale set instead of a standalone VM, the administrator gains the ability to distribute instances across availability zones and configure autoscale rules to adjust capacity based on demand, meeting both the resilience and elasticity requirements.

Exam trap

The trap here is that candidates often confuse availability sets (which protect against rack failures) with availability zones (which protect against datacenter outages), leading them to select option D instead of the correct zone distribution in option B.

75
MCQhard

You have an application that writes heavily to Azure-managed disks and requires the highest consistent IOPS and lowest latency. Which disk type should you choose?

A.Standard HDD
B.Standard SSD
C.Premium SSD v2
D.Archive storage
AnswerC

Premium SSD v2 is optimized for high IOPS and low latency workloads.

Why this answer

Premium SSD v2 is the correct choice because it is designed for high-performance workloads, offering sub-millisecond latency and the highest consistent IOPS among Azure managed disks. It supports up to 80,000 IOPS per disk and 1,200 MB/s throughput, making it ideal for write-heavy applications that demand low latency and predictable performance.

Exam trap

The trap here is that candidates often confuse Premium SSD v2 with standard Premium SSD, assuming the older tier provides the same performance, but Premium SSD v2 offers significantly higher IOPS and lower latency due to its independent provisioning model and NVMe support.

How to eliminate wrong answers

Option A is wrong because Standard HDD provides the lowest IOPS (up to 2,000 per disk) and highest latency (10-20 ms), making it unsuitable for write-heavy, low-latency workloads. Option B is wrong because Standard SSD offers moderate IOPS (up to 6,000 per disk) and latency (3-10 ms), which cannot match the consistent high IOPS and sub-millisecond latency required. Option D is wrong because Archive storage is a blob storage tier for infrequently accessed data, not a disk type for virtual machines, and it has retrieval times in hours, making it completely inappropriate for active write operations.

Page 1 of 3 · 204 questions totalNext →

Ready to test yourself?

Try a timed practice session using only AZ Compute questions.