AZ-500 · topic practice

Troubleshooting practice questions

Practise Microsoft Azure Security Engineer Associate AZ-500 Troubleshooting practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
8 questionsDomain: Troubleshooting

What the exam tests

What to know about Troubleshooting

Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Troubleshooting exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Troubleshooting questions

8 questions · select your answer, then reveal the explanation

A security administrator is troubleshooting network connectivity to an Azure virtual machine. The VM is behind a network security group (NSG) that has a deny-all inbound rule as the default. The administrator wants to quickly verify whether a specific TCP packet on port 3389 from their client IP (203.0.113.50) would be allowed or blocked by the NSG. Which Azure Network Watcher tool should they use?

Question 2mediummultiple choice
Read the full Troubleshooting explanation →

You are troubleshooting a sign-in issue. A user reports that they are repeatedly prompted for authentication when accessing a cloud app, even though they already authenticated earlier in the day. You check the Conditional Access policy and see that 'Session control - Sign-in frequency' is set to 1 hour. What is the most likely cause?

Question 3hardmultiple choice
Read the full NAT/PAT explanation →

You are troubleshooting an Azure virtual machine that cannot access the internet. The VM is in a subnet with a route table that has a default route (0.0.0.0/0) with next hop 'Virtual appliance' pointing to the private IP of an Azure Firewall. The Azure Firewall has a DNAT rule to allow outbound traffic. You verify that the VM's NSG allows outbound traffic. What is the most likely cause of the issue?

You are troubleshooting connectivity between two Azure virtual machines in different VNets that are peered. VM1 (10.0.1.4) cannot reach VM2 (10.0.2.4) on port 80. Both VNets have NSGs allowing HTTP traffic from each other's IP ranges. The VNet peering is in 'Connected' state. You verify that the VMs' operating system firewalls allow HTTP. What is the most likely cause of the connectivity issue?

Question 5hardmultiple choice
Read the full VPN explanation →

You are troubleshooting connectivity from an on-premises network to an Azure VM. The connection uses a site-to-site VPN. The VM can be pinged from on-premises, but an application running on the VM cannot connect to an on-premises database server. The database server's firewall is configured to allow connections from the Azure VPN gateway public IP. What is the most likely cause of the issue?

Question 6hardmultiple choice
Read the full DNS explanation →

You are troubleshooting connectivity issues from an Azure VM to an on-premises server. The VM is in a VNet that uses a custom DNS server. The on-premises network is connected via ExpressRoute. You can ping the on-premises server by IP address but not by name. What is the most likely cause?

You are troubleshooting connectivity between two Azure VMs in the same virtual network. VM1 can ping VM2, but VM1's application cannot connect to VM2's application on port 8080. Both VMs have NSGs that allow inbound traffic on port 8080. What is the most likely cause?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

You have an Azure subscription with multiple VNets connected via VNet peering. You need to audit all network traffic between two specific VNets for compliance. The solution must capture traffic metadata (source/destination IP, ports, protocol) without affecting performance. What should you use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Troubleshooting sessions

Start a Troubleshooting only practice session

Every question in these sessions is drawn from the Troubleshooting domain — nothing else.

Related practice questions

Related AZ-500 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AZ-500 exam test about Troubleshooting?
Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Troubleshooting questions in a focused session?
Yes — the session launcher on this page draws every question from the Troubleshooting domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-500 topics?
Use the topic links above to move to related areas, or go back to the AZ-500 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-500 exam covers. They are not copied from any real exam or dump site.