Design infrastructure solutions

A company is designing a hub-spoke network topology in Azure. The hub contains a third-party network virtual appliance (NVA) for inspection. Spokes need to communicate with each other, and all inter-spoke traffic must be routed through the NVA in the hub. Which configuration should they use?

A company is deploying a web application on Azure App Service. They need to guarantee that all traffic from the internet goes through a Web Application Firewall (WAF) before reaching the app. The solution must be cost-effective for a single application. Which Azure service should they place in front of the App Service?

A company has multiple Azure subscriptions and on-premises data centers connected via ExpressRoute. They want to centralize connectivity to the internet and enforce a single web filtering and security policy for all outbound internet traffic from Azure VMs. Which Azure networking architecture should they implement?

A company has multiple branch offices and needs to connect them to Azure and to each other using a scalable, managed solution that simplifies network architecture. The solution should support automatic routing and integration with ExpressRoute and VPN. Which Azure service should they use?

A company runs a high-performance computing (HPC) workload on Azure that requires extremely low latency (under 10 microseconds) between multiple VMs for MPI communication. The VMs are part of a single job and must be placed together to minimize network latency. Which VM deployment option should they use?

A company is deploying an internal web application on Azure VMs. The application requires SSL offloading, session stickiness, and URL-based routing (e.g., /api/* to one backend, /app/* to another). The solution must operate within a single Azure region and must not be exposed to the public internet. Which Azure load balancing solution should they use?

A company is developing a containerized microservices application. They want to minimize operational overhead for managing orchestration. The application has a low-to-medium traffic pattern that can spike unpredictably. They need fast scaling and pay-per-second billing. Which Azure compute service should they use?

A company has two on-premises data centers and an Azure subscription. They need to connect each data center to Azure with a private, high-bandwidth, and reliable connection. They also want a low-cost backup connection for each data center in case the primary connection fails. Which combination of connectivity options should they recommend?

A company is designing a hub-spoke network topology across multiple Azure regions. They plan to deploy a third-party network virtual appliance (NVA) in the hub for traffic inspection. They require that all traffic between spokes in different regions must be routed through the hub NVA, and they want to minimize the number of peered connections. Which solution should they implement?

A company is deploying a multi-tier web application on Azure. The web tier must be accessible from the internet. The application tier and database tier must be isolated within the virtual network and not directly accessible from the internet. The solution must provide SSL termination, URL-based routing, and Web Application Firewall (WAF) capabilities. Which Azure service should they use to expose the web tier?

A company is deploying a multi-tier web application on Azure VMs. The web tier must be accessible from the internet, while the application and database tiers must be isolated within the virtual network. The solution must provide SSL termination, web application firewall (WAF) capabilities, and URL-based routing. Which Azure service should they use to expose the web tier?

A global company is deploying a microservices application on AKS clusters in multiple Azure regions. They need to provide a single endpoint for users worldwide with SSL offloading, web application firewall, and URL path-based routing to the nearest healthy AKS cluster. They also need global load balancing with automatic failover. Which Azure service should they use?

A company has a hub-spoke network topology in Azure. They have multiple spoke VNets connected to a hub VNet via peering. They need to ensure that all east-west traffic between spoke VNets goes through a network virtual appliance (NVA) in the hub for inspection. Additionally, all outbound internet traffic from spoke VMs must use a single public IP address. What should they configure?

A company needs to provide secure remote administration access to Azure virtual machines for their IT team. The VMs are in a virtual network with no public IP addresses. The IT team uses browsers to connect. The solution should not require any custom software on the client machines. Which Azure service should they use?

A company has an Azure SQL Database that they need to access from an on-premises data center over ExpressRoute. They want to use a private IP address to connect to the database, ensuring traffic never traverses the public internet. Which Azure service should they use?

A company plans to deploy a stateless web application on Azure virtual machines. They want to ensure that the application remains available in the event of a hardware failure within a single Azure datacenter. The VMs must be placed in a way that ensures they are on different physical servers and racks, but are still within the same datacenter. Which deployment strategy should they use?

A company is deploying a web application that must be accessible from the internet. The application is hosted on Azure virtual machines in a virtual network. The solution must provide SSL termination, web application firewall (WAF) protection, and URL path-based routing (e.g., /api/* to one backend pool, /app/* to another). The web tier must not be directly exposed to the internet. Which Azure load balancing solution should they use?

A company has an on-premises data center and wants to connect it to Azure to extend their network. They require a dedicated, private, high-bandwidth connection that is not routed over the public internet. They also want a lower-cost backup connection for redundancy in case the primary connection fails. Which combination of connectivity options should they implement?

A company deploys a web application on Azure VMs across multiple availability zones in a region. They need to distribute incoming traffic across VMs in all zones, maintain session persistence, and support SSL offloading and URL-based routing (e.g., /api/* to one pool, /app/* to another). Which Azure load balancing solution should they use?

A company has multiple Azure VNets deployed in a hub-spoke topology. They want to inspect all outbound internet traffic from spoke VMs using a central firewall and ensure that traffic from all VNets goes through the firewall before reaching the internet. They also need to log all outbound connections. Which architecture should they implement?

A company plans to deploy a web application on Azure virtual machines. They want to protect against a datacenter failure within a region. The VMs must be distributed across multiple physically separate locations with independent power, cooling, and networking. Which deployment option should they use?

A global e-commerce company deploys its web application on Azure Kubernetes Service (AKS) clusters in multiple Azure regions. They need a single global endpoint for users, with SSL offloading, web application firewall (WAF) protection, and URL path-based routing to the nearest healthy AKS cluster. Which Azure service should they use?

A company has an on-premises data center and wants to connect it to Azure with a dedicated, private network connection that is not routed over the public internet. They also need a higher service-level agreement (SLA) compared to VPN-based connections. Which Azure service should they use?

A company has deployed several Azure VMs that do not have public IP addresses. Administrators need to securely connect to these VMs using RDP and SSH from the internet over a browser without deploying a jump box or managing VPN connections. The solution must use Microsoft Entra ID authentication for single sign-on. Which Azure service should they use?

A company has an Azure virtual network (VNet) in the East US region hosting a web application. They need to securely connect to an on-premises data center in the same region using a dedicated, private network connection with high throughput and low latency. They also need a backup connection for redundancy in case the primary connection fails. Which connectivity solution should they implement?

A company deploys a web application in two Azure regions for high availability. They need to automatically direct users to the nearest healthy region based on geographic location and endpoint health. Which Azure service should they use?

A company deploys a web application on Azure VMs within a single region. They need to distribute incoming HTTP traffic across multiple VMs, offload SSL encryption, and maintain session persistence (sticky sessions) for user sessions. Which Azure load balancing solution should they use?

A company deploys Azure VNets in multiple regions and has on-premises data centers. They need to connect all VNets to each other and to on-premises sites using the Microsoft global network for optimal routing. They also want to simplify management by using a single orchestration interface. Which Azure service should they use?

A company has multiple Azure virtual networks (VNets) in different regions. They want to connect all VNets to each other securely over the Microsoft backbone network, and also connect to their on-premises data center via ExpressRoute. What is the simplest Azure solution to enable connectivity between all VNets and on-premises?

A company deploys a web application across multiple Azure VMs in a single region. They want to distribute incoming HTTP traffic evenly across the VMs, offload SSL encryption, and provide a fixed public IP address for clients. Which Azure load balancing solution should they use?

A company has multiple Azure virtual networks (VNets) in different Azure regions and an on-premises data center connected via ExpressRoute. They want to connect all VNets to each other and to the on-premises network securely over the Microsoft global backbone. They also want to simplify management by using a single orchestration interface. Which Azure service should they use?

A company deploys a web application on multiple Azure VMs. They need to distribute incoming HTTP traffic across the VMs, offload SSL/TLS termination, and maintain session persistence (sticky sessions) so that all requests from a user session go to the same backend VM. Which Azure load balancing solution should they use?

A company runs a web application on Azure VMs in a single region. The application must scale out automatically based on CPU utilization. The VMs are behind an Azure Load Balancer. Which Azure service should they use to automatically add or remove VMs based on demand?

A company deploys a web application on multiple Azure VMs in a single region. They need to distribute incoming HTTP and HTTPS traffic across the VMs, offload SSL/TLS termination, and maintain session persistence (sticky sessions) so that all requests from a user session go to the same backend VM. Which Azure load balancing solution should they use?

A company deploys a web application across multiple Azure VMs in a single region. They need to distribute incoming HTTP traffic, offload SSL termination, and perform URL-based routing to different backend pools (e.g., /images to one pool, /api to another). Which Azure load balancing solution should they use?

A company has Azure virtual networks (VNets) in three different Azure regions and an on-premises data center connected via ExpressRoute. They need to connect all VNets to each other and to on-premises over the Microsoft global backbone. They also require centralized management of routing and the ability to enforce security policies such as forced tunneling for internet-bound traffic. Which Azure service should they use?

A company deploys a web application on Azure VMs. They need to distribute incoming HTTP and HTTPS traffic based on the URL path: requests to /api/* go to one VM pool, requests to /images/* go to another pool. They also need to offload SSL/TLS termination. Which Azure load balancing solution should they use?

A company has multiple Azure virtual networks (VNets) spread across three Azure regions (West US, East US, and West Europe). They also have an on-premises network connected to East US via ExpressRoute. They need to connect all VNets to each other and to the on-premises network. They require centralized management of routing and the ability to enforce security policies such as forcing all internet-bound traffic from any VNet to pass through a central firewall in East US. Which Azure solution should they implement?

A company deploys a web application on Azure VMs across multiple availability zones in the East US region. They need to distribute incoming HTTPS traffic across the VMs, offload SSL termination, and ensure that client requests from the same user session are sent to the same backend VM (session persistence). Which Azure load balancing solution should they choose?

A company has Azure virtual networks (VNets) in three different Azure regions (West US, East US, and West Europe). They also have an on-premises data center connected to the East US region via ExpressRoute. They need to connect all VNets to each other and to the on-premises network. The solution must support transitive routing between all sites and provide centralized management of connectivity and routing policies. Which Azure service should they use?

A company deploys a web application on multiple Azure virtual machines (VMs) in a single region. The application receives HTTP and HTTPS traffic. They need to distribute the traffic across the VMs, offload SSL/TLS termination, and ensure that client requests from the same user session are always sent to the same backend VM (session persistence). Additionally, they need to route requests based on URL paths (e.g., /api/* to one pool, /images/* to another). Which Azure load balancing solution should they use?

A company has an Azure API Management instance deployed in the internal virtual network (VNet) mode. They want to securely expose their backend APIs to external partners over the internet. External partners need to authenticate using OAuth2 tokens. The company also wants to enforce rate limits (throttling) per subscription, cache responses, and enable CORS. Which Azure service should they use to expose the APIs?

A company has virtual machines in Azure that need to be grouped across multiple fault domains and update domains to ensure high availability. They plan to deploy three VMs running the same application tier. Which Azure feature should they use to provide redundancy within a single region?

A company has multiple Azure virtual networks (VNets) in different regions connected via VNet peering. They also have an on-premises data center connected to Azure via ExpressRoute. They need to provide internet-bound traffic from all Azure VNets through a single, centralized network virtual appliance (NVA) in the hub VNet for security inspection. They also need to ensure that traffic between VNets and on-premises is routed optimally without going through the internet. Which Azure solution should they implement?

A company deploys a web application on Azure virtual machines (VMs) across multiple availability zones in the East US region. The application receives HTTPS traffic. They need to distribute incoming traffic across the VMs, offload SSL/TLS termination, and ensure that client requests from the same user session are always sent to the same backend VM (session persistence). Which Azure load balancing solution should they choose?

A company wants to deploy a web application on Azure virtual machines (VMs). The application experiences variable traffic patterns, so the company needs to automatically add or remove VM instances based on CPU utilization. They also want the application to remain highly available even if an Azure datacenter fails. Which combination of Azure services should they use?

A global e-commerce company runs a web application in multiple Azure regions. They need to distribute incoming HTTPS traffic across regional deployments to provide low latency and high availability. The solution must support SSL offloading, Web Application Firewall (WAF) policies, and content caching to reduce backend load. They also need to route users to the nearest healthy backend region. Which Azure service should they use?

A company has deployed Azure virtual machines without public IP addresses. They need to provide secure RDP and SSH access to these VMs for administrators from the corporate network (on-premises). The solution must integrate with Microsoft Entra ID for authentication and support multi-factor authentication (MFA). It must not require any public endpoint exposure on the VMs. Which Azure service should they use?

A company has headquarters and multiple branch offices worldwide, each with its own on-premises network. They want to connect all these sites to Azure and to each other over a single, centrally managed solution. They need high bandwidth connectivity for site-to-site traffic, support for both VPN and ExpressRoute connections, and automatic routing management without the complexity of configuring multiple VPN tunnels or BGP manually. Which Azure service should they use?

A company has multiple virtual networks in different Azure regions. They need to connect all VNets together securely over the Microsoft backbone. They also need to connect to an on-premises data center via ExpressRoute. The solution should support transitive routing between all connected networks. Which Azure service should they use?

A company wants to run a containerized application on Azure without managing virtual machines. They need automatic scaling, load balancing, and rolling updates. Which Azure compute service should they choose?

A company has multiple Azure virtual networks (VNets) in different regions and an on-premises data center. They need to implement a hub-and-spoke topology where the hub VNet hosts shared services like firewalls and DNS. All traffic between spokes, and between spokes and on-premises, must be routed through the hub for inspection. Additionally, spoke VNets must not be able to directly communicate with each other. Which Azure networking solution should they implement to meet these requirements with minimal administrative overhead?

A company deploys a web application on multiple Azure VMs within an availability set. They need to distribute incoming HTTP traffic evenly across the VMs and provide health probe monitoring. The solution must support SSL termination and source IP affinity (session persistence). Which Azure load balancing solution should they choose?

A company deploys a web application on Azure virtual machines (VMs) across multiple availability zones. The application needs to automatically distribute incoming HTTPS traffic, offload SSL/TLS termination, and provide session persistence. Additionally, the solution must include a Web Application Firewall (WAF) to protect against common web vulnerabilities. Which Azure load balancing solution should they use?

A company has multiple Azure virtual networks (VNets) in different regions and an on-premises data center connected via ExpressRoute. They need to implement a hub-and-spoke topology where a hub VNet hosts shared network virtual appliances (NVAs) for traffic inspection. All traffic between spokes and between spokes and on-premises must be routed through the hub. The company wants to minimize the administrative overhead of configuring and maintaining routing. Which Azure solution should they implement?

A company wants to deploy containerized microservices on Azure without managing virtual machines. The solution must support automatic scaling based on demand, built-in load balancing, rolling updates for zero-downtime deployments, and a fully managed platform. Which Azure compute service should they choose?

A company deploys a multi-tier web application on Azure VMs across availability zones. The web tier must have SSL termination, session persistence, and health probe monitoring. Additionally, all traffic must be inspected by a central firewall for compliance. The solution must be highly available. Which combination of Azure services should they implement?

A company deploys a web application on Azure VMs in a single region. They need to distribute incoming HTTPS traffic across multiple VMs, offload SSL termination, and provide session persistence. Which Azure load balancing solution should they choose?

A company plans to deploy multiple virtual machines (VMs) across two Azure regions for high availability. The VMs will host a stateless web application that must be accessible via a single DNS endpoint. The solution must automatically route traffic to the nearest region with available capacity and provide failover if a region becomes unhealthy. Which Azure service should they use to meet these requirements?

A company deploys a containerized application on Azure Kubernetes Service (AKS). They need to expose the application to the internet and provide TLS termination. The solution must also include a Web Application Firewall (WAF) to protect against common attacks. Which Azure service should they use as the ingress controller?

A company plans to deploy a multi-tier application on Azure. The web tier requires SSL termination and health probes. The application tier must be isolated from the internet. The database tier requires high availability. They want to minimize administrative overhead and use Azure native services. Which architecture should they recommend?

A company deploys a web application on Azure VMs in an availability set. They need to expose the application to the internet with SSL termination and health probes. Additionally, they need to protect against DDoS attacks and common web vulnerabilities. Which Azure service should they use?

A company deploys a containerized microservices application on Azure Kubernetes Service (AKS). They need to expose the application to the internet with TLS termination and provide a single endpoint for multiple services. The solution must also include a Web Application Firewall (WAF). Which Azure service should they use as the ingress controller?

A company plans to deploy a web application on Azure VMs across multiple availability zones. They need to distribute incoming HTTP traffic across the VMs and provide health probes. Which Azure load balancing solution should they use?

A company has multiple on-premises sites and Azure VNets in different regions. They need to connect all networks with a single mesh topology, ensuring that any network can communicate with any other network directly. They also want to minimize administrative overhead. Which Azure service should they use?

A company deploys a web application on Azure VMs across availability zones. They need to distribute HTTPS traffic, offload SSL termination, and maintain session persistence. They do not require traffic inspection. Which Azure load balancing solution should they use?

A company deploys a stateless web application on Azure VMs in a single region. They need to distribute incoming HTTP traffic across multiple VMs and perform health checks. The solution should be highly available within the region. Which Azure load balancing solution should they use?

A company plans to migrate a legacy web application to Azure. The application runs on multiple Windows virtual machines (VMs) in an availability set. The VMs must be exposed to the internet via a single endpoint that performs SSL termination and health checks. The load-balancing solution must preserve the original client IP address for logging purposes. Which Azure service should the company use?

A hub-and-spoke Azure network must centralize outbound inspection and still allow spokes to resolve private endpoint DNS names. Which two components are commonly required? (Choose 2.)

A company is designing a virtual network architecture for a three-tier application (web, application, database). They want network isolation between tiers and secure access from the internet to the web tier only. Which Azure networking solution should they use?

A company needs to connect its on-premises data center to Azure for hybrid workloads. The connection must be private, dedicated, and provide guaranteed bandwidth. Which Azure service should they use?

A company is designing hub-and-spoke networking. Spoke VNets must use a central Azure Firewall for outbound internet traffic. Which two configurations are required?

An on-premises datacenter must connect privately to Azure with predictable bandwidth and avoid traversal of the public internet. Which connectivity option should be recommended?

A company is designing private access to a PaaS database from workloads in a VNet. The database should not be reachable over its public endpoint. What should be recommended?