CCNA Azure Compute Solutions Questions

33 of 258 questions · Page 4/4 · Azure Compute Solutions topic · Answers revealed

226
MCQmedium

You deploy the above ARM template resource for a web app. The web app reads the connection string from the 'DefaultConnection' name. However, the web app fails to connect to the database with an error 'Login failed for user 'myuser'. What is the most likely cause?

A.The user ID does not have access to the database.
B.The connection string type should be 'SQLServer' instead of 'SQLAzure'.
C.The SQL server is configured to use Microsoft Entra authentication only, not SQL authentication.
D.The connection string is missing 'Trusted_Connection=True;'.
AnswerC

If the server only allows Microsoft Entra authentication, SQL authentication will fail.

Why this answer

Option D is correct. The connection string includes a password in plain text. The recommended approach is to use managed identity and not include a password.

The login failure could be due to the password being incorrect or the SQL server not allowing SQL authentication. However, the most likely cause based on best practices is that the SQL server is configured to use Microsoft Entra authentication only, and the connection string uses SQL authentication. Option A is wrong because the type is correct for SQL Azure.

Option B is wrong because the connection string syntax is correct. Option C is wrong because the user ID should match the database user.

227
MCQmedium

You are developing an application that runs on Azure App Service. The application needs to store session state. The session state must be shared across multiple instances of the app and survive restarts. You need to choose a session state provider. What should you use?

A.Use Azure Table Storage for session state.
B.Use a SQL Database to store session data.
C.Use the in-memory session state provider.
D.Use Azure Redis Cache as a session state provider.
AnswerD

Redis provides fast, distributed, and persistent session storage.

Why this answer

Azure Redis Cache provides a distributed, in-memory data store that can be shared across multiple instances of an App Service application and persists data through restarts. It is the recommended session state provider for Azure App Service when high availability and scalability are required, as it stores session data externally from the application's memory.

Exam trap

The trap here is that candidates often choose the in-memory provider (Option C) because it is the simplest default in ASP.NET, forgetting that it fails the cross-instance sharing and restart survival requirements explicitly stated in the question.

How to eliminate wrong answers

Option A is wrong because Azure Table Storage is a NoSQL key-value store designed for structured, non-relational data and does not provide the low-latency, in-memory access required for session state; it also lacks built-in expiration and eviction policies for session data. Option B is wrong because SQL Database, while persistent and shareable, introduces higher latency and overhead for session state operations compared to an in-memory cache, and is not optimized for the high-throughput, short-lived nature of session data. Option C is wrong because the in-memory session state provider stores session data within the memory of a single application instance, so it is not shared across multiple instances and is lost when the app restarts or scales out.

228
MCQhard

You are deploying a Java application to Azure App Service on Linux. The application requires a specific JDK version not available in the built-in stack. You need to provide the JDK without creating a custom container. What should you do?

A.Mount an Azure Files share containing the JDK
B.Use the Azure App Service Windows stack with a custom JDK
C.Use a startup script to download and set JAVA_HOME
D.Create a custom Docker container and deploy to App Service
AnswerC

Startup command can install the JDK and set env.

Why this answer

Option C is correct because Azure App Service on Linux allows you to use a startup script to download a custom JDK and set the JAVA_HOME environment variable before the application starts. This approach avoids the need for a custom container while providing the specific JDK version required by the application.

Exam trap

The trap here is that candidates may think mounting a file share (Option A) is the simplest way to provide custom binaries, but they overlook that App Service on Linux does not support mounting Azure Files for executable files, and the startup script approach is the documented method for custom runtimes.

How to eliminate wrong answers

Option A is wrong because mounting an Azure Files share containing the JDK would require the JDK to be accessible at runtime, but App Service on Linux does not support mounting Azure Files shares for custom executables in the same way as Windows; the JDK must be installed in the container's file system. Option B is wrong because the question specifies deploying to Azure App Service on Linux, and using the Windows stack would change the underlying OS, which is not allowed per the requirement. Option D is wrong because creating a custom Docker container is unnecessary and contradicts the requirement to avoid a custom container; the startup script approach achieves the same result without containerization overhead.

229
Multi-Selectmedium

You are developing an Azure Functions app that processes orders. Each order must be processed exactly once. The function is triggered by an Azure Event Hubs event. You need to ensure that if the function fails during processing, the event is not lost and is retried. Which THREE actions should you take?

Select 3 answers
A.Increase the batch size to process more events per invocation.
B.Configure a dead-letter queue for events that exceed retry attempts.
C.Disable checkpointing to avoid overhead.
D.Implement checkpointing after successful processing.
E.Use the default checkpoint store in Azure Storage.
AnswersB, D, E

Captures events that repeatedly fail.

Why this answer

Options B, D, and E are correct. B: Checkpointing after processing ensures that on restart, the function resumes from the last successful checkpoint, preventing reprocessing of already processed events. D: Enabling dead-lettering on the Event Hubs capture or using a separate queue for failed events ensures messages are not lost.

E: Using the default checkpoint store (Azure Storage) ensures checkpoint data is persisted. Option A is wrong because increasing batch size doesn't prevent loss. Option C is wrong because Event Hubs trigger already uses checkpointing; disabling it would cause reprocessing.

230
MCQmedium

You are deploying a containerized application to Azure Container Instances. The application requires writing temporary files to a local filesystem. You need to ensure that the files persist if the container restarts. What should you do?

A.Mount an Azure Files share as a volume in the container group.
B.Use the container's writable layer to store files.
C.Use Azure Blob Storage and mount it as a volume.
D.Configure a Docker volume in the container image.
AnswerA

Azure Files shares provide persistent, shared storage for containers.

Why this answer

Azure Container Instances (ACI) supports mounting Azure Files shares as volumes. When a container restarts, its writable layer is ephemeral and lost, but an Azure Files share persists independently. By mounting the share, temporary files written to the mount point survive container restarts, meeting the persistence requirement.

Exam trap

The trap here is that candidates confuse Azure Blob Storage (object storage) with Azure Files (SMB file share) and assume both can be mounted as volumes in ACI, but only Azure Files is supported for volume mounts in container groups.

How to eliminate wrong answers

Option B is wrong because the container's writable layer is ephemeral and is destroyed when the container restarts, so files stored there do not persist. Option C is wrong because Azure Blob Storage cannot be mounted as a volume in ACI; only Azure Files (SMB) shares are supported for volume mounts. Option D is wrong because Docker volumes are configured at the container runtime level, not in the container image, and ACI does not support Docker volumes; it uses its own volume mounting mechanism.

231
Multi-Selecthard

A report export service in Azure App Service must safely access Key Vault secrets without connection strings in configuration. Which two steps are required?

Select 2 answers
A.Enable anonymous access on the vault
B.Store the Key Vault access key in app settings
C.Grant the identity permission to read the required secrets
D.Enable a managed identity for the web app
AnswersC, D

The identity must be authorized on Key Vault through RBAC or access policies.

Why this answer

Option C is correct because granting the managed identity permission to read secrets in Key Vault via Azure RBAC or access policies ensures that the App Service can authenticate without storing any secrets in configuration. This follows the principle of least privilege and eliminates the risk of credential leakage from app settings or connection strings.

Exam trap

The trap here is that candidates often think storing the Key Vault URI or a reference in app settings is sufficient, but the question explicitly requires 'without connection strings in configuration,' so the correct path is to use managed identity plus granting permissions, not storing any key material.

232
MCQhard

A workflow must process 500 customer records in parallel and then aggregate all results into a single summary report. The team wants to use Azure Durable Functions so the orchestration state is durable and the solution can resume after a Function App restart. Which Durable Functions pattern matches this requirement?

A.Fan-out/fan-in: start 500 activity functions in parallel with Task.WhenAll inside the orchestrator, then aggregate all returned results
B.Function chaining: call each activity function sequentially, collecting each result before starting the next
C.Async HTTP API: start the workflow with an HTTP trigger, return a 202 with a status URL, and have the client poll for completion
D.Monitor: use a Durable timer loop that checks a status table every 60 seconds until all records are marked processed
AnswerA

Task.WhenAll fires all 500 activities simultaneously (constrained by the configured max concurrency). The orchestrator yields at the await statement, checkpointing its state. When all activities complete, the orchestrator resumes and aggregates results. Durable state management handles host restarts transparently.

Why this answer

Option A is correct because the fan-out/fan-in pattern in Durable Functions is specifically designed to execute multiple activity functions in parallel using Task.WhenAll inside an orchestrator, then aggregate their results. This matches the requirement to process 500 customer records concurrently and produce a single summary report, while the orchestration state is durably persisted and can resume after a Function App restart.

Exam trap

The trap here is that candidates may confuse the fan-out/fan-in pattern with the Async HTTP API pattern, thinking that the HTTP trigger and status polling are required for parallel processing, but the key distinction is that fan-out/fan-in handles the parallel execution and aggregation within the orchestrator itself, not via external polling.

How to eliminate wrong answers

Option B is wrong because function chaining executes activity functions sequentially, which would not process 500 records in parallel and would be inefficient for this workload. Option C is wrong because the Async HTTP API pattern is about starting a workflow and providing a status endpoint for polling, not about parallel execution and aggregation of results. Option D is wrong because the Monitor pattern uses a timer loop to check a status table periodically, which is designed for polling external state changes, not for parallel processing and aggregation of customer records.

233
MCQmedium

You have an Azure Web App that uses Azure SQL Database. You need to securely connect to the database using Managed Identity. Which connection string setting should you use?

A.Server=tcp:myserver.database.windows.net;Database=mydb;User Id=myadmin;Password=mypassword;
B.Server=tcp:myserver.database.windows.net;Database=mydb;Integrated Security=True;
C.Server=tcp:myserver.database.windows.net;Database=mydb;Authentication=Active Directory Password;User Id=myuser@domain.com;Password=...;
D.Server=tcp:myserver.database.windows.net;Database=mydb;Authentication=Active Directory Managed Identity;User Id=myapp;
AnswerD

Uses managed identity authentication.

Why this answer

Option D is correct because it uses the 'Authentication=Active Directory Managed Identity' keyword, which tells the SQL client to acquire an access token from Azure AD via the managed identity endpoint. The 'User Id' is set to the name of the managed identity (the app's system-assigned or user-assigned identity), and no password is needed because the token is obtained automatically. This enables a passwordless, secure connection to Azure SQL Database without storing credentials.

Exam trap

The trap here is that candidates often confuse 'Integrated Security=True' (Windows auth) with Azure AD Managed Identity, or they think a password-based Azure AD option (like Active Directory Password) is sufficient, missing the key requirement of a passwordless, identity-based connection.

How to eliminate wrong answers

Option A is wrong because it uses a SQL admin username and password, which requires storing secrets and does not leverage Managed Identity at all. Option B is wrong because 'Integrated Security=True' is a Windows authentication mechanism for on-premises Active Directory and does not work with Azure SQL Database or Azure AD Managed Identity. Option C is wrong because 'Authentication=Active Directory Password' still requires a password and a user principal name, which defeats the purpose of using a managed identity and introduces credential management overhead.

234
MCQmedium

Your company is developing a real-time dashboard that displays live metrics from IoT devices. The backend processes device data using Azure Functions with an Event Hubs trigger. The processed data is stored in Azure Cosmos DB. You need to ensure that the system can handle a sudden increase in device data without losing messages or overloading Cosmos DB. The solution must minimize latency and cost. What should you do?

A.Implement a buffer using Azure Blob storage: the Event Hubs triggered function writes raw data to blobs, and a separate timer-triggered function batches and writes to Cosmos DB at a controlled rate.
B.Configure the Event Hubs trigger to use a checkpointing strategy with a larger batch size to reduce the number of function invocations.
C.Use Azure Stream Analytics to process the Event Hubs data and write directly to Cosmos DB.
D.Increase the provisioned throughput (RU/s) on the Cosmos DB container to handle peak loads.
AnswerA

This decouples ingestion from storage, prevents Cosmos DB overload, and controls cost by batching writes.

Why this answer

Option A is correct because it decouples the ingestion rate from the write rate to Cosmos DB. By buffering raw data in Azure Blob storage and using a timer-triggered function to batch-write at a controlled rate, the system can absorb sudden spikes in device data without overwhelming Cosmos DB or losing messages. This approach minimizes latency by keeping the Event Hubs trigger processing fast (writing to blob) and reduces cost by avoiding the need to over-provision RU/s on Cosmos DB.

Exam trap

The trap here is that candidates often assume increasing throughput or batch size is the simplest solution, but the exam tests the understanding that decoupling ingestion from processing with a buffer is the correct way to handle sudden load spikes while minimizing cost and latency.

How to eliminate wrong answers

Option B is wrong because increasing the batch size in the Event Hubs trigger does not prevent Cosmos DB from being overloaded; it only reduces the number of function invocations but still writes the same volume of data per unit time, and larger batches can increase latency and risk of timeouts. Option C is wrong because Azure Stream Analytics writes directly to Cosmos DB without a built-in rate-limiting mechanism, so a sudden surge in data can still overwhelm the database or cause throttling, and it adds ongoing cost for the Stream Analytics job. Option D is wrong because simply increasing provisioned throughput (RU/s) on Cosmos DB addresses the symptom (throttling) but not the root cause (spiky load), leading to higher cost during normal operation and still risking message loss if the spike exceeds the provisioned RU/s.

235
Multi-Selecthard

Which THREE are valid ways to authenticate an Azure Functions app to an Azure Service Bus namespace?

Select 3 answers
A.Using an Azure AD token obtained via DefaultAzureCredential
B.Using a connection string with shared access policy
C.Using a system-assigned managed identity
D.Using a client certificate
E.Using a SAS key stored in code
AnswersA, B, C

Token-based authentication.

Why this answer

Option A is correct because DefaultAzureCredential from the Azure Identity library can authenticate to Azure Service Bus using Azure AD tokens. This credential chain attempts multiple authentication sources (environment variables, managed identity, Visual Studio, etc.) to obtain a token, which is then used to authorize requests to the Service Bus namespace via Azure RBAC.

Exam trap

The trap here is that candidates might think client certificates are a valid authentication method for Service Bus, but Service Bus only supports Azure AD, SAS tokens, and connection strings—not certificate-based authentication.

236
MCQhard

You are designing a serverless application using Azure Functions that processes high-volume events from Azure Event Hubs. The events are then written to Azure Cosmos DB. The function must guarantee at-least-once delivery and be resilient to failures. The Cosmos DB account uses the SQL API and is configured with a single write region. You need to design the function to handle transient failures when writing to Cosmos DB without losing events. What should you do?

A.Increase the Event Hubs trigger's batch size to reduce the number of writes.
B.Implement a poison message queue to store failed events and reprocess them later.
C.In the function code, manually write to Cosmos DB and then manually checkpoint the Event Hubs partition.
D.Use the Cosmos DB output binding with built-in retry policy and configure the trigger to checkpoint only after successful writes.
AnswerD

Output binding retries on failure; checkpoint after success ensures at-least-once.

Why this answer

Option D is correct because using the Cosmos DB output binding with its built-in retry policy automatically handles transient failures by retrying writes. By configuring the Event Hubs trigger to checkpoint only after a successful write, you ensure that events are not acknowledged until they are durably stored in Cosmos DB, guaranteeing at-least-once delivery and resilience to failures.

Exam trap

The trap here is that candidates often think manual checkpointing gives them more control, but it actually introduces a window for data loss if the checkpoint occurs before the write is confirmed, whereas the output binding's built-in retry and automatic checkpointing on success provide a safer, more reliable pattern.

How to eliminate wrong answers

Option A is wrong because increasing the batch size does not address transient failures; it only processes more events per invocation, which can increase memory pressure and the risk of losing a larger batch if a failure occurs. Option B is wrong because a poison message queue is used for handling malformed or unprocessable events, not for transient failures that can be retried; it adds unnecessary complexity and does not leverage the built-in retry capabilities of the Cosmos DB output binding. Option C is wrong because manually writing to Cosmos DB and then manually checkpointing introduces a risk of checkpointing before the write succeeds, leading to potential data loss; it also bypasses the automatic retry and consistency guarantees provided by the output binding.

237
MCQmedium

You are deploying a web app to Azure App Service. The app uses environment-specific configuration (e.g., connection strings). You need to manage these settings without redeploying the app. Which feature should you use?

A.Azure App Configuration service
B.App Service application settings
C.ARM template parameters
D.Azure Key Vault references in App Service
AnswerB

Application settings are easy to manage and override app config without redeployment.

Why this answer

App Service application settings (option B) are the correct feature because they allow you to store environment-specific configuration (e.g., connection strings, app settings) as key-value pairs that are injected into the app at runtime. These settings can be changed in the Azure portal, CLI, or PowerShell without redeploying the application code, making them ideal for managing configuration across different environments (development, staging, production). The settings are automatically encrypted at rest and overridden for the specific App Service slot when using deployment slots.

Exam trap

The trap here is that candidates often confuse Azure App Configuration service (a premium, centralized config service) with the simpler, built-in App Service application settings, or they mistakenly think Key Vault references alone can replace application settings, not realizing that references are just a value source within an application setting.

How to eliminate wrong answers

Option A is wrong because Azure App Configuration service is a centralized configuration store for distributed applications, but it requires the app to explicitly pull configuration via its SDK or a provider, and it is not the simplest or most direct way to manage environment-specific settings without redeploying—App Service application settings are built-in and require no code changes. Option C is wrong because ARM template parameters are used to parameterize infrastructure deployments (e.g., resource names, SKUs) and are evaluated at deployment time; they cannot be changed after the app is deployed without redeploying the ARM template. Option D is wrong because Azure Key Vault references in App Service allow you to reference secrets stored in Key Vault from application settings, but they are a feature built on top of application settings—you still need to define the application setting (which is an App Service application setting) to point to the Key Vault secret, and the question asks for managing environment-specific configuration, not specifically secrets.

238
MCQhard

You are designing a serverless application using Azure Functions. The function must process messages from an Azure Service Bus queue. The processing time for each message can vary from a few seconds to several minutes. You need to minimize costs while ensuring that messages are processed in a timely manner. Which hosting plan should you recommend?

A.Container Instances plan
B.Premium plan
C.App Service plan
D.Consumption plan
AnswerB

Premium plan supports execution timeout up to 60 minutes, eliminates cold starts, and provides dedicated instances for predictable performance.

Why this answer

The Premium plan is correct because it supports long execution times (up to 60 minutes by default, configurable to unlimited), always-warm instances to avoid cold starts, and virtual network integration—all while providing predictable pricing and scaling. This meets the requirement of processing messages that can take several minutes without incurring the cold-start penalties or execution-time limits of the Consumption plan.

Exam trap

The trap here is that candidates often assume the Consumption plan is always the cheapest option, but they overlook its 10-minute execution timeout and cold-start latency, which can cause message processing failures or delays for long-running tasks.

How to eliminate wrong answers

Option A is wrong because Container Instances is not a hosting plan for Azure Functions; it is a separate service for running containers directly, not a Functions hosting option. Option C is wrong because the App Service plan requires a dedicated, always-running VM, which incurs higher costs than necessary for a serverless workload and does not provide the automatic scale-to-zero benefit of serverless plans. Option D is wrong because the Consumption plan has a maximum execution timeout of 10 minutes (by default 5 minutes) and can suffer from cold starts, making it unsuitable for messages that may take several minutes to process.

239
Multi-Selecteasy

Which TWO actions should you take to enable a user-assigned managed identity for an Azure App Service web app?

Select 2 answers
A.Create the managed identity resource in Microsoft Entra ID.
B.Configure the identity in each deployment slot separately.
C.Store the identity's client ID in an app setting.
D.Create the managed identity in the same resource group as the web app.
E.Assign the identity to the web app in the Azure portal or CLI.
AnswersA, E

User-assigned managed identities are created as Azure resources.

Why this answer

Option A is correct because a user-assigned managed identity is a standalone Azure resource created in Microsoft Entra ID (formerly Azure AD). It must exist as an identity resource before it can be assigned to any Azure service, including an App Service web app. This identity is then tied to a specific tenant and can be used by multiple Azure resources.

Exam trap

The trap here is that candidates often confuse user-assigned managed identities with system-assigned managed identities, assuming the identity must be created in the same resource group as the web app or that its client ID must be manually stored in an app setting, when in fact user-assigned identities are independent resources that can be created anywhere and are automatically discoverable by the consuming service.

240
MCQmedium

You are developing an Azure Functions app that processes orders. The function must scale out automatically during peak hours but should not incur costs when idle. Which hosting plan should you use?

A.Premium plan
B.Container Instances
C.App Service plan
D.Consumption plan
AnswerD

Consumption plan scales automatically and charges only when the function runs.

Why this answer

The Consumption plan is correct because it automatically scales your function app based on demand, including scaling out to handle peak loads, and you only pay for execution time and resources consumed when your functions are running. When idle, there are no costs because the plan does not reserve any instances; it relies on a dynamic, event-driven scale model that can scale down to zero.

Exam trap

The trap here is that candidates often confuse the Premium plan's 'always ready' instances with the Consumption plan's true scale-to-zero capability, mistakenly thinking Premium is required for automatic scaling, when in fact Consumption provides automatic scaling and zero-cost idle behavior.

How to eliminate wrong answers

Option A is wrong because the Premium plan, while offering automatic scaling and no cold starts, incurs costs for pre-warmed instances and a minimum baseline of always-ready workers, so it does not scale to zero and will incur costs when idle. Option B is wrong because Container Instances are not a hosting plan for Azure Functions; they are a service for running containers directly, and while they can scale, they do not provide the built-in, event-driven scaling and pay-per-execution model of Azure Functions. Option C is wrong because the App Service plan runs on dedicated VMs that are always on, meaning you pay for the allocated resources (e.g., VM instances) even when the function app is idle, and it does not scale to zero.

241
MCQeasy

You are reviewing an ARM template snippet for an Azure App Service. The exhibit shows the site configuration. You need to ensure that the app supports WebSocket connections for a real-time feature. Which setting must be added?

A.Set alwaysOn to false.
B.Set http20Enabled to false.
C.Change ftpsState to AllAllowed.
D.Add 'webSocketsEnabled': true to siteConfig.
AnswerD

WebSockets must be explicitly enabled in App Service.

Why this answer

Option D is correct because the 'webSocketsEnabled' property in the siteConfig of an Azure App Service ARM template explicitly enables WebSocket protocol support. WebSocket connections require a persistent, full-duplex communication channel over a single TCP connection, which is not enabled by default in Azure App Service. Setting this property to true allows the app to handle real-time features like chat or live notifications.

Exam trap

The trap here is that candidates often confuse 'webSocketsEnabled' with other networking or protocol settings like HTTP/2 or alwaysOn, assuming WebSockets are automatically supported or require a different configuration flag.

How to eliminate wrong answers

Option A is wrong because setting 'alwaysOn' to false would cause the app to unload after periods of inactivity, which would break WebSocket connections that need the app to remain active; alwaysOn should be true for WebSockets. Option B is wrong because 'http20Enabled' controls HTTP/2 support, which is unrelated to WebSocket functionality; disabling it does not affect WebSocket connections. Option C is wrong because 'ftpsState' controls FTP/FTPS access for file transfers, not WebSocket protocol support; changing it to AllAllowed has no impact on real-time features.

242
MCQeasy

You deploy a containerized web application to Azure Container Instances (ACI). The application writes session data to a local directory. You need the data to persist across container restarts (e.g., after a crash or redeployment). Which storage configuration should you use?

A.Use an emptyDir volume within the container group.
B.Mount an Azure Files share as a volume in the container group.
C.Use the container's own filesystem and copy data to a blob storage on shutdown.
D.Enable Azure Disk Encryption on the container group.
AnswerB

Correct. Azure Files provides durable, shared storage that persists independently of the container lifecycle. You can mount it using the 'azureFile' volume mount in ACI.

Why this answer

Option B is correct because Azure Files provides a fully managed SMB file share in the cloud that can be mounted as a volume in an Azure Container Instance. This allows session data written to the local directory to persist across container restarts, crashes, or redeployments, as the data lives on the share rather than in the ephemeral container filesystem.

Exam trap

The trap here is that candidates confuse 'emptyDir' (which is ephemeral and often used in Kubernetes for temporary storage) with a persistent volume, not realizing that ACI's emptyDir is also ephemeral and does not survive container group restarts.

How to eliminate wrong answers

Option A is wrong because an emptyDir volume is ephemeral and tied to the lifecycle of the pod or container group; its contents are deleted when the container group is restarted or redeployed, so it does not provide persistence across restarts. Option C is wrong because relying on the container's own filesystem means data is lost on restart or redeployment, and copying data to blob storage on shutdown is unreliable (shutdown may not be graceful) and adds unnecessary complexity. Option D is wrong because Azure Disk Encryption protects data at rest but does not provide a persistent storage volume; it is a security feature, not a storage solution for persisting session data across restarts.

243
MCQmedium

You receive an error when deploying this ARM template: 'The serverFarmId property is required.' What is missing from the template?

A.The server farm resource (Microsoft.Web/serverfarms) is not defined in the template
B.The 'location' property is missing from the site resource
C.The apiVersion should be '2018-02-01'
D.The 'kind' property should be 'functionapp'
AnswerA

The template references a server farm that is not defined, causing the error.

Why this answer

The error 'The serverFarmId property is required' indicates that the ARM template is missing a reference to an App Service Plan (Microsoft.Web/serverfarms) resource. In Azure, a web app or function app must be associated with an App Service Plan, which defines the compute resources and pricing tier. The template must define the server farm resource and link it via the 'serverFarmId' property on the site resource.

Exam trap

The trap here is that candidates often think the error is about a missing property on the site resource itself (like location or kind), rather than realizing the entire server farm resource definition is absent from the template.

How to eliminate wrong answers

Option B is wrong because the 'location' property is not related to the serverFarmId error; a missing location would cause a different error like 'The location property is required'. Option C is wrong because the apiVersion '2018-02-01' is a valid version for Microsoft.Web/sites and does not affect the serverFarmId requirement; the error is about a missing resource definition, not an API version mismatch. Option D is wrong because the 'kind' property set to 'functionapp' is used to specify the app type but does not resolve the missing server farm reference; the serverFarmId is still required regardless of the kind.

244
Multi-Selecteasy

Which TWO conditions are required to use the 'Run from Package' feature in Azure App Service?

Select 2 answers
A.The package must be accessible via a URL if not deployed locally.
B.The package must be stored in Azure Blob Storage.
C.The package must be a ZIP file.
D.The package size cannot exceed 500 MB.
E.The App Service must have a managed identity to access the package.
AnswersA, C

If using external package, a URL (with SAS token if private) is required.

Why this answer

Option A is correct because the 'Run from Package' feature in Azure App Service requires the deployment package to be accessible via a URL if it is not deployed locally (e.g., uploaded directly via the Azure portal or CLI). When using a remote URL, the package must be publicly accessible or secured with a SAS token, as App Service downloads it to the /home/data/SitePackages directory during startup. This ensures the app runs directly from the package without extracting it to the wwwroot folder.

Exam trap

The trap here is that candidates often assume the package must be in Azure Blob Storage (Option B) or require a managed identity (Option E), but Azure App Service supports any accessible URL and uses SAS tokens for private storage, not managed identities.

245
MCQhard

A company uses Azure Functions to process messages from Azure Service Bus. The function currently uses the Consumption plan. They notice that during high load, messages are processed slowly due to scaling latency. Which change would improve throughput most?

A.Switch to the Premium plan
B.Set the maximum instance count to 20
C.Increase the function's batch size to 100
D.Enable Service Bus sessions
AnswerA

Premium plan provides pre-warmed instances and faster scaling.

Why this answer

The Premium plan for Azure Functions provides pre-warmed instances and faster scaling, eliminating the cold start and scaling latency inherent in the Consumption plan. This directly addresses the bottleneck during high load by ensuring that new instances are allocated instantly, thereby improving message processing throughput from Service Bus.

Exam trap

The trap here is that candidates often assume increasing batch size or instance count will solve scaling latency, but they overlook that the fundamental issue is the cold start and provisioning delay inherent in the Consumption plan, which only the Premium plan resolves by providing pre-warmed instances and faster scaling.

How to eliminate wrong answers

Option B is wrong because setting the maximum instance count to 20 does not reduce scaling latency; it only caps the upper limit of instances, and the Consumption plan still suffers from cold start delays when scaling out. Option C is wrong because increasing the batch size to 100 may cause messages to be locked for longer periods, leading to increased message lock duration and potential duplicate processing, and it does not address the root cause of scaling latency. Option D is wrong because enabling Service Bus sessions does not improve throughput; sessions are used for message ordering and stateful processing, and they can actually reduce parallelism since all messages in a session must be processed by a single instance.

246
MCQmedium

Refer to the exhibit. You are deploying this ARM template to create a deployment slot for an Azure App Service. The template deploys successfully. However, the slot-specific app setting 'DEPLOYMENT_SLOT' is not visible in the Azure portal under the slot's Configuration > Application settings. What is the most likely cause?

A.Slot settings are not supported in ARM templates
B.The template does not set 'slotSticky' to true for the app setting
C.Deployment slots have been deprecated for App Service
D.The app setting name must be prefixed with 'APPSETTING_'
AnswerB

Correct: Without slotSticky, the setting is not pinned to the slot.

Why this answer

Option B is correct because in ARM templates, app settings are made slot-specific (sticky) by setting the 'slotSticky' property to true. Without this property, the setting is treated as a regular, non-sticky app setting that is not pinned to the deployment slot, so it will not appear under the slot's Configuration > Application settings in the Azure portal.

Exam trap

The trap here is that candidates assume all app settings defined in a slot's ARM template are automatically slot-sticky, but Azure requires explicit declaration via the 'slotSticky' property to make them deployment-slot-specific.

How to eliminate wrong answers

Option A is wrong because ARM templates fully support slot settings via the 'slotSticky' property on the 'Microsoft.Web/sites/slots/config/appsettings' resource. Option C is wrong because deployment slots are not deprecated; they remain a core feature of Azure App Service for staging and testing. Option D is wrong because app setting names do not require an 'APPSETTING_' prefix; that prefix is used internally by Azure for environment variables but is not required in ARM templates or the portal.

247
MCQmedium

Your Azure Function app uses an event-driven architecture with Azure Event Hubs. You need to ensure that if the function fails to process an event, the event is retried up to three times and then sent to a dead-letter queue. What should you configure?

A.Use Durable Functions to orchestrate retries and dead-lettering.
B.Implement a try-catch block in the function code and manually re-queue the event.
C.Configure the retry policy in the function's host.json file.
D.Set the 'enableRetry' property on the Event Hub namespace.
AnswerC

The retry policy in host.json allows setting maxRetryCount and dead-lettering.

Why this answer

Option C is correct because Azure Functions for Event Hubs supports a built-in retry policy configured in the host.json file. This policy allows you to specify the maximum number of retries (e.g., 3) and, after exhausting those retries, the event is automatically sent to a dead-letter queue (DLQ) configured on the Event Hub. This approach is declarative and requires no custom code for retry or dead-lettering logic.

Exam trap

The trap here is that candidates often confuse the retry policy configuration location (host.json for the function app) with properties on the Event Hubs namespace itself, or they overcomplicate the solution by choosing Durable Functions when a simple declarative setting suffices.

How to eliminate wrong answers

Option A is wrong because Durable Functions are designed for orchestrating complex, long-running workflows and stateful processes, not for simple retry-and-dead-letter patterns on Event Hubs triggers; using them here would introduce unnecessary complexity and overhead. Option B is wrong because manually re-queuing the event in a try-catch block is error-prone, violates the event-driven architecture's decoupling principles, and does not provide a built-in dead-letter mechanism; it also requires custom code to manage retry counts and queue management. Option D is wrong because the 'enableRetry' property does not exist on the Event Hubs namespace; retry policies for Azure Functions are configured at the function app level (host.json), not on the Event Hubs resource itself.

248
MCQeasy

You need to deploy a web application to Azure App Service. The application requires a custom domain name and SSL/TLS certificate. You want to automate the deployment using Azure CLI. Which command should you use to upload the SSL certificate to the App Service?

A.az appservice web config ssl upload
B.az appservice certificate import
C.az webapp config ssl upload
D.az webapp certificate upload
AnswerC

This command uploads a certificate (.pfx) to the App Service and binds it to the custom domain.

Why this answer

Option A is correct because az webapp config ssl upload is the correct Azure CLI command to upload a certificate to an App Service. Option B is wrong because az appservice web config ssl upload does not exist. Option C is wrong because az webapp certificate upload is incorrect syntax.

Option D is wrong because az appservice certificate import imports a certificate from Key Vault, not a direct upload.

249
MCQmedium

Your company runs a batch processing job on Azure Batch. The job processes large datasets and requires access to Azure Storage. You need to ensure that the compute nodes can securely access the storage account without exposing credentials. What should you configure?

A.Azure AD service principal
B.Storage account access keys
C.Managed identity for the Batch pool
D.Shared access signatures (SAS)
AnswerC

Assign a managed identity to the Batch pool to authenticate to Azure Storage without any secrets.

Why this answer

Option C is correct because managed identities for Azure resources allow compute nodes to authenticate to Azure Storage without storing credentials. Option A is wrong because storage account keys are shared secrets. Option B is wrong because SAS tokens can be exposed.

Option D is wrong because Azure AD service principals require managing credentials.

250
MCQhard

You are deploying a containerized application to Azure App Service. The application consists of a web front-end and a background worker. You want to run both containers in the same App Service plan to minimize costs. The worker should scale independently from the web front-end. What should you do?

A.Deploy the web front-end in App Service and the worker in Azure Kubernetes Service.
B.Use Docker Compose to run both containers in the same App Service plan.
C.Deploy both containers in the same App Service plan using multiple containers.
D.Deploy the worker as a separate Azure Container Instance.
AnswerA

AKS allows independent scaling of the worker, while App Service handles the web front-end.

Why this answer

Option A is correct because Azure App Service does not support running multiple containers that scale independently within the same plan; each App Service plan runs a single container or a multi-container group (via Docker Compose) as a single unit. By deploying the web front-end in App Service and the worker in Azure Kubernetes Service (AKS), you can independently scale each component based on its own load, while still sharing the same App Service plan for the front-end to minimize costs. AKS provides the necessary orchestration for the worker to scale independently, and the two services can communicate over the internal network or via Azure messaging services.

Exam trap

The trap here is that candidates assume 'multiple containers' in App Service (via Docker Compose) allows independent scaling, but in reality, all containers in the same App Service plan scale as a single unit, which violates the requirement for independent scaling.

How to eliminate wrong answers

Option B is wrong because Docker Compose in Azure App Service runs all containers as a single logical unit within the same App Service plan, meaning they cannot scale independently; scaling the plan scales all containers together. Option C is wrong because deploying both containers in the same App Service plan using multiple containers (via Docker Compose) still binds them to the same scaling unit, preventing independent scaling of the worker. Option D is wrong because deploying the worker as a separate Azure Container Instance (ACI) does not allow it to scale independently; ACI is a single-instance container service without built-in scaling, and it would not share the App Service plan, potentially increasing costs.

251
MCQmedium

A long-running webhook processor must process thousands of independent files. The developer wants status tracking, checkpoints, and replay-safe orchestration. Which Azure Functions capability should be used?

A.Blob lifecycle management
B.Timer trigger only
C.Durable Functions orchestrator
D.Azure Policy remediation
AnswerC

Durable Functions provides stateful orchestration, checkpointing, and durable execution history.

Why this answer

Durable Functions orchestrator is correct because it provides built-in support for status tracking, checkpointing, and replay-safe orchestration via the Event Sourcing pattern. The orchestrator function automatically saves execution history to a storage table, enabling reliable resumption after crashes or restarts, which is essential for processing thousands of independent files with long-running workflows.

Exam trap

The trap here is that candidates may confuse a simple trigger (like Timer or Blob trigger) with the orchestration capabilities needed for stateful, long-running workflows, overlooking that Durable Functions provides the necessary checkpointing and replay safety.

How to eliminate wrong answers

Option A is wrong because Blob lifecycle management is a storage policy for automatically tiering or deleting blobs based on age or last modification time; it does not provide orchestration, status tracking, or checkpointing for processing logic. Option B is wrong because a Timer trigger only invokes a function on a schedule and lacks any built-in mechanism for tracking individual file processing status, checkpoints, or replay safety across multiple independent executions. Option D is wrong because Azure Policy remediation is used to enforce compliance rules and automatically remediate non-compliant resources; it has no capability for orchestrating custom business logic or tracking file processing state.

252
MCQmedium

You deploy a containerized application to Azure Container Instances (ACI). The application writes state to the /data directory. You need to ensure that if the container restarts, the data persists. Which type of volume mount should you use?

A.Azure Files share
B.emptyDir volume
C.hostPath volume
D.Azure Disk volume
AnswerA

Azure Files provides a fully managed file share that can be mounted in ACI, ensuring data persists beyond container restarts.

Why this answer

Azure Files shares provide a fully managed SMB file share in the cloud that can be mounted to Azure Container Instances. When a container restarts, the data written to the /data directory persists because the share lives independently of the container lifecycle, ensuring state survives crashes or restarts.

Exam trap

The trap here is that candidates often confuse emptyDir (which is ephemeral and works only in Kubernetes pods) with persistent storage, or assume hostPath is available in ACI when it is not supported in serverless container environments.

How to eliminate wrong answers

Option B is wrong because emptyDir volumes are ephemeral and tied to the pod's lifecycle; when the container restarts (especially in ACI, which doesn't use pods), the data is lost. Option C is wrong because hostPath volumes mount a file or directory from the host node's filesystem, which is not supported in Azure Container Instances (ACI runs on shared infrastructure without direct host access). Option D is wrong because Azure Disk volumes require a dedicated VM or AKS node to attach to; ACI does not support attaching Azure Disks directly.

253
Multi-Selecthard

You are designing a background job processing solution using Azure Batch. The job runs a large number of tasks that are CPU-intensive and require access to large input files stored in Azure Blob Storage. You need to minimize the time to process all tasks while controlling costs. Which THREE actions should you take?

Select 3 answers
A.Set the task slots per VM to 1 to avoid contention.
B.Use a pool of small-sized VMs (e.g., Standard_A1_v2) to minimize cost per node.
C.Mount Azure Blob Storage as a file system using blobfuse to allow tasks to access files directly.
D.Use a pool of low-priority VMs to reduce compute costs.
E.Configure each task to use multiple threads to utilize multi-core VMs.
AnswersC, D, E

Eliminates download time and reduces disk I/O.

Why this answer

Mounting Azure Blob Storage as a file system using blobfuse allows tasks to directly access large input files without downloading them first, reducing data transfer time and eliminating local disk bottlenecks. This is critical for CPU-intensive tasks that need fast, concurrent access to shared data, minimizing overall processing time.

Exam trap

The trap here is that candidates often confuse 'low-priority VMs' with unreliable compute, but Azure Batch can automatically handle preemptions with task retries, making them a cost-effective choice for fault-tolerant workloads, while the real performance bottleneck is data access, not CPU contention.

254
MCQeasy

Your team develops a containerized web app using Azure Kubernetes Service (AKS). You need to ensure that the application can automatically scale based on HTTP request load. Which Kubernetes resource should you configure?

A.VerticalPodAutoscaler
B.PodDisruptionBudget
C.HorizontalPodAutoscaler
D.NetworkPolicy
AnswerC

Correctly scales based on load metrics.

Why this answer

The HorizontalPodAutoscaler (HPA) is the correct Kubernetes resource for automatically scaling the number of pod replicas based on observed CPU, memory, or custom metrics like HTTP request rate. In an AKS cluster, HPA adjusts the replica count of a Deployment or ReplicaSet to match the target metric, enabling the application to handle varying HTTP load without manual intervention.

Exam trap

The trap here is that candidates often confuse HorizontalPodAutoscaler with VerticalPodAutoscaler, mistakenly thinking that adjusting pod resources (CPU/memory) is the correct way to handle HTTP load, when in fact HPA scales the number of pod replicas horizontally to distribute the load.

How to eliminate wrong answers

Option A is wrong because VerticalPodAutoscaler (VPA) adjusts CPU and memory requests/limits of existing pods, not the number of replicas; it is designed for resource optimization, not scaling based on HTTP request load. Option B is wrong because PodDisruptionBudget (PDB) ensures a minimum number of pods remain available during voluntary disruptions (e.g., node maintenance), and does not perform any scaling based on load. Option D is wrong because NetworkPolicy controls ingress/egress traffic between pods using label selectors and IP blocks, and has no role in autoscaling based on HTTP request load.

255
MCQmedium

You are designing a solution to process thousands of images uploaded to Azure Blob Storage. Each image must be resized and metadata extracted. The processing must be serverless and cost-effective. Which Azure service should you use?

A.Azure Container Instances with Blob Storage SDK
B.Azure Logic Apps with Blob Storage connector
C.Azure Event Grid with Webhook to a custom service
D.Azure Functions with Blob Storage trigger
AnswerD

Functions provide serverless compute triggered by blob uploads.

Why this answer

Azure Functions with a Blob Storage trigger is the correct choice because it provides a serverless, event-driven compute model that automatically scales to process thousands of images as they are uploaded to Blob Storage. The trigger binds directly to a blob container, invoking a function for each new blob, which allows you to resize images and extract metadata without managing infrastructure, making it both cost-effective and efficient for high-throughput workloads.

Exam trap

The trap here is that candidates may choose Azure Event Grid (Option C) because it is event-driven, but they overlook that Event Grid alone does not provide compute; it requires a separate compute service (like Functions or a webhook) to process the image, and the question specifically asks for a serverless and cost-effective solution that directly processes the images, which Azure Functions with a Blob Storage trigger achieves natively.

How to eliminate wrong answers

Option A is wrong because Azure Container Instances requires you to manage container lifecycle and polling logic, and it is not inherently event-driven or serverless in the same way as Functions; you would need to implement a polling mechanism or use additional services to trigger processing, increasing complexity and cost. Option B is wrong because Azure Logic Apps is designed for orchestration and integration workflows, not for high-throughput, compute-intensive tasks like image resizing; it lacks the native code execution environment and scaling capabilities needed for processing thousands of images efficiently. Option C is wrong because Azure Event Grid with a Webhook to a custom service introduces additional latency and operational overhead, as you must host and manage a webhook endpoint (e.g., on a VM or container) that scales independently, negating the serverless and cost-effective benefits of a fully managed trigger like Blob Storage.

256
MCQhard

A company runs a critical web app on Azure App Service that must handle traffic spikes without downtime. They set up autoscaling rules based on CPU percentage. However, during a spike, the app becomes unresponsive before new instances are added. What should they do?

A.Switch to memory-based autoscaling
B.Decrease the scale-in cooldown period
C.Use pre-warming instances with a scheduled scaling rule
D.Increase the CPU percentage threshold for scale-out
AnswerC

Pre-warming ensures instances are ready before the spike.

Why this answer

Option C is correct because pre-warming instances with a scheduled scaling rule ensures that additional instances are already running and ready to handle traffic before the CPU spike occurs. This avoids the cold-start delay inherent in reactive autoscaling, where new instances take time to provision and initialize, causing unresponsiveness during rapid spikes.

Exam trap

The trap here is that candidates assume reactive autoscaling (e.g., lowering thresholds or changing metrics) can solve latency issues, but they overlook the fundamental cold-start delay that requires proactive instance pre-warming.

How to eliminate wrong answers

Option A is wrong because switching to memory-based autoscaling does not address the fundamental issue of reactive scaling latency; the app would still become unresponsive while waiting for new instances to start. Option B is wrong because decreasing the scale-in cooldown period affects how quickly instances are removed after a scale-out, not how fast new instances are added during a spike, so it does not prevent the initial unresponsiveness. Option D is wrong because increasing the CPU percentage threshold for scale-out would delay scaling even further, making the app more likely to become unresponsive during a spike.

257
MCQeasy

You develop an Azure Function that writes to Azure Blob Storage. During testing, you notice that the function fails intermittently with a 503 (Service Unavailable) error. What is the most likely cause?

A.The storage account is throttling requests due to high volume
B.The storage account firewall is blocking the function
C.The function does not have proper authentication
D.The blob container does not exist
AnswerA

503 errors often indicate throttling when exceeding scalability targets.

Why this answer

A 503 (Service Unavailable) error from Azure Blob Storage indicates that the storage service is temporarily unable to handle the request, typically due to server-side load. The most common cause is throttling when the storage account exceeds its scalability targets (e.g., 20,000 requests per second per account for blob storage). This aligns with intermittent failures under high request volume, not with configuration or existence issues.

Exam trap

The trap here is that candidates confuse HTTP status codes: 503 (Service Unavailable) is often mistaken for authentication or configuration errors, but it specifically indicates a server-side capacity issue, not a client-side misconfiguration.

How to eliminate wrong answers

Option B is wrong because a storage account firewall blocking the function would result in a 403 (Forbidden) or network-level error, not a 503. Option C is wrong because improper authentication (e.g., missing or invalid SAS token or managed identity) would produce a 401 (Unauthorized) or 403 error, not a 503. Option D is wrong because a missing blob container would cause a 404 (Not Found) error when attempting to write, not a 503.

258
Multi-Selectmedium

You are developing a background job that runs every hour to process data from an Azure SQL database and send notifications via SendGrid. The job must be serverless and cost-effective, and must automatically retry on failure. Which TWO options meet the requirements?

Select 2 answers
A.Azure Scheduler
B.Azure Functions with Timer trigger
C.Azure Batch with a schedule
D.Azure WebJobs with TimerTrigger
E.Azure Logic Apps with Recurrence trigger
AnswersB, E

Serverless, cost-effective, and supports automatic retries via the configured retry policy.

Why this answer

Azure Functions with a Timer trigger is correct because it provides a serverless, cost-effective compute model that runs on a schedule (e.g., every hour) without managing infrastructure. It integrates with Azure SQL via built-in bindings and supports automatic retry on failure through the host's retry policy or by implementing custom retry logic in code, meeting the requirements for a background job.

Exam trap

The trap here is that candidates often confuse Azure WebJobs with TimerTrigger (which requires an App Service plan and is not serverless) with Azure Functions Timer trigger (which is serverless), leading them to incorrectly select WebJobs as a cost-effective serverless option.

← PreviousPage 4 of 4 · 258 questions total

Ready to test yourself?

Try a timed practice session using only Azure Compute Solutions questions.