CCNA Design data storage solutions Questions

75 of 233 questions · Page 3/4 · Design data storage solutions · Answers revealed

151
Multi-Selectmedium

A company is migrating a legacy application that uses Oracle Database to Azure. They want to minimize code changes and maintain compatibility with Oracle PL/SQL. Which TWO Azure data services should they consider?

Select 2 answers
A.Azure SQL Database
B.Azure SQL Managed Instance with Oracle compatibility
C.Azure Database for PostgreSQL with Oracle compatibility extension
D.Azure Cosmos DB
E.Azure Database for MySQL
AnswersB, C

Supports Oracle features like PL/SQL.

Why this answer

Azure SQL Managed Instance with Oracle compatibility (option B) provides a high degree of PL/SQL compatibility through its 'Oracle compatibility mode,' which supports stored procedures, triggers, and functions written in PL/SQL with minimal changes. This service also offers a fully managed SQL Server engine that can run Oracle workloads with near-zero code modifications, making it ideal for legacy application migration.

Exam trap

The trap here is that candidates often assume only a single service can provide Oracle compatibility, but the question explicitly asks for TWO options, and the PostgreSQL extension is a valid second choice that many overlook because they focus solely on SQL Server-based solutions.

152
MCQhard

Refer to the exhibit. You need to enable public access to the storage account for a specific IP address while keeping the default action as Deny. What should you do?

A.Set the bypass to None to allow all traffic.
B.Set the networkAcls to an empty list to remove restrictions.
C.Add an IP rule with the specific IP address to the ipRules array.
D.Change the defaultAction to Allow and remove the Deny rule.
AnswerC

Adding an IP rule allows that IP while defaultAction remains Deny.

Why this answer

Option C is correct because the Azure Storage account firewall allows you to create IP rules that grant access to specific public IP addresses or ranges while keeping the default action as Deny. By adding an IP rule with the specific IP address to the `ipRules` array, you explicitly allow that IP through the firewall, and all other traffic is denied by the default rule. This is the standard method to enable selective public access without changing the default deny behavior.

Exam trap

The trap here is that candidates often think they must change the default action to Allow and then add a Deny rule, but Azure Storage firewall does not support explicit Deny rules for IP addresses—only Allow rules—so the correct approach is to keep the default as Deny and add an Allow rule for the specific IP.

How to eliminate wrong answers

Option A is wrong because setting the bypass to 'None' would not allow all traffic; it would actually prevent any Azure services from bypassing the firewall, but it does not affect IP-based access rules and would still require explicit IP rules to allow traffic. Option B is wrong because setting the `networkAcls` to an empty list would remove all network ACL rules, including any IP rules, leaving only the default action (Deny) in effect, which would block all traffic including the specific IP address. Option D is wrong because changing the `defaultAction` to Allow would permit all public traffic, which violates the requirement to keep the default action as Deny and only allow the specific IP address.

153
Multi-Selecthard

A company needs to design a data storage solution for a global SaaS application that requires multi-region writes with conflict resolution. The data model includes both structured and unstructured data. Which THREE Azure data services should they consider?

Select 3 answers
A.Azure Blob Storage
B.Azure SQL Database with active geo-replication
C.Azure Cache for Redis
D.Azure Table Storage
E.Azure Cosmos DB
AnswersA, B, E

For unstructured data.

Why this answer

Azure Blob Storage is correct because it provides globally scalable, object-based storage for unstructured data (such as images, videos, and documents) that can be accessed from anywhere via HTTP/HTTPS. It supports geo-redundant storage options (e.g., GRS, RA-GRS) and can be integrated with Azure Front Door or Traffic Manager to enable multi-region read access, though it does not natively handle multi-region writes with conflict resolution—this is why it is paired with Cosmos DB for structured data.

Exam trap

The trap here is that candidates often assume Azure SQL Database with active geo-replication supports multi-region writes, but it only supports a single writable primary with readable secondaries, not true multi-region writes with conflict resolution.

154
MCQeasy

You need to design a storage solution for a website that hosts static content (HTML, CSS, JavaScript) and requires low-cost, scalable storage with integrated CDN delivery. Which Azure service should you use?

A.Azure Files with SMB protocol
B.Azure Content Delivery Network only
C.Azure Blob Storage with static website hosting and Azure CDN
D.Azure App Service
AnswerC

Blob Storage provides scalable static hosting and CDN integration.

Why this answer

Azure Blob Storage with static website hosting provides a cost-effective, scalable storage solution for static content (HTML, CSS, JavaScript). By enabling Azure CDN on top of the storage account, you achieve low-latency global content delivery and offload traffic from the origin, reducing costs and improving performance for end users.

Exam trap

The trap here is that candidates often confuse Azure Files (a managed file share) with Blob Storage (object storage) for static web hosting, or mistakenly think Azure CDN alone can store content without an origin service.

How to eliminate wrong answers

Option A is wrong because Azure Files with SMB protocol is designed for file shares that require SMB access (e.g., lift-and-shift apps, legacy file servers), not for serving static web content with CDN integration. Option B is wrong because Azure Content Delivery Network alone is a delivery service, not a storage service; it requires an origin (like Blob Storage) to cache and serve content. Option D is wrong because Azure App Service is a PaaS compute service for hosting web applications, not a dedicated static content storage solution, and it incurs higher costs and unnecessary overhead for purely static content.

155
MCQmedium

A company stores large amounts of log data in Azure Blob Storage. Logs are accessed frequently for the first 30 days, then rarely accessed afterward, but must be retained for 7 years for compliance. The company wants to minimize storage costs. They need to configure automatic data movement and retention policies. Which combination of Azure Blob Storage access tiers and lifecycle management policy should they use?

A.Use Hot tier for 30 days, then use Cool tier for 7 years, with a lifecycle rule to delete after 7 years.
B.Use Hot tier for 30 days, then use Archive tier for the remaining period, with a lifecycle rule to delete after 7 years.
C.Use Cool tier for 30 days, then use Archive tier for 7 years, no lifecycle rule needed.
D.Use Archive tier immediately, with a lifecycle rule to delete after 7 years.
AnswerB

Hot tier provides low-latency access during the frequent access period. Archive tier provides the lowest storage cost for data that is rarely accessed. A lifecycle policy can automatically move data from Hot to Archive after 30 days and delete it after 7 years.

Why this answer

Option B is correct because it uses the Hot tier for the first 30 days to handle frequent access, then automatically moves data to the Archive tier via a lifecycle management rule to minimize costs for rarely accessed data, and finally deletes the blobs after 7 years to meet compliance retention requirements. The Archive tier offers the lowest storage cost for long-term retention, making it ideal for logs that are rarely accessed after the initial period.

Exam trap

The trap here is that candidates often choose the Cool tier for long-term retention because they underestimate the cost savings of the Archive tier for data that is rarely accessed over many years, or they forget that a lifecycle rule is necessary to enforce deletion after the compliance period.

How to eliminate wrong answers

Option A is wrong because moving data to the Cool tier after 30 days does not minimize storage costs as effectively as the Archive tier for 7 years of rare access; the Cool tier has higher storage costs than Archive and is intended for data accessed less frequently but still with some latency requirements, not for long-term archival. Option C is wrong because starting with the Cool tier for the first 30 days is suboptimal since logs are accessed frequently during that period, and the Hot tier is more cost-effective for frequent access; additionally, a lifecycle rule is required to delete data after 7 years to enforce compliance retention. Option D is wrong because placing data directly into the Archive tier from the start incurs high retrieval costs and latency for the first 30 days when logs are accessed frequently, violating the requirement to minimize costs and access performance.

156
MCQhard

Refer to the exhibit. A company is analyzing Azure Storage diagnostic logs using this KQL query. They notice a high number of GetBlob operations on BlockBlobs. The storage account is used for a web application that serves static content. What should they recommend to reduce the number of GetBlob operations?

A.Implement Azure Blob Storage life cycle management to move data to the archive tier.
B.Use Azure File Sync to cache files on-premises.
C.Enable Azure CDN or Azure Front Door to cache content.
D.Enable Azure Storage Analytics logging to track operations.
AnswerC

Reduces direct blob requests by serving cached content.

Why this answer

Option C is correct because enabling Azure CDN or Azure Front Door caches static content at edge locations, reducing the number of direct GetBlob operations against the storage account. This offloads repeated requests from the origin storage, lowering both operational costs and latency for the web application.

Exam trap

The trap here is that candidates may confuse logging (Option D) or lifecycle management (Option A) as solutions to reduce operations, when they only provide monitoring or cost optimization for infrequently accessed data, not a reduction in read requests.

How to eliminate wrong answers

Option A is wrong because lifecycle management moves data to the archive tier, which is designed for cold data and incurs high retrieval costs and latency—it does not reduce GetBlob operations for frequently accessed static content. Option B is wrong because Azure File Sync caches files on-premises for hybrid scenarios, but the question involves a web application serving static content from Azure Storage, not on-premises file sharing; it does not reduce GetBlob operations in Azure. Option D is wrong because enabling Storage Analytics logging tracks operations but does not reduce them; it only provides visibility into existing traffic.

157
MCQhard

A multinational corporation needs to store sensitive customer data in Azure. The data must be encrypted at rest using a customer-managed key stored in Azure Key Vault, and the key must be rotated every 90 days. The solution must also support geo-redundancy for disaster recovery. Which combination of services should you recommend?

A.Azure Storage with customer-managed keys in Azure Key Vault and geo-redundant storage (GRS)
B.Azure SQL Database with Transparent Data Encryption (TDE) using customer-managed keys in Azure Key Vault, and active geo-replication
C.Azure Cosmos DB with customer-managed keys in Azure Key Vault and multi-region writes
D.Azure SQL Managed Instance with TDE and failover groups
AnswerB

This combination meets all requirements: encryption, key rotation via Key Vault, and geo-redundancy.

Why this answer

Azure SQL Database with TDE using customer-managed keys in Azure Key Vault meets the encryption-at-rest requirement with customer-managed key rotation every 90 days. Active geo-replication provides geo-redundancy for disaster recovery by maintaining readable secondary replicas in paired regions, which can be failed over manually or automatically.

Exam trap

The trap here is that candidates often confuse Azure SQL Database's active geo-replication with Azure SQL Managed Instance's failover groups, which do not support readable secondaries or the same level of geo-redundancy flexibility.

How to eliminate wrong answers

Option A is wrong because Azure Storage with GRS provides geo-redundancy but does not support customer-managed key rotation on a fixed 90-day schedule natively; key rotation must be managed separately and is not a built-in feature of the storage account. Option C is wrong because Azure Cosmos DB with multi-region writes provides geo-redundancy but does not support customer-managed key rotation at a fixed interval; key rotation is manual and not enforced by the service. Option D is wrong because Azure SQL Managed Instance with TDE and failover groups provides geo-redundancy but failover groups do not support active geo-replication with readable secondaries; they use automatic failover with a single readable secondary, which is less flexible than active geo-replication for disaster recovery.

158
MCQmedium

A company uses Azure SQL Database (Premium tier) for their application. They need to offload reporting queries to a read-only copy of the database to reduce load on the primary. The read-only copy must be kept in sync synchronously within the same Azure region. They also need automated failover to the read-only copy if the primary fails. Which Azure SQL Database feature should they enable?

A.Active geo-replication
B.Auto-failover groups
C.Read Scale-Out
D.Database copy
AnswerC

Correct. Read Scale-Out provides a synchronous read-only replica in the same region, supporting reporting and automatic failover.

Why this answer

Read Scale-Out is the correct feature because it offloads reporting queries to a read-only replica that stays synchronously committed within the same Azure region. It also provides automated failover to the read-only replica if the primary database fails, meeting both the synchronous sync and failover requirements for Premium-tier Azure SQL Database.

Exam trap

The trap here is that candidates confuse cross-region disaster recovery features (Active geo-replication and Auto-failover groups) with in-region high availability and read-scale capabilities, overlooking that Read Scale-Out is the only option that provides synchronous replication and automated failover within the same Azure region.

How to eliminate wrong answers

Option A is wrong because Active geo-replication creates asynchronous replicas in different Azure regions, not synchronous replicas within the same region, and it does not support automated failover. Option B is wrong because Auto-failover groups rely on Active geo-replication and are designed for cross-region failover with asynchronous replication, not for synchronous in-region read-only offloading. Option D is wrong because Database copy creates a point-in-time snapshot that is not kept in sync synchronously and does not provide automated failover.

159
MCQmedium

A company runs a SQL Server database on an Azure virtual machine. They need to increase the storage capacity and improve I/O performance for their transaction log. The current data disk is a standard HDD. They want to achieve higher IOPS and throughput without increasing the size of the VM (the VM size supports up to 8 data disks). The database workload is write-intensive on the transaction log. Which configuration should they implement?

A.Add additional standard HDD disks and configure a storage pool with simple (striping) layout
B.Replace the standard HDD disk with a premium SSD disk for the log drive
C.Add a premium SSD disk and configure a storage space with mirroring for the log drive
D.Use Azure Disk Encryption to improve performance
AnswerB

Premium SSDs offer significantly higher IOPS and throughput, directly improving log write performance.

Why this answer

Option B is correct because replacing the standard HDD with a premium SSD directly addresses the need for higher IOPS and throughput for a write-intensive transaction log. Premium SSDs provide consistent low-latency performance and significantly higher IOPS/throughput compared to standard HDDs, without requiring a VM size change. Since the VM supports up to 8 data disks, a single premium SSD can meet the performance requirements more effectively than adding more HDDs.

Exam trap

The trap here is that candidates may think striping (Option A) or mirroring (Option C) with premium disks is needed for performance, but for a single transaction log file, a single premium SSD is sufficient and simpler, while mirroring adds unnecessary write overhead and striping with HDDs still yields poor IOPS.

How to eliminate wrong answers

Option A is wrong because adding more standard HDD disks and striping them in a storage pool still uses slow HDDs, which cannot deliver the required IOPS and throughput for a write-intensive transaction log; striping improves throughput but not latency or IOPS per disk. Option C is wrong because adding a premium SSD with mirroring (instead of using it as a single log drive) introduces unnecessary redundancy that does not improve write performance for a transaction log, and mirroring reduces usable capacity and can add write overhead. Option D is wrong because Azure Disk Encryption only provides encryption at rest and does not affect I/O performance; it can even introduce a slight CPU overhead for encryption/decryption operations.

160
MCQmedium

A company stores JSON documents for a mobile app backend. The data needs to be accessible from multiple global regions with low latency writes from any region. The app uses a client-side library that supports automatic conflict resolution for concurrent updates. Which Azure data service should they choose?

A.Azure Cosmos DB
B.Azure SQL Database
C.Azure Database for PostgreSQL
D.Azure Table Storage
AnswerA

Cosmos DB supports multi-region writes with automatic conflict resolution, fulfilling the requirement.

Why this answer

Azure Cosmos DB is correct because it provides multi-region writes with automatic conflict resolution, which directly matches the requirement for low-latency writes from any global region. Its multi-master replication model allows any region to accept writes, and the client-side library can use last-writer-wins (LWW) or custom conflict resolution policies to handle concurrent updates seamlessly.

Exam trap

The trap here is that candidates often confuse Azure SQL Database or Azure Database for PostgreSQL's read replicas with write capability, failing to recognize that only Cosmos DB offers true multi-region writes with built-in conflict resolution.

How to eliminate wrong answers

Option B (Azure SQL Database) is wrong because it does not natively support multi-region writes; it relies on a single primary region for writes, and geo-replication is read-only, so it cannot achieve low-latency writes from multiple regions. Option C (Azure Database for PostgreSQL) is wrong because it also uses a single-writer primary architecture; while read replicas can be distributed, writes must go to the primary region, introducing latency for global writes. Option D (Azure Table Storage) is wrong because it does not support multi-region writes; it offers only a single write region with read-only geo-redundant storage, and it lacks built-in conflict resolution for concurrent updates.

161
MCQmedium

A company needs to store sensor data from IoT devices. Each device sends a message every second. The data is time-series and will be queried for real-time dashboards and historical analysis. The solution must support high ingestion rates and low-latency queries on recent data. Which Azure service should they use?

A.Azure Blob Storage with Azure Data Lake Storage Gen2
B.Azure Cosmos DB with SQL API
C.Azure Event Hubs and Azure Data Explorer
D.Azure Table Storage
AnswerC

Event Hubs ingests high volumes of event data, and Azure Data Explorer provides fast, real-time analytics on time-series data. This combination is best suited for IoT sensor data.

Why this answer

Azure Event Hubs is designed for high-throughput data ingestion from millions of IoT devices, capable of handling millions of events per second. Azure Data Explorer (ADX) is optimized for time-series data, providing sub-second query latency on recent data and efficient historical analysis. Together, they form a serverless pipeline that ingests sensor data via Event Hubs and stores it in ADX for real-time dashboards and long-term analytics.

Exam trap

The trap here is that candidates often choose Azure Cosmos DB (Option B) because they associate it with 'low latency' and 'IoT', but they overlook that Cosmos DB is not purpose-built for time-series data and lacks the ingestion throughput and query optimizations that Azure Data Explorer provides for this specific workload.

How to eliminate wrong answers

Option A is wrong because Azure Blob Storage with Data Lake Storage Gen2 is optimized for batch analytics and large file storage, not for high-frequency time-series ingestion or low-latency queries on recent data; it lacks native time-series indexing and real-time query capabilities. Option B is wrong because Azure Cosmos DB with SQL API is a multi-model NoSQL database designed for transactional workloads with flexible schemas, but it is not optimized for time-series data at high ingestion rates and can incur high RU costs for continuous writes; it also lacks native time-series functions like binning or retention policies. Option D is wrong because Azure Table Storage is a key-value store with limited query capabilities (only on partition and row keys), no support for time-series-specific operations, and high latency for range scans over timestamps, making it unsuitable for real-time dashboards and high-ingestion IoT workloads.

162
MCQmedium

Refer to the exhibit. You are deploying an ARM template with the above parameters. After deployment, you need to ensure that the storage account automatically moves blobs that are not accessed for 30 days to the archive tier. What should you do?

A.Enable soft delete for blobs.
B.Change the 'accessTier' parameter value to 'Archive'.
C.Change the 'replication' parameter value to 'GRS'.
D.Add a lifecycle management policy rule to the storage account.
AnswerD

Lifecycle management can automatically move blobs to archive tier after 30 days.

Why this answer

Option D is correct because Azure Storage lifecycle management policies allow you to automatically move blobs to cooler tiers (like Archive) based on age or last access time. By adding a rule with a filter for blobs not accessed in 30 days and an action to tier to Archive, you meet the requirement without manual intervention or changing the default access tier.

Exam trap

The trap here is that candidates often confuse setting the default access tier (via 'accessTier' parameter) with automating tier transitions based on age, leading them to choose Option B instead of recognizing that lifecycle management policies are required for time-based auto-tiering.

How to eliminate wrong answers

Option A is wrong because soft delete for blobs protects against accidental deletion by retaining deleted blobs for a specified period; it does not move blobs to a different access tier. Option B is wrong because changing the 'accessTier' parameter to 'Archive' would set the default tier for new blobs, but it does not automatically move existing blobs that are not accessed for 30 days; lifecycle management is needed for time-based tier transitions. Option C is wrong because changing replication to GRS (geo-redundant storage) affects durability and disaster recovery, not the access tier of blobs based on access patterns.

163
MCQmedium

An application requires a highly available key-value store with sub-millisecond read and write latencies across multiple Azure regions. The data model is simple and does not require complex queries. Which Azure data store should they choose?

A.Azure SQL Database
B.Azure Table Storage
C.Azure Cosmos DB
D.Azure Cache for Redis
AnswerC

Globally distributed, low-latency key-value store.

Why this answer

Azure Cosmos DB is the correct choice because it provides a globally distributed, multi-region key-value store with guaranteed sub-10-millisecond read and write latencies at the 99th percentile, and supports multiple consistency models including eventual consistency for even lower latency. Its turnkey global distribution enables active-active replication across Azure regions, meeting the high availability and sub-millisecond performance requirements without complex query support.

Exam trap

The trap here is that candidates often confuse Azure Cache for Redis as a primary data store due to its sub-millisecond performance, but it lacks global distribution and durability guarantees, making Cosmos DB the correct choice for a highly available, multi-region key-value store.

How to eliminate wrong answers

Option A is wrong because Azure SQL Database is a relational database that requires complex schema design, does not natively support sub-millisecond key-value access patterns, and its geo-replication is not designed for active-active multi-region writes with single-digit millisecond latencies. Option B is wrong because Azure Table Storage is a NoSQL key-value store but it is not globally distributed by default, has higher latency (typically 10-50 ms), and does not offer sub-millisecond performance or multi-region write capabilities. Option D is wrong because Azure Cache for Redis is an in-memory cache that does not provide native multi-region replication or persistence guarantees required for a durable key-value store, and its primary use case is caching, not a fully managed globally distributed data store.

164
MCQmedium

A company needs to store audit logs for 7 years to meet compliance requirements. The logs are generated at a high volume and must be cost-effective. They need to run occasional queries on recent logs (less than 30 days old) but rarely on older ones. Which Azure storage solution should they recommend?

A.Azure Blob Storage with lifecycle management to Archive tier
B.Azure SQL Database
C.Azure Cosmos DB
D.Azure Log Analytics
AnswerA

Correct. Blob Storage provides tiers (Hot, Cool, Archive) and automatic lifecycle management for cost-efficient long-term retention.

Why this answer

Azure Blob Storage with lifecycle management to the Archive tier is the correct solution because it provides a cost-effective storage hierarchy for high-volume audit logs. Lifecycle management can automatically move logs from the Hot or Cool tier to the Archive tier after 30 days, aligning with the requirement to keep recent logs queryable while minimizing costs for older logs that are rarely accessed. The Archive tier offers the lowest storage cost, making it ideal for 7-year retention of audit data.

Exam trap

The trap here is that candidates often choose Azure Log Analytics (Option D) because it is associated with logs, but they overlook its retention limits and high cost for long-term storage, failing to recognize that Azure Blob Storage with lifecycle management is the correct archival solution for compliance-driven retention.

How to eliminate wrong answers

Option B (Azure SQL Database) is wrong because it is a relational database designed for transactional workloads and structured queries, not for cost-effective storage of high-volume, append-only audit logs; its storage costs are significantly higher than blob storage for large data volumes. Option C (Azure Cosmos DB) is wrong because it is a NoSQL database optimized for low-latency, globally distributed applications, not for long-term, cost-efficient archival of audit logs; its provisioned throughput and storage costs make it prohibitively expensive for this use case. Option D (Azure Log Analytics) is wrong because it is a monitoring and analytics service designed for real-time log ingestion and querying, not for long-term archival storage; its retention limits (default 30 days, up to 2 years with additional cost) cannot meet the 7-year compliance requirement cost-effectively.

165
Multi-Selecteasy

Which TWO Azure services can be used to store unstructured data such as documents, images, and videos?

Select 2 answers
A.Azure Blob Storage
B.Azure Files
C.Azure SQL Database
D.Azure Data Lake Storage Gen2
E.Azure Cosmos DB
AnswersA, D

Blob Storage is object storage for unstructured data.

Why this answer

Azure Blob Storage is designed for storing massive amounts of unstructured data, such as documents, images, and videos, as objects (blobs) in a flat namespace. It supports three types of blobs (block, append, and page) and provides REST APIs for access, making it ideal for scalable, cost-effective storage of binary and text data.

Exam trap

The trap here is that candidates often confuse Azure Files (a file share service) with unstructured storage, but Azure Files is for structured file sharing with SMB/NFS, not for object storage of documents, images, and videos.

166
Multi-Selectmedium

Which THREE features are available in Azure Files premium tier that are not available in standard tier?

Select 3 answers
A.Higher IOPS (up to 100,000 per share)
B.SMB multichannel support
C.Lower latency (single-digit milliseconds)
D.Support for NFS v4.1 protocol
E.Azure File Sync integration
AnswersA, C, D

Premium tier provides significantly higher IOPS.

Why this answer

Option A is correct because Azure Files premium tier is backed by SSD storage and can deliver up to 100,000 IOPS per share, while the standard tier (HDD-based) is limited to significantly lower IOPS. This high IOPS capability is exclusive to premium shares and is critical for I/O-intensive workloads.

Exam trap

The trap here is that candidates often assume SMB multichannel is a premium-only feature, but it is actually available in both tiers (though premium provides better performance due to higher IOPS and lower latency).

167
Multi-Selecteasy

Which TWO of the following are true about Azure Blob Storage access tiers?

Select 2 answers
A.The cool access tier has lower storage costs but higher access costs compared to the hot tier
B.The cool access tier is designed for data that is accessed more frequently than the hot tier
C.The archive access tier is suitable for data that is accessed daily
D.The archive access tier has the lowest storage costs but the highest retrieval latency
E.The hot access tier has the lowest storage costs
AnswersA, D

Correct: cool is cheaper to store, more expensive to access.

Why this answer

Option A is correct because Azure Blob Storage's cool access tier is designed for infrequently accessed data, offering lower storage costs than the hot tier but higher access costs (per GB read/write) to compensate for the reduced storage price. This cost trade-off aligns with typical usage patterns where data is stored long-term but accessed less often.

Exam trap

The trap here is confusing the cost trade-off between storage and access—candidates often assume 'cool' means cheaper overall, but they miss that access costs are higher, and they mistakenly think archive supports daily access due to its low storage cost.

168
MCQmedium

A company needs to store sensitive customer data in Azure Blob Storage. They require encryption at rest using customer-managed keys (CMK) stored in Azure Key Vault. Additionally, they want to prevent data from being accessed if the key is revoked. Which feature should they enable?

A.Azure Defender for Storage
B.Customer Lockbox for Azure Storage
C.Azure Files with AD DS authentication
D.Storage Service Encryption (SSE)
AnswerB

Customer Lockbox enables you to control access with key revocation, blocking data access.

Why this answer

Customer Lockbox for Azure Storage provides an additional layer of control by requiring explicit approval from the customer before Microsoft engineers can access storage data for support or troubleshooting. When combined with customer-managed keys (CMK) in Azure Key Vault, revoking the key renders the data inaccessible, and Customer Lockbox ensures that even Microsoft cannot bypass this protection without your consent.

Exam trap

The trap here is that candidates often confuse Customer Lockbox with Azure Defender for Storage or SSE, assuming that encryption alone prevents access, but only Customer Lockbox provides the explicit approval gate for Microsoft support access after key revocation.

How to eliminate wrong answers

Option A is wrong because Azure Defender for Storage is a security monitoring service that detects threats and anomalies, not a feature that controls access or enforces key revocation. Option C is wrong because Azure Files with AD DS authentication provides identity-based access control for file shares, not encryption key management or revocation-based data protection. Option D is wrong because Storage Service Encryption (SSE) encrypts data at rest using Microsoft-managed keys by default; while it can use customer-managed keys, it does not provide a mechanism to prevent data access when the key is revoked—Customer Lockbox is required for that.

169
MCQmedium

A financial services company needs to store transaction logs for regulatory compliance. The logs must be stored in a cost-effective manner, and they must be immutable to prevent tampering. The logs are accessed infrequently but must be retained for 7 years. Which Azure storage solution should you recommend?

A.Azure Cosmos DB with time-to-live (TTL)
B.Azure Blob Storage with immutable storage policy and cool access tier
C.Azure SQL Database with long-term retention backup
D.Azure Files with share snapshots
AnswerB

Immutable storage prevents tampering; cool tier reduces cost for infrequently accessed data.

Why this answer

Azure Blob Storage with an immutable storage policy (WORM) ensures that transaction logs cannot be modified or deleted during the retention period, meeting compliance requirements. The cool access tier is cost-effective for infrequently accessed data, and the 7-year retention aligns with the policy's time-based retention. This combination provides both immutability and low-cost storage for long-term archival.

Exam trap

The trap here is that candidates may confuse Azure SQL Database long-term retention (which is for backup recovery, not immutable storage) with true immutability, or assume that any snapshot or TTL mechanism can satisfy regulatory immutability requirements when they actually allow deletion or modification.

How to eliminate wrong answers

Option A is wrong because Azure Cosmos DB with TTL automatically deletes data after the TTL expires, which does not provide immutability and would delete logs before the 7-year retention period ends. Option C is wrong because Azure SQL Database long-term retention backup is designed for database recovery, not for storing immutable transaction logs, and it does not prevent tampering at the storage level. Option D is wrong because Azure Files share snapshots are point-in-time copies that can be deleted by the administrator, offering no immutability guarantee, and they are not cost-optimized for infrequent access over 7 years.

170
MCQmedium

You are designing a globally distributed application that requires low-latency reads and writes for a web application with user session data. The solution must support multi-master writes and provide 99.999% availability. Which Azure data service meets these requirements?

A.Azure SQL Database
B.Azure Cosmos DB
C.Azure Cache for Redis
D.Azure Table Storage
AnswerB

Cosmos DB supports multi-region writes and 99.999% SLA.

Why this answer

Azure Cosmos DB is the correct choice because it natively supports multi-master writes across multiple regions, enabling low-latency reads and writes globally. It offers a 99.999% availability SLA when configured with multiple write regions, and its turnkey global distribution ensures user session data is replicated with consistency options tailored for web applications.

Exam trap

The trap here is that candidates often confuse Azure Cache for Redis's low-latency caching with a durable, multi-master data store, overlooking that it lacks persistence guarantees and multi-master write support required for 99.999% availability.

How to eliminate wrong answers

Option A is wrong because Azure SQL Database supports only a single writable primary replica (active geo-replication provides readable secondaries but not multi-master writes), and its maximum availability SLA is 99.995% for Business Critical tier, not 99.999%. Option C is wrong because Azure Cache for Redis is an in-memory cache, not a durable data store; it does not support multi-master writes natively and its SLA is 99.9% for Standard tier, far below 99.999%. Option D is wrong because Azure Table Storage is a NoSQL key-value store that does not support multi-master writes; it offers only single-region writes with read-access geo-redundant storage (RA-GRS) for reads, and its SLA is 99.99% for reads but only 99.9% for writes, insufficient for the required availability.

171
MCQmedium

A company needs a fully managed NoSQL database for a JSON document-oriented application that requires low latency (single-digit milliseconds) for reads and writes at any scale. The application will run globally and needs multi-region writes with automatic failover. Which Azure data store should they use?

A.Azure Cosmos DB
B.Azure Table Storage
C.Azure SQL Database
D.Azure Cache for Redis
AnswerA

Cosmos DB offers multi-region writes, elastic scalability, and guarantees single-digit millisecond latency at the 99th percentile. It supports document models natively.

Why this answer

Azure Cosmos DB is the correct choice because it is a fully managed NoSQL database that natively supports JSON documents, offers single-digit millisecond latency for reads and writes at any scale, and provides multi-region writes with automatic failover through its multi-master replication capability. Its global distribution model allows you to configure multiple write regions, ensuring high availability and low latency worldwide.

Exam trap

The trap here is that candidates often confuse Azure Table Storage (a simple key-value store) with a fully managed NoSQL database, overlooking that it lacks native JSON support, multi-region writes, and automatic failover capabilities required for global, low-latency applications.

How to eliminate wrong answers

Option B (Azure Table Storage) is wrong because it is a key-value store that does not natively support JSON documents or multi-region writes with automatic failover; it offers only eventual consistency and lacks the global distribution features required. Option C (Azure SQL Database) is wrong because it is a relational database that does not support JSON as a native document model and cannot provide multi-region writes with automatic failover; it is not a NoSQL solution. Option D (Azure Cache for Redis) is wrong because it is an in-memory cache, not a fully managed NoSQL database; it does not persist JSON documents durably and lacks multi-region write capabilities with automatic failover.

172
MCQeasy

A company stores website static assets in Azure Blob Storage. The assets are updated weekly and must be available for immediate access for 30 days. After 30 days, older versions can be moved to the Cool tier to save costs but must still be accessible within seconds. They want an automated solution. What should they configure?

A.Set the access tier to Cool on the container
B.Use Azure Blob Storage lifecycle management rules
C.Manually change the access tier every 30 days
D.Use Azure Policy to enforce tier changes
AnswerB

Lifecycle management allows you to create a rule that moves blobs older than 30 days to the Cool tier automatically, while keeping newer blobs in the Hot tier.

Why this answer

Azure Blob Storage lifecycle management rules allow you to automate tier transitions based on age or last modification time. By configuring a rule to move blobs to the Cool tier 30 days after creation, you meet the requirement for immediate access (Cool tier offers sub-second latency) while optimizing costs without manual intervention.

Exam trap

The trap here is confusing Azure Policy (which enforces configuration at resource creation) with lifecycle management (which automates transitions based on time), leading candidates to choose Policy when only lifecycle rules can schedule tier changes.

How to eliminate wrong answers

Option A is wrong because setting the access tier to Cool on the container applies to all blobs immediately, not after 30 days, and would prevent the required immediate access for the first 30 days. Option C is wrong because manually changing the access tier every 30 days is not automated and violates the requirement for an automated solution. Option D is wrong because Azure Policy can enforce compliance rules (e.g., requiring a specific tier) but cannot schedule or automate tier transitions based on age or time.

173
MCQmedium

Contoso, Ltd. is migrating a legacy on-premises application to Azure. The application uses a SQL Server database with complex queries and requires read-heavy workloads with sub-10-millisecond latency. The solution must support geo-replication for disaster recovery. Which Azure data service should you recommend?

A.Azure Cosmos DB for NoSQL
B.Azure SQL Database Business Critical
C.Azure SQL Database Hyperscale
D.Azure SQL Managed Instance Business Critical
AnswerB

Business Critical offers readable secondaries for read-heavy workloads and supports geo-replication.

Why this answer

Azure SQL Database Business Critical is correct because it uses SQL Server database engine with full T-SQL support for complex queries, provides read-heavy workloads with sub-10-millisecond latency via in-memory OLTP and local SSD storage, and supports active geo-replication for disaster recovery. This tier offers a readable secondary replica in a different Azure region, meeting both latency and geo-replication requirements.

Exam trap

The trap here is that candidates often choose Hyperscale for its scalability and geo-replication features, overlooking that its page server architecture introduces higher read latency for small, frequent queries compared to the local SSD-based Business Critical tier.

How to eliminate wrong answers

Option A is wrong because Azure Cosmos DB for NoSQL does not support SQL Server T-SQL complex queries and uses a NoSQL API, making it incompatible with the existing SQL Server database. Option C is wrong because Azure SQL Database Hyperscale is optimized for large databases and high throughput but does not guarantee sub-10-millisecond latency for read-heavy workloads due to its page server architecture and potential cache misses. Option D is wrong because Azure SQL Managed Instance Business Critical supports geo-replication only via failover groups with limited read-scale capabilities, and it introduces additional management overhead compared to Azure SQL Database, which is more suitable for a simple migration of a legacy application.

174
MCQhard

AdventureWorks is a global retailer with a cloud-native architecture. They have a microservices application deployed on Azure Kubernetes Service (AKS). Each microservice needs to store its own data. The data requirements vary: (1) Shopping cart service: key-value data with high write throughput and low latency, data can be lost if not critical; (2) Order service: transactional data with strong consistency and ACID compliance; (3) Product catalog service: semi-structured product data that supports complex queries and is globally distributed for low-latency reads. The solution must use Azure PaaS services and minimize operational overhead. You need to design the data storage for each microservice. What should you recommend?

A.Azure Cosmos DB for all three services.
B.Azure Table Storage for shopping cart, Azure SQL Database for orders, Azure Cosmos DB for product catalog.
C.Azure Cache for Redis for shopping cart, Azure SQL Database for orders, Azure Cosmos DB for product catalog.
D.Azure SQL Database for all three services.
AnswerC

Best fit for each requirement.

Why this answer

Option B is correct. For the shopping cart, Azure Cache for Redis provides in-memory key-value storage with low latency. For the order service, Azure SQL Database provides ACID compliance.

For the product catalog, Azure Cosmos DB provides global distribution and complex query support. Option A is wrong because Cosmos DB is not ACID-compliant for orders. Option C is wrong because Azure Table Storage is not ACID-compliant.

Option D is wrong because Azure SQL Database is not ideal for high-write key-value.

175
MCQmedium

A company needs to store large amounts of unstructured file data (documents, images) that is accessed concurrently from hundreds of Azure VMs. The data must be accessible via the SMB protocol and provide low-latency, high-throughput performance. The solution must be fully managed and support up to 1000 simultaneous connections. Which Azure storage solution should they choose?

A.Azure Files (Premium tier)
B.Azure Blob Storage
C.Azure NetApp Files
D.Azure Managed Disks
AnswerA

Premium Azure Files provides SSD-backed SMB shares, low latency, high IOPS, and supports up to 1000 concurrent connections per share, making it ideal for this scenario.

Why this answer

Azure Files (Premium tier) is correct because it provides fully managed SMB file shares with low-latency, high-throughput performance suitable for concurrent access from hundreds of Azure VMs. Premium file shares are backed by SSD storage and are designed to support up to 1000 simultaneous connections per share, meeting the stated requirements for unstructured file data accessed via SMB.

Exam trap

The trap here is that candidates often confuse Azure Blob Storage with file shares because both store unstructured data, but Blob Storage lacks native SMB protocol support and is not optimized for concurrent file-level access from hundreds of VMs.

How to eliminate wrong answers

Option B (Azure Blob Storage) is wrong because it does not natively support the SMB protocol; it uses REST-based APIs (HTTP/HTTPS) and is optimized for object storage, not file-level concurrent access from hundreds of VMs. Option C (Azure NetApp Files) is wrong because while it supports SMB and high throughput, it is not fully managed in the same sense as Azure Files—it requires a delegated subnet and offers NFS/SMB but is typically used for specialized workloads like HPC or SAP, and its pricing and complexity exceed the requirements. Option D (Azure Managed Disks) is wrong because they are block-level storage attached to a single VM (up to 256 connections per disk with shared disks, but not designed for concurrent file-level access from hundreds of VMs via SMB).

176
MCQmedium

A multinational corporation is designing a data storage solution for its global customer data. The data must be stored in the Azure region closest to each customer to minimize latency, but all data must be accessible from a central analytics platform for reporting. The solution must also comply with data residency regulations that require customer data to remain in the country of origin. Which Azure storage solution should the company recommend?

A.Azure Cosmos DB with multi-master writes and conflict resolution
B.Azure Data Lake Storage Gen2 with geo-zone-redundant storage (GZRS)
C.Azure Blob Storage with geo-redundant storage (GRS)
D.Azure SQL Database with active geo-replication
AnswerA

Cosmos DB supports multi-region writes and can enforce data residency at the partition level.

Why this answer

Option C is correct because Azure Cosmos DB supports multi-region writes and data residency with a multi-master configuration, allowing data to be written in the region closest to the customer and read globally. Option A is wrong because Azure Blob Storage with geo-redundant storage (GRS) does not allow per-item residency control. Option B is wrong because Azure SQL Database with geo-replication replicates entire databases, not per-customer data.

Option D is wrong because Azure Data Lake Storage Gen2 is a single-region service and does not natively support multi-region data placement per customer.

177
MCQhard

You are designing a disaster recovery solution for an Azure SQL Database. The database is in the West US region. You need to ensure that if the entire West US region becomes unavailable, the database can be failed over to another region within 1 hour with minimal data loss. The solution must be cost-effective for a development environment. What should you recommend?

A.Configure active geo-replication to a secondary database in a paired region
B.Configure auto-failover groups with a secondary in a paired region
C.Deploy an Always On availability group across two regions using Azure VMs
D.Take daily backups and store them in a different region
AnswerA

Provides low RPO and RTO with failover within minutes.

Why this answer

Active geo-replication provides a readable secondary in a paired region with a configurable failover. For a dev environment, cost is a concern; active geo-replication is the most cost-effective option that meets the RPO/RTO. Option B (auto-failover groups) is a higher-level abstraction but still uses geo-replication; however, for dev, it may be overkill.

Option C (backup to another region) has longer RTO. Option D (always on availability groups) is for IaaS, not PaaS.

178
MCQhard

A company is designing a disaster recovery strategy for a mission-critical Azure SQL Database. They require a recovery point objective (RPO) of 5 seconds and a recovery time objective (RTO) of 1 hour. Which replication option should they use?

A.Zone-redundant deployment
B.Failover groups with active geo-replication
C.Auto-failover groups with active geo-replication
D.Geo-restore
AnswerB

Meets RPO of 5 seconds and RTO of 1 hour.

Why this answer

Failover groups with active geo-replication provide the lowest RPO (typically 5 seconds or less) and RTO (under 1 hour) for Azure SQL Database. Active geo-replication asynchronously replicates transactions to a secondary region, and failover groups orchestrate a coordinated, application-transparent failover that meets the stringent RTO requirement.

Exam trap

The trap here is that candidates confuse 'failover groups' with 'auto-failover groups' (which is not an official Azure term) and may incorrectly choose option C, or they underestimate the RPO/RTO of geo-restore and pick option D, not realizing that geo-restore is a backup-based solution with much higher latency.

How to eliminate wrong answers

Option A is wrong because zone-redundant deployment protects against datacenter failures within a single region, not against regional outages, and its RPO/RTO are not as low as required. Option C is wrong because 'Auto-failover groups with active geo-replication' is essentially the same as option B but with an incorrect name—Azure's feature is called 'failover groups' and does not include 'auto' in its official name; the automatic failover capability is part of failover groups, not a separate option. Option D is wrong because geo-restore uses point-in-time restore from geo-replicated backups, which has an RPO of 1 hour and RTO of 12+ hours, far exceeding the required 5-second RPO and 1-hour RTO.

179
MCQeasy

You are designing a solution to store large binary files (videos) that are accessed infrequently but must be retained for 7 years for compliance. The solution must minimize storage costs while allowing retrieval within 24 hours. Which Azure storage tier should you use?

A.Premium tier
B.Cool tier
C.Hot tier
D.Archive tier
AnswerD

Archive tier is lowest cost for long-term retention with retrieval within hours.

Why this answer

The Archive tier is the correct choice because it is the lowest-cost storage tier for infrequently accessed data that must be retained for long periods (7 years). It allows retrieval within 24 hours via standard rehydration, meeting the compliance requirement while minimizing storage costs. The other tiers (Premium, Hot, Cool) are more expensive and designed for higher-frequency access, making them unsuitable for this cost-optimization scenario.

Exam trap

The trap here is that candidates often choose Cool tier because they see 'infrequent access' and '24-hour retrieval' and mistakenly think Archive's retrieval time is too slow, but the question explicitly allows up to 24 hours, making Archive the correct cost-optimized choice.

How to eliminate wrong answers

Option A is wrong because the Premium tier is designed for low-latency, high-frequency access (e.g., Azure Virtual Machine disks) and incurs the highest storage costs, which is unnecessary for infrequently accessed videos. Option B is wrong because the Cool tier is optimized for data accessed less than once per month but still has higher storage costs than Archive and is not the most cost-effective for 7-year retention with 24-hour retrieval. Option C is wrong because the Hot tier is intended for frequent access (multiple times per month) and has the highest storage costs among standard tiers, contradicting the goal of minimizing costs for infrequently accessed data.

180
MCQhard

A large enterprise is designing a data lake solution for its analytics platform. The data lake will store petabytes of structured and unstructured data from various sources, including IoT devices, logs, and transactional databases. The solution must support: - Multi-protocol access (ABFS, REST, and NFS 3.0) - Hierarchical namespace for folder-level permissions - Optimized for analytical workloads (Parquet format) - Cost-effective storage for cold data that is accessed less than once a year. Which Azure storage solution should the enterprise recommend for the data lake?

A.Azure NetApp Files Ultra tier
B.Azure Files Premium tier
C.Azure Data Lake Storage Gen2 with Archive tier for cold data
D.Azure Blob Storage with hierarchical namespace enabled
AnswerC

Supports all required protocols and hierarchical namespace.

Why this answer

Option C is correct because Azure Data Lake Storage Gen2 supports hierarchical namespace, multi-protocol access (ABFS, REST, NFS 3.0), and can use Archive tier for cold data. Option A is wrong because Azure Blob Storage does not support NFS 3.0 natively. Option B is wrong because Azure Files does not support ABFS or hierarchical namespace.

Option D is wrong because Azure NetApp Files does not support ABFS and is expensive for petabyte-scale.

181
MCQhard

A company needs to store sensitive customer data in Azure Blob Storage with encryption at rest using customer-managed keys (CMK) stored in a hardware security module (HSM). Which Azure service should they use to manage the keys?

A.Azure Key Vault (Premium tier)
B.Azure Information Protection
C.Azure Key Vault (Standard tier)
D.Azure Key Vault Managed HSM
AnswerD

Managed HSM provides HSM-backed keys for CMK.

Why this answer

Azure Key Vault Managed HSM is a fully managed, highly available, single-tenant HSM that is FIPS 140-2 Level 3 validated. It allows you to store customer-managed encryption keys (CMKs) in a hardware security module (HSM) for Azure Storage encryption at rest, meeting the requirement for HSM-backed key storage. The Premium tier of Azure Key Vault also supports HSM-backed keys, but the question specifies 'stored in a hardware security module (HSM)', and Managed HSM provides dedicated HSM partitions with stronger isolation and compliance.

Exam trap

The trap here is that candidates often confuse the Azure Key Vault Premium tier (which supports HSM keys but in a shared multi-tenant HSM) with the dedicated HSM requirement, leading them to select Option A instead of the more appropriate Managed HSM.

How to eliminate wrong answers

Option A is wrong because Azure Key Vault (Premium tier) does support HSM-backed keys, but it is a multi-tenant service with shared HSM pools, not a dedicated HSM; the question's phrasing 'stored in a hardware security module (HSM)' implies a dedicated HSM solution, which Managed HSM provides. Option B is wrong because Azure Information Protection is a classification and labeling service for data protection, not a key management service for encryption at rest. Option C is wrong because Azure Key Vault (Standard tier) uses software-protected keys (FIPS 140-2 Level 1), not HSM-backed keys, and thus cannot meet the requirement for storing keys in an HSM.

182
MCQhard

A company is building a petabyte-scale data lake for analytics. The workload includes Apache Spark and Hive jobs that read and write large files. The storage solution must support a hierarchical namespace for efficient directory operations, POSIX-like access control lists (ACLs) for fine-grained permissions, and must be accessible via the Azure Blob Storage API for compatibility with existing tools. Furthermore, the solution should be optimized for analytics workloads with high throughput. Which Azure data service should they choose?

A.Azure Data Lake Storage Gen2
B.Azure Data Lake Storage Gen1
C.Azure Blob Storage
D.Azure Files
AnswerA

ADLS Gen2 combines a hierarchical namespace with POSIX ACLs and Blob API access. It is designed for large-scale analytics workloads and integrates with Spark and Hive.

Why this answer

Azure Data Lake Storage Gen2 (ADLS Gen2) is the correct choice because it combines a hierarchical namespace with POSIX-like ACLs and is accessible via the Azure Blob Storage API. This service is specifically optimized for analytics workloads like Apache Spark and Hive, providing high throughput for petabyte-scale data lakes. The hierarchical namespace enables efficient directory operations, while the Blob Storage API ensures compatibility with existing tools.

Exam trap

The trap here is that candidates may confuse Azure Data Lake Storage Gen1 with Gen2, overlooking that Gen1 lacks Blob Storage API compatibility, or they may assume Azure Blob Storage with hierarchical namespace enabled is a separate service, but ADLS Gen2 is the specific offering that combines all required features.

How to eliminate wrong answers

Option B (Azure Data Lake Storage Gen1) is wrong because it uses its own REST API, not the Azure Blob Storage API, breaking compatibility with existing tools that rely on Blob Storage APIs. Option C (Azure Blob Storage) is wrong because it does not support a hierarchical namespace by default (only flat namespace) and lacks POSIX-like ACLs, making it unsuitable for efficient directory operations and fine-grained permissions. Option D (Azure Files) is wrong because it is designed for SMB file shares and shared file access, not for petabyte-scale analytics workloads with high throughput, and it does not support the Blob Storage API or a hierarchical namespace optimized for Spark/Hive.

183
MCQhard

A financial services company is designing a data storage solution for its transaction processing system. The system uses Azure Cosmos DB with the Core (SQL) API. The company needs to implement a change data capture (CDC) pipeline to feed a downstream analytics system in near real-time (under 1 minute). The analytics system uses Azure Synapse Analytics. The data volume is approximately 10,000 transactions per second. The solution must minimize operational complexity and cost. Which approach should the company recommend?

A.Use Azure Cosmos DB change feed with Azure Functions to process changes and load them into Azure Synapse Analytics using the COPY command.
B.Enable Azure Synapse Link for Cosmos DB and query the transactional data directly from Synapse serverless SQL.
C.Use Azure Data Factory to schedule incremental copy from Cosmos DB to Synapse every minute.
D.Use Azure Databricks with Spark Structured Streaming to read from Cosmos DB change feed and write to Synapse.
AnswerA

Change feed provides real-time events, Functions can process and load to Synapse quickly.

Why this answer

Option A is correct because Azure Cosmos DB change feed can stream changes directly to Azure Functions or Stream Analytics, which can then write to Synapse via PolyBase or COPY command in near real-time. Option B is wrong because Azure Data Factory is batch-oriented and may not meet the <1 minute latency requirement. Option C is wrong because Azure Databricks with Change Feed adds complexity and cost.

Option D is wrong because Azure Synapse Link is designed for analytical queries on Cosmos DB data but does not provide a CDC stream to Synapse; it replicates data into Synapse for querying, but the latency may vary.

184
MCQhard

Refer to the exhibit. A custom Azure RBAC role is defined as shown. A user assigned this role is unable to delete blobs in a container. What is the most likely reason?

A.The role is scoped to the storage account but not to the container
B.The role does not include read permission on blobs
C.The role does not include any dataActions
D.The role does not include delete permission on blobs
AnswerD

Delete action is missing from dataActions.

Why this answer

Option D is correct because the custom RBAC role definition shown in the exhibit includes 'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete' under the 'Actions' section, but this permission is a control plane action, not a data plane action. To delete blobs, the role must include the corresponding data action 'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete/action' under 'DataActions'. Without it, the user lacks the necessary data plane permission to perform blob deletion, even though the control plane permission is present.

Exam trap

The trap here is that candidates see 'delete' in the Actions list and assume it covers blob deletion, missing the critical distinction between control plane and data plane permissions in Azure RBAC.

How to eliminate wrong answers

Option A is wrong because the scope of the role (storage account vs. container) does not affect the fundamental requirement for dataActions; the issue is the missing data action, not the scope. Option B is wrong because read permission on blobs (Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read) is not required to delete blobs; the delete operation only requires the delete data action. Option C is wrong because the role does include dataActions in the definition (as shown in the exhibit), but the specific delete data action is missing; the problem is not the absence of all dataActions.

185
Multi-Selecthard

Which THREE of the following are requirements for using Azure SQL Database auto-failover groups? (Select three.)

Select 3 answers
A.Both servers must be in the same Azure region.
B.The primary and secondary servers must be in different Azure regions.
C.The secondary server must have the same logical server name.
D.The databases must be in different elastic pools.
E.The databases must use the same service tier.
AnswersB, C, E

Auto-failover groups are designed for cross-region disaster recovery.

Why this answer

Azure SQL Database auto-failover groups require the primary and secondary servers to be in different Azure regions to support geo-replication and disaster recovery. This ensures that if a regional outage occurs, the secondary server can take over, maintaining business continuity. The secondary server must have the same logical server name to allow applications to connect using the same listener endpoint after failover.

Additionally, all databases in the failover group must use the same service tier to ensure consistent performance and capacity during failover.

Exam trap

The trap here is that candidates often assume the secondary server must have a different logical server name, but in fact the listener endpoint uses the same server name, and the secondary server's actual name can be different; the requirement is that the logical server name used for the failover group must be the same on both sides.

186
MCQhard

You need to design a data storage solution for a high-throughput event processing pipeline. The solution must ingest millions of events per second, support exactly-once processing semantics, and allow replay of events from the past 7 days. Which Azure service should you use as the event ingestion store?

A.Azure Service Bus
B.Azure IoT Hub
C.Azure Queue Storage
D.Azure Event Hubs
AnswerD

Event Hubs supports high-throughput ingestion, exactly-once processing, and event replay via Capture.

Why this answer

Azure Event Hubs is the correct choice because it is a big data streaming platform and event ingestion service designed for high-throughput scenarios, capable of ingesting millions of events per second. It supports exactly-once processing semantics through checkpointing and offset management, and it provides event retention for up to 7 days by default (configurable up to 90 days), enabling event replay. This makes it ideal for a high-throughput event processing pipeline that requires reliable ingestion and replay capabilities.

Exam trap

The trap here is that candidates often confuse Azure Event Hubs with Azure Service Bus, assuming both are interchangeable for messaging, but Event Hubs is optimized for massive-scale event ingestion and replay, while Service Bus is for reliable message delivery with lower throughput and transactional support.

How to eliminate wrong answers

Option A is wrong because Azure Service Bus is a message broker optimized for enterprise messaging with lower throughput (up to 20,000 messages per second per namespace) and does not natively support event replay for 7 days; it is designed for decoupled applications, not high-throughput event ingestion. Option B is wrong because Azure IoT Hub is specifically built for IoT device-to-cloud communication, with a maximum throughput of 6,000 events per second per unit, and while it supports device telemetry ingestion, it is not designed for the scale of millions of events per second or general-purpose event replay. Option C is wrong because Azure Queue Storage is a simple message queue with a maximum throughput of 20,000 messages per second per storage account and does not support exactly-once processing semantics or event replay; it is intended for asynchronous task processing, not high-throughput event streaming.

187
Multi-Selecthard

A company plans to migrate its on-premises Oracle database to Azure. The database is currently 2 TB and experiences high write throughput. The solution must support: - ACID transactions - Automatic failover to a secondary region - Minimal downtime during maintenance. Which three Azure services should the company include in the solution? (Choose three.)

Select 3 answers
A.Azure SQL Database Managed Instance
B.Azure SQL Database zone-redundant configuration
C.Azure Cosmos DB with SQL API
D.Azure Database for PostgreSQL - Hyperscale (Citus)
E.Azure SQL Database active geo-replication
AnswersA, B, E

Supports ACID transactions and has Oracle migration tools.

Why this answer

Option A is correct because Azure SQL Database Managed Instance supports native Oracle migration and ACID transactions. Option B is correct because active geo-replication provides automatic failover to a secondary region. Option D is correct because Azure SQL Database zone-redundant configuration ensures high availability within a region.

Option C is wrong because Azure Cosmos DB is NoSQL and not ACID for multi-document transactions. Option E is wrong because Azure Database for PostgreSQL is not optimized for Oracle migration.

188
MCQmedium

A company runs a global e-commerce application that stores customer order data. The data must be highly available and durable. The application requires strong consistency for all reads and writes. The company needs to store relational data (orders, customers) and handle complex queries with joins. They want a fully managed database service that supports active geo-replication for disaster recovery across two Azure regions with automatic failover. Which Azure database service should they choose?

A.Azure SQL Database with active geo-replication
B.Azure Cosmos DB with multiple write regions and strong consistency
C.Azure Database for MySQL with read replicas
D.Azure SQL Managed Instance with failover groups
AnswerA

Active geo-replication provides automatic failover to a readable secondary region, with strong consistency for relational workloads.

Why this answer

Azure SQL Database with active geo-replication is the correct choice because it provides a fully managed relational database service that supports strong consistency, complex queries with joins, and active geo-replication across two Azure regions with automatic failover for disaster recovery. Active geo-replication creates readable secondary replicas in a paired region, and the application can manually or programmatically initiate failover to ensure high availability and durability while maintaining transactional consistency.

Exam trap

The trap here is that candidates often confuse Azure SQL Database active geo-replication with Azure SQL Managed Instance failover groups, but the key differentiator is that active geo-replication supports automatic failover only when configured with a failover group, while Managed Instance failover groups are designed for instance-level migration and have different RPO/RTO characteristics and licensing requirements.

How to eliminate wrong answers

Option B is wrong because Azure Cosmos DB with multiple write regions and strong consistency is a NoSQL database that does not support relational data with complex joins and SQL-based queries natively, and its strong consistency mode limits availability and throughput in a multi-region write scenario. Option C is wrong because Azure Database for MySQL with read replicas does not support active geo-replication with automatic failover; read replicas are asynchronous and require manual promotion for failover, and the service does not provide the same level of geo-replication and automatic failover as Azure SQL Database. Option D is wrong because Azure SQL Managed Instance with failover groups supports geo-replication but is designed for lift-and-shift scenarios with full SQL Server compatibility, and its failover groups require a manual or automatic failover policy that is not as seamless as active geo-replication for a global e-commerce application needing automatic failover across two regions.

189
Multi-Selecteasy

A company is designing a storage solution for its backup data. The backups must be stored for 10 years for compliance reasons. The solution should minimize storage costs while ensuring data durability. Which two Azure services should the company consider? (Choose two.)

Select 2 answers
A.Azure Blob Storage Archive tier
B.Azure Files with snapshots
C.Azure NetApp Files with cross-region replication
D.Azure Disk Storage with incremental snapshots
E.Azure Backup with long-term retention policy
AnswersA, E

Lowest cost for rarely accessed data.

Why this answer

Azure Blob Storage Archive tier is correct because it provides the lowest-cost storage for data that is rarely accessed, with a 10-year retention period meeting compliance requirements. It offers 11 nines of durability (99.999999999%) by storing multiple copies across Azure regions, ensuring data integrity over the long term.

Exam trap

The trap here is that candidates often confuse Azure Backup with long-term retention (which is a service that manages backup lifecycle and can use Archive tier) with other Azure storage services that are not designed for cost-effective, long-term archival, such as Azure Files or Azure NetApp Files.

190
MCQmedium

A company manages a fleet of millions of IoT devices that send telemetry data every minute. The data must be stored for 10 years to meet compliance requirements. For the first 30 days, data is accessed frequently for real-time dashboards and alerting. After 30 days, data is only accessed occasionally for historical analysis and reporting. The solution must be cost-effective and support high ingestion rates. Which Azure service should the company use to store and query this data?

A.Azure Blob Storage with Azure Data Lake Storage Gen2
B.Azure Data Explorer
C.Azure SQL Database
D.Azure Cosmos DB with SQL API
AnswerB

Azure Data Explorer is optimized for time-series data, supports high ingestion rates, and provides both real-time and historical querying with automatic data tiering for cost effectiveness.

Why this answer

Azure Data Explorer (ADX) is designed for high-ingestion, time-series telemetry data and supports real-time dashboards and alerting on fresh data, while also providing cost-effective long-term storage for historical queries. Its columnar storage and indexing enable fast analytics on billions of records, making it ideal for IoT scenarios with millions of devices sending data every minute and a 10-year retention requirement.

Exam trap

The trap here is that candidates often choose Azure Blob Storage or Cosmos DB because they associate them with 'storage' or 'IoT,' but they fail to recognize that Azure Data Explorer is the only service purpose-built for high-velocity time-series analytics with built-in hot/cold tiering and native support for real-time alerting and long-term retention at scale.

How to eliminate wrong answers

Option A is wrong because Azure Blob Storage with Azure Data Lake Storage Gen2 is optimized for batch analytics and large file storage, not for real-time querying and alerting on high-velocity telemetry data; it lacks native time-series indexing and low-latency query capabilities. Option C is wrong because Azure SQL Database is a relational OLTP system that cannot cost-effectively handle the ingestion rate of millions of events per minute or the 10-year retention of massive telemetry volumes without significant performance degradation and high costs. Option D is wrong because Azure Cosmos DB with SQL API is a globally distributed NoSQL database designed for low-latency reads/writes on operational data, but it is not optimized for high-throughput time-series ingestion and analytical queries over long retention periods, and its cost would be prohibitive for storing billions of telemetry records for 10 years.

191
MCQmedium

A company is designing a data storage solution for a global e-commerce platform that requires low-latency access to product catalog data from multiple Azure regions. The data is read-heavy, with occasional updates. Which Azure data store should they recommend?

A.Azure Cache for Redis
B.Azure Blob Storage
C.Azure SQL Database
D.Azure Cosmos DB
AnswerD

Globally distributed, low-latency, multi-region reads.

Why this answer

Azure Cosmos DB is the correct choice because it provides globally distributed, multi-region writes with tunable consistency levels and single-digit-millisecond latency for read-heavy workloads. Its ability to replicate data across Azure regions and serve reads from the nearest region directly addresses the requirement for low-latency global access to product catalog data with occasional updates.

Exam trap

The trap here is that candidates often choose Azure Cache for Redis (Option A) because they associate low-latency with caching, but fail to recognize that the question requires a durable, globally distributed primary data store, not a cache layer that depends on an underlying database.

How to eliminate wrong answers

Option A is wrong because Azure Cache for Redis is an in-memory cache, not a durable primary data store; it would require an underlying persistent store and cannot serve as the authoritative source for product catalog data that needs occasional updates. Option B is wrong because Azure Blob Storage is optimized for unstructured blob data (images, videos, backups) and does not support low-latency, sub-second queries on structured product catalog data with indexing and consistency guarantees. Option C is wrong because Azure SQL Database is a relational database that, while supporting read replicas, does not natively provide multi-region, multi-master replication with automatic failover and tunable consistency for global low-latency reads; it requires complex manual configuration and has higher latency for cross-region access.

192
Multi-Selectmedium

Which TWO Azure services can be used to implement a globally distributed database that supports multi-region writes and provides low-latency access to users worldwide? (Choose two.)

Select 2 answers
A.Azure Storage with geo-redundant storage (GRS).
B.Azure Cache for Redis with geo-replication.
C.Azure Cosmos DB with multi-master enabled.
D.Azure Database for PostgreSQL with geo-replication.
E.Azure SQL Database with active geo-replication and failover groups.
AnswersC, E

Supports multi-region writes.

Why this answer

Option A and D are correct. Azure Cosmos DB with multi-master supports multi-region writes. Azure SQL Database active geo-replication supports readable secondaries but not multi-region writes; however, with failover groups it can support writes only in one region at a time.

Option B is wrong because Azure Database for PostgreSQL does not natively support multi-region writes. Option C is wrong because Azure Cache for Redis is a cache, not a database. Option E is wrong because Azure Storage is not a database.

193
MCQhard

You are designing a solution for a financial application that requires strong consistency for read and write operations across multiple Azure regions. The solution must support active-active configuration and provide fractional millisecond latency for single-digit KB payloads. Which data service should you choose?

A.Azure SQL Database with failover groups
B.Azure Table Storage with geo-replication
C.Azure Cosmos DB with strong consistency
D.Azure Cache for Redis with geo-replication
AnswerC

Cosmos DB supports multi-region writes with strong consistency and low latency.

Why this answer

Azure Cosmos DB with strong consistency is the correct choice because it offers multi-region writes (active-active) with guaranteed strong consistency, ensuring that all read and write operations across regions see the most recent write. It also provides fractional millisecond latency for single-digit KB payloads, meeting the financial application's performance requirements.

Exam trap

The trap here is that candidates often confuse Azure SQL Database's failover groups with active-active capability, but failover groups are active-passive and cannot support simultaneous writes across regions, whereas Cosmos DB's multi-region writes with strong consistency are required for true active-active scenarios.

How to eliminate wrong answers

Option A is wrong because Azure SQL Database with failover groups supports only active-passive configurations (one primary, one readable secondary) and cannot provide active-active multi-region writes; failover groups also introduce latency during failover and do not guarantee fractional millisecond latency globally. Option B is wrong because Azure Table Storage with geo-replication offers only eventual consistency by default, not strong consistency, and its read/write latency is higher than fractional milliseconds for multi-region scenarios. Option D is wrong because Azure Cache for Redis with geo-replication is an in-memory cache, not a durable data store, and its geo-replication is asynchronous, meaning it cannot guarantee strong consistency across regions; it also lacks native support for active-active writes.

194
MCQmedium

A SaaS company uses Azure SQL Database for a multi-tenant application. They have 80 tenant databases, each with varying and unpredictable usage patterns. The company wants to optimize costs without sacrificing performance and wants the ability to easily add new tenant databases without over-provisioning. Which deployment option should they use?

A.Azure SQL Database elastic pool
B.Single Azure SQL Database per tenant
C.Azure SQL Managed Instance
D.Azure SQL Database Hyperscale
AnswerA

Correct. Elastic pool allows sharing resources across databases, optimizing cost for variable and unpredictable workloads.

Why this answer

Azure SQL Database elastic pool is the correct choice because it allows multiple tenant databases to share a fixed set of resources (DTUs or vCores), automatically absorbing the unpredictable usage spikes of individual tenants without over-provisioning. This model optimizes cost by paying for the pooled resources rather than each database's peak capacity, and new tenant databases can be added seamlessly to the pool without upfront resource allocation.

Exam trap

The trap here is that candidates often choose Single Azure SQL Database per tenant (Option B) because they think it provides isolation and simplicity, but they overlook the cost inefficiency of over-provisioning for unpredictable peaks, which is exactly the problem elastic pools solve.

How to eliminate wrong answers

Option B (Single Azure SQL Database per tenant) is wrong because it requires provisioning each database for its peak load, leading to significant over-provisioning and higher costs when tenants have unpredictable, varying usage patterns. Option C (Azure SQL Managed Instance) is wrong because it is a fully managed instance of SQL Server with fixed resource limits per instance, designed for lift-and-shift scenarios, not for cost-efficient multi-tenant elasticity with many small databases. Option D (Azure SQL Database Hyperscale) is wrong because it is optimized for very large databases (up to 100 TB) with high throughput and rapid scaling, not for pooling many small, unpredictable tenant databases; it would be unnecessarily expensive and complex for this workload.

195
MCQhard

A company runs a high-performance computing (HPC) workload that requires low-latency access to large files (hundreds of GB) from thousands of Azure VMs concurrently. The files must be accessible via the NFS protocol and the solution must be a fully managed, POSIX-compliant file system that can scale throughput linearly with capacity. Which Azure storage solution should they choose?

A.Azure NetApp Files
B.Azure Files (premium tier)
C.Azure Blob Storage with NFS 3.0 support
D.Azure HPC Cache
AnswerA

Correct. Azure NetApp Files offers high performance, low latency, and POSIX compliance with linear throughput scalability.

Why this answer

Azure NetApp Files is the correct choice because it provides a fully managed, POSIX-compliant NFS file system that can scale throughput linearly with capacity. It is designed for HPC workloads requiring low-latency access to large files from thousands of concurrent VMs, offering sub-millisecond latency and high throughput that increases as you add capacity.

Exam trap

The trap here is that candidates often confuse Azure Blob Storage with NFS support as a fully POSIX-compliant file system, overlooking its lack of full POSIX compliance and linear throughput scaling, or they assume Azure Files premium tier can match the performance and scalability of Azure NetApp Files for HPC workloads.

How to eliminate wrong answers

Option B is wrong because Azure Files (premium tier) uses SMB protocol by default and, while it supports NFS, it does not provide the linear throughput scaling with capacity required for HPC workloads; its performance is capped per share and does not scale linearly. Option C is wrong because Azure Blob Storage with NFS 3.0 support is not a fully POSIX-compliant file system; it lacks features like hard links and directory rename operations, and its throughput does not scale linearly with capacity in the same way as a true file system. Option D is wrong because Azure HPC Cache is a caching service that accelerates access to existing storage (e.g., on-premises or Azure Blob), not a fully managed, POSIX-compliant file system itself; it does not provide a native NFS file system with linear throughput scaling.

196
MCQhard

Your company, Contoso Ltd., is a global financial services firm with a primary data center in London and a disaster recovery site in Paris. They are migrating their on-premises SQL Server databases to Azure. The databases include: (1) a 2-TB customer database with high transaction throughput, requiring an RPO of 5 seconds and an RTO of 30 seconds; (2) a 500-GB reporting database that is read-only and can tolerate an RPO of 1 hour and an RTO of 2 hours; (3) a 100-GB archival database that is accessed once a month. The solution must minimize costs while meeting requirements. You need to recommend a storage and database strategy for each database. What should you recommend?

A.Use Azure SQL Managed Instance for all databases with auto-failover groups.
B.Use Azure SQL Database with active geo-replication for the customer database, geo-restore for the reporting database, and long-term retention for the archival database.
C.Use Azure Cosmos DB for the customer database, Azure SQL Database for reporting, and Azure Blob Storage for archival.
D.Use Azure SQL Database with active geo-replication for all databases.
AnswerB

Meets requirements cost-effectively.

Why this answer

Option C is correct. For the customer database, Azure SQL Database with active geo-replication meets the low RPO/RTO. For the reporting database, Azure SQL Database geo-restore from geo-redundant backups meets the 1-hour RPO at lower cost.

For the archival database, Azure SQL Database with long-term retention (LTR) and geo-restore is cost-effective. Option A is wrong because Azure SQL Managed Instance is more expensive and not necessary. Option B is wrong because using Cosmos DB for relational data is inappropriate.

Option D is wrong because using Azure SQL Database for all with active geo-replication would be overkill and costly for the archival database.

197
MCQhard

You are designing a data lake solution using Azure Data Lake Storage Gen2. The solution must support file-level security for sensitive data and must integrate with Azure Purview for data cataloging. What should you use for file-level security?

A.Azure Key Vault with customer-managed keys
B.Access control lists (ACLs)
C.Azure Defender for Storage
D.Azure RBAC roles
AnswerB

ACLs provide file-level security in Data Lake Storage Gen2.

Why this answer

Option B is correct because Azure Data Lake Storage Gen2 supports POSIX-like ACLs for file-level permissions. Option A is wrong because RBAC operates at the storage account or container level. Option C is wrong because Azure Defender for Storage is for threat detection, not access control.

Option D is wrong because Azure Key Vault is for key management.

198
MCQmedium

A company stores log data in Azure Blob Storage. The logs are accessed frequently for the first 30 days, then only occasionally for up to 1 year, and after that must be retained for 7 years for compliance purposes. The company wants to minimize storage costs by automatically moving data to cheaper tiers. Which Azure Blob Storage lifecycle management policy should they implement?

A.Move to Cool tier after 30 days, move to Archive tier after 365 days, delete after 2555 days
B.Move to Cool tier after 30 days, move to Archive tier after 365 days, delete after 7 years
C.Move to Cool tier after 30 days, move to Archive tier after 30 days, delete after 2555 days
D.Move to Archive tier after 30 days, keep in Archive until deletion after 2555 days
AnswerA

This matches the usage pattern: frequent access first 30 days (Hot), then occasional access for a year (Cool), then rare access (Archive) until deletion after 7 years.

Why this answer

Option A is correct because it aligns with the access patterns: move to Cool tier after 30 days (frequent access period), move to Archive tier after 365 days (occasional access period ends), and delete after 2555 days (7 years retention). This minimizes costs by transitioning data to progressively cheaper storage tiers and automatically deleting it when compliance retention expires.

Exam trap

The trap here is that candidates may choose Option B thinking '7 years' is acceptable in the policy, but Azure requires the 'delete after' action to be specified in days (2555), not years, and they may overlook the early deletion penalty of the Archive tier when moving data too soon.

How to eliminate wrong answers

Option B is wrong because it specifies 'delete after 7 years' without converting to days; Azure lifecycle management policies require the 'delete after' action to be defined in days, not years, and 7 years equals 2555 days, not a literal '7 years' string. Option C is wrong because it moves data to Archive tier after only 30 days, which would incur early deletion fees and retrieval costs since logs are still accessed occasionally for up to a year; Archive tier is for rarely accessed data and has a 180-day minimum storage charge. Option D is wrong because it moves data directly to Archive tier after 30 days, ignoring the Cool tier entirely, which increases costs due to early deletion penalties and higher retrieval costs for the occasional access period up to 365 days.

199
MCQeasy

A company needs a fully managed NoSQL database for a new application with a key-value and document data model. They require single-digit millisecond latency at any scale, multi-region writes with automatic conflict resolution, and a serverless capacity option to handle unpredictable traffic. Which Azure data service should they use?

A.Azure Table Storage
B.Azure Cosmos DB
C.Azure Cache for Redis
D.Azure SQL Database
AnswerB

Cosmos DB provides guaranteed single-digit millisecond latency, multi-region writes (multi-master), automatic conflict resolution, and a serverless mode that automatically scales capacity based on workload.

Why this answer

Azure Cosmos DB is the correct choice because it is a fully managed NoSQL database that supports both key-value and document data models natively. It guarantees single-digit millisecond latency at any scale, offers multi-region writes with automatic conflict resolution via its multi-master replication, and provides a serverless capacity mode that automatically scales based on demand, making it ideal for unpredictable traffic.

Exam trap

The trap here is that candidates often confuse Azure Table Storage as a NoSQL database that supports multi-region writes, but it lacks document support and automatic conflict resolution, making Cosmos DB the only option that meets all requirements.

How to eliminate wrong answers

Option A is wrong because Azure Table Storage is a key-value store but does not support a document data model, lacks multi-region writes with automatic conflict resolution, and does not offer a serverless capacity option (it uses provisioned throughput). Option C is wrong because Azure Cache for Redis is an in-memory caching service, not a fully managed NoSQL database; it does not natively support document data models or multi-region writes with conflict resolution. Option D is wrong because Azure SQL Database is a relational database (SQL-based), not a NoSQL database, and does not support key-value or document data models natively, nor does it offer multi-region writes with automatic conflict resolution.

200
MCQhard

You are designing a data storage solution for an IoT application that ingests millions of events per second. Each event is a small JSON message (under 1 KB). The solution must support real-time analytics and allow queries on recent data (last 24 hours) with low latency. Historical data (older than 24 hours) should be stored in a cost-optimized manner for occasional compliance queries. Which combination of Azure services should you recommend?

A.Azure Cosmos DB for both real-time and historical data
B.Azure Event Hubs for ingestion and Azure Functions for querying
C.Azure SQL Database with elastic pool
D.Azure Data Explorer for real-time analytics and Azure Blob Storage for historical data
AnswerD

ADX handles high-throughput ingest and real-time queries; Blob Storage is cost-effective for cold data.

Why this answer

Azure Data Explorer (ADX) is purpose-built for real-time analytics on high-velocity data streams, ingesting millions of events per second with sub-second query latency on recent data. Azure Blob Storage provides a cost-optimized tier (e.g., Cool or Archive) for historical data older than 24 hours, which can be queried occasionally via ADX’s continuous export or external table feature. This combination meets both the low-latency real-time analytics requirement and the cost-effective long-term storage need.

Exam trap

The trap here is that candidates often confuse high-throughput ingestion with query capability, assuming that any service that can ingest data (like Event Hubs) can also serve real-time queries, or that a general-purpose database (like Cosmos DB or SQL Database) can handle the extreme volume and analytics pattern of IoT telemetry.

How to eliminate wrong answers

Option A is wrong because Azure Cosmos DB, while fast for transactional workloads, is not optimized for high-throughput ingestion of millions of events per second for real-time analytics; its per-request cost and indexing overhead would be prohibitive for this volume, and it lacks native time-series analytics capabilities. Option B is wrong because Azure Event Hubs is an ingestion service, not a query engine; Azure Functions are stateless and unsuitable for low-latency ad-hoc queries over terabytes of recent data, and they cannot efficiently handle the querying requirement. Option C is wrong because Azure SQL Database with elastic pool cannot ingest millions of events per second due to connection and transaction limits, and its cost for storing and querying high-volume time-series data would be excessive compared to purpose-built solutions.

201
MCQmedium

Your company is migrating a critical on-premises database to Azure SQL Managed Instance. The database is 500 GB and requires minimal downtime during migration. You need to choose the best migration approach. What should you recommend?

A.Use the export/import bacpac method.
B.Use Azure Data Factory to copy data.
C.Use transactional replication.
D.Use Azure Database Migration Service with online migration.
AnswerD

Supports minimal downtime by continuously replicating changes.

Why this answer

Option D is correct because Azure Database Migration Service with online migration supports minimal downtime by continuously syncing changes. Option A is wrong because export/import requires downtime. Option B is wrong because transactional replication can be complex and is not the primary recommended method for minimal downtime.

Option C is wrong because Azure Data Factory is for data integration, not minimal-downtime migration.

202
MCQeasy

You need to store billions of small JSON files (average 50 KB) that are accessed infrequently but must be available within seconds when requested. Which Azure storage solution is most cost-effective?

A.Azure SQL Database with a table storing JSON
B.Azure Files with SMB shares
C.Azure Blob Storage Cool tier
D.Azure Cosmos DB with a container for each file
AnswerC

Cool tier offers low storage costs and low-latency access for infrequently accessed data.

Why this answer

Azure Blob Storage Cool tier is the most cost-effective solution for storing billions of small JSON files (average 50 KB) that are infrequently accessed but require low-latency retrieval within seconds. The Cool tier offers low storage costs for data accessed less than once per month, while still providing sub-second access latency for individual blobs via HTTPS REST API, matching the 'available within seconds' requirement without the higher costs of Hot or premium tiers.

Exam trap

The trap here is that candidates often choose Azure Cosmos DB (Option D) because of its low-latency guarantees, but they overlook the massive cost difference for storing billions of small files, where Blob Storage's object storage model is far more economical for infrequently accessed data.

How to eliminate wrong answers

Option A is wrong because Azure SQL Database is a relational database optimized for transactional queries and structured data, not for storing billions of individual small files; storing each JSON file as a row would incur high storage costs (minimum 1 MB per row for LOB data) and poor performance for file-level retrieval. Option B is wrong because Azure Files with SMB shares is designed for shared file systems with SMB protocol overhead and is not optimized for billions of small files; it incurs higher costs per GB than Blob Storage and lacks native support for efficient bulk operations on individual small objects. Option D is wrong because Azure Cosmos DB is a NoSQL database optimized for low-latency queries and real-time access with high throughput, but its cost per GB of storage is significantly higher than Blob Storage (often 10x or more), making it prohibitively expensive for storing billions of small files that are accessed infrequently.

203
Multi-Selecteasy

A company needs to store sensitive customer data that must be encrypted at rest. Which TWO Azure storage services support customer-managed keys (CMK) for encryption?

Select 2 answers
A.Azure Files
B.Azure SQL Database
C.Azure Cache for Redis
D.Azure Blob Storage
E.Azure Cosmos DB
AnswersB, D

Supports CMK with Azure Key Vault.

Why this answer

Azure SQL Database and Azure Blob Storage both support customer-managed keys (CMK) via Azure Key Vault, allowing you to bring your own encryption keys (BYOK) for data at rest. This meets the requirement for sensitive customer data where the organization needs full control over encryption keys, including key rotation and revocation.

Exam trap

The trap here is that candidates often confuse services that support CMK with those that only support Microsoft-managed keys, and they may incorrectly select Azure Cosmos DB or Azure Files because they assume all Azure data services support BYOK, but only specific services like Azure SQL Database and Azure Blob Storage are explicitly tested for CMK in the AZ-305 exam.

204
MCQmedium

A company runs a SQL Server database on an Azure virtual machine in a single region. They need to increase storage capacity and improve I/O performance for their transaction-intensive workload. They also want to ensure high availability within the same datacenter (99.99% SLA). What should they do?

A.Use Azure Premium SSD v2 managed disks in a storage pool with mirroring across multiple disks.
B.Use Azure Ultra Disk storage attached to the VM.
C.Deploy the SQL Server on an availability set and use Storage Spaces Direct with multiple disks.
D.Enable Azure SQL Managed Instance with auto-failover groups.
AnswerA

Premium SSD v2 provides high IOPS and throughput, and multiple disks can be pooled in the OS (e.g., Storage Spaces) to increase capacity and performance. The VM should be in an availability set to meet the SLA.

Why this answer

Azure Premium SSD v2 managed disks offer the highest I/O performance for transaction-intensive workloads, with sub-millisecond latency and the ability to scale IOPS and throughput independently of disk size. By configuring a storage pool with mirroring across multiple Premium SSD v2 disks, you can aggregate capacity and I/O while providing redundancy within a single datacenter, which supports the 99.99% SLA for the VM when combined with an availability set or proximity placement group.

Exam trap

The trap here is that candidates often confuse Azure Ultra Disk as the best performance option, but it lacks the ability to pool multiple disks for capacity and I/O aggregation, making Premium SSD v2 with storage pool mirroring the correct choice for both performance and high availability within a single datacenter.

How to eliminate wrong answers

Option B is wrong because Azure Ultra Disk storage, while offering extremely low latency and high IOPS, does not natively support mirroring or striping across multiple disks in a storage pool to increase capacity and I/O simultaneously; it is typically used as a single disk and does not provide the same aggregated performance and redundancy as a mirrored pool. Option C is wrong because Storage Spaces Direct is designed for on-premises or Azure Stack HCI scenarios, not for Azure VMs; it cannot be used with Azure managed disks and would not be supported in a standard Azure VM deployment. Option D is wrong because Azure SQL Managed Instance with auto-failover groups is a PaaS solution that moves the workload off the VM, which does not address the requirement to increase storage capacity and I/O performance for the existing SQL Server on an Azure VM, and it introduces a different architecture and SLA model.

205
MCQmedium

A global e-commerce company stores product catalog data in a JSON document format. The application requires low-latency reads and writes from multiple geographic regions. The solution must support multi-region writes with automatic conflict resolution and provide a guaranteed 99th percentile latency. Which Azure Cosmos DB API and consistency level should they choose?

A.SQL API with Session consistency
B.Table API with Eventual consistency
C.SQL API with Strong consistency
D.MongoDB API with Bounded staleness consistency
AnswerA

The SQL API supports JSON documents, and Session consistency provides low latency with read-your-writes guarantee, suitable for e-commerce applications.

Why this answer

The SQL API with Session consistency is correct because it supports multi-region writes with automatic conflict resolution using last-writer-wins (LWW) and provides a guaranteed 99th percentile latency. Session consistency is the most widely used level for globally distributed applications, offering read-your-writes guarantees while maintaining low latency across regions.

Exam trap

The trap here is that candidates often assume Strong consistency is required for low-latency multi-region writes, but Strong consistency is incompatible with multi-region writes and would actually increase latency, while Session consistency provides the right balance of performance and guarantees.

How to eliminate wrong answers

Option B (Table API with Eventual consistency) is wrong because the Table API does not support multi-region writes; it only supports single-region writes with multi-region reads. Option C (SQL API with Strong consistency) is wrong because Strong consistency cannot be used with multi-region writes; it is only supported in single-region write configurations and would introduce high latency across regions. Option D (MongoDB API with Bounded staleness consistency) is wrong because Bounded staleness consistency, while supporting multi-region writes, does not guarantee a specific 99th percentile latency due to the configurable staleness window (k or t), which can introduce unpredictable delays.

206
Multi-Selecthard

Which THREE of the following are best practices for designing an Azure SQL Database solution for performance and scalability?

Select 3 answers
A.Use appropriate indexes to optimize query performance
B.Use elastic pools to manage multiple databases with variable workloads
C.Implement read replicas for read-heavy workloads
D.Avoid using stored procedures to reduce complexity
E.Disable automatic tuning to maintain consistent performance
AnswersA, B, C

Indexes improve query speed.

Why this answer

Option A is correct because appropriate indexes, such as clustered and nonclustered indexes, reduce the number of data pages scanned during query execution, directly improving query performance. In Azure SQL Database, index tuning is critical for minimizing I/O and CPU overhead, especially for large tables or complex joins.

Exam trap

The trap here is that candidates may mistakenly think stored procedures add complexity or that disabling automatic tuning ensures consistency, when in fact both practices hinder scalability and performance in Azure SQL Database's managed environment.

207
MCQmedium

A company wants to cache frequently accessed session state and product data for their e-commerce website. They need the cache to be highly available with a 99.9% SLA and provide fast read and write access. The solution must be fully managed. Which Azure Cache tier should they choose?

A.Azure Redis Cache Basic tier
B.Azure Redis Cache Standard tier
C.Azure Redis Cache Premium tier
D.Azure Content Delivery Network
AnswerB

Standard tier offers a 99.9% SLA, replication, and is fully managed, making it suitable for caching with high availability.

Why this answer

The Standard tier of Azure Redis Cache provides a 99.9% SLA through built-in replication with two nodes (primary and replica) in the same region, ensuring high availability. It is fully managed, supports fast read/write access for session state and product data, and meets the requirement without the additional cost or complexity of the Premium tier.

Exam trap

The trap here is that candidates often choose the Premium tier for high availability, not realizing that the Standard tier already provides a 99.9% SLA with replication, and Premium adds features like data persistence and clustering that are not required by the question.

How to eliminate wrong answers

Option A is wrong because the Basic tier has no SLA (0% SLA) and no replication, making it unsuitable for high availability requirements. Option C is wrong because the Premium tier, while offering higher performance and features like persistence and clustering, is overkill for the stated requirements and incurs unnecessary cost; the Standard tier already meets the 99.9% SLA and fast access needs. Option D is wrong because Azure Content Delivery Network is a caching solution for static content delivery at edge locations, not a low-latency, fully managed cache for dynamic session state and product data; it does not provide the read/write semantics required for session state.

208
MCQmedium

You are designing a hybrid storage solution where on-premises applications need low-latency access to file shares hosted in Azure. The solution must cache frequently accessed files locally and sync changes bidirectionally. Which Azure feature should you use?

A.Azure File Sync
B.Azure Data Box
C.Azure NetApp Files with ExpressRoute
D.Azure Blob Storage with Azure Files migration
AnswerA

File Sync provides local caching and bidirectional sync.

Why this answer

Azure File Sync is the correct choice because it enables bidirectional syncing of Azure file shares with on-premises Windows Servers, caching frequently accessed files locally for low-latency access while automatically syncing changes back to Azure. This meets the hybrid requirement of local caching and bidirectional sync without requiring full migration or dedicated network circuits.

Exam trap

The trap here is that candidates confuse Azure NetApp Files with ExpressRoute as a caching solution, but ExpressRoute only improves network latency and reliability—it does not provide local caching or bidirectional sync, which are core requirements of the scenario.

How to eliminate wrong answers

Option B is wrong because Azure Data Box is a physical data transfer device for bulk offline migration, not a continuous caching or bidirectional sync solution. Option C is wrong because Azure NetApp Files with ExpressRoute provides high-performance NFS/SMB volumes but does not include built-in bidirectional caching or sync with on-premises file servers; it requires separate replication tools. Option D is wrong because Azure Blob Storage with Azure Files migration is a one-time migration path, not a hybrid caching and sync service; Blob Storage itself does not support SMB file shares or bidirectional sync natively.

209
MCQeasy

You need to design a storage solution for an Azure virtual machine that runs a mission-critical application. The solution must provide the highest availability SLA and support up to 80,000 IOPS. Which type of Azure managed disk should you use?

A.Premium SSD v2
B.Ultra Disk
C.Standard SSD
D.Premium SSD (non-v2)
AnswerA

Premium SSD v2 supports up to 80,000 IOPS and provides high SLA.

Why this answer

Premium SSD v2 is correct because it offers the highest availability SLA (99.9% for single-instance VMs) and supports up to 80,000 IOPS per disk, meeting the mission-critical requirements. Unlike Ultra Disk, Premium SSD v2 does not require a dedicated capacity reservation, making it more cost-effective while still delivering high performance.

Exam trap

The trap here is that candidates often confuse Ultra Disk as the only high-IOPS option, overlooking that Premium SSD v2 can achieve 80,000 IOPS with a better SLA and without the capacity reservation requirement, or they mistakenly think Premium SSD non-v2 can reach 80,000 IOPS without realizing its per-disk IOPS limit is capped at 20,000 for smaller sizes.

How to eliminate wrong answers

Option B (Ultra Disk) is wrong because while it can exceed 80,000 IOPS, it requires a dedicated capacity reservation and has a lower SLA (99.9% for single-instance VMs) compared to Premium SSD v2, and it is not the most cost-effective choice for this IOPS requirement. Option C (Standard SSD) is wrong because it supports a maximum of 6,000 IOPS per disk, far below the required 80,000 IOPS, and has a lower SLA (99.5% for single-instance VMs). Option D (Premium SSD non-v2) is wrong because it supports up to 20,000 IOPS per disk (for P30 size) and requires larger disk sizes to achieve higher IOPS, making it unsuitable for 80,000 IOPS without using multiple disks or larger sizes that exceed typical capacity needs.

210
MCQeasy

Your company has a large number of unstructured files (images, videos) that need to be stored cost-effectively in Azure. The data is accessed infrequently but must be available within minutes when needed. Which storage tier should you recommend?

A.Premium tier.
B.Archive tier.
C.Cool tier.
D.Hot tier.
AnswerC

Cost-effective for infrequent access, data available within minutes.

Why this answer

Option B is correct because the Cool tier is for infrequently accessed data with immediate availability and lower cost than Hot. Option A is wrong because Hot tier is for frequently accessed data and costs more. Option C is wrong because Archive tier has a retrieval time of hours.

Option D is wrong because Premium tier is for low-latency, high-performance scenarios.

211
MCQmedium

A media company stores large video files that are accessed once a month for audits. When needed, they must be available for download immediately (within seconds). The company wants to minimize storage costs. Which Azure Blob Storage access tier should they use?

A.Hot tier
B.Cool tier
C.Cold tier
D.Archive tier
AnswerB

Cool tier balances lower storage cost with immediate access, ideal for data accessed less than 30 days apart.

Why this answer

The Cool tier is optimal for this scenario because it balances low storage cost with high availability and low latency access. Video files accessed once a month for audits require immediate download (within seconds), which Cool tier supports with the same millisecond latency as Hot tier, but at a lower storage price. Archive tier would introduce a multi-hour rehydration delay, making it unsuitable for on-demand access within seconds.

Exam trap

The trap here is that candidates often choose Archive tier for infrequent access without realizing that the multi-hour rehydration latency makes it impossible to meet the 'within seconds' availability requirement, or they choose Hot tier out of habit for any access speed requirement, ignoring the cost-minimization goal.

How to eliminate wrong answers

Option A (Hot tier) is wrong because it has the highest storage cost, which contradicts the goal of minimizing storage costs for infrequently accessed data. Option C (Cold tier) is wrong because although it offers lower storage cost than Cool, it has a higher minimum storage duration (90 days vs 30 days) and a higher early deletion fee, making it more expensive for data accessed only once a month. Option D (Archive tier) is wrong because it requires a rehydration process that takes up to 15 hours, making it impossible to provide download within seconds on demand.

212
MCQeasy

Your company uses Azure SQL Database and needs to retain backups for 7 years for compliance. Which backup retention policy should you configure?

A.Increase automated backup retention to 7 years.
B.Configure point-in-time restore backup retention for 7 years.
C.Enable geo-redundant backups.
D.Configure long-term retention (LTR) backup policy.
AnswerD

LTR allows weekly, monthly, yearly backups up to 10 years.

Why this answer

Azure SQL Database's automated backup retention is limited to a maximum of 35 days, which is insufficient for a 7-year compliance requirement. Long-term retention (LTR) allows you to retain full database backups for up to 10 years by storing them in separate Azure Blob Storage containers. Therefore, configuring an LTR backup policy is the correct solution for meeting a 7-year retention mandate.

Exam trap

The trap here is that candidates often confuse the maximum retention for automated backups (35 days) with the ability to extend it arbitrarily, or they mistakenly think point-in-time restore retention can be configured for years, when in reality only long-term retention (LTR) supports multi-year archival.

How to eliminate wrong answers

Option A is wrong because Azure SQL Database automated backup retention has a maximum of 35 days, not 7 years; you cannot increase it beyond that limit. Option B is wrong because point-in-time restore (PITR) backup retention is also capped at 35 days and is designed for short-term recovery, not long-term archival compliance. Option C is wrong because enabling geo-redundant backups (e.g., geo-redundant storage) provides disaster recovery protection by replicating backups to a paired region, but it does not extend the retention period beyond the default 35 days.

213
MCQmedium

A company is designing a storage solution for a critical application that requires low latency (under 5 ms) and high throughput for large files (up to 10 GB). The solution must support NFS and SMB protocols. Which Azure storage solution should you recommend?

A.Azure Blob Storage (premium tier)
B.Azure NetApp Files
C.Azure Managed Disks (Ultra Disk)
D.Azure Files (premium tier)
AnswerB

Azure NetApp Files offers high performance, low latency, and both NFS and SMB protocols for large files.

Why this answer

Azure NetApp Files is the correct choice because it provides a fully managed, high-performance file share service that supports both NFS and SMB protocols natively, with sub-millisecond latency and throughput suitable for large files up to 10 GB. It is built on NetApp's ONTAP technology and is designed for latency-sensitive enterprise workloads, meeting the under-5 ms requirement while handling large file sizes efficiently.

Exam trap

The trap here is that candidates often confuse Azure Files (premium) with Azure NetApp Files, assuming both offer identical NFS and SMB support, but Azure Files' NFS is still in preview and lacks the enterprise-grade performance and protocol maturity of Azure NetApp Files for large-file, low-latency workloads.

How to eliminate wrong answers

Option A is wrong because Azure Blob Storage (premium tier) does not support NFS or SMB protocols natively; it uses REST APIs or NFS 3.0 only (not SMB), and its block blob architecture is optimized for object storage, not shared file access for large files with low latency. Option C is wrong because Azure Managed Disks (Ultra Disk) provides block-level storage with low latency but does not support NFS or SMB protocols; it is attached as a raw disk to a VM and requires the guest OS to manage file sharing, making it unsuitable for direct protocol-based access. Option D is wrong because Azure Files (premium tier) supports SMB and NFS (preview), but its NFS implementation is limited to Linux clients and lacks the advanced performance tuning, high throughput, and sub-5 ms latency consistency required for large files up to 10 GB, especially under concurrent access patterns.

214
MCQeasy

A company needs to store millions of small JSON files (average 10 KB each) for a serverless application. The data must be accessed via HTTPS and support high read throughput. Which Azure storage solution is most cost-effective?

A.Azure Blob Storage (general-purpose v2, hot tier)
B.Azure Files (standard)
C.Azure Cosmos DB
D.Azure Table Storage
AnswerA

Blob Storage provides scalable object storage with HTTPS access, ideal for millions of small files.

Why this answer

Azure Blob Storage (general-purpose v2, hot tier) is the most cost-effective solution because it provides native HTTPS access, high throughput for read-heavy workloads, and low-cost storage for small objects like JSON files. The hot tier optimizes for frequent access, and GPv2 accounts support the high request rates needed for millions of small files without premium pricing.

Exam trap

The trap here is that candidates often choose Azure Cosmos DB for JSON files due to its native JSON support, but they overlook the cost inefficiency of using a transactional database for static file storage, where blob storage provides the same HTTPS access at a fraction of the cost.

How to eliminate wrong answers

Option B (Azure Files) is wrong because it is designed for SMB/NFS file shares with mounted drives, not for direct HTTPS access to individual small objects, and its cost per GB is higher than blob storage for this use case. Option C (Azure Cosmos DB) is wrong because it is a NoSQL database optimized for transactional workloads with low-latency queries, not for bulk storage of static JSON files, and its RU-based pricing would be prohibitively expensive for millions of small files with high read throughput. Option D (Azure Table Storage) is wrong because it is a NoSQL key-value store for structured data with partition key limitations, not designed for storing raw JSON files as blobs, and its throughput is constrained by partition scalability.

215
MCQmedium

Refer to the exhibit. An organization deployed this ARM template to create a storage account. After deployment, they try to enable geo-redundant storage (GRS) but receive an error. What is the most likely reason?

A.The supportsHttpsTrafficOnly property must be set to false.
B.The storage account name is not globally unique.
C.The minimumTlsVersion property prevents geo-replication.
D.The storage account uses Standard_LRS, which does not support GRS.
AnswerD

LRS is single-region; GRS requires a different SKU.

Why this answer

Option D is correct because Standard_LRS (Locally Redundant Storage) does not support upgrading to GRS (Geo-Redundant Storage) directly. To enable GRS, the storage account must be created with a redundancy tier that supports geo-replication, such as Standard_GRS or Standard_RAGRS. The error occurs because the ARM template specifies Standard_LRS, which only replicates data within a single datacenter and cannot be converted to a geo-redundant tier after deployment.

Exam trap

The trap here is that candidates may confuse the supportsHttpsTrafficOnly or minimumTlsVersion properties with geo-replication settings, or assume that any storage account can be upgraded to GRS regardless of its initial redundancy tier.

How to eliminate wrong answers

Option A is wrong because the supportsHttpsTrafficOnly property controls whether HTTPS is required for traffic, not geo-replication; setting it to false would not enable GRS and is unrelated to the error. Option B is wrong because a non-unique storage account name would cause a deployment failure, not an error when trying to enable GRS after successful deployment. Option C is wrong because the minimumTlsVersion property restricts the TLS version for client connections and has no impact on geo-replication capabilities.

216
MCQeasy

Your organization is migrating on-premises SQL Server databases to Azure. The databases are mission-critical and require the highest level of availability with automatic failover to a secondary region. Which Azure SQL deployment option should you recommend?

A.Azure SQL Database with active geo-replication
B.Azure Database for PostgreSQL
C.SQL Server on Azure Virtual Machines with Always On availability groups
D.Azure SQL Managed Instance with failover groups
AnswerA

Active geo-replication enables automatic failover to a secondary region.

Why this answer

Azure SQL Database with active geo-replication provides the highest level of availability with automatic failover to a secondary region by continuously replicating transactions from the primary to a readable secondary database in a different Azure region. This supports an RPO of 5 seconds and an RTO of 1 hour (or lower with forced failover), making it ideal for mission-critical workloads requiring cross-region disaster recovery.

Exam trap

The trap here is that candidates often confuse Azure SQL Managed Instance failover groups (which only support same-region automatic failover) with active geo-replication (which supports cross-region automatic failover), leading them to select Option D incorrectly.

How to eliminate wrong answers

Option B is wrong because Azure Database for PostgreSQL is a different database engine (PostgreSQL vs. SQL Server) and does not support the same high-availability features like active geo-replication or failover groups for SQL Server workloads. Option C is wrong because SQL Server on Azure Virtual Machines with Always On availability groups requires manual configuration of the secondary region, does not provide automatic failover to a secondary region out of the box, and incurs higher management overhead compared to a PaaS solution.

Option D is wrong because Azure SQL Managed Instance with failover groups supports automatic failover only within the same region (via failover groups) and does not natively support automatic failover to a secondary region; cross-region failover requires manual intervention or additional configuration.

217
MCQhard

You are reviewing the above Azure Policy definition assigned to a storage account. What does this policy enforce?

A.Containers can be written to only if they use the default encryption scope.
B.All containers must use a specific customer-managed encryption scope named 'customEncryptionScope' to allow write operations.
C.Write operations are allowed only when encryption scope is not specified.
D.Reading from containers is denied unless a specific encryption scope is used.
AnswerB

The policy denies writes unless the encryption scope matches the specified one.

Why this answer

The Azure Policy definition uses the 'denyAction' effect to block write operations unless the storage account's containers are configured with a specific customer-managed encryption scope named 'customEncryptionScope'. This enforces that all containers must use that exact encryption scope for write operations, ensuring data is encrypted with a customer-managed key at the container level.

Exam trap

The trap here is that candidates often confuse the 'denyAction' effect with the standard 'deny' effect, or assume the policy applies to read operations, when in fact it specifically targets write operations and requires a precise encryption scope name.

How to eliminate wrong answers

Option A is wrong because the policy does not enforce that containers can only be written to if they use the default encryption scope; it specifically requires a custom encryption scope named 'customEncryptionScope', not the default. Option C is wrong because the policy denies write operations when no encryption scope is specified, not allows them; it requires the specific scope to be present. Option D is wrong because the policy targets write operations (Microsoft.Storage/storageAccounts/blobServices/containers/write), not read operations; it does not deny reading from containers.

218
MCQhard

You are designing a data storage solution for a global e-commerce platform that handles millions of transactions per day. The platform uses Azure Cosmos DB for its transactional data. The company wants to implement a real-time analytics pipeline to monitor sales trends and detect anomalies. The analytics must be performed on the transactional data with minimal latency (under 5 seconds). The solution must not impact the transactional workload's performance. The analytics queries involve aggregations over time windows and joins with reference data stored in Azure SQL Database. You need to recommend a solution. Which option should you choose?

A.Enable Azure Synapse Link for Cosmos DB and use Synapse serverless SQL to query the transactional data directly.
B.Use Azure Data Factory to copy data from Cosmos DB to Azure Synapse Analytics every minute, and run analytics queries in Synapse.
C.Use Azure Cosmos DB change feed to stream data to Azure Stream Analytics, which performs the aggregations and joins with reference data from Azure SQL Database.
D.Use Azure Databricks with Auto Loader to incrementally load data from Cosmos DB into Delta Lake, and then query with Spark SQL.
AnswerC

Change feed provides real-time changes, Stream Analytics handles sub-second latency and joins.

Why this answer

Option A is correct because Azure Cosmos DB change feed enables real-time capture of changes, and Azure Stream Analytics can process streams with low latency and join with reference data from Azure SQL Database. Option B is wrong because Azure Data Factory is a batch ETL tool, not suitable for sub-5-second latency. Option C is wrong because Azure Synapse Link replicates data to Azure Synapse, which adds latency and is not real-time.

Option D is wrong because Azure Databricks with Auto Loader is also batch-oriented and not designed for sub-5-second streaming.

219
MCQhard

A company stores petabytes of sensor data in Azure Data Lake Storage Gen2. They need to run complex analytics queries that involve joining multiple datasets and aggregating time-series data. The queries must complete within seconds. Which Azure service should they use for querying?

A.Azure Stream Analytics
B.Azure Data Explorer
C.Azure Synapse Analytics
D.Azure Databricks
AnswerC

Synapse provides MPP engine for fast interactive queries on data lake data.

Why this answer

Azure Synapse Analytics (formerly SQL Data Warehouse) provides massively parallel processing (MPP) for fast analytics on data lakes. Azure Stream Analytics is for real-time streaming. Azure Data Explorer is for time-series but not optimized for joining large datasets from Data Lake.

Azure Databricks is good for big data but not as fast for interactive SQL queries.

220
Multi-Selecthard

Which THREE factors should you consider when selecting a partition key for an Azure Cosmos DB container? (Select three.)

Select 3 answers
A.Even distribution of request unit (RU) consumption
B.Low cardinality to reduce overhead
C.High cardinality (many distinct values)
D.Property with large binary data
E.Property frequently used as a filter in queries
AnswersA, C, E

Even RU distribution prevents throttling.

Why this answer

Option A is correct because an even distribution of request unit (RU) consumption across physical partitions prevents hot partitions, which can throttle throughput and degrade performance. In Azure Cosmos DB, the partition key determines how data and throughput are distributed; if RU consumption is skewed, some partitions become overloaded while others remain underutilized, violating the design goal of uniform load.

Exam trap

The trap here is that candidates confuse low cardinality with efficiency, but Cosmos DB requires high cardinality to avoid storage limits and hot partitions, and they may also mistakenly think large binary properties are acceptable partition keys despite the 2 KB limit and indexing overhead.

221
MCQeasy

A company stores sensitive customer data in Azure Blob Storage. They need to ensure that data at rest is encrypted using a customer-managed key stored in Azure Key Vault. Which of the following should they use?

A.Azure Storage Service Encryption with customer-managed keys in Azure Key Vault
B.Azure Disk Encryption
C.Azure Storage Service Encryption with Microsoft-managed keys
D.Azure Information Protection
AnswerA

Allows customer-managed keys for encryption.

Why this answer

Azure Storage Service Encryption with customer-managed keys allows encryption using keys from Azure Key Vault. Option B is correct because it supports customer-managed keys. Option A is wrong because it uses Microsoft-managed keys.

Option C is wrong because Azure Information Protection is for classification and labeling. Option D is wrong because Azure Disk Encryption is for virtual machine disks.

222
MCQmedium

A global e-commerce company runs a product catalog application that requires low-latency reads and writes from multiple geographic regions. The data is key-value structured and must be replicated with multi-region write capability. The company needs a fully managed NoSQL database service with guaranteed 99th percentile latency and automatic conflict resolution. Which Azure data service should they choose?

A.Azure Cosmos DB
B.Azure Table Storage
C.Azure Redis Cache
D.Azure SQL Database
AnswerA

Azure Cosmos DB is a globally distributed NoSQL database that supports multiple APIs, multi-region writes, automatic conflict resolution, and provides deterministic latency guarantees at the 99th percentile.

Why this answer

Azure Cosmos DB is the correct choice because it is a fully managed NoSQL database that supports multi-region writes with automatic conflict resolution, guarantees 99th percentile latency, and provides low-latency reads and writes globally. Its multi-master replication and tunable consistency models meet the key-value structured data requirements and the need for high availability across geographic regions.

Exam trap

The trap here is that candidates may confuse Azure Table Storage's NoSQL nature with Cosmos DB's multi-region write and latency guarantees, overlooking the critical requirements for automatic conflict resolution and 99th percentile latency SLAs.

How to eliminate wrong answers

Option B is wrong because Azure Table Storage is a NoSQL key-value store but does not support multi-region write capability or automatic conflict resolution, and it lacks guaranteed 99th percentile latency SLAs. Option C is wrong because Azure Redis Cache is an in-memory data store, not a fully managed NoSQL database, and it does not provide multi-region write replication or automatic conflict resolution for persistent data. Option D is wrong because Azure SQL Database is a relational database, not a NoSQL key-value store, and it does not natively support multi-region writes with automatic conflict resolution.

223
MCQmedium

You are the Azure architect for a healthcare organization that needs to store patient medical records (unstructured data) and provide secure access to doctors and nurses via a web application. The data must be encrypted at rest and in transit. Access must be authorized based on the requester's role (doctor, nurse, admin). The solution must be cost-effective and support high concurrency. You decide to use Azure Blob Storage. You need to design the access control mechanism. What should you recommend?

A.Enable storage service encryption and use HTTPS.
B.Use shared access signatures (SAS) with stored access policies.
C.Use Azure RBAC with Microsoft Entra ID authentication.
D.Use storage account access keys and distribute them to users.
AnswerC

Provides role-based access control natively.

Why this answer

Option A is correct. Using Azure RBAC with Microsoft Entra ID (formerly Azure AD) allows role-based access control natively integrated with Blob Storage. This meets the requirement of role-based authorization without managing additional keys.

Option B is wrong because SAS tokens are not tied to user roles. Option C is wrong because using access keys provides full access, not role-based. Option D is wrong because storage service encryption is enabled by default and doesn't provide access control.

224
MCQeasy

A company stores large video files for a media streaming application. The files are accessed infrequently but need to be available instantly when requested. The company wants to minimize storage costs while ensuring high durability. Which Azure Blob Storage access tier should they use?

A.Hot tier
B.Cool tier
C.Cold tier
D.Archive tier
AnswerB

Cool tier is ideal for infrequently accessed data that needs instant access, providing lower storage costs than Hot while maintaining low latency.

Why this answer

The Cool tier is the optimal choice because it balances low storage cost with instant access for infrequently accessed data. The scenario specifies that files are accessed infrequently but require instant availability, which aligns with the Cool tier's design for data that will be stored for at least 30 days and needs millisecond retrieval latency. Hot tier would be more expensive for infrequent access, while Cold and Archive tiers introduce retrieval delays or higher access costs that violate the 'available instantly' requirement.

Exam trap

The trap here is that candidates often confuse 'infrequently accessed' with 'archival' and choose Archive tier, failing to recognize that Archive requires manual rehydration with significant latency (hours), which directly contradicts the 'available instantly' requirement in the question.

How to eliminate wrong answers

Option A is wrong because the Hot tier is designed for frequently accessed data and has higher storage costs, making it cost-inefficient for infrequently accessed video files. Option C is wrong because the Cold tier has a 30-day minimum storage duration and incurs a higher cost per read operation compared to Cool, and while it offers instant access, it is not the most cost-effective for this specific infrequent access pattern. Option D is wrong because the Archive tier has a retrieval latency of up to 15 hours (rehydration time), which violates the requirement that files be 'available instantly' when requested.

225
MCQeasy

A startup is building a new mobile app backend. They need a fully managed relational database service with built-in high availability, automatic backups, and built-in intelligence to optimize performance. They want to minimize administrative overhead for tasks like patching and scaling. Which Azure service should they use?

A.Azure SQL Database
B.SQL Server on Azure Virtual Machines
C.Azure Database for MySQL
D.Azure Cosmos DB
AnswerA

Azure SQL Database is a fully managed relational database with built-in HA, automated backups, and intelligent performance optimization.

Why this answer

Azure SQL Database is a fully managed Platform-as-a-Service (PaaS) relational database that includes built-in high availability (99.99% SLA), automatic backups with point-in-time restore, and built-in intelligence features like automatic tuning, adaptive query processing, and intelligent insights. This minimizes administrative overhead for patching, scaling, and performance optimization, making it ideal for a startup that wants to focus on app development rather than database management.

Exam trap

The trap here is that candidates often confuse 'fully managed' with 'IaaS' or pick Azure Database for MySQL because it is also fully managed, but they overlook the specific requirement for 'built-in intelligence to optimize performance,' which is a hallmark of Azure SQL Database's automatic tuning features, not available in Azure Database for MySQL.

How to eliminate wrong answers

Option B is wrong because SQL Server on Azure Virtual Machines is an Infrastructure-as-a-Service (IaaS) offering that requires you to manage patching, backups, high availability setup (e.g., Always On Availability Groups), and scaling manually, increasing administrative overhead. Option C is wrong because Azure Database for MySQL is a fully managed relational database, but it lacks the built-in intelligence features (e.g., automatic tuning, intelligent insights) that Azure SQL Database provides, and the question specifically asks for 'built-in intelligence to optimize performance.' Option D is wrong because Azure Cosmos DB is a NoSQL database (supporting document, key-value, graph, and column-family models), not a relational database, and it does not use SQL as its primary query language (though it has a SQL API, it is not a relational database engine).

← PreviousPage 3 of 4 · 233 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Design data storage solutions questions.