CCNA Business Continuity Solutions Questions

75 of 201 questions · Page 1/3 · Business Continuity Solutions topic · Answers revealed

1
MCQmedium

A company runs a legacy on-premises application that relies on a SQL Server database. They want to use Azure as a disaster recovery site with a recovery point objective of less than 15 minutes. They need to be able to fail back to the on-premises environment after a disaster. Which Azure service should they use?

A.Azure Site Recovery
B.Azure Backup
C.Azure SQL Database
D.Azure Traffic Manager
AnswerA

Azure Site Recovery replicates on-premises VMs to Azure with low RPO and supports failback to on-premises.

Why this answer

Azure Site Recovery (ASR) orchestrates replication, failover, and failback of on-premises SQL Server workloads to Azure, supporting a Recovery Point Objective (RPO) of less than 15 minutes through continuous replication. It enables failback to the original on-premises environment after a disaster, which is a critical requirement for this scenario.

Exam trap

The trap here is that candidates often confuse Azure Backup (which is for archival backups) with Azure Site Recovery (which is for replication and failover), leading them to select Azure Backup despite its inability to meet the sub-15-minute RPO or support failback.

How to eliminate wrong answers

Option B (Azure Backup) is wrong because it provides point-in-time backups with a typical RPO of hours or daily, not sub-15-minute continuous replication, and it does not support orchestrated failback to on-premises. Option C (Azure SQL Database) is wrong because it is a PaaS database service that cannot replicate an on-premises SQL Server instance for failback; it would require migrating the database schema and data, not providing disaster recovery replication. Option D (Azure Traffic Manager) is wrong because it is a DNS-based traffic load balancer that routes user traffic, not a replication or disaster recovery service for SQL Server databases.

2
MCQhard

A company runs a critical database on Azure SQL Database in the West US region. They need to implement disaster recovery to East US with an RPO of 1 minute and RTO of 1 hour. They also want to use the secondary database for read-only workloads during normal operations. The solution must be fully managed. Which Azure SQL Database feature should they enable?

A.Active geo-replication with failover group
B.Auto-failover group with read-scale
C.Geo-restore
D.Zone-redundant configuration
AnswerB

Auto-failover groups manage failover for one or more databases, support read-only access to the secondary, and meet the RPO/RTO requirements.

Why this answer

Active geo-replication with a failover group (Option B) provides a fully managed disaster recovery solution with an RPO of 1 minute and RTO of 1 hour. It allows the secondary database in East US to be used for read-only workloads during normal operations via the read-scale listener endpoint. This meets all requirements: fully managed, low RPO/RTO, and read-only access to the secondary.

Exam trap

The trap here is confusing Active geo-replication (manual failover, no read-scale) with Auto-failover groups (automatic failover, read-scale), leading candidates to pick Option A even though it lacks the read-scale capability and automatic RTO guarantee.

How to eliminate wrong answers

Option A is wrong because Active geo-replication alone does not include a failover group; without the failover group, you cannot achieve the 1-hour RTO (manual failover takes longer) and you lose the automatic orchestration of read-scale endpoints. Option C is wrong because Geo-restore is a point-in-time recovery method with an RPO of 1 hour and RTO of 12-24 hours, far exceeding the required 1-minute RPO and 1-hour RTO, and it does not support read-only workloads on a secondary. Option D is wrong because Zone-redundant configuration provides high availability within a single region, not disaster recovery across regions, and does not offer a secondary for read-only workloads.

3
MCQeasy

A company runs an Azure SQL Database in a single region. They need to ensure that the database can be restored to any point in time within the last 90 minutes with a granularity of 1 minute. Which feature should they enable?

A.Active geo-replication
B.Auto-failover groups
C.Point-in-time restore
D.Long-term backup retention
AnswerC

Point-in-time restore allows restoring a database to any second within the retention period, meeting the requirement of 1-minute granularity.

Why this answer

Point-in-time restore (PITR) for Azure SQL Database automatically creates backups every 5-10 minutes and retains them for the default retention period of 7 days (configurable up to 35 days). This allows restoring the database to any second within the retention window, meeting the requirement of 1-minute granularity for the last 90 minutes. The feature is built-in and does not require any additional configuration beyond setting the desired retention period.

Exam trap

The trap here is that candidates often confuse point-in-time restore with disaster recovery features like geo-replication or failover groups, but the question specifically asks for restoring to a point in time within 90 minutes with 1-minute granularity, which is exclusively provided by PITR.

How to eliminate wrong answers

Option A is wrong because Active geo-replication is designed for continuous data replication to a secondary region for disaster recovery, not for point-in-time restores within a single region. Option B is wrong because Auto-failover groups manage automatic failover of multiple databases across regions, but they do not provide point-in-time restore capability. Option D is wrong because Long-term backup retention (LTR) extends backup retention beyond 35 days (up to 10 years) using weekly, monthly, or yearly backups, but it does not offer the 1-minute granularity required for the last 90 minutes; LTR backups are taken at coarser intervals.

4
Multi-Selecthard

A solution stores critical VM backups in Azure. The company wants protection against accidental or malicious deletion of backups. Which two controls should be included?

Select 2 answers
A.Disabling backup alerts
B.Storing all backups on the original VM disk
C.Soft delete for Azure Backup
D.Multi-user authorization or resource locks where applicable
AnswersC, D

Soft delete retains deleted backup data for recovery.

Why this answer

Soft delete for Azure Backup (Option C) is correct because it retains backup data for an additional 14 days after deletion, allowing recovery from accidental or malicious deletion. This feature is enabled by default for Recovery Services vaults and protects backup data even if the backup itself is deleted, providing a critical safety net against data loss.

Exam trap

The trap here is that candidates may overlook the need for both a data-level protection (soft delete) and a resource-level protection (resource locks), assuming one control is sufficient, or they may mistakenly think disabling alerts or storing backups on the same disk provides any deletion protection.

5
Multi-Selectmedium

A company uses Azure Site Recovery to replicate VMs from the primary region to the secondary region. During a disaster, they want to ensure that the failover process is automated and includes runbooks to perform post-failover actions. Which TWO components are required? (Choose two.)

Select 2 answers
A.Azure Automation runbooks
B.Azure Site Recovery Recovery Plans
C.Azure Monitor alerts
D.Azure Logic Apps
E.Azure Backup
AnswersA, B

Runbooks can perform post-failover actions.

Why this answer

Options B and D are correct. Azure Automation runbooks can be integrated into recovery plans to execute tasks after failover. Recovery Plans in Azure Site Recovery allow you to sequence the failover of VMs and include runbooks.

Option A is wrong because Azure Backup is not involved in failover. Option C is wrong because Azure Logic Apps is not the standard way; Automation is used. Option E is wrong because Azure Monitor is for monitoring, not failover automation.

6
MCQmedium

A company runs a three-tier application on Azure VMs in the West US region. They want to enable disaster recovery to East US using Azure Site Recovery. The application requires that the web tier starts first, then the application tier, and finally the database tier after a consistency check. They also need to be able to perform non-disruptive DR drills. Which Azure Site Recovery capabilities should they use together?

A.Recovery Plan with pre/post actions and Test Failover
B.Network mapping and IP customization
C.Replication policy with crash-consistent snapshots
D.Azure Automation runbooks and Azure Monitor alerts
AnswerA

Correct. Recovery Plans orchestrate startup order with scripts, and Test Failover allows isolated drills.

Why this answer

Option A is correct because a Recovery Plan in Azure Site Recovery allows you to define the startup order of tiers (web, app, database) using pre-actions and post-actions, which can invoke Azure Automation runbooks or scripts to perform the consistency check. Test Failover enables non-disruptive DR drills by creating an isolated copy of the replicated VMs in East US without impacting the production environment. Together, these capabilities meet both the ordered startup and drill requirements.

Exam trap

The trap here is that candidates may confuse general Azure automation or networking features (like runbooks or network mapping) with the specific ASR capabilities required for ordered startup and drills, overlooking that Recovery Plan and Test Failover are the exact ASR features designed for these purposes.

How to eliminate wrong answers

Option B is wrong because network mapping and IP customization handle network connectivity and IP address assignment during failover, but they do not control the startup order of tiers or enable non-disruptive drills. Option C is wrong because a replication policy with crash-consistent snapshots provides a point-in-time copy of VMs, but it does not orchestrate the sequence of tier startup or support test failovers. Option D is wrong because Azure Automation runbooks and Azure Monitor alerts can automate tasks and monitor health, but they are not native ASR capabilities for defining recovery plan steps or performing DR drills; runbooks can be used within recovery plans, but the question asks for ASR capabilities, and alerts alone do not enable drills.

7
MCQhard

A company runs a critical application on Azure SQL Managed Instance in the West US region. They need a disaster recovery solution that provides automatic failover to a secondary region (East US) with no data loss (synchronous replication) and a recovery time objective (RTO) of less than 1 hour. They also want to offload read-only workloads to the secondary during normal operations. Which Azure feature should they implement?

A.Auto-failover groups with synchronous replication
B.Active geo-replication
C.Geo-restore of backups
D.Azure Site Recovery
AnswerA

Auto-failover groups for Managed Instance support synchronous replication to a secondary region, ensuring zero data loss. RTO is under 1 hour, and the secondary can be used for read-only workloads.

Why this answer

Auto-failover groups with synchronous replication is the correct choice because Azure SQL Managed Instance supports failover groups that can use synchronous replication to ensure zero data loss (RPO=0) when both regions are within the same paired region. The automatic failover capability meets the RTO of less than 1 hour, and the secondary region can be used for read-only query offloading by connecting to the secondary listener endpoint.

Exam trap

The trap here is that candidates often confuse active geo-replication (which supports readable secondaries but only asynchronous replication) with auto-failover groups (which support synchronous replication and automatic failover), leading them to choose active geo-replication despite the zero data loss requirement.

How to eliminate wrong answers

Option B is wrong because active geo-replication does not support synchronous replication for SQL Managed Instance; it uses asynchronous replication, which can result in data loss. Option C is wrong because geo-restore of backups is a manual process with RTO measured in hours or days, not less than 1 hour, and does not provide automatic failover or read-only offloading. Option D is wrong because Azure Site Recovery is designed for IaaS VMs and on-premises workloads, not for PaaS services like Azure SQL Managed Instance, and cannot achieve synchronous replication with zero data loss for this service.

8
Multi-Selecthard

Which THREE of the following are best practices for designing a business continuity solution using Azure Site Recovery? (Select THREE.)

Select 3 answers
A.Configure automatic failover for all VMs without manual intervention
B.Perform test failovers regularly to validate the recovery plan
C.Use recovery plans to orchestrate failover of multi-tier applications
D.Use a single target region for all VMs to simplify management
E.Enable replication for all VMs that are critical to the application
AnswersB, C, E

Regular testing ensures the plan works.

Why this answer

Options A, C, and D are correct. Testing failover regularly validates the DR plan. Using a recovery plan orchestrates failover of multi-tier applications.

Enabling replication for all critical VMs ensures protection. Option B is wrong because using a single target region for all VMs can cause resource contention; multiple target regions may be needed. Option E is wrong because manual failover should be used only if automatic fails.

9
MCQmedium

A company runs a mission-critical multi-tier application on Azure VMs in West US. The application consists of database VMs, application VMs, and web VMs. During a disaster, the VMs must be recovered in a specific order: database tier first, then application tier, then web tier. The recovery point objective (RPO) is 5 minutes and recovery time objective (RTO) is 15 minutes. The company wants to periodically test the recovery process without impacting production. After failover to East US, the VMs must retain their private IP addresses to avoid DNS propagation delays. Which combination of Azure Site Recovery features should they configure?

A.A recovery plan, planned failover, and network mapping
B.A recovery plan, test failover, and network mapping
C.A recovery plan, test failover, and static IP address assignment
D.A recovery plan, planned failover, and static IP address assignment
AnswerC

Recovery Plan defines the order and includes scripting; test failover enables safe testing; static IP assignment in the target network ensures VMs keep their IP addresses after failover.

Why this answer

Option C is correct because a recovery plan enforces the required startup order (database → application → web), test failover allows non-disruptive validation of the recovery process, and static IP address assignment ensures VMs retain their private IP addresses after failover to East US, avoiding DNS propagation delays. This combination meets the RPO of 5 minutes and RTO of 15 minutes while satisfying the requirement for periodic testing without impacting production.

Exam trap

The trap here is that candidates confuse network mapping (which only maps source to target networks) with static IP address assignment (which preserves the exact private IP), leading them to choose Option B instead of C.

How to eliminate wrong answers

Option A is wrong because planned failover is used for zero-data-loss migrations or planned downtime scenarios, not for disaster recovery testing, and it does not support non-disruptive validation of the recovery process. Option B is wrong because network mapping only maps source and target networks for IP address assignment but does not guarantee that VMs retain their exact private IP addresses after failover; static IP assignment is required for that. Option D is wrong because planned failover is not suitable for periodic testing of disaster recovery, as it assumes a controlled shutdown and can impact production if used incorrectly.

10
MCQeasy

Your organization runs a web application on Azure App Service (Standard tier) in the West US region. The application uses Azure Blob Storage for static content and Azure SQL Database (Standard tier) for dynamic data. The compliance requirements specify a Recovery Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 4 hours. You need to design a disaster recovery solution that meets these requirements with minimal cost. Which option should you recommend?

A.Deploy App Service in two regions with Azure Traffic Manager. Use Azure Site Recovery to replicate the App Service and SQL Database. Enable geo-redundant storage for Blob Storage.
B.Deploy App Service in two regions with Azure Front Door. Use active geo-replication for Azure SQL Database. Enable read-access geo-redundant storage (RA-GRS) for Blob Storage.
C.Use Azure Traffic Manager to distribute traffic. Manually copy Blob Storage to a secondary region. Use Azure SQL Database export to bacpac and import in secondary region.
D.Configure App Service backup to a geo-redundant storage account. Use geo-redundant storage (GRS) for Blob Storage. Enable geo-restore for Azure SQL Database.
AnswerD

App Service backup to GRS meets RPO/RTO; Blob Storage GRS provides automatic replication; geo-restore for SQL Database meets the 1-hour RPO.

Why this answer

Option B is correct because geo-redundant storage for Blob Storage is cost-effective and meets RPO; geo-restore for SQL Database meets RPO and RTO; App Service backup and restore in a secondary region meets RTO. Option A is wrong because Azure Site Recovery is for VMs, not App Service. Option C is wrong because active geo-replication for SQL Database is more expensive than needed.

Option D is wrong because Azure Traffic Manager alone does not provide data replication.

11
MCQhard

A company runs a critical application on Azure SQL Database in the West US region. They need a disaster recovery solution with an RPO of 5 seconds and an RTO of 1 hour. They also need to be able to perform patching and maintenance on the primary without downtime. Which configuration should they implement?

A.Active geo-replication with auto-failover group
B.Azure SQL Database backup to geo-redundant storage
C.Azure SQL Database with zone-redundant configuration
D.Azure SQL Database with failover group using manual failover
AnswerA

Auto-failover groups provide the required RPO and RTO, and allow planned failover for maintenance without data loss.

Why this answer

Active geo-replication with auto-failover group meets the RPO of 5 seconds (typically under 5 seconds for active geo-replication) and RTO of 1 hour (auto-failover groups can fail over in minutes). It also supports patching and maintenance on the primary without downtime by failing over to a secondary replica during planned maintenance, leveraging the continuous data synchronization between primary and secondary databases in different Azure regions.

Exam trap

The trap here is that candidates confuse zone-redundant configuration (which only protects within a region) with geo-redundant disaster recovery, or they assume manual failover can meet strict RTOs without considering the human delay factor.

How to eliminate wrong answers

Option B is wrong because Azure SQL Database backup to geo-redundant storage (RA-GRS) provides an RPO of up to 12 hours and RTO of 12-24 hours, far exceeding the required 5-second RPO and 1-hour RTO, and does not support zero-downtime patching. Option C is wrong because zone-redundant configuration protects against zonal failures within a single region, not against regional disasters, and cannot meet the RPO/RTO for cross-region DR. Option D is wrong because a failover group using manual failover requires human intervention to trigger failover, which cannot achieve the 1-hour RTO reliably and does not support automated zero-downtime patching without manual steps.

12
MCQmedium

A company runs a web application on Azure App Service with a Standard tier plan. The application uses an Azure SQL Database (DTU-based) for storage. The business requires that the application remain available in the event of a single Azure region outage. Which solution meets the requirement with the least administrative effort?

A.Use an App Service Environment (ASE) in a single region with App Service plans in multiple availability zones
B.Use Azure Front Door to route traffic to a secondary App Service in the same region
C.Configure Azure Backup for the App Service and SQL Database
D.Deploy an additional App Service in a secondary region and use Azure SQL Database active geo-replication
AnswerD

Simplest DR setup with geo-replication.

Why this answer

Option A is correct because App Service deployment slots in a secondary region combined with Azure SQL Database geo-replication provide a low-effort DR solution. Option B is wrong because App Service Environment is more complex and costly. Option C is wrong because Azure Front Door is for global load balancing, not DR.

Option D is wrong because Azure Backup does not provide availability during an outage.

13
MCQhard

Contoso Ltd. is a global e-commerce company running its online store on Azure. The application consists of: - Frontend: Azure App Service (Windows) in West US. - Backend: Azure Kubernetes Service (AKS) cluster in West US. - Database: Azure SQL Database (General Purpose, S2) in West US. - Cache: Azure Cache for Redis (Standard C1) in West US. - Storage: Azure Blob Storage (LRS) for product images. Business continuity requirements: - RPO: 5 minutes for the database. - RTO: 1 hour for the entire application. - The solution must survive a complete West US region outage. - Budget is limited; minimize additional costs. What should you recommend as the primary DR strategy?

A.Deploy a secondary region (East US) with a passive AKS cluster (minimal node count), a standby App Service plan (same tier), and a secondary Azure SQL Database in an auto-failover group. Use Azure Traffic Manager for frontend and configure Azure Cache for Redis with geo-replication. For Blob Storage, enable geo-redundant storage (GRS).
B.Use Azure Backup for the database with 5-minute log backup frequency. For the app, use Azure App Service backup with frequency to a secondary region. For AKS, back up persistent volumes using Azure Backup. Restore everything in a secondary region during disaster.
C.Deploy the entire application across two Azure Availability Zones within West US. Use zone-redundant storage for blobs, zone-redundant App Service plan, and zone-redundant AKS. For SQL Database, use a zone-redundant configuration. For Redis, use Enterprise tier with zone redundancy.
D.Use Azure Site Recovery to replicate all VMs (including AKS nodes) to a secondary region. For the database, use Azure SQL Database active geo-replication. For Azure Cache for Redis, replicate data via geo-replication. Use Azure Traffic Manager for frontend traffic routing.
AnswerA

This meets the RPO/RTO with minimal cost by using a passive standby.

Why this answer

Option C is correct because Azure SQL Database auto-failover group with a secondary in a paired region (e.g., East US) meets the 5-minute RPO (active geo-replication with synchronous mode) and 1-hour RTO. For AKS and App Service, you can deploy a minimal standby cluster and App Service plan in the secondary region, and use Azure Traffic Manager for global load balancing. Azure Cache for Redis can be deployed with geo-replication.

Option A is wrong because Azure Site Recovery for the entire environment would be more expensive and may not meet the database RPO. Option B is wrong because Azure Backup has an RPO of at least 1 hour. Option D is wrong because Availability Zones do not protect against a regional outage.

14
MCQhard

Your company runs a critical application on Azure App Service. You need to design a disaster recovery solution that ensures the application is available in another region within 5 minutes of a regional failure. The application uses Azure SQL Database as its backend. The solution must minimize data loss and cost. What should you recommend?

A.Deploy App Service in two regions with Azure Traffic Manager. Use Azure SQL Database failover groups with active geo-replication.
B.Deploy App Service in one region with multiple instances. Use Azure SQL Database failover groups with manual failover.
C.Deploy App Service in two regions with Azure Front Door. Use Azure SQL Database with zone-redundant configuration.
D.Deploy App Service in two regions with Azure Traffic Manager. Use Azure SQL Database geo-restore for the database.
AnswerA

Failover groups provide an RTO of less than 1 minute, meeting the requirement.

Why this answer

Deploying App Service in two regions with Traffic Manager for routing and Azure SQL Database failover groups with active geo-replication provides the best balance of cost and performance. Option A is incorrect because it does not include database replication. Option C is incorrect because it uses Azure Front Door which is more expensive.

Option D is incorrect because manual failover does not meet the 5-minute RTO.

15
MCQeasy

A company needs to back up an Azure virtual machine that runs a file server. They want to restore individual files quickly without restoring the entire VM. Which backup option should they use?

A.Azure File Sync with cloud tiering.
B.Azure Backup using MARS agent with file and folder backup.
C.Azure Backup for Azure VMs with file-level restore.
D.Azure Backup for Azure VMs with instant restore.
AnswerC

File-level restore allows mounting the backup as a disk to recover files.

Why this answer

Option B (Azure Backup with file-level restore) allows restoring individual files. Option A (VM backup) is whole VM. Option C (Azure Files sync) is backup, not restore.

Option D (snapshots) not integrated.

16
MCQeasy

A retail company runs its e-commerce platform on Azure VMs. The application uses Azure SQL Database. You are designing a business continuity plan. The company wants to minimize recovery time for a regional outage. Which Azure service should you use to replicate the VMs to a secondary region?

A.Azure Traffic Manager
B.Azure Backup
D.Azure Site Recovery
AnswerD

Site Recovery orchestrates replication and failover of VMs to a secondary region.

Why this answer

Option B is correct because Azure Site Recovery is designed for VM replication to a secondary region, providing RTO in minutes. Option A (Azure Backup) is for backup and restore, not replication. Option C (Azure Traffic Manager) is for traffic routing.

Option D (Azure Load Balancer) is for distributing traffic within a region.

17
Multi-Selectmedium

Which TWO features should you use to meet an RPO of 0 seconds for an Azure SQL Database that is part of a critical application?

Select 2 answers
A.Azure Site Recovery for SQL VMs.
B.Azure SQL Database backups with short-term retention.
C.Failover group with readable secondary.
D.Active geo-replication with auto-failover group.
E.Auto-failover group with asynchronous replication.
AnswersC, D

Failover group uses active geo-replication with synchronous mode.

Why this answer

Option B (active geo-replication with auto-failover group) and Option D (failover group) provide synchronous replication with RPO=0. Option A (backup) has higher RPO. Option C (ASR) not for databases.

Option E (auto-failover group) includes active geo-replication.

18
Multi-Selecthard

Which THREE of the following are required components for a disaster recovery solution using Azure Site Recovery for on-premises Hyper-V VMs?

Select 3 answers
A.A Recovery Services vault in the target Azure region.
B.A replication policy that defines retention and recovery points.
C.The Azure Site Recovery Provider installed on each Hyper-V host.
D.Azure Backup Server installed on-premises.
E.An ExpressRoute connection from on-premises to Azure.
AnswersA, B, C

Vault stores replication data and settings.

Why this answer

Options A, B, and D are correct. Azure Site Recovery requires a Recovery Services vault, a replication policy, and the Azure Site Recovery Provider installed on Hyper-V hosts. Option C (Azure Backup Server) is not required; Site Recovery uses its own replication mechanism.

Option E (ExpressRoute) is optional.

19
MCQmedium

A company uses Azure SQL Database for a critical OLTP workload. They need a disaster recovery solution that automatically fails over to a secondary region with an RPO of 5 seconds and an RTO of 1 hour. What should they implement?

A.Azure SQL Database zone-redundant configuration
B.Azure SQL Database active geo-replication
C.Azure SQL Database auto-failover groups
D.Azure SQL Managed Instance failover groups
AnswerB

Active geo-replication provides RPO of 5 seconds and RTO of 1 hour.

Why this answer

Option C is correct because Azure SQL Database active geo-replication provides an RPO of up to 5 seconds and an RTO of 1 hour. Option A is wrong because auto-failover groups with read-write failover policy can also meet the requirements, but the question asks for active geo-replication specifically. Option B is wrong because Azure SQL Database automatic failover groups typically have an RTO of 1 hour but RPO is higher for geo-failover.

Option D is wrong because Azure SQL Managed Instance has different RPO/RTO characteristics.

20
MCQhard

Refer to the exhibit. An administrator configured Azure Site Recovery for a VM. The replication is ongoing but the health shows a warning. What is the most likely cause?

A.The recovery point retention is set to 5 days, causing storage issues.
B.The replication provisioning state failed.
C.The Azure Site Recovery service does not have sufficient permissions to access the source VM or storage account.
D.The replication interval is set to 15 minutes, exceeding the required RPO.
AnswerC

Error 0x80070005 is an access denied error, indicating a permissions issue.

Why this answer

Option B is correct because the error code 0x80070005 indicates an access denied error, typically caused by insufficient permissions on the source VM or storage account. Option A is wrong because the replication frequency is set to 300 seconds, which means a 5-minute RPO, not 15 minutes. Option C is wrong because the recovery point retention is set to 1440 minutes (24 hours), not 5 days.

Option D is wrong because the provisioning state is Succeeded, so there is no provisioning failure.

21
MCQeasy

You are designing a business continuity solution for a mission-critical Azure Kubernetes Service (AKS) cluster. The cluster hosts a stateful application that uses Azure Disks for persistent volumes. You need to ensure that the application can be recovered in a secondary region within 1 hour of a regional failure. What should you use to replicate the persistent volumes?

A.Azure Disk Backup with geo-redundant storage
B.Azure Backup with disk snapshot policies
C.Azure File Sync to replicate the disk content
D.Azure Site Recovery with replication of the AKS node VMs and attached disks
AnswerD

ASR replicates VMs and disks to secondary region.

Why this answer

Option A is correct because Azure Site Recovery can replicate Azure Disks (via VM replication) to a secondary region. Velero can back up AKS resources, but for stateful disks, ASR is more appropriate for DR. Option B is wrong because Azure Backup is for file/VM backup, not disk replication.

Option C is wrong because Azure File Sync is for file shares, not disks. Option D is wrong because Azure Disk Backup is for backup, not replication for DR.

22
MCQmedium

Your company has a hybrid identity solution with Microsoft Entra ID Connect syncing on-premises Active Directory to Microsoft Entra ID. You need to design a business continuity solution for the identity service in case of an on-premises outage. The solution must allow users to authenticate and access cloud applications even if the on-premises domain controllers are unavailable. Which feature should you enable?

A.Federation with AD FS in a secondary on-premises site
B.Password hash synchronization
C.Seamless Single Sign-On
D.Pass-through authentication with an agent in a secondary on-premises site
AnswerB

Enables cloud authentication without on-premises DCs.

Why this answer

Option C is correct because Microsoft Entra Connect sync provides password hash synchronization, which allows cloud authentication even if on-premises DCs are down. Option A is wrong because pass-through authentication requires on-premises agents. Option B is wrong because federation requires on-premises AD FS.

Option D is wrong because Seamless SSO relies on on-premises authentication.

23
Multi-Selectmedium

Which TWO Azure services can be used to automatically redirect traffic to an alternate region in the event of a regional outage? (Choose two.)

Select 2 answers
A.Azure Application Gateway
C.Azure Traffic Manager
D.Azure DNS
E.Azure Front Door
AnswersC, E

Traffic Manager uses DNS-based routing and health probes to redirect traffic.

Why this answer

Azure Traffic Manager and Azure Front Door both provide global load balancing with automatic failover. Option A is incorrect because Application Gateway is regional. Option D is incorrect because Azure Load Balancer is regional.

Option E is incorrect because Azure DNS does not provide traffic redirection based on health.

24
MCQhard

A company runs a multi-tier application on Azure VMs in the West US region. The application has web, application, and database tiers. They want to use Azure Site Recovery for disaster recovery to East US. They need to ensure that after failover, the web tier starts first, then the application tier, and finally the database tier after a consistency check. They also need to be able to perform non-disruptive DR drills. Which Azure Site Recovery capabilities should they use together?

A.Create a recovery plan with custom groups and scripts for startup order, and use test failover for DR drills
B.Use Azure Backup for the VMs and restore them in order after failover
C.Use an availability set to control startup order and use disaster recovery drills in a separate VNet
D.Use Azure Traffic Manager to route traffic after failover and manually start VMs in order
AnswerA

Recovery Plans enforce order via scripts; test failover provides an isolated drill environment.

Why this answer

Azure Site Recovery (ASR) recovery plans allow you to define custom groups and scripts to control the startup order of VMs after failover. By placing the web, application, and database tiers into separate groups with pre- and post-actions (e.g., PowerShell scripts), you can ensure the web tier starts first, then the application tier, and finally the database tier after a consistency check. ASR's test failover capability performs a non-disruptive DR drill by creating isolated copies of VMs in a separate VNet without impacting the production environment.

Exam trap

The trap here is that candidates may confuse Azure Backup's restore capabilities with ASR's orchestrated failover, or assume that availability sets or Traffic Manager can control startup sequencing, when only ASR recovery plans with custom groups and scripts provide the required ordered startup and non-disruptive DR drill functionality.

How to eliminate wrong answers

Option B is wrong because Azure Backup is designed for long-term retention and point-in-time restore, not for orchestrating multi-tier application startup order or performing non-disruptive DR drills with failover sequencing. Option C is wrong because availability sets control VM placement for high availability within a region, not startup order after failover, and they do not provide DR drill capabilities. Option D is wrong because Azure Traffic Manager handles DNS-based traffic routing, not VM startup sequencing, and manually starting VMs in order does not provide automated, scriptable orchestration or non-disruptive DR drills.

25
MCQeasy

Refer to the exhibit. You are configuring Azure Site Recovery replication for a VM. The exhibit shows the replication policy settings. What is the RPO and RTO that can be achieved with this policy?

A.RPO of 15 minutes and RTO of 5 minutes.
B.RPO of 5 minutes and RTO of 15 minutes.
C.RPO of 5 minutes and RTO of 30 minutes.
D.RPO of 10 minutes and RTO of 15 minutes.
AnswerB

Settings explicitly define RPO and RTO.

Why this answer

Option B (RPO 5 min, RTO 15 min) matches the settings (300 seconds = 5 min, 900 seconds = 15 min). Option A (RPO 15 min) is wrong. Option C (RPO 5 min, RTO 30 min) wrong.

Option D (RPO 10 min) wrong.

26
MCQhard

You are designing a high-availability solution for a stateful application that uses Azure NetApp Files (ANF) for persistent storage. The application must withstand a zonal failure within a region. What should you do?

A.Use Azure Files with zone-redundant storage (ZRS) and SMB multi-channel.
B.Use Azure NetApp Files cross-zone replication to replicate data between availability zones.
C.Use Azure Backup for ANF with daily snapshots stored in a different zone.
D.Deploy the application in an Availability Set and use ANF volumes with zone-redundant storage (ZRS).
AnswerB

Cross-zone replication provides zonal resilience.

Why this answer

Option B is correct because ANF cross-zone replication (preview) replicates volumes across zones synchronously (with some lag) to provide zonal resilience. Option A is wrong because ANF doesn't support Availability Zones directly. Option C is wrong because Azure Files is not ANF.

Option D is wrong because Azure Backup is not for real-time failover.

27
MCQeasy

A company uses Azure Backup to protect their critical Azure VMs. An administrator accidentally deleted a file from one of the VMs. They need to restore that specific file quickly without restoring the entire VM. Which Azure Backup feature should they use?

A.Azure Backup full VM restore
B.Azure Backup file recovery
C.Azure Site Recovery
D.Azure Storage snapshots
AnswerB

Azure Backup file recovery allows you to mount a recovery point as a drive and copy specific files, meeting the requirement for quick file-level restore.

Why this answer

Azure Backup's file recovery feature allows you to mount a recovery point as a drive on the VM (or another machine) using iSCSI, enabling you to browse and copy individual files without restoring the entire VM. This is the correct choice because it meets the requirement for a quick, granular restore of a single deleted file.

Exam trap

The trap here is that candidates may confuse Azure Backup's file recovery with Azure Site Recovery, thinking both provide granular restore, but Site Recovery is for replication and failover, not for point-in-time file recovery from backups.

How to eliminate wrong answers

Option A is wrong because full VM restore would recover the entire virtual machine, which is unnecessary and time-consuming for restoring a single file. Option C is wrong because Azure Site Recovery is designed for disaster recovery and replication of entire workloads to a secondary region, not for granular file-level recovery from backup snapshots. Option D is wrong because Azure Storage snapshots are a feature of Azure Storage accounts (blobs, files, disks) and are not directly integrated with Azure Backup's VM-level recovery points; they also require manual management and do not provide the iSCSI mount capability for file-level recovery.

28
MCQhard

A company runs a mission-critical application on Azure virtual machines (VMs) in the West US region. The application consists of multiple VMs that must be recovered in a specific order during a disaster: database VM first, then application VMs, then web VMs. They also require that after failover to East US, the VMs retain their private IP addresses to avoid DNS updates. The recovery point objective (RPO) is 5 minutes and recovery time objective (RTO) is 30 minutes. The company needs to perform quarterly disaster recovery tests without impacting production. Which combination of Azure Site Recovery features should they configure?

A.Use crash-consistent replication, recovery plans with manual ordering, and target network with same IP address range
B.Use app-consistent replication, recovery plans with pre/post scripts for ordering, and static IP address assignment in failover settings
C.Use multi-VM consistency groups, recovery plans with automation runbooks, and Azure Traffic Manager to redirect traffic
D.Use application-consistent replication, recovery plans with pre/post scripts for ordering, and target network with different IP address range and DNS updates
AnswerB

App-consistent replication ensures data integrity. Recovery plans with scripts automate the ordering. Static IP assignment retains private IPs.

Why this answer

Option B is correct because the requirement for an RPO of 5 minutes and RTO of 30 minutes necessitates application-consistent replication, which ensures database and application integrity. The need to recover VMs in a specific order is met by recovery plans with pre/post scripts, which allow custom actions (e.g., starting the database VM first, then application, then web). Static IP address assignment in failover settings ensures that VMs retain their private IP addresses after failover to East US, avoiding DNS updates.

Exam trap

The trap here is that candidates often confuse crash-consistent replication (which is faster but not application-safe) with application-consistent replication, or they assume that manual ordering in recovery plans is sufficient without realizing that pre/post scripts are required for complex multi-tier dependencies and that static IP assignment is needed to retain IP addresses across regions.

How to eliminate wrong answers

Option A is wrong because crash-consistent replication cannot achieve a 5-minute RPO for a mission-critical application with database VMs, as it does not guarantee application consistency; also, manual ordering in recovery plans is not sufficient for complex multi-tier recovery sequences. Option C is wrong because multi-VM consistency groups ensure crash consistency across VMs but do not provide the application-consistent replication needed for the 5-minute RPO, and Azure Traffic Manager is for traffic routing, not for retaining private IP addresses or ordering recovery. Option D is wrong because using a target network with a different IP address range and DNS updates contradicts the requirement to retain private IP addresses to avoid DNS updates.

29
MCQmedium

A company runs a global e-commerce platform on Azure VMs in a single region. They need to replicate the VMs to a secondary region for disaster recovery. Recovery must be possible within 30 minutes of a failure. The VMs run custom software that must be started in a specific order (database tier before web tier). Which Azure service should they use to meet both the replication and orchestration requirements?

A.Azure Site Recovery with recovery plans
B.Azure Backup with cross-region restore
C.Azure Migrate with replication
D.Azure Automation runbooks
AnswerA

Azure Site Recovery replicates VMs to a secondary region and recovery plans enable defining startup order, achieving the required RTO of 30 minutes.

Why this answer

Azure Site Recovery (ASR) with recovery plans is the correct choice because it provides both VM replication to a secondary region and the ability to orchestrate the startup order of VMs. Recovery plans allow you to group VMs into tiers (e.g., database and web) and define dependencies, ensuring the database tier starts before the web tier. ASR meets the 30-minute recovery time objective (RTO) by enabling failover to the secondary region within that timeframe.

Exam trap

The trap here is that candidates often confuse Azure Backup (which is for data protection and long-term retention) with Azure Site Recovery (which is for replication and failover), and overlook the orchestration requirement that only recovery plans can fulfill.

How to eliminate wrong answers

Option B is wrong because Azure Backup with cross-region restore is designed for long-term data retention and point-in-time recovery, not for orchestrating multi-tier application startup order or meeting a 30-minute RTO for full VM failover. Option C is wrong because Azure Migrate is a tool for assessing and migrating on-premises workloads to Azure, not for ongoing replication or disaster recovery orchestration. Option D is wrong because Azure Automation runbooks can execute scripts to start VMs in order, but they do not provide the underlying VM replication to a secondary region, which is required for disaster recovery.

30
MCQmedium

Your company runs a critical e-commerce application on Azure Virtual Machines (VMs) in a single region. You need to design a disaster recovery (DR) solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 1 hour for the application tier. The application uses Azure SQL Database (single database). Which combination of Azure services should you recommend to meet the RPO and RTO?

A.Use Azure Site Recovery for VMs and Azure SQL Database read-scale replicas
B.Use Azure Backup for VM replication and Azure SQL Database auto-failover groups
C.Use Azure Front Door with regional load balancing and Azure SQL Database geo-restore
D.Use Azure Site Recovery for VM replication to a secondary region and Azure SQL Database active geo-replication
AnswerD

Site Recovery meets the VM RPO/RTO; active geo-replication meets the SQL RPO/RTO.

Why this answer

Option B is correct because Azure Site Recovery can replicate VMs to a secondary region with an RPO of 15 minutes and RTO of 1 hour for the application tier. Azure SQL Database active geo-replication provides an RPO of 5 seconds and RTO of 1 hour. Option A is wrong because Azure Backup has a higher RPO (typically 12 hours for VMs).

Option C is wrong because read-scale replicas do not support failover. Option D is wrong because Azure Front Door is for global load balancing, not DR replication.

31
MCQmedium

A company runs a critical application on Azure VMs in a single region. The application uses Azure SQL Database as its data store. The company needs a disaster recovery solution that can fail over the entire application stack (VMs and database) to another region with a Recovery Point Objective (RPO) of 5 minutes and a Recovery Time Objective (RTO) of 1 hour. The solution must be automated and minimize manual steps. Which combination of Azure services should they implement?

A.Azure Site Recovery for VMs and active geo-replication with auto-failover groups for Azure SQL Database
B.Azure Backup for VMs and Azure SQL Database backup to another region
C.Azure Site Recovery for VMs and Azure DNS for database failover
D.Azure Load Balancer for VMs and Azure SQL Database failover groups
AnswerA

ASR replicates VMs to the secondary region with low RPO, and active geo-replication with auto-failover groups provides database failover with RPO of 5 seconds and RTO of under 1 hour.

Why this answer

Azure Site Recovery (ASR) orchestrates replication and automated failover of Azure VMs to a secondary region, meeting the RTO of 1 hour. Active geo-replication with auto-failover groups for Azure SQL Database provides a readable secondary replica in another region with an RPO of 5 seconds (well under the 5-minute requirement) and enables automatic failover without manual intervention. Together, they automate the entire application stack failover, minimizing manual steps.

Exam trap

The trap here is that candidates often confuse Azure Backup (which is for data recovery, not failover) with Azure Site Recovery (which is for full-stack disaster recovery), or they assume DNS or load balancers alone can handle database failover without understanding that database replication is required first.

How to eliminate wrong answers

Option B is wrong because Azure Backup for VMs and Azure SQL Database backup to another region provides point-in-time restore but does not support automated failover; restoring from backup would take hours, exceeding the 1-hour RTO, and the RPO would be limited to the backup schedule (typically 24 hours). Option C is wrong because Azure DNS for database failover does not handle database replication or failover; it only manages DNS records, leaving the database unreplicated and requiring manual steps to redirect traffic, which fails the automation requirement. Option D is wrong because Azure Load Balancer distributes traffic but does not replicate VMs or databases; it cannot fail over VMs to another region, and Azure SQL Database failover groups alone (without active geo-replication) do not provide the required RPO of 5 minutes—failover groups require geo-replication to be configured separately.

32
MCQmedium

Refer to the exhibit. You deploy an Azure SQL Database with a secondary replica in another region using the ARM template shown. You need to ensure that the database can fail over automatically with zero data loss. What is missing?

A.Configure long-term backup retention.
B.Disable readScaleOut on the primary database.
C.Create a failover group that includes both databases.
D.Set zoneRedundant to true on the primary database.
AnswerC

Failover group enables automatic failover with zero data loss.

Why this answer

Option B (failover group) is required to orchestrate automatic failover. Option A (zone redundancy) not needed. Option C (read scale) not needed.

Option D (backup) irrelevant.

33
MCQhard

Refer to the exhibit. A role assignment has a condition that controls blob deletion. A user assigned this role tries to delete a blob with tag 'Project' set to 'ProjectB'. What will happen?

A.The deletion is allowed because the condition only applies to write operations
B.The deletion is allowed because the condition does not affect blob deletion
C.The deletion is denied because the blob does not have the required tag
D.The deletion is denied because the condition version is 2.0 and not supported
AnswerC

The condition requires the blob to have tag 'Project' equal to 'ProjectA'.

Why this answer

Option D is correct because the condition grants delete permission only if the blob's tag matches 'ProjectA'. Since the blob has tag 'ProjectB', the condition evaluates to false, and the delete action is denied. Option A is wrong because the condition does not block all blob deletions, only those not matching the tag.

Option B is wrong because the condition does not affect other actions. Option C is wrong because the condition is evaluated at runtime.

34
MCQeasy

A company uses Azure Backup to protect on-premises file servers via the Azure Backup Server (MABS). They want to ensure backups are retained for 10 years for compliance. What backup tier should they use?

A.Azure Backup using the warm storage tier
B.Azure Files share snapshots
C.Azure Site Recovery
D.Azure Backup with GFS retention policy for monthly and yearly points
AnswerD

GFS allows retention for decades.

Why this answer

Option B is correct because Azure Backup supports long-term retention (up to 99 years) using the Backup vault's Grandfather-Father-Son (GFS) retention policy with monthly and yearly points. Option A is wrong because Azure Site Recovery is for replication, not backup retention. Option C is wrong because the warm storage tier is for short-term retention.

Option D is wrong because Azure Files is not a backup retention feature.

35
MCQmedium

A company runs a critical SQL Server database on an Azure virtual machine in the West US region. They need a disaster recovery solution that replicates the database to a secondary region (East US) with a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 2 hours. The solution must also support non-disruptive disaster recovery drills. The company currently uses SQL Server Standard Edition. Which Azure service should they implement?

A.Azure Site Recovery
B.SQL Server Always On Availability Groups
C.Azure Backup with cross-region restore
D.Azure SQL Database geo-replication
AnswerA

Azure Site Recovery replicates the entire VM to the secondary region, supports test failovers for drilling, and can meet the RPO/RTO requirements when configured with appropriate frequency. It works with SQL Server Standard Edition.

Why this answer

Azure Site Recovery (ASR) replicates the entire VM, including the SQL Server database, to the secondary region with an RPO as low as 15 minutes and an RTO of 2 hours when using a recovery plan. It supports non-disruptive disaster recovery drills by allowing test failovers that run in an isolated network without impacting the production environment. This makes ASR the correct choice for a SQL Server Standard Edition VM requiring cross-region DR with drills.

Exam trap

The trap here is that candidates often choose SQL Server Always On Availability Groups without realizing that Standard Edition lacks the necessary features (e.g., readable secondaries, multi-database support) to meet the RPO/RTO and drill requirements, or they mistakenly think Azure SQL Database geo-replication can be applied to a SQL Server VM.

How to eliminate wrong answers

Option B is wrong because SQL Server Always On Availability Groups requires SQL Server Enterprise Edition for the advanced features needed to meet the RPO/RTO, and Standard Edition only supports basic availability groups with a single database and no readable secondaries, which cannot achieve the required 15-minute RPO or support non-disruptive drills. Option C is wrong because Azure Backup with cross-region restore provides point-in-time backups with an RPO of typically 12-24 hours (not 15 minutes) and an RTO that can exceed 2 hours due to restore time, plus it does not support live, non-disruptive disaster recovery drills. Option D is wrong because Azure SQL Database geo-replication is a PaaS feature that cannot be applied to a SQL Server running on an Azure VM (IaaS); it only works with Azure SQL Database managed instances or single databases.

36
MCQmedium

A company runs critical Azure VMs. They want to protect against accidental deletion or corruption of data by implementing a retention policy for Azure Backup. They need to keep daily backups for 30 days, weekly backups for 12 weeks, and monthly backups for 12 months. Which Azure Backup feature should they configure?

A.Immutable vault
B.Backup policy with long-term retention
C.Backup tiering
D.Soft delete
AnswerB

Azure Backup policies allow you to define multiple retention points (daily, weekly, monthly) with specific durations. This meets the need for 30 days daily, 12 weeks weekly, and 12 months monthly.

Why this answer

A backup policy with long-term retention (LTR) in Azure Backup allows you to define granular retention rules for daily, weekly, monthly, and yearly backup points. This directly meets the requirement to keep daily backups for 30 days, weekly for 12 weeks, and monthly for 12 months by configuring the retention duration for each frequency in the backup policy.

Exam trap

The trap here is that candidates confuse Immutable vault or Soft delete with retention policies, but those features address data protection from deletion or tampering, not the ability to specify granular retention durations for different backup frequencies.

How to eliminate wrong answers

Option A is wrong because Immutable vault protects backup data from being deleted or overwritten before its retention period expires, but it does not provide the ability to configure different retention durations for daily, weekly, and monthly backups. Option C is wrong because Backup tiering moves older recovery points to a lower-cost storage tier (e.g., from hot to cold or archive), but it does not define or enforce retention durations; it is a cost-optimization feature, not a retention policy. Option D is wrong because Soft delete provides a safety net by retaining deleted backup data for a default period (14 days) to allow recovery from accidental deletion, but it does not allow you to specify custom retention periods like 30 days daily, 12 weeks weekly, or 12 months monthly.

37
Multi-Selecthard

Which THREE of the following are valid strategies for designing a disaster recovery plan for Azure Virtual Desktop? (Choose three.)

Select 3 answers
A.Use Azure Front Door to route RDP traffic to the secondary region
B.Use Azure File Sync to replicate FSLogix profile shares to a secondary region
C.Pre-deploy a secondary host pool in the DR region and use Azure Traffic Manager to redirect connections
D.Rely on Azure Backup to restore session hosts in the secondary region
E.Replicate session host VMs to a secondary region using Azure Site Recovery
AnswersB, C, E

Azure File Sync can sync files to a secondary region for disaster recovery.

Why this answer

Options A, B, and D are correct. Azure Site Recovery can replicate session host VMs (A). Azure Files can replicate FSLogix profiles using Azure File Sync to a secondary region (B).

A disaster recovery plan can include a secondary host pool with pre-provisioned session hosts (D). Option C is wrong because Azure Backup does not provide immediate failover; it is for backup and restore. Option E is wrong because Azure Front Door is for web traffic, not for RDP connections.

38
MCQmedium

A company runs a critical web application on Azure App Service in a single region. They need to achieve high availability across regions with automatic failover in the event of a regional outage. Which approach should they recommend?

A.Deploy multiple App Service instances in the same region with Traffic Manager
B.Deploy to multiple regions with Azure Front Door
C.Use App Service auto-scaling rules to handle increased load
D.Enable Azure Site Recovery for the App Service
AnswerB

Correct. Azure Front Door can route traffic across regions and automatically fail over to a healthy region if the primary goes down.

Why this answer

Azure Front Door provides global load balancing and automatic failover across multiple regions by routing traffic to the nearest healthy backend. For a critical web application requiring cross-region high availability, deploying App Service instances in multiple regions behind Front Door ensures seamless failover during a regional outage, as Front Door monitors endpoint health and redirects traffic away from failed regions.

Exam trap

The trap here is that candidates often confuse Traffic Manager (DNS-level, no health probe for App Service) with Azure Front Door (application-layer, with health probes and instant failover), leading them to choose Option A for cross-region scenarios.

How to eliminate wrong answers

Option A is wrong because deploying multiple App Service instances in the same region with Traffic Manager does not protect against a regional outage; Traffic Manager can distribute load but all instances share the same regional failure domain. Option C is wrong because App Service auto-scaling rules only adjust capacity within a single region based on load metrics, not across regions, and cannot provide failover during a regional outage. Option D is wrong because Azure Site Recovery is designed for virtual machine replication and failover, not for PaaS services like App Service; it does not natively support App Service and would require complex, unsupported workarounds.

39
MCQmedium

Your company runs a critical workload on Azure Virtual Machines in a single region. You need to design a disaster recovery solution that meets a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 1 hour. The solution should minimize cost. What should you recommend?

A.Configure Azure Backup with geo-redundant storage.
B.Deploy an active-passive pair of VMs using SQL Server Always On availability groups.
C.Use Azure Storage with read-access geo-redundant storage (RA-GRS) and failover the VMs.
D.Implement Azure Site Recovery with replication to a secondary region.
AnswerD

Azure Site Recovery can replicate Azure VMs to another region with an RPO of 15 seconds to 15 minutes and RTO of minutes to hours, meeting the requirements cost-effectively.

Why this answer

Option D is correct because Azure Site Recovery provides replication with RPO as low as 15 minutes and RTO of minutes to hours, and it is cost-effective compared to always-on replication. Option A is wrong because Azure Backup has a minimum RPO of 1 hour for VMs. Option B is wrong because read-access geo-redundant storage (RA-GRS) is for storage accounts, not VM-level recovery.

Option C is wrong because an active-passive configuration with Always On availability groups requires SQL Server and is overkill for non-database workloads.

40
MCQmedium

A company runs a critical OLTP application on Azure SQL Database in the West US region. They need to ensure business continuity if a regional outage occurs. The solution must have a recovery point objective (RPO) of 5 seconds and a recovery time objective (RTO) of less than 1 hour. They also want to use the secondary region for read-only query offloading. Which Azure SQL Database feature should they enable?

A.Active geo-replication with automatic failover group
B.Geo-restore
C.Azure Site Recovery
D.Read scale-out with manual regional failover
AnswerA

Active geo-replication provides a readable secondary with RPO ~5 seconds. Auto-failover groups automate failover (RTO < 1 hour) and the secondary can be used for read-only queries.

Why this answer

Active geo-replication with automatic failover groups is the correct choice because it provides continuous asynchronous data replication to a secondary Azure SQL Database in a paired region, achieving an RPO of 5 seconds and an RTO of under 1 hour. The automatic failover group enables coordinated failover of multiple databases and allows the secondary region to be used for read-only query offloading by connecting with ApplicationIntent=ReadOnly.

Exam trap

The trap here is that candidates confuse geo-restore (backup-based) with active geo-replication (continuous replication), or assume read scale-out can span regions, when in fact it only works within the same Azure region.

How to eliminate wrong answers

Option B (Geo-restore) is wrong because it restores a database from geo-replicated backups with an RPO of 1 hour and an RTO of 12+ hours, failing the 5-second RPO and 1-hour RTO requirements. Option C (Azure Site Recovery) is wrong because it is designed for IaaS VM replication, not for PaaS Azure SQL Database, and cannot meet the 5-second RPO or provide read-only query offloading. Option D (Read scale-out with manual regional failover) is wrong because read scale-out only offloads read-only queries using a readable secondary replica within the same region, not in a secondary region, and manual failover does not meet the automated RTO of under 1 hour.

41
MCQmedium

You are the Azure architect for a financial services company. The company runs a proprietary trading application on Azure Virtual Machines in the East US region. The application stores state in Azure Cache for Redis (Standard tier) and uses Azure SQL Database (General Purpose tier) for persistent data. The business has set a Recovery Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 2 hours for the entire application. The solution must minimize costs. You have been asked to design a disaster recovery plan. Which approach should you recommend?

A.Use Azure Traffic Manager to distribute traffic to both regions with active-passive configuration. Configure Azure SQL Database auto-failover groups. Deploy a second Azure Cache for Redis in the secondary region.
B.Configure Azure SQL Database active geo-replication with a readable secondary. Use Azure Site Recovery for VMs. Enable Azure Cache for Redis data persistence and replicate the cache using Azure Files.
C.Back up the VMs using Azure Backup with a 1-hour frequency. Use Azure SQL Database backup with short-term retention. Manually recreate the Redis cache in the secondary region.
D.Use Azure Site Recovery to replicate the VMs to a secondary region. For Azure SQL Database, enable geo-redundant backup storage and use geo-restore during failover. For Azure Cache for Redis, document the reconfiguration steps to point to a new cache in the secondary region.
AnswerD

Azure Site Recovery meets RPO/RTO for VMs; geo-restore for SQL Database meets the 1-hour RPO and restores within minutes; Redis reconfiguration is manual but acceptable.

Why this answer

Option A is correct because Azure Site Recovery for VMs meets the 1-hour RPO and 2-hour RTO at low cost; Azure SQL Database geo-redundant backup restore can achieve RTO of 1 hour (using geo-restore) and RPO of 1 hour; for Redis, reconfiguration is acceptable. Option B is wrong because Azure Traffic Manager alone does not provide replication. Option C is wrong because active geo-replication for SQL Database is more expensive than geo-restore.

Option D is wrong because Azure Backup for VMs has minimum RPO of 1 hour but restore time may exceed 2 hours.

42
MCQhard

A company runs a critical SAP HANA database on an Azure large instance. They need a disaster recovery solution that provides automatic failover to a secondary region with an RPO of 15 minutes and RTO of 30 minutes. The solution must not require manual intervention to start replication. What should they use?

A.SAP HANA System Replication with HANA Pacemaker
B.Azure Site Recovery with replication policy for SAP HANA
C.Azure NetApp Files with cross-region replication
D.Azure Backup for SAP HANA
AnswerA

HANA System Replication with Pacemaker provides automatic failover within RPO/RTO.

Why this answer

Option B is correct because SAP HANA System Replication with HANA Pacemaker can provide automatic failover with an RPO of 15 minutes and RTO of 30 minutes. Option A is wrong because Azure Site Recovery for SAP HANA requires manual steps to start replication. Option C is wrong because Azure Backup for SAP HANA has a higher RPO.

Option D is wrong because Azure NetApp Files is a storage solution, not a replication mechanism.

43
MCQmedium

Refer to the exhibit. You are reviewing a backup policy for an Azure VM. The policy is defined using the Azure Backup REST API. What is the maximum number of recovery points that can be retained according to this policy?

A.24
B.17
C.29
D.12
AnswerA

12 weekly (every Mon, Wed, Fri for 12 weeks) + 12 monthly (first Sunday each month for 12 months) = 24 recovery points.

Why this answer

The weekly retention keeps 12 weekly points (count=12, durationType=Weeks). The monthly retention keeps 12 monthly points (count=12, durationType=Months). Instant RP retention adds up to 5 days, but those are additional recovery points not counted in the long-term retention.

So total long-term recovery points = 12 (weekly) + 12 (monthly) = 24. Option B is correct.

44
Multi-Selecthard

A company wants to ensure that their Azure Storage account containing blobs is protected against accidental deletion or corruption. The solution must enable recovery of previous versions up to 30 days. Which TWO features should they enable? (Choose TWO.)

Select 2 answers
A.Blob versioning
B.Blob soft delete
C.Change feed
D.Azure Backup for Azure Blobs
E.Point-in-time restore for Azure Files
AnswersA, B

Versioning preserves previous versions of blobs.

Why this answer

Options A and C are correct. Blob soft delete allows recovery of deleted blobs, and versioning keeps previous versions of blobs. Together, they provide protection against deletion and corruption with 30-day retention.

Option B is wrong because point-in-time restore is for Azure Files. Option D is wrong because change feed tracks changes but does not enable recovery. Option E is wrong because Azure Backup for blobs is an alternative but not the combination requested.

45
MCQhard

Refer to the exhibit. An administrator configured Azure Site Recovery replication for a VM using the policy shown. The VM workload is a critical database that requires application-consistent snapshots every 30 minutes to meet compliance. What is the issue with the current configuration?

A.The application-consistent snapshot frequency is 60 minutes, which is too high (should be 30 minutes).
B.The recovery point retention is set too low (1440 minutes).
C.The target region eastus2 is not a valid paired region for the source.
D.The storage account type is Standard_LRS; it should be Premium_LRS.
AnswerA

The requirement is 30 minutes, but the policy is set to 60 minutes.

Why this answer

Option B is correct because the application-consistent snapshot frequency is set to 60 minutes, which does not meet the requirement of 30 minutes. Option A is wrong because the recovery point retention is 1440 minutes (24 hours), which is sufficient. Option C is wrong because Standard_LRS is acceptable for replication.

Option D is wrong because the target region eastus2 is valid.

46
MCQmedium

A company runs a critical application on Azure Virtual Machines in a single availability set. They want to protect against an entire Azure region failure. They need a recovery time objective (RTO) of 30 minutes and a recovery point objective (RPO) of 15 minutes. Which solution should they use?

A.Azure Backup for VMs with geo-redundant backup storage.
B.Azure Site Recovery to another region.
C.Deploy VMs in an availability zone within the same region.
D.Use Azure managed disks with geo-replication (LRS to GRS).
AnswerB

Azure Site Recovery replicates VMs continuously to a secondary region. It can achieve RPO as low as 15 seconds (with app-consistent snapshots) and RTO of minutes (30 minutes is typical). It supports planned and unplanned failover.

Why this answer

Azure Site Recovery (ASR) provides orchestrated replication, failover, and failback of Azure VMs to a secondary region, enabling a recovery time objective (RTO) of 30 minutes and a recovery point objective (RPO) of 15 minutes as required. ASR replicates VM disks continuously to the target region, and in a regional failure, you can initiate a planned or unplanned failover to bring up the application within the specified RTO/RPO. This is the only option that offers both cross-region disaster recovery and the granular recovery objectives stated.

Exam trap

The trap here is that candidates often confuse Azure Backup (which provides long-term retention with geo-redundancy) with Azure Site Recovery (which provides near-synchronous replication and automated failover), leading them to select Option A despite its inability to meet the strict RTO/RPO requirements.

How to eliminate wrong answers

Option A is wrong because Azure Backup with geo-redundant storage (GRS) is designed for long-term backup and restore, not for rapid failover; its typical RTO is hours or days, not 30 minutes, and it does not support orchestrated cross-region failover. Option C is wrong because deploying VMs in an availability zone within the same region protects against datacenter failures, not an entire Azure region failure, and thus does not meet the requirement for cross-region disaster recovery. Option D is wrong because Azure managed disks with geo-replication (LRS to GRS) is not a supported feature—managed disks use locally redundant storage (LRS) by default and cannot be directly geo-replicated; the misconception is that GRS applies to disks, but it applies only to storage accounts, and even then it does not provide the orchestrated failover or RTO/RPO guarantees of Azure Site Recovery.

47
MCQeasy

A company stores backup data for Azure VMs in a Recovery Services vault. They need to ensure that the backup data is protected from accidental deletion and remains available even if the entire Azure region fails. What should you configure?

A.Assign Azure RBAC roles to limit access to the vault.
B.Enable soft delete in the vault and use geo-redundant storage (GRS).
C.Enable immutable storage for the vault.
D.Enable locally redundant storage (LRS) for the vault.
AnswerB

Soft delete prevents accidental deletion; GRS protects against region failure.

Why this answer

Option B (soft delete and geo-redundant storage) provides protection against deletion and region failure. Option A (LRS) does not protect against region failure. Option C (immutable storage) is not available in Recovery Services vaults.

Option D (RBAC) does not protect against deletion by authorized users.

48
Multi-Selecthard

Which THREE components are required to implement a disaster recovery solution for Azure SQL Database using failover groups? (Choose three.)

Select 3 answers
A.A failover group that includes both servers
B.A secondary Azure SQL Database server in another region
C.Zone-redundant configuration on the primary database
D.A primary Azure SQL Database server in one region
E.Active geo-replication configured on the primary database
AnswersA, B, D

The failover group manages the replication and failover.

Why this answer

Failover groups require a primary server, a secondary server in a different region, and the failover group itself. Option A is incorrect because zone redundancy is optional. Option D is incorrect because active geo-replication is a separate feature; failover groups can be used without it.

Option E is incorrect because it is a specific configuration.

49
MCQmedium

A company runs a multi-tier application on Azure VMs. The application has front-end and back-end VMs that must be started in a specific order during failover (front-end first, then back-end). The company uses Azure Site Recovery to replicate to a secondary region. After failover, they also need to run custom PowerShell scripts to update DNS records. Which Azure Site Recovery feature should they configure?

A.Recovery plan with manual steps
B.Recovery plan with automation runbooks and order groups
C.Failover with network mapping
D.Test failover with isolation
AnswerB

Recovery plans support grouping VMs and running automation runbooks (scripts) before or after failover of each group, satisfying both the startup order and custom script requirements.

Why this answer

Option B is correct because Azure Site Recovery recovery plans support order groups to enforce the startup sequence of VMs (front-end first, then back-end) and can include automation runbooks to execute custom PowerShell scripts, such as updating DNS records after failover. This provides a structured, automated failover workflow that meets both the sequencing and scripting requirements.

Exam trap

The trap here is that candidates may confuse recovery plans with simple failover options, overlooking that recovery plans uniquely combine order groups and runbook automation to address both sequencing and custom scripting requirements in a single feature.

How to eliminate wrong answers

Option A is wrong because manual steps in a recovery plan require human intervention during failover, which contradicts the need to automatically run PowerShell scripts for DNS updates and does not inherently enforce VM startup order without additional configuration. Option C is wrong because network mapping defines how VMs connect to the target network after failover but does not control VM startup sequencing or execute custom scripts. Option D is wrong because test failover with isolation is used to validate failover in an isolated network without impacting production, but it does not provide mechanisms for startup order or script execution.

50
MCQmedium

Your organization runs a critical application on Azure VMs that must be highly available within a region. The application is stateful and requires shared storage. You need to design a solution that can automatically recover from a VM failure with minimal downtime. What should you include in the design?

A.Deploy a single VM with premium storage and Azure Backup for recovery.
B.Deploy the VMs in different Availability Zones and use Azure NetApp Files for storage.
C.Use Azure Site Recovery to replicate the VM to a secondary region.
D.Deploy the VMs in an availability set and use Azure Shared Disks for the stateful data.
AnswerD

Availability set protects from rack-level failures, and shared disks enable automatic failover.

Why this answer

Option A is correct because an availability set provides VM redundancy and a shared disk allows persistent storage that can be attached to the standby VM. Option B is wrong because Availability Zones provide cross-zone redundancy but not shared storage. Option C is wrong because Azure Files does not support direct attach to VMs.

Option D is wrong because Azure Backup does not provide automatic failover.

51
Multi-Selectmedium

Which TWO actions should you take to ensure business continuity for an Azure App Service web app that uses Azure SQL Database? (Choose two.)

Select 2 answers
A.Configure Azure SQL Database failover groups with automatic failover.
B.Enable auto-healing in the App Service and modify the application code to handle retries.
C.Deploy the App Service plan in two regions and use Azure Traffic Manager for load balancing.
D.Use Azure Front Door with a single App Service instance.
E.Configure Azure Backup for the App Service and enable geo-restore.
AnswersA, C

Failover groups provide database redundancy with automatic failover.

Why this answer

Deploying the App Service in multiple regions with Traffic Manager provides geographic redundancy. Using Azure SQL Database failover groups provides database redundancy with automatic failover. Option A is incorrect because App Service backup does not provide regional failover.

Option D is incorrect because application code changes are not necessary for business continuity. Option E is incorrect because Azure Front Door is more expensive and not required.

52
MCQhard

A company runs an SAP HANA database on Azure large instances (HLI) in the West US region. The database is critical for business operations. They need a disaster recovery solution with a recovery point objective (RPO) of near zero (seconds) and a recovery time objective (RTO) of less than 30 minutes in the event of a region-wide outage. The solution must automatically replicate data to a secondary region (East US) and support automated failover. Which design should they implement?

A.Configure HANA System Replication (async) between the primary and secondary site, and use a Pacemaker cluster with Azure Load Balancer to enable automated failover
B.Use Azure Site Recovery to replicate the HANA large instance VMs with a replication frequency of 30 seconds and enable auto-failover
C.Schedule HANA database backups every 5 minutes to Azure Blob Storage with geo-redundant storage (GRS), and restore in the secondary region on demand
D.Set up HANA System Replication with synchronous mode to the secondary region
AnswerA

HANA System Replication with asynchronous mode provides near-zero RPO. Combined with Pacemaker and Azure Load Balancer, you can achieve automatic failover within the required RTO. This is the recommended approach for SAP HANA DR on Azure.

Why this answer

Option A is correct because HANA System Replication (async) provides near-zero RPO by continuously replicating log changes to the secondary region, while a Pacemaker cluster with Azure Load Balancer enables automated failover within the required 30-minute RTO. This combination meets the strict RPO/RTO requirements for SAP HANA on Azure Large Instances, as Azure Site Recovery does not support HLI and synchronous replication would introduce unacceptable latency over the West US to East US distance.

Exam trap

The trap here is that candidates confuse Azure Site Recovery as a viable option for HLI, not realizing it only supports standard Azure VMs, or they assume synchronous replication is always better without considering the latency penalty over inter-region distances.

How to eliminate wrong answers

Option B is wrong because Azure Site Recovery does not support Azure Large Instances (HLI) — it only works with standard Azure VMs, and its 30-second replication frequency cannot achieve near-zero RPO (seconds). Option C is wrong because scheduling backups every 5 minutes cannot achieve near-zero RPO (seconds), and manual restore in the secondary region would far exceed the 30-minute RTO. Option D is wrong because synchronous HANA System Replication over the long distance between West US and East US would introduce high network latency, causing unacceptable performance impact on the primary database and potentially violating the RTO due to transaction stalls.

53
MCQmedium

A company runs SQL Server on an Azure virtual machine. They need to ensure high availability within a single Azure region. The solution must provide automatic failover with zero data loss (synchronous replication) and support read-only routing for reporting workloads. Which solution should they implement?

A.SQL Server Always On Availability Group
B.SQL Server Failover Cluster Instance (FCI)
C.Azure Site Recovery
D.Azure Backup
AnswerA

AG with synchronous commit ensures zero data loss on automatic failover. It also allows configuring read-only routing to direct reporting queries to secondary replicas.

Why this answer

SQL Server Always On Availability Groups (AG) provide high availability and disaster recovery at the database level. They support synchronous replication with automatic failover, ensuring zero data loss (RPO=0) within a single Azure region. Additionally, AGs allow secondary replicas to be configured as readable, enabling read-only routing for reporting workloads, which directly meets all stated requirements.

Exam trap

The trap here is confusing Failover Cluster Instances (FCI) with Availability Groups; FCI provides instance-level HA with shared storage but cannot serve read-only workloads from secondary nodes, while AGs offer database-level HA with readable secondaries and synchronous replication.

How to eliminate wrong answers

Option B (SQL Server Failover Cluster Instance) is wrong because it operates at the instance level using shared storage (e.g., Azure shared disks or Storage Spaces Direct), which does not support read-only routing for reporting workloads; secondary nodes are passive and cannot serve read traffic. Option C (Azure Site Recovery) is wrong because it provides disaster recovery replication at the VM level, not database-level synchronous replication, and does not guarantee zero data loss or support read-only routing for SQL Server reporting. Option D (Azure Backup) is wrong because it is a backup and restore solution, not a high availability or automatic failover mechanism; it cannot provide synchronous replication, zero data loss failover, or read-only routing.

54
MCQhard

Your company, Fabrikam Inc., operates a global Software-as-a-Service (SaaS) application that provides real-time analytics. The application runs on Azure Kubernetes Service (AKS) with a microservices architecture. The data tier uses Azure Cosmos DB (Core SQL API) with multi-region writes. The application also uses Azure Event Hubs for event ingestion. The business requires a Recovery Time Objective (RTO) of 10 seconds and a Recovery Point Objective (RPO) of 0 for the entire platform. The solution must support active-active configuration across multiple Azure regions. You have been asked to recommend the disaster recovery design. Which option should you recommend?

A.Deploy AKS in three regions with Azure Traffic Manager. Use Azure Cosmos DB with multi-region writes. Use Azure Event Hubs with geo-disaster recovery. Use Azure Cache for Redis Enterprise with active geo-replication.
B.Deploy AKS in two regions with Azure Front Door. Use Azure Cosmos DB with single write region and auto-failover. Use Azure Service Bus with geo-disaster recovery. Use Azure Cache for Redis Enterprise with active geo-replication.
C.Deploy AKS in three regions with Azure Front Door. Use Azure Cosmos DB with multi-region writes. Use Azure Event Hubs with geo-disaster recovery and active-active pattern. Use Azure Cache for Redis Enterprise with active geo-replication.
D.Deploy AKS in two regions with Azure Front Door. Use Azure SQL Database with auto-failover groups. Use Azure Event Hubs with geo-disaster recovery. Use Azure Cache for Redis Enterprise with active geo-replication.
AnswerC

Azure Front Door provides sub-second failover; all other services support active-active with zero data loss.

Why this answer

Option B is correct because all components support multi-region writes and active-active configuration: Azure Front Door for global load balancing, Cosmos DB multi-region writes for zero data loss, Event Hubs geo-disaster recovery for automatic failover, and Redis Enterprise active geo-replication. Option A is wrong because Azure Traffic Manager is DNS-based and slower. Option C is wrong because Azure Service Bus does not support multi-region active-active natively.

Option D is wrong because Azure SQL Database does not support multi-region writes.

55
MCQeasy

You are designing a disaster recovery plan for a web application hosted on Azure App Service. The application uses Azure SQL Database. The company wants to minimize downtime during a regional outage. Which approach should you recommend?

A.Deploy App Service in a single region with Azure Backup for the app and database.
B.Deploy App Service in two regions with Azure Front Door for global load balancing and Azure SQL Database active geo-replication.
C.Deploy App Service across availability zones in one region and use Azure SQL Database zone-redundant configuration.
D.Deploy App Service in two regions with Azure Traffic Manager and use manual database restore.
AnswerB

Active geo-replication with auto-failover enables fast failover; Front Door routes traffic away from failed region.

Why this answer

Option A is correct because deploying App Service in two regions with Azure Front Door and SQL Database geo-replication provides active-passive failover with minimal downtime. Option B (single region with backup) does not protect against region failure. Option C (manual failover) increases downtime.

Option D (availability zones) protects only within a region.

56
MCQeasy

A company wants to protect its Azure Files shares from accidental deletion or ransomware. They need to be able to recover files from up to 30 days ago. What solution should they implement?

A.Sync the Azure Files share to an on-premises server using Azure File Sync
B.Use Azure Backup for Azure Files with a 30-day retention policy
C.Configure geo-redundant storage (GRS) for the storage account
D.Enable soft delete for Azure Files shares and configure share snapshots
AnswerD

Soft delete retains deleted files for up to 30 days, and snapshots provide point-in-time recovery.

Why this answer

Option A is correct because Azure Files supports soft delete and file share snapshots (which are part of backup). Soft delete retains deleted files for up to 30 days by default. Option B is wrong because Azure Backup for Azure Files provides backup but not necessarily the 30-day recovery point needed.

Option C is wrong because Azure File Sync syncs files but does not provide point-in-time recovery. Option D is wrong because Azure Storage replication options (LRS/GRS) do not protect against accidental deletion at the file level.

57
Multi-Selecthard

A company runs a critical application on Azure VMs. They need a backup strategy that meets the following requirements: - Daily backups retained for 35 days - Weekly backups retained for 12 weeks - Monthly backups retained for 36 months - Yearly backups retained for 10 years - Backups must be stored in a geo-redundant storage account Which THREE items must be configured? (Choose three.)

Select 3 answers
A.A simple daily backup policy
B.A backup policy with GFS retention
C.Geo-redundant storage (GRS) for the vault
D.A Recovery Services vault in the paired region
E.A Recovery Services vault in the same region as the VMs
AnswersB, C, E

GFS policy can retain daily, weekly, monthly, yearly.

Why this answer

Options A, C, and E are correct. A GFS backup policy is required to specify different retention rules for daily, weekly, monthly, and yearly backups. A Recovery Services vault in the same region as the VMs is needed.

Geo-redundant storage (GRS) is required. Option B is wrong because the vault must be in the same region as the VMs, not the paired region. Option D is wrong because a backup policy is needed, not just a vault.

58
MCQmedium

A company runs SQL Server on an Azure virtual machine. They need to automate database backups with application-consistency and retain backups for 10 years to meet compliance. They also want to restore to any point in time within the last 35 days. Which Azure Backup solution should they use?

A.Azure Backup for SQL Server in Azure VM
B.Azure Backup for Azure VM
C.Azure Site Recovery
D.SQL Server Always On Availability Groups
AnswerA

Correct. This solution provides application-consistent backups, long-term retention, and point-in-time restore.

Why this answer

Azure Backup for SQL Server in Azure VM (Option A) is correct because it provides native application-consistent backups for SQL Server databases running on Azure VMs, supports long-term retention (LTR) up to 10 years using the backup vault's retention rules, and enables point-in-time restore (PITR) for the last 35 days by leveraging SQL Server transaction log backups. This solution is specifically designed for SQL Server workloads and meets both compliance and recovery requirements without additional infrastructure.

Exam trap

The trap here is that candidates often confuse Azure Backup for Azure VM (which provides crash-consistent backups) with Azure Backup for SQL Server in Azure VM (which provides application-consistent backups with PITR), leading them to choose Option B for simplicity, but only Option A meets the specific SQL Server backup and compliance requirements.

How to eliminate wrong answers

Option B is wrong because Azure Backup for Azure VM captures only VM-level snapshots (crash-consistent or file-system-consistent), not application-consistent SQL Server backups, and cannot perform SQL-specific point-in-time restores or retain transaction logs for PITR within 35 days. Option C is wrong because Azure Site Recovery is a disaster recovery (DR) solution focused on replication and failover for business continuity, not a backup service; it does not support long-term retention for 10 years or granular point-in-time restore for SQL databases. Option D is wrong because SQL Server Always On Availability Groups is a high-availability and disaster recovery feature that provides synchronous or asynchronous replication, not a backup solution; it does not automate backups, retain backups for 10 years, or offer point-in-time restore capabilities.

59
MCQmedium

A company runs a critical application on Azure VMs in a single region. They need to ensure the application can failover to another region with minimal data loss and a recovery time objective (RTO) of 1 hour. The application uses managed disks and SQL Server Always On availability groups. What is the MOST cost-effective solution that meets the requirements?

A.Use Azure geo-redundant storage (GRS) for the managed disks and restore the VMs in the secondary region
B.Use Azure Site Recovery to replicate VMs to a secondary region with a recovery plan
C.Use Azure availability zones to protect against regional failures
D.Deploy SQL Server Always On availability groups across two regions
AnswerB

Azure Site Recovery provides orchestrated failover with low RTO and RPO, meeting the requirements cost-effectively.

Why this answer

Option D is correct because Azure Site Recovery replicates VMs to a secondary region with near-synchronous replication (RPO of a few seconds) and provides orchestrated failover with RTO of minutes. It is more cost-effective than full active-passive setup. Option A is wrong because SQL Server Always On requires a secondary instance in the other region, which is more expensive and adds complexity beyond the VM recovery.

Option B is wrong because geo-redundant storage (GRS) only provides storage-level replication, not full VM recovery. Option C is wrong because availability zones protect within a region, not cross-region.

60
MCQhard

You are designing a business continuity plan for a global e-commerce platform that runs on Azure Kubernetes Service (AKS) in the West US region. The platform uses Azure SQL Database for transactional data and Azure Cache for Redis for session state. The Recovery Time Objective (RTO) for the entire platform is 10 minutes, and the Recovery Point Objective (RPO) is 5 minutes. Which combination of technologies would meet these requirements with the least operational overhead?

A.Back up AKS cluster state and Azure SQL Database using Azure Backup; restore in a secondary region during failover.
B.Deploy AKS clusters in two regions with Azure Front Door; configure Azure SQL Database active geo-replication; enable Azure Cache for Redis geo-replication.
C.Use Azure Site Recovery to replicate the AKS cluster and Azure SQL Database to a secondary region; use Azure Redis Cache with data persistence.
D.Migrate the database to Azure Cosmos DB for multi-region writes; use Traffic Manager for AKS failover.
AnswerB

Azure Front Door provides automatic failover; active geo-replication for SQL Database offers RPO of 5 seconds; Redis geo-replication offers RPO of minutes. This meets RTO and RPO with minimal overhead.

Why this answer

Option A is correct because AKS with Azure Front Door provides global load balancing and can redirect traffic to a secondary region; Azure SQL Database active geo-replication meets the RPO of 5 seconds (less than 5 minutes) and RTO of seconds; Azure Cache for Redis geo-replication meets the RPO and RTO for session state. Option B is wrong because Azure Site Recovery for AKS adds complexity and does not replicate Azure SQL Database or Redis natively. Option C is wrong because Azure Backup for AKS and Azure SQL Database has RPO of hours.

Option D is wrong because Cosmos DB is not the current database service, and it would require application changes.

61
MCQmedium

A company runs a critical line-of-business application on 10 Azure VMs. They need a disaster recovery solution that replicates the VMs to a secondary region with a recovery point objective (RPO) of 30 minutes and a recovery time objective (RTO) of 1 hour. The solution must support non-disruptive testing of failover for quarterly compliance drills. Which Azure service should they use?

A.Azure Backup
B.Azure Site Recovery
C.Azure Migrate
D.Manual VM replication to secondary region
AnswerB

Azure Site Recovery provides continuous replication, orchestrated failover, and supports test failovers for non-disruptive DR drills, meeting the RPO of 30 minutes and RTO of 1 hour.

Why this answer

Azure Site Recovery (ASR) orchestrates replication, failover, and failback of Azure VMs to a secondary region, meeting the RPO of 30 minutes (continuous replication with 30-second RPO) and RTO of 1 hour (orchestrated recovery). It supports non-disruptive test failovers via isolated networks, which is essential for quarterly compliance drills without impacting production.

Exam trap

The trap here is that candidates confuse Azure Backup (which is for backup/restore with longer RPO) with Azure Site Recovery (which is for replication and orchestrated failover), overlooking that the question explicitly requires non-disruptive test failovers and strict RPO/RTO, which only ASR can provide.

How to eliminate wrong answers

Option A is wrong because Azure Backup provides crash-consistent or application-consistent snapshots with a minimum RPO of 1 hour (via backup policy) and does not support orchestrated failover or non-disruptive test failovers; it is designed for long-term retention and restore, not disaster recovery with strict RTO/RPO. Option C is wrong because Azure Migrate is a tool for discovery, assessment, and migration of workloads to Azure, not for ongoing replication or disaster recovery; it lacks the continuous replication and failover orchestration required. Option D is wrong because manual VM replication to a secondary region (e.g., copying VHDs or using custom scripts) cannot guarantee a 30-minute RPO or 1-hour RTO due to manual intervention, lacks automated orchestration, and does not support non-disruptive test failovers without complex custom networking.

62
MCQeasy

A company wants to back up their Azure VMs (running Windows and Linux) to a Recovery Services vault. The backup data must be encrypted at rest using customer-managed keys. They also need to retain monthly backups for 5 years for compliance. Which configuration should they use?

A.A
B.B
C.C
D.D
AnswerA

Azure Backup supports customer-managed keys for encrypting backup data. Configure the Recovery Services vault with a customer-managed key from Key Vault and create a backup policy that includes daily and monthly retention points.

Why this answer

Option A is correct because Azure Backup supports encryption at rest using customer-managed keys (CMK) via Azure Disk Encryption or Azure Disk Encryption Set (DES) with a key vault. For long-term retention, the backup policy can be configured to retain monthly recovery points for up to 5 years, meeting compliance requirements. The Recovery Services vault stores encrypted backup data, and CMK ensures the customer controls the encryption keys.

Exam trap

The trap here is that candidates often confuse Azure Backup with Azure Site Recovery or assume that platform-managed encryption (SSE) satisfies customer-managed key requirements, but only CMK via a key vault meets the compliance need for customer-controlled encryption keys.

How to eliminate wrong answers

Option B is wrong because it suggests using Azure Backup with Azure Site Recovery, which is for disaster recovery, not backup retention; Site Recovery does not support monthly retention for 5 years. Option C is wrong because it proposes using Azure Backup with Azure Storage Service Encryption (SSE) using platform-managed keys, which does not meet the customer-managed key requirement. Option D is wrong because it recommends using Azure Backup with Azure Disk Encryption (ADE) but without specifying a key vault for CMK, which is required for customer-managed keys; ADE alone uses Azure-managed keys unless a key vault is explicitly configured.

63
MCQmedium

Your organization has a critical application deployed on Azure VMs in the West US region. The application uses a Standard_D8s_v3 VM with two data disks (512 GB each) and a separate log disk (256 GB). The application writes data continuously to the data disks and logs. The business continuity requirements are: RPO of 15 minutes, RTO of 2 hours, and the ability to recover to a specific point in time within the last 7 days. You need to design a disaster recovery solution that replicates the VMs and disks to the East US region. The solution must also support failback to West US after a disaster. What should you do?

A.Use Azure Site Recovery to replicate the VMs to East US with a recovery plan that includes the VM and disks, and configure failback using reprotection
B.Use Azure Migrate to migrate the VMs to East US and then set up replication back to West US
C.Configure Azure Backup for the VMs with a backup policy that has a 15-minute frequency and replicate backups to the East US region using geo-redundant storage
D.Use Azure Storage geo-redundant storage (GRS) for the managed disks and manually attach the disks to a new VM in East US during a disaster
AnswerA

Azure Site Recovery meets RPO and RTO requirements and supports failback.

Why this answer

Option C is correct because Azure Site Recovery can replicate Azure VMs to a secondary region with continuous replication meeting RPO of 15 minutes. It supports failback by reprotecting and failing back. Option A is wrong because Azure Backup has RPO of 1 hour for Azure VMs and does not support failback.

Option B is wrong because geo-redundant storage (GRS) for managed disks does not provide VM replication or failback. Option D is wrong because Azure Migrate is for migration, not disaster recovery.

64
MCQeasy

A company runs an Azure SQL Database with active geo-replication configured to a secondary region. The primary region experiences a complete outage. The company needs to promote the secondary database to become the new primary with minimal data loss. Which action should they take?

A.Forced failover
B.Planned failover
C.Enable geo-replication
D.Failover
AnswerA

Correct. Forced failover transitions the secondary to primary, acknowledging possible data loss.

Why this answer

Forced failover is the correct action because it immediately promotes the secondary database to primary without waiting for synchronization, which is necessary during a complete primary region outage. This option minimizes data loss by accepting any unsynchronized data at the secondary, prioritizing availability over consistency. In contrast, planned failover requires synchronous data transfer and fails if the primary is unreachable.

Exam trap

The trap here is that candidates confuse 'Failover' (which in Azure SQL Database can mean either planned or forced depending on context) with the specific 'Forced failover' action required during a disaster, leading them to select the ambiguous 'Failover' option instead.

How to eliminate wrong answers

Option B (Planned failover) is wrong because it requires the primary database to be online and fully synchronized before promoting the secondary, which is impossible during a complete outage. Option C (Enable geo-replication) is wrong because geo-replication is already configured per the scenario; re-enabling it would not promote the secondary. Option D (Failover) is wrong because 'Failover' in Azure SQL Database context typically refers to a planned failover (with no data loss) or an unplanned failover (forced), but the generic term is ambiguous; the specific action needed here is 'Forced failover' to handle the outage with minimal data loss.

65
MCQmedium

A company runs a production Azure SQL Database. They need a business continuity solution that allows point-in-time restore to any time within the last 7 days and provides geo-failover capability with RTO of 1 hour. What is the MOST COST-EFFECTIVE option?

A.Use Azure SQL Database long-term retention (LTR) for backups
B.Deploy a zone-redundant Azure SQL Database
C.Configure active geo-replication with a readable secondary in another region
D.Deploy auto-failover groups with a secondary in another region
AnswerC

Active geo-replication provides geo-failover and point-in-time restore at lower cost.

Why this answer

Option B is correct because Active Geo-Replication provides geo-failover with RTO of 1 hour and supports point-in-time restore. It is more cost-effective than Auto-failover groups for a single database. Option A is wrong because auto-failover groups are designed for multiple databases and have higher cost due to additional listener.

Option C is wrong because long-term retention is for backups, not failover. Option D is wrong because zone-redundant databases protect within a region, not cross-region.

66
MCQmedium

Your company runs a mission-critical application on Azure VMs. You need to design a cross-region disaster recovery solution that meets a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 5 minutes. The solution must minimize costs. What should you recommend?

A.Use Azure SQL Database active geo-replication with a failover group.
B.Use Azure Storage with read-access geo-redundant storage (RA-GRS) and Azure Traffic Manager.
C.Use Azure Backup with geo-redundant storage.
D.Use Azure Site Recovery with replication frequency set to 30 seconds.
AnswerD

Azure Site Recovery supports replication frequencies as low as 30 seconds, enabling an RPO of 5 minutes and an RTO of 15 minutes.

Why this answer

Azure Site Recovery with replication frequency set to 30 seconds meets the RPO of 5 minutes and can achieve an RTO of 15 minutes with proper planning. Option A is incorrect because Azure Backup has a minimum RPO of 15 minutes for VMs. Option B is incorrect because Read-access geo-redundant storage does not provide automated failover for compute.

Option D is incorrect because active geo-replication is for databases, not VMs.

67
MCQeasy

A company uses Azure Backup to protect on-premises Windows servers and Azure VMs. They need to restore a file from a backup of an Azure VM that was deleted three months ago. The backup policy retains daily backups for 30 days and weekly backups for 12 months. What is the CORRECT way to restore the file?

A.Azure Backup does not support file-level restore for Azure VMs; restore the entire disk
B.Restore the entire VM from a weekly recovery point and then copy the file
C.Use the 'Restore to a new VM' option and select the file during the restore process
D.Use the file-level recovery option to mount the recovery point as a drive and copy the file
AnswerD

Azure Backup provides file-level restore for Azure VMs by mounting the backup as a drive.

Why this answer

Option C is correct because Azure Backup allows file-level recovery from Azure VM backups. You can mount the recovery point as a drive and copy the file. Option A is wrong because you cannot restore a file from a backup of a deleted VM by restoring the entire VM; that would be overkill and may not be possible if the VM is deleted.

Option B is wrong because Azure Backup does not directly support restoring to a different VM without first restoring the disk. Option D is wrong because file-level restore is supported for Azure VMs.

68
MCQhard

Your company runs a mission-critical application on Azure Virtual Machines that requires a Recovery Time Objective (RTO) of 5 minutes and a Recovery Point Objective (RPO) of 1 minute. The application uses a single VM with a managed disk. You need to design a disaster recovery solution that meets these requirements with minimal cost. What should you recommend?

A.Configure Azure Backup for the VM with a 1-minute backup frequency.
B.Store the managed disk in geo-redundant storage and use Azure Resource Manager templates to redeploy.
C.Use Azure Site Recovery to replicate the VM to a secondary region with a recovery plan.
D.Deploy a second VM in a secondary region and use continuous replication with Azure Migrate.
AnswerC

Azure Site Recovery for Azure VMs can achieve an RPO as low as 5 seconds and an RTO of minutes, meeting the requirements cost-effectively.

Why this answer

Option C is correct because Azure Site Recovery can replicate Azure VMs with a disk-level RPO of 5 seconds and RTO of minutes, meeting the requirements. Option A is wrong because Azure Backup has a minimum RPO of 1 hour for VMs. Option B is wrong because read-access geo-redundant storage does not replicate the VM configuration.

Option D is wrong because a secondary VM with replication would be more expensive than Azure Site Recovery's pay-as-you-go model.

69
MCQmedium

A company runs SQL Server on Azure VMs using SQL Server Standard Edition. They need a disaster recovery solution that replicates the database to a secondary Azure region with a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 2 hours. They cannot use Always On Availability Groups due to licensing constraints. They also need to perform non-disruptive disaster recovery drills. Which Azure service should they implement?

A.Azure Backup for SQL Server
B.Azure Site Recovery
C.SQL Server Log Shipping to an Azure VM
D.Geo-replication for Azure SQL Database
AnswerB

ASR replicates VMs continuously and provides app-consistent recovery points. It supports test failover for non-disruptive drills and can achieve an RPO of 15 minutes and RTO of 2 hours.

Why this answer

Azure Site Recovery (ASR) replicates entire SQL Server VMs (including their databases) to a secondary Azure region, supporting RPOs as low as 30 seconds and RTOs of 2 hours or less. It allows non-disruptive disaster recovery drills by performing test failovers in an isolated network without affecting the production environment. This solution avoids the licensing constraints of Always On Availability Groups and works with SQL Server Standard Edition.

Exam trap

The trap here is that candidates often confuse Azure Site Recovery (VM-level replication) with Azure Backup (file/volume-level backup) or assume that log shipping can meet the drill requirement, but ASR is the only option that provides automated, non-disruptive test failovers for IaaS SQL Server VMs.

How to eliminate wrong answers

Option A is wrong because Azure Backup for SQL Server is designed for long-term retention and point-in-time restore, not for continuous replication to a secondary region with a 15-minute RPO or for performing non-disruptive DR drills. Option C is wrong because SQL Server Log Shipping to an Azure VM requires manual failover and does not support automated, non-disruptive DR drills; it also has higher RTO and RPO variability compared to ASR. Option D is wrong because Geo-replication for Azure SQL Database applies only to Azure SQL Database (PaaS), not to SQL Server running on Azure VMs (IaaS).

70
MCQhard

Refer to the exhibit. This ARM template configures backup for an Azure App Service web app. The backup is scheduled daily. What is the primary limitation of this backup strategy in meeting a disaster recovery RPO of 4 hours?

A.The backup storage account is in the same region as the web app
B.The backup frequency is 1 day, resulting in an RPO of up to 24 hours
C.The retention period of 30 days is too short
D.The backup does not include the web app configuration
AnswerB

Daily backup cannot meet 4-hour RPO.

Why this answer

Option B is correct because the backup schedule is daily, leading to an RPO of up to 24 hours, which exceeds the 4-hour requirement. Option A is wrong because storage account location does not affect RPO. Option C is wrong because retention period does not affect RPO.

Option D is wrong because the backup includes the app content, but the frequency is the issue.

71
MCQhard

Refer to the exhibit. You are testing a disaster recovery plan for three Azure VMs. The recovery plan in the exhibit is failing during a test failover. VM3 fails to start after failover. What is the most likely cause?

A.VM3 is not replicated properly.
B.The boot order is incorrect; VM3 should be before VM1.
C.VM3 is in a Shutdown group, which means it is not started during failover.
D.The primary and recovery locations are swapped.
AnswerC

Shutdown group is used for graceful shutdown, not startup.

Why this answer

Option C (Shutdown group) is correct because VM3 is in a Shutdown group, which means it is not started during failover. Option A (replication) is not indicated. Option B (boot order) not shown.

Option D (recovery location) is valid.

72
MCQmedium

A company runs a critical application on an Azure virtual machine in the West US region. They want to enable disaster recovery to East US with the ability to perform non-disruptive DR drills. They need an RPO of a few minutes. Which Azure service should they use?

A.Azure Site Recovery
B.Azure Backup
C.Azure Traffic Manager
D.Azure Blueprints
AnswerA

Azure Site Recovery replicates VMs continuously and allows you to run test failovers in isolation for DR drills.

Why this answer

Azure Site Recovery (ASR) is the correct service because it provides continuous replication of Azure VMs from a primary region (West US) to a secondary region (East US) with a Recovery Point Objective (RPO) of a few minutes. It also supports non-disruptive disaster recovery drills by allowing you to perform test failovers in an isolated network without impacting the production workload.

Exam trap

The trap here is that candidates often confuse Azure Backup (which is for long-term retention) with Azure Site Recovery (which is for replication and failover), leading them to choose Backup for DR scenarios that require low RPO and non-disruptive testing.

How to eliminate wrong answers

Option B (Azure Backup) is wrong because it is designed for long-term backup and retention, not for low-RPO replication or non-disruptive DR drills; its RPO is typically hours or days, not a few minutes. Option C (Azure Traffic Manager) is wrong because it is a DNS-based traffic load balancer for distributing incoming traffic across endpoints, not a replication or failover service for disaster recovery with a specific RPO. Option D (Azure Blueprints) is wrong because it is a governance and compliance tool for defining repeatable Azure resource templates, not a disaster recovery or replication service.

73
Multi-Selecteasy

Which TWO of the following are valid options to achieve high availability for Azure SQL Database? (Choose two.)

Select 2 answers
A.Deploy a single database with locally redundant storage (LRS)
B.Deploy a zone-redundant Azure SQL Database
C.Configure manual failover to a secondary replica in the same region
D.Configure SQL Server Always On availability groups
E.Configure active geo-replication to a secondary database in a different region
AnswersB, E

Zone-redundancy provides intra-region HA.

Why this answer

Options B and D are correct. Zone-redundant deployment (B) provides high availability within a region by replicating across availability zones. Active geo-replication (D) provides cross-region high availability and disaster recovery.

Option A is wrong because a single database with locally redundant storage offers no high availability. Option C is wrong because Azure SQL Database does not support manual failover to a replica without geo-replication. Option E is wrong because always on availability groups are for SQL Server on VMs, not Azure SQL Database.

74
MCQeasy

A company runs a critical web application on Azure VMs that uses Azure SQL Database. They need a disaster recovery solution that provides automatic failover to a secondary region with an RPO of 5 seconds and an RTO of 1 minute. The secondary region must also be able to serve read-only queries for reporting purposes. Which Azure SQL Database feature should they use?

A.Azure SQL Database with active geo-replication and an auto-failover group
B.Azure SQL Database with geo-restore
C.Azure SQL Database with a standby replica
D.Azure SQL Database with cross-region failover
AnswerA

This enables automatic failover with low RPO/RTO and allows the secondary to be used for read-only queries.

Why this answer

Active geo-replication with an auto-failover group is the correct choice because it provides automatic, asynchronous replication of data to a secondary region with an RPO of 5 seconds (typically under 5 seconds) and an RTO of 1 minute when the failover group is configured with a grace period. Additionally, the secondary replica can be used for read-only queries by connecting with ApplicationIntent=ReadOnly, meeting the reporting requirement.

Exam trap

The trap here is that candidates confuse 'geo-restore' (manual, backup-based) with 'active geo-replication' (continuous replication) or assume a 'standby replica' works across regions, when it is actually a single-region high-availability feature.

How to eliminate wrong answers

Option B is wrong because geo-restore is a manual, point-in-time recovery from geo-replicated backups, which has an RPO of 1 hour (backup frequency) and an RTO of hours, not meeting the 5-second RPO or 1-minute RTO. Option C is wrong because a standby replica (e.g., zone-redundant or local standby) is a high-availability feature within a single region, not a cross-region disaster recovery solution. Option D is wrong because 'cross-region failover' is not a specific Azure SQL Database feature; it is a generic term that could refer to active geo-replication or geo-restore, but without the auto-failover group, it does not guarantee automatic failover or the specified RPO/RTO.

75
MCQeasy

A company uses Azure Backup to protect on-premises Windows servers. The backup data is stored in a Recovery Services vault. They want to ensure that backup data is protected even if the entire Azure region fails. What should they configure?

A.Configure backup replication across two Recovery Services vaults in different regions.
B.Enable geo-redundant storage (GRS) for the Recovery Services vault.
C.Use zone-redundant storage (ZRS) for the Recovery Services vault.
D.Enable Cross-region restore (CRR) for the Recovery Services vault.
AnswerD

Cross-region restore allows restoring backup data in a paired region during a regional outage.

Why this answer

Cross-region restore (CRR) enables restoring backup data in a paired region if the primary region fails. Option A is incorrect because GRS is the storage redundancy, but CRR is the feature that enables restore. Option C is incorrect because zone-redundant storage protects only within a region.

Option D is incorrect because replication across vaults is not a built-in feature.

Page 1 of 3 · 201 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Business Continuity Solutions questions.