Sample questions
Microsoft Azure Solutions Architect Expert AZ-305 practice questions
A company has multiple Azure virtual networks (VNets) in different regions and an on-premises data center connected via ExpressRoute. They need to implement a hub-and-spoke topology where a hub VNet hosts shared network virtual appliances (NVAs) for traffic inspection. All traffic between spokes and between spokes and on-premises must be routed through the hub. The company wants to minimize the administrative overhead of configuring and maintaining routing. Which Azure solution should they implement?
Trap 1: Use VNet peering with user-defined routes (UDRs) in each spoke and…
While this is possible, it requires manual configuration and maintenance of UDRs in each spoke and managing BGP with Route Server, increasing administrative overhead.
Trap 2: Create a single large VNet and use network security groups (NSGs)…
A single VNet does not scale well for cross-region connectivity and does not provide the necessary routing through NVAs without complex configuration.
Trap 3: Use Azure Firewall in the hub VNet and configure forced tunneling…
Forced tunneling requires manual route configuration and does not automatically handle transitive routing between spoke VNets; it also requires careful management of routes.
- A
Use Azure Virtual WAN with a secured virtual hub.
Azure Virtual WAN provides a managed hub-and-spoke architecture with automatic routing. A secured virtual hub can integrate NVAs or Azure Firewall, and it handles transitive routing between spokes and on-premises without manual route tables or UDRs.
- B
Use VNet peering with user-defined routes (UDRs) in each spoke and Azure Route Server.
Why wrong: While this is possible, it requires manual configuration and maintenance of UDRs in each spoke and managing BGP with Route Server, increasing administrative overhead.
- C
Create a single large VNet and use network security groups (NSGs) to isolate traffic.
Why wrong: A single VNet does not scale well for cross-region connectivity and does not provide the necessary routing through NVAs without complex configuration.
- D
Use Azure Firewall in the hub VNet and configure forced tunneling via custom routes.
Why wrong: Forced tunneling requires manual route configuration and does not automatically handle transitive routing between spoke VNets; it also requires careful management of routes.
A company is designing hub-and-spoke networking. Spoke VNets must use a central Azure Firewall for outbound internet traffic. Which two configurations are required?
Trap 1: Enable public IP addresses on all workload VMs
Public IPs increase exposure and are not needed for forced-tunnel outbound inspection.
Trap 2: Deploy a NAT gateway in every spoke subnet
NAT gateways would bypass the central firewall design for outbound traffic.
- A
Enable public IP addresses on all workload VMs
Why wrong: Public IPs increase exposure and are not needed for forced-tunnel outbound inspection.
- B
Peer each spoke VNet with the hub VNet
VNet peering provides private connectivity between hub and spokes.
- C
Associate a route table to spoke subnets with a default route to the firewall private IP
A UDR forces outbound traffic from spokes through the firewall.
- D
Deploy a NAT gateway in every spoke subnet
Why wrong: NAT gateways would bypass the central firewall design for outbound traffic.
A company has virtual machines in Azure that need to be grouped across multiple fault domains and update domains to ensure high availability. They plan to deploy three VMs running the same application tier. Which Azure feature should they use to provide redundancy within a single region?
Trap 1: Availability Zone
Availability Zones provide redundancy across separate physical locations, offering higher SLA but not required for simple within-datacenter HA.
Trap 2: Virtual Machine Scale Set with manual scaling
Scale Sets are for auto-scaling and can use availability zones or sets, but the primary HA feature within a region is the Availability Set.
Trap 3: Azure Site Recovery
Site Recovery is for disaster recovery across regions, not for high availability within a single region.
- A
Availability Zone
Why wrong: Availability Zones provide redundancy across separate physical locations, offering higher SLA but not required for simple within-datacenter HA.
- B
Availability Set
Availability Sets ensure VMs are placed in different fault and update domains within a single datacenter, meeting the requirement.
- C
Virtual Machine Scale Set with manual scaling
Why wrong: Scale Sets are for auto-scaling and can use availability zones or sets, but the primary HA feature within a region is the Availability Set.
- D
Azure Site Recovery
Why wrong: Site Recovery is for disaster recovery across regions, not for high availability within a single region.
A company plans to migrate on-premises applications to Azure. They require users to authenticate using their existing on-premises Active Directory credentials without syncing password hashes to the cloud. Which Microsoft Entra ID authentication method should they use?
Trap 1: Microsoft Entra ID Password Hash Sync
Incorrect. Password Hash Sync synchronizes password hashes to Microsoft Entra ID, which does not meet the requirement of avoiding hash sync.
Trap 2: Microsoft Entra ID Federation Services (AD FS)
Incorrect. AD FS can avoid password hash sync but adds complexity and is typically used for federated identity, not the simplest solution for this requirement.
Trap 3: Microsoft Entra ID Connect with Seamless SSO
Incorrect. Seamless SSO is a feature that works on top of Password Hash Sync or Pass-through Authentication; by itself it does not solve the authentication method requirement.
- A
Microsoft Entra ID Pass-through Authentication
Correct. Pass-through Authentication validates passwords on-premises, so no password hashes are stored in Microsoft Entra ID.
- B
Microsoft Entra ID Password Hash Sync
Why wrong: Incorrect. Password Hash Sync synchronizes password hashes to Microsoft Entra ID, which does not meet the requirement of avoiding hash sync.
- C
Microsoft Entra ID Federation Services (AD FS)
Why wrong: Incorrect. AD FS can avoid password hash sync but adds complexity and is typically used for federated identity, not the simplest solution for this requirement.
- D
Microsoft Entra ID Connect with Seamless SSO
Why wrong: Incorrect. Seamless SSO is a feature that works on top of Password Hash Sync or Pass-through Authentication; by itself it does not solve the authentication method requirement.
A company has multiple Azure subscriptions and wants to enforce that all administrators must use multi-factor authentication (MFA) when accessing the Azure portal. They also want to monitor and report on any policy changes that affect this enforcement. Which combination of Azure services should they use?
Trap 1: Azure Policy with built-in policy to enforce MFA and Azure Activity…
Azure Policy can audit whether MFA is enabled on accounts, but it cannot enforce MFA during sign-in. It is not the correct tool for requiring MFA at authentication time. Activity Log can capture policy changes, but the enforcement method is wrong.
Trap 2: Microsoft Entra ID Identity Protection to enforce MFA and Azure…
Identity Protection offers risk-based conditional access (e.g., require MFA for risky sign-ins), but it is not designed to enforce MFA for all administrators regardless of risk. Azure Sentinel is a SIEM that could ingest logs, but it is unnecessary for the stated requirement for basic monitoring of policy changes; Azure Monitor is simpler and sufficient.
Trap 3: Azure Policy to assign built-in policy 'MFA should be enabled on…
This policy audits whether MFA is enabled, but again does not enforce MFA during authentication. Azure Security Center (now Defender for Cloud) focuses on security posture and workload protection, not on monitoring identity policy changes.
- A
Azure Policy with built-in policy to enforce MFA and Azure Activity Log to monitor changes.
Why wrong: Azure Policy can audit whether MFA is enabled on accounts, but it cannot enforce MFA during sign-in. It is not the correct tool for requiring MFA at authentication time. Activity Log can capture policy changes, but the enforcement method is wrong.
- B
Microsoft Entra ID Conditional Access policy to require MFA for Azure management and Azure Monitor with Log Analytics for monitoring.
Conditional Access policies are the appropriate way to enforce MFA for accessing Azure Portal (Azure Management cloud app). Azure Monitor can collect Activity Logs from Microsoft Entra ID and Azure subscriptions to track changes to Conditional Access policies or other critical resources, and Log Analytics can be used for querying and alerting.
- C
Microsoft Entra ID Identity Protection to enforce MFA and Azure Sentinel for monitoring.
Why wrong: Identity Protection offers risk-based conditional access (e.g., require MFA for risky sign-ins), but it is not designed to enforce MFA for all administrators regardless of risk. Azure Sentinel is a SIEM that could ingest logs, but it is unnecessary for the stated requirement for basic monitoring of policy changes; Azure Monitor is simpler and sufficient.
- D
Azure Policy to assign built-in policy 'MFA should be enabled on accounts with write permissions' and Azure Security Center for monitoring.
Why wrong: This policy audits whether MFA is enabled, but again does not enforce MFA during authentication. Azure Security Center (now Defender for Cloud) focuses on security posture and workload protection, not on monitoring identity policy changes.
A company has two on-premises data centers and an Azure subscription. They need to connect each data center to Azure with a private, high-bandwidth, and reliable connection. They also want a low-cost backup connection for each data center in case the primary connection fails. Which combination of connectivity options should they recommend?
Trap 1: B
Using site-to-site VPNs as primary connections may not provide the required high bandwidth and reliability. ExpressRoute circuits as backup would be expensive and not commonly used as a backup due to cost.
Trap 2: C
A single Azure VPN Gateway with active-passive configuration is not designed for primary connections from two data centers; it also does not provide the low latency or reliability of ExpressRoute.
Trap 3: D
Sharing a single ExpressRoute circuit and a single VPN connection between two data centers is not practical as each data center needs its own connection to Azure.
- A
A
Deploy an ExpressRoute circuit for each data center as the primary connection, and a site-to-site VPN as the backup connection for each. This provides high bandwidth and reliability with a cost-effective failover.
- B
B
Why wrong: Using site-to-site VPNs as primary connections may not provide the required high bandwidth and reliability. ExpressRoute circuits as backup would be expensive and not commonly used as a backup due to cost.
- C
C
Why wrong: A single Azure VPN Gateway with active-passive configuration is not designed for primary connections from two data centers; it also does not provide the low latency or reliability of ExpressRoute.
- D
D
Why wrong: Sharing a single ExpressRoute circuit and a single VPN connection between two data centers is not practical as each data center needs its own connection to Azure.
A company has multiple Azure virtual networks (VNets) spread across three Azure regions (West US, East US, and West Europe). They also have an on-premises network connected to East US via ExpressRoute. They need to connect all VNets to each other and to the on-premises network. They require centralized management of routing and the ability to enforce security policies such as forcing all internet-bound traffic from any VNet to pass through a central firewall in East US. Which Azure solution should they implement?
Trap 1: VNet peering between all VNets and use route tables for forced…
While VNet peering can connect VNets, managing multiple peering connections and route tables becomes complex and error-prone. Enforcing forced tunneling through a central firewall requires additional configuration and is not centralized.
Trap 2: ExpressRoute Global Reach with VNet peering to connect all VNets.
ExpressRoute Global Reach connects on-premises networks to ExpressRoute circuits in different regions but does not directly connect VNets to each other. Additional VNet peering is required, and centralized security policy enforcement is not built-in.
Trap 3: VPN gateways with BGP to connect all VNets.
Setting up VPN gateways and BGP between multiple VNets is complex and not as scalable as Virtual WAN. It also lacks centralized routing and security policy enforcement.
- A
VNet peering between all VNets and use route tables for forced tunneling.
Why wrong: While VNet peering can connect VNets, managing multiple peering connections and route tables becomes complex and error-prone. Enforcing forced tunneling through a central firewall requires additional configuration and is not centralized.
- B
Azure Virtual WAN with a secured hub in East US.
Azure Virtual WAN provides a scalable hub-and-spoke architecture with centralized routing. A secured hub can include a firewall to enforce forced tunneling and security policies. All VNets and on-premises connect to the hub(s), simplifying management.
- C
ExpressRoute Global Reach with VNet peering to connect all VNets.
Why wrong: ExpressRoute Global Reach connects on-premises networks to ExpressRoute circuits in different regions but does not directly connect VNets to each other. Additional VNet peering is required, and centralized security policy enforcement is not built-in.
- D
VPN gateways with BGP to connect all VNets.
Why wrong: Setting up VPN gateways and BGP between multiple VNets is complex and not as scalable as Virtual WAN. It also lacks centralized routing and security policy enforcement.
A company runs a critical application on an Azure virtual machine in the West US region. They want to enable disaster recovery to East US with the ability to perform non-disruptive DR drills. They need an RPO of a few minutes. Which Azure service should they use?
Trap 1: Azure Backup
Azure Backup provides point-in-time backups, not continuous replication, and does not support non-disruptive failover testing.
Trap 2: Azure Traffic Manager
Traffic Manager performs DNS-based traffic routing across regions, not VM replication or failover.
Trap 3: Azure Blueprints
Azure Blueprints is a governance tool for defining repeatable environments, not a disaster recovery solution.
- A
Azure Site Recovery
Azure Site Recovery replicates VMs continuously and allows you to run test failovers in isolation for DR drills.
- B
Azure Backup
Why wrong: Azure Backup provides point-in-time backups, not continuous replication, and does not support non-disruptive failover testing.
- C
Azure Traffic Manager
Why wrong: Traffic Manager performs DNS-based traffic routing across regions, not VM replication or failover.
- D
Azure Blueprints
Why wrong: Azure Blueprints is a governance tool for defining repeatable environments, not a disaster recovery solution.
A company is building a new application that requires a fully managed relational database. The application has varying workloads across different databases. The company wants to pool resources to optimize cost and allow each database to scale as needed. They also need automated backups with point-in-time restore and geo-replication for disaster recovery. Which Azure data service should they use?
Trap 1: Azure SQL Managed Instance
Managed Instance provides near 100% SQL Server compatibility but does not support elastic pools. It is better suited for migrations requiring instance-scoped features.
Trap 2: Azure Database for MySQL
Azure Database for MySQL is a fully managed MySQL database, but it does not provide elastic pools for sharing resources across databases.
Trap 3: Azure Database for PostgreSQL
Azure Database for PostgreSQL is a fully managed PostgreSQL service, but it lacks elastic pool functionality.
- A
Azure SQL Database
Azure SQL Database supports elastic pools for resource sharing among databases, automated backups, point-in-time restore, and active geo-replication for disaster recovery.
- B
Azure SQL Managed Instance
Why wrong: Managed Instance provides near 100% SQL Server compatibility but does not support elastic pools. It is better suited for migrations requiring instance-scoped features.
- C
Azure Database for MySQL
Why wrong: Azure Database for MySQL is a fully managed MySQL database, but it does not provide elastic pools for sharing resources across databases.
- D
Azure Database for PostgreSQL
Why wrong: Azure Database for PostgreSQL is a fully managed PostgreSQL service, but it lacks elastic pool functionality.
A company has multiple virtual networks in different Azure regions. They need to connect all VNets together securely over the Microsoft backbone. They also need to connect to an on-premises data center via ExpressRoute. The solution should support transitive routing between all connected networks. Which Azure service should they use?
Trap 1: Azure Virtual Network Peering
VNet peering is not transitive; each pair must be peered separately.
Trap 2: Azure VPN Gateway
VPN Gateway can connect VNets but requires manual BGP configuration and does not provide transitive routing out of the box.
Trap 3: Azure ExpressRoute Gateway
ExpressRoute Gateway connects a single VNet to ExpressRoute; it does not connect multiple VNets.
- A
Azure Virtual Network Peering
Why wrong: VNet peering is not transitive; each pair must be peered separately.
- B
Azure VPN Gateway
Why wrong: VPN Gateway can connect VNets but requires manual BGP configuration and does not provide transitive routing out of the box.
- C
Azure Virtual WAN
Virtual WAN provides a hub that connects multiple VNets and on-premises sites with automatic transitive routing.
- D
Azure ExpressRoute Gateway
Why wrong: ExpressRoute Gateway connects a single VNet to ExpressRoute; it does not connect multiple VNets.
A company plans to deploy a web application on Azure virtual machines. They want to protect against a datacenter failure within a region. The VMs must be distributed across multiple physically separate locations with independent power, cooling, and networking. Which deployment option should they use?
Trap 1: Availability Set
An Availability Set distributes VMs across fault domains and update domains within a single datacenter. It protects against server rack failures but not against a full datacenter outage.
Trap 2: Virtual Machine Scale Set
A Virtual Machine Scale Set provides autoscaling and load balancing for identical VMs, but it does not inherently guarantee distribution across separate datacenters unless combined with Availability Zones.
Trap 3: Proximity Placement Group
Proximity Placement Groups are used to co-locate VMs to reduce network latency. They do not provide fault isolation or protection against datacenter failures.
- A
Availability Set
Why wrong: An Availability Set distributes VMs across fault domains and update domains within a single datacenter. It protects against server rack failures but not against a full datacenter outage.
- B
Availability Zones
Availability Zones are distinct physical locations within a region, each with independent power, cooling, and networking. Deploying VMs across zones ensures resilience to a datacenter failure.
- C
Virtual Machine Scale Set
Why wrong: A Virtual Machine Scale Set provides autoscaling and load balancing for identical VMs, but it does not inherently guarantee distribution across separate datacenters unless combined with Availability Zones.
- D
Proximity Placement Group
Why wrong: Proximity Placement Groups are used to co-locate VMs to reduce network latency. They do not provide fault isolation or protection against datacenter failures.
A company wants to cache frequently accessed session state and product data for their e-commerce website. They need the cache to be highly available with a 99.9% SLA and provide fast read and write access. The solution must be fully managed. Which Azure Cache tier should they choose?
Trap 1: Azure Redis Cache Basic tier
Basic tier does not provide high availability (no SLA) and runs on a single node, so it does not meet the requirement for high availability.
Trap 2: Azure Redis Cache Premium tier
Premium tier provides additional features like data persistence and clustering, but it is unnecessary for the stated requirement for this requirement and more expensive.
Trap 3: Azure Content Delivery Network
Azure CDN is for caching static content (images, videos) at edge locations, not for application session state or dynamic data caching.
- A
Azure Redis Cache Basic tier
Why wrong: Basic tier does not provide high availability (no SLA) and runs on a single node, so it does not meet the requirement for high availability.
- B
Azure Redis Cache Standard tier
Standard tier offers a 99.9% SLA, replication, and is fully managed, making it suitable for caching with high availability.
- C
Azure Redis Cache Premium tier
Why wrong: Premium tier provides additional features like data persistence and clustering, but it is unnecessary for the stated requirement for this requirement and more expensive.
- D
Azure Content Delivery Network
Why wrong: Azure CDN is for caching static content (images, videos) at edge locations, not for application session state or dynamic data caching.
A company wants to deploy a web application on Azure virtual machines (VMs). The application experiences variable traffic patterns, so the company needs to automatically add or remove VM instances based on CPU utilization. They also want the application to remain highly available even if an Azure datacenter fails. Which combination of Azure services should they use?
Trap 1: Azure App Service with autoscale rules and deployment slots
Azure App Service is a platform-as-a-service (PaaS) offering, not based on VMs. The requirement specifies Azure VMs, so App Service is not appropriate.
Trap 2: Azure Load Balancer with a backend pool of VMs and autoscale rules…
While Load Balancer distributes traffic, it does not provide autoscaling itself. You would still need VMSS for auto-scaling. This option is incomplete because it separates the autoscale from the compute platform.
Trap 3: Azure Traffic Manager with endpoints in separate regions and Manual…
Traffic Manager is for global traffic routing, not intra-region auto-scaling. Manual scaling does not meet the requirement for automatic scaling based on CPU. Also, it does not address zone-level high availability within a region.
- A
Virtual Machine Scale Sets configured with autoscale rules based on CPU and distributed across availability zones
VM Scale Sets allow you to define autoscale conditions (e.g., scale out when CPU > 75%) and can be deployed across availability zones. This provides both horizontal scaling and protection against a zone failure.
- B
Azure App Service with autoscale rules and deployment slots
Why wrong: Azure App Service is a platform-as-a-service (PaaS) offering, not based on VMs. The requirement specifies Azure VMs, so App Service is not appropriate.
- C
Azure Load Balancer with a backend pool of VMs and autoscale rules applied to individual VMSS
Why wrong: While Load Balancer distributes traffic, it does not provide autoscaling itself. You would still need VMSS for auto-scaling. This option is incomplete because it separates the autoscale from the compute platform.
- D
Azure Traffic Manager with endpoints in separate regions and Manual scaling of VMs
Why wrong: Traffic Manager is for global traffic routing, not intra-region auto-scaling. Manual scaling does not meet the requirement for automatic scaling based on CPU. Also, it does not address zone-level high availability within a region.
A company wants to run a containerized application on Azure without managing virtual machines. They need automatic scaling, load balancing, and rolling updates. Which Azure compute service should they choose?
Trap 1: Azure Virtual Machine Scale Sets
VMSS manages VMs but not container orchestration; you would need to manage container deployment yourself.
Trap 2: Azure App Service
App Service supports containers but is limited in orchestration capabilities compared to AKS.
Trap 3: Azure Container Instances
ACI runs individual containers without orchestration, scaling, or rolling updates.
- A
Azure Virtual Machine Scale Sets
Why wrong: VMSS manages VMs but not container orchestration; you would need to manage container deployment yourself.
- B
Azure Kubernetes Service (AKS)
AKS offers full container orchestration with built-in scaling, load balancing, and rolling updates.
- C
Azure App Service
Why wrong: App Service supports containers but is limited in orchestration capabilities compared to AKS.
- D
Azure Container Instances
Why wrong: ACI runs individual containers without orchestration, scaling, or rolling updates.
A company uses Microsoft Entra ID. They want to integrate their security operations with a third-party SIEM tool. They need to export all Microsoft Entra ID sign-in logs and audit logs to the SIEM for analysis. The solution should be automated and near real-time. Which Azure service should they configure?
Trap 1: Azure Logic Apps
Logic Apps can process events but are not optimized for continuous high-volume log streaming.
Trap 2: Azure Monitor
Azure Monitor stores logs but does not natively stream to SIEM; requires additional connector or export.
Trap 3: Azure Storage
Storage is for archival, not near real-time streaming to SIEM.
- A
Azure Event Hubs
Event Hubs can receive log streams from Microsoft Entra ID diagnostic settings and forward to SIEM tools.
- B
Azure Logic Apps
Why wrong: Logic Apps can process events but are not optimized for continuous high-volume log streaming.
- C
Azure Monitor
Why wrong: Azure Monitor stores logs but does not natively stream to SIEM; requires additional connector or export.
- D
Azure Storage
Why wrong: Storage is for archival, not near real-time streaming to SIEM.
A company uses Microsoft Entra ID (Microsoft Entra ID). They need to automatically detect sign-ins from users with leaked credentials and prompt those users to reset their password during the next sign-in. Which Microsoft Entra ID feature should they enable?
Trap 1: Conditional Access
Conditional Access can use risk conditions from Identity Protection but does not detect risks itself.
Trap 2: Privileged Identity Management (PIM)
PIM manages privileged roles, not user risk remediation.
Trap 3: Microsoft Entra ID B2B
B2B is for inviting external users, not risk detection and password reset.
- A
Microsoft Entra ID Identity Protection
Identity Protection detects risks like leaked credentials and can trigger automated remediation such as password reset.
- B
Conditional Access
Why wrong: Conditional Access can use risk conditions from Identity Protection but does not detect risks itself.
- C
Privileged Identity Management (PIM)
Why wrong: PIM manages privileged roles, not user risk remediation.
- D
Microsoft Entra ID B2B
Why wrong: B2B is for inviting external users, not risk detection and password reset.
Match each Azure monitoring service to its function.
Drag a concept onto its matching description — or click a concept then click the description.
Collect, analyze, and act on telemetry
Query and analyze log data
Application performance monitoring (APM)
Personalized recommendations for best practices
Personalized alerts for service issues
Match each Azure compute service to its characteristic.
Drag a concept onto its matching description — or click a concept then click the description.
IaaS with full control over OS and apps
PaaS for web apps, APIs, and mobile backends
Managed Kubernetes for container orchestration
Serverless compute for event-driven code
Simple, fast container deployment without orchestration
Match each Azure migration tool to its use case.
Drag a concept onto its matching description — or click a concept then click the description.
Centralized hub for discovery, assessment, and migration
Migrate databases to Azure with minimal downtime
Physical device for offline data transfer
Replicate and migrate on-premises VMs to Azure
Ship hard drives to transfer large data volumes
Match each Azure identity service to its description.
Drag a concept onto its matching description — or click a concept then click the description.
Cloud-based identity and access management
Customer identity and access management for apps
Managed domain services like LDAP and Kerberos
Role-based access control for Azure resources
Policy-based evaluation to enforce access controls
A company needs to store and retrieve large binary files (e.g., images and videos) for a web application. The data must be accessible via HTTPS URLs and support both public read access for anonymous users and private access for administrators. The solution must be highly durable and cost-effective for storing terabytes of data. Which Azure storage solution should they recommend?
Trap 1: Azure Files
Azure Files provides fully managed file shares accessed via SMB, not HTTP/HTTPS URLs for public access.
Trap 2: Azure Queue Storage
Queue Storage is for storing messages for asynchronous processing, not for large binary files.
Trap 3: Azure Table Storage
Table Storage is a NoSQL key-value store for structured data, not for large binary files.
- A
Azure Blob Storage
Blob Storage is optimized for storing large amounts of unstructured data and supports both public and private access levels.
- B
Azure Files
Why wrong: Azure Files provides fully managed file shares accessed via SMB, not HTTP/HTTPS URLs for public access.
- C
Azure Queue Storage
Why wrong: Queue Storage is for storing messages for asynchronous processing, not for large binary files.
- D
Azure Table Storage
Why wrong: Table Storage is a NoSQL key-value store for structured data, not for large binary files.
A company runs a line-of-business application on Azure VMs that requires a highly available, low-latency SMB file share with support for active-active access from multiple VMs. The application requires high IOPS and throughput, and the file share must be mountable on both Linux and Windows VMs. Which Azure file storage solution should they recommend?
Trap 1: A
Azure Files (standard) provides SMB file shares but its IOPS and throughput performance may be insufficient for high-performance workloads.
Trap 2: C
Azure Blob Storage is accessed via REST API and is not designed for SMB file sharing or low-latency shared access required by the application.
Trap 3: D
Azure Disk Storage can be attached to a single VM and cannot be mounted by multiple VMs simultaneously for active-active sharing.
- A
A
Why wrong: Azure Files (standard) provides SMB file shares but its IOPS and throughput performance may be insufficient for high-performance workloads.
- B
B
Azure NetApp Files is a high-performance, enterprise-grade file storage service that supports SMB (both Windows and Linux) and can deliver thousands of IOPS with low latency.
- C
C
Why wrong: Azure Blob Storage is accessed via REST API and is not designed for SMB file sharing or low-latency shared access required by the application.
- D
D
Why wrong: Azure Disk Storage can be attached to a single VM and cannot be mounted by multiple VMs simultaneously for active-active sharing.
A company runs large-scale analytics workloads using Apache Hadoop and Spark. They need a cloud storage solution that is fully compatible with the Hadoop Distributed File System (HDFS) and provides unlimited storage with high throughput for parallel processing. They also want to take advantage of tiered storage to reduce costs for older data. Which Azure data service should they use?
Trap 1: Azure Blob Storage
Blob Storage is object storage but does not provide native HDFS compatibility. While it can be used with Hadoop via the WASB driver, it lacks the hierarchical namespace and performance optimizations of ADLS Gen2.
Trap 2: Azure Files
Azure Files is a fully managed file share for SMB and NFS protocols, not designed for big data analytics or HDFS workloads.
Trap 3: Azure Disk Storage
Azure Disk Storage provides block-level storage for VMs, but it has capacity limits and is not suitable for large-scale distributed data processing.
- A
Azure Blob Storage
Why wrong: Blob Storage is object storage but does not provide native HDFS compatibility. While it can be used with Hadoop via the WASB driver, it lacks the hierarchical namespace and performance optimizations of ADLS Gen2.
- B
Azure Data Lake Storage Gen2
ADLS Gen2 combines Blob Storage with a hierarchical namespace and HDFS-compatible APIs, offering unlimited storage, high throughput, and lifecycle tiering for cost optimization.
- C
Azure Files
Why wrong: Azure Files is a fully managed file share for SMB and NFS protocols, not designed for big data analytics or HDFS workloads.
- D
Azure Disk Storage
Why wrong: Azure Disk Storage provides block-level storage for VMs, but it has capacity limits and is not suitable for large-scale distributed data processing.
A company uses Azure SQL Database (Premium tier) for their application. They need to offload reporting queries to a read-only copy of the database to reduce load on the primary. The read-only copy must be kept in sync synchronously within the same Azure region. They also need automated failover to the read-only copy if the primary fails. Which Azure SQL Database feature should they enable?
Trap 1: Active geo-replication
Incorrect. Active geo-replication creates asynchronous replicas in a different region, not suitable for in-region synchronous read-only offload.
Trap 2: Auto-failover groups
Incorrect. Auto-failover groups manage failover of a group of databases across regions, not for in-region read-only replicas.
Trap 3: Database copy
Incorrect. Database copy creates a snapshot copy manually, which is not synchronous nor provides automatic failover.
- A
Active geo-replication
Why wrong: Incorrect. Active geo-replication creates asynchronous replicas in a different region, not suitable for in-region synchronous read-only offload.
- B
Auto-failover groups
Why wrong: Incorrect. Auto-failover groups manage failover of a group of databases across regions, not for in-region read-only replicas.
- C
Read Scale-Out
Correct. Read Scale-Out provides a synchronous read-only replica in the same region, supporting reporting and automatic failover.
- D
Database copy
Why wrong: Incorrect. Database copy creates a snapshot copy manually, which is not synchronous nor provides automatic failover.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.