CCNA Describe Azure architecture and services Questions

34 of 409 questions · Page 6/6 · Describe Azure architecture and services · Answers revealed

376
MCQmedium

Which Azure database service provides a fully managed MariaDB database in the cloud?

A.Azure Database for MySQL
B.Azure Database for MariaDB
C.Azure SQL Database
D.Azure Database for PostgreSQL
AnswerB

Azure Database for MariaDB is the fully managed service for MariaDB workloads.

Why this answer

Azure Database for MariaDB is the correct answer because it is the specific Azure service designed to provide a fully managed, enterprise-ready MariaDB database in the cloud. MariaDB is a community-developed fork of MySQL, and Azure offers a dedicated managed service for it, including built-in high availability, automated backups, and scaling, without requiring you to manage the underlying infrastructure.

Exam trap

The trap here is that candidates often confuse MariaDB with MySQL due to their shared history and wire compatibility, leading them to incorrectly select Azure Database for MySQL instead of the dedicated Azure Database for MariaDB service.

How to eliminate wrong answers

Option A is wrong because Azure Database for MySQL is a separate service for the MySQL database engine, not MariaDB; while MariaDB originated from MySQL, they are distinct products with different codebases and features. Option C is wrong because Azure SQL Database is a fully managed relational database service for Microsoft SQL Server, not for MariaDB. Option D is wrong because Azure Database for PostgreSQL is a managed service for the PostgreSQL database engine, which is a different relational database system entirely.

377
MCQeasy

Which Azure service provides a unified inbox for managing customer support communications across email, chat, phone, and social channels?

A.Azure Service Bus
B.Azure Communication Services
C.Azure Notification Hubs
D.Azure Logic Apps
AnswerB

Azure Communication Services provides APIs for integrating SMS, email, chat, and voice/video into applications.

Why this answer

Azure Communication Services provides a unified inbox for managing customer support communications across email, chat, phone, and social channels. It offers REST APIs and SDKs to integrate multichannel messaging, enabling developers to build omnichannel customer engagement experiences without managing separate backends for each channel.

Exam trap

The trap here is that candidates often confuse Azure Communication Services with Azure Service Bus, assuming both are for messaging, but Service Bus is for application-to-application messaging, not human-facing customer support channels.

How to eliminate wrong answers

Option A is wrong because Azure Service Bus is a fully managed enterprise message broker for decoupling applications and services, not a unified inbox for customer support communications. Option C is wrong because Azure Notification Hubs is a push notification engine for sending mobile push notifications to any platform, not for managing inbound customer support conversations. Option D is wrong because Azure Logic Apps is a low-code workflow automation service for integrating apps and data, not a dedicated service for unifying customer support channels.

378
MCQhard

An e-commerce application needs to handle sudden traffic spikes during flash sales while maintaining consistent performance. Which combination of Azure services BEST addresses this requirement?

A.Azure Load Balancer with manual VM scaling
B.Azure Front Door with autoscaling backend
C.Azure Traffic Manager with static VMs
D.Azure CDN alone
AnswerB

Front Door provides global load balancing and CDN caching to reduce origin load; autoscaling handles backend demand spikes.

Why this answer

Azure Front Door provides global load balancing and traffic acceleration with built-in SSL offload and path-based routing, while its autoscaling backend (e.g., Virtual Machine Scale Sets or App Service) automatically adds or removes instances based on CPU or request metrics. This combination ensures that sudden traffic spikes during flash sales are absorbed without manual intervention, maintaining consistent performance and high availability.

Exam trap

The trap here is that candidates confuse Azure Front Door (global HTTP/S load balancer with autoscaling support) with Azure Traffic Manager (DNS-only router that cannot scale backend resources), leading them to pick Option C.

How to eliminate wrong answers

Option A is wrong because Azure Load Balancer operates at Layer 4 (TCP/UDP) and does not provide autoscaling; manual VM scaling requires human intervention and cannot react quickly to sudden spikes. Option C is wrong because Azure Traffic Manager is a DNS-based traffic router that distributes traffic across endpoints but does not autoscale the backend VMs; static VMs will be overwhelmed by flash sale traffic. Option D is wrong because Azure CDN alone caches static content at edge nodes but cannot handle dynamic e-commerce transactions or scale compute resources; it does not address backend capacity for sudden spikes.

379
MCQmedium

Which Azure service provides real-time analytics on fast-moving streaming data from IoT devices and applications?

A.Azure Data Factory
B.Azure Stream Analytics
C.Azure Synapse Analytics
D.Azure HDInsight
AnswerB

Stream Analytics provides real-time analytics on streaming data from IoT devices and applications using SQL-like queries.

Why this answer

Azure Stream Analytics is a serverless, real-time analytics service designed to process high-velocity streaming data from sources like IoT devices, applications, and sensors. It uses SQL-based query language to analyze data in motion, enabling immediate insights and triggering actions without storing the data first.

Exam trap

The trap here is that candidates confuse Azure Stream Analytics with Azure Synapse Analytics or Azure Data Factory, mistakenly thinking any 'analytics' service can handle real-time streaming, but only Stream Analytics is purpose-built for low-latency, continuous data-in-motion processing.

How to eliminate wrong answers

Option A is wrong because Azure Data Factory is a cloud-based ETL and data integration service for orchestrating and moving data between various stores, not for real-time stream processing. Option C is wrong because Azure Synapse Analytics is a unified analytics platform for large-scale data warehousing and big data analytics, optimized for batch and interactive queries on stored data, not for real-time streaming. Option D is wrong because Azure HDInsight is a managed Hadoop and Spark cluster service for big data processing, but it requires manual setup and is not a dedicated, serverless real-time stream analytics service like Stream Analytics.

380
MCQmedium

Which Azure service analyzes patterns in telemetry data from Azure IoT Hub to detect anomalies and predict when equipment will fail?

A.Azure IoT Central
B.Azure Time Series Insights
C.Azure Digital Twins
D.Azure Sphere
AnswerB

Time Series Insights stores and analyzes IoT time-series data for anomaly detection and predictive maintenance patterns.

Why this answer

Azure Time Series Insights (TSI) is designed to ingest, store, and analyze time-series data from IoT devices, including telemetry from Azure IoT Hub. It provides built-in anomaly detection and pattern recognition capabilities, enabling predictive maintenance by identifying deviations that precede equipment failure.

Exam trap

The trap here is that candidates confuse Azure IoT Central's prebuilt dashboards and rules with the deep time-series analytics and anomaly detection capabilities that are exclusive to Azure Time Series Insights.

How to eliminate wrong answers

Option A is wrong because Azure IoT Central is a fully managed IoT application platform that simplifies device management and dashboards, but it does not include native time-series analytics or anomaly detection for failure prediction. Option C is wrong because Azure Digital Twins creates digital models of physical environments and relationships, but it focuses on spatial intelligence and simulation, not on analyzing telemetry patterns for anomaly detection. Option D is wrong because Azure Sphere is a secured microcontroller platform with built-in security for IoT devices, not a service for telemetry analysis or failure prediction.

381
MCQmedium

A company has three Azure subscriptions: one for the engineering department, one for marketing, and one for finance. The central IT team needs to apply a common set of Azure Policy definitions (e.g., allowed locations for resources) that must be enforced across all three subscriptions. Additionally, each department manager must be able to apply custom policies that only affect their own subscription. The IT team wants to organize the subscriptions into a hierarchy where they can assign the common policy at the top level and delegate custom policy assignment at the subscription level. Which Azure feature should the IT team use to create this hierarchical structure?

A.Management groups
B.Resource groups
C.Azure Policy
D.Azure role-based access control (RBAC)
AnswerA

Correct. Management groups allow you to organize Azure subscriptions into a hierarchy for central policy and compliance management. Policies assigned at a management group are inherited by all subscriptions and resource groups under that group.

Why this answer

Management groups allow you to create a hierarchical structure of Azure subscriptions, enabling you to assign common Azure Policy definitions (like allowed locations) at a top-level management group that applies to all child subscriptions. Each department subscription can then have its own custom policy assignments, as management groups support inheritance and delegation of policy assignments across the hierarchy.

Exam trap

The trap here is that candidates confuse Azure Policy (the rule engine) with the hierarchical scope mechanism (management groups) needed to organize subscriptions and enforce policies across them.

How to eliminate wrong answers

Option B is wrong because resource groups are logical containers for resources within a single subscription and cannot span multiple subscriptions or create a hierarchy for policy inheritance. Option C is wrong because Azure Policy is the service used to define and enforce rules, but it does not provide the hierarchical subscription organization needed; it relies on management groups or subscriptions as scope. Option D is wrong because Azure RBAC manages access control (who can do what) and does not create a hierarchy for policy assignment or inheritance.

382
MCQhard

Which Azure compute option is best for running a batch processing job that can be interrupted and resumed without data loss, at the lowest possible cost?

A.Azure Reserved VM Instances
B.Azure Spot Virtual Machines
C.Azure Dedicated Host
D.Standard Pay-as-you-Go VMs
AnswerB

Spot VMs use unused Azure capacity at up to 90% discount, ideal for interruptible batch jobs.

Why this answer

Azure Spot Virtual Machines are designed for interruptible workloads, such as batch processing jobs, because they use unused Azure capacity at a significant discount (up to 90% compared to pay-as-you-go). When Azure needs the capacity back, these VMs can be evicted with a 30-second notice, but the job can be resumed without data loss if the application is designed to handle interruptions (e.g., using checkpointing or saving state to persistent storage). This makes Spot VMs the most cost-effective option for fault-tolerant, interruptible batch processing.

Exam trap

The trap here is that candidates often confuse Azure Spot VMs with Reserved Instances or Dedicated Hosts, mistakenly thinking that any discounted option (like Reserved Instances) is best for cost savings, but they fail to recognize that only Spot VMs are designed for interruptible workloads and provide the lowest cost for batch jobs that can tolerate eviction.

How to eliminate wrong answers

Option A is wrong because Azure Reserved VM Instances require a 1- or 3-year commitment and are designed for predictable, steady-state workloads, not interruptible batch jobs; they do not offer the low cost of Spot VMs for evictable scenarios. Option C is wrong because Azure Dedicated Host provides physical servers dedicated to a single customer, which is expensive and intended for compliance or licensing needs, not for cost-optimized interruptible batch processing. Option D is wrong because Standard Pay-as-you-Go VMs charge a fixed per-hour rate regardless of usage and do not provide the deep discount or eviction mechanism that Spot VMs offer for interruptible workloads.

383
MCQmedium

Which Azure compute option is BEST for a batch processing job that can tolerate interruptions and needs the lowest possible compute cost?

A.Azure Reserved VM Instances
B.Azure Spot VMs
C.Azure Dedicated Host
D.Azure Functions Consumption Plan
AnswerB

Spot VMs offer up to 90% discount by using spare Azure capacity — ideal for fault-tolerant batch jobs that can handle eviction.

Why this answer

Azure Spot VMs are designed for interruptible workloads like batch processing jobs that can tolerate preemption. They offer the lowest compute cost by leveraging unused Azure capacity, with discounts of up to 90% compared to pay-as-you-go pricing, making them the optimal choice for cost-sensitive, fault-tolerant tasks.

Exam trap

The trap here is that candidates often confuse Azure Spot VMs with Azure Reserved Instances, assuming reserved pricing is always the cheapest, but they fail to recognize that Spot VMs offer even lower costs for workloads that can handle interruptions, which is the key differentiator in this scenario.

How to eliminate wrong answers

Option A is wrong because Azure Reserved VM Instances require a 1- or 3-year commitment and provide cost savings for predictable, always-on workloads, not for interruptible batch jobs seeking the absolute lowest cost. Option C is wrong because Azure Dedicated Host provides physical servers dedicated to a single customer for compliance or licensing needs, which is the most expensive compute option and offers no cost benefit for interruptible workloads. Option D is wrong because Azure Functions Consumption Plan is a serverless, event-driven compute service that charges per execution and is not designed for long-running batch processing jobs; it lacks the cost efficiency of Spot VMs for sustained, interruptible batch workloads.

384
MCQmedium

Which Azure service provides enterprise-grade, distributed message queuing with features like guaranteed delivery and FIFO ordering?

A.Azure Queue Storage
B.Azure Service Bus queues
C.Azure Event Hubs
D.Azure Event Grid
AnswerB

Service Bus provides enterprise-grade queuing with guaranteed delivery, FIFO via sessions, dead-lettering, and more.

Why this answer

Azure Service Bus queues are the correct choice because they are designed for enterprise-grade messaging with support for guaranteed delivery (at-least-once or exactly-once semantics) and strict FIFO ordering through sessions. Unlike simpler queue services, Service Bus provides advanced features like dead-lettering, message deferral, and transactional support, making it suitable for mission-critical application integration.

Exam trap

The trap here is that candidates often confuse Azure Queue Storage's simple, scalable queue with Service Bus's enterprise-grade queuing, overlooking the specific requirement for FIFO ordering and guaranteed delivery that only Service Bus provides.

How to eliminate wrong answers

Option A is wrong because Azure Queue Storage is a simple, cost-effective queue for large volumes of messages but does not support FIFO ordering or guaranteed delivery with the same reliability; it offers at-least-once delivery but no ordering guarantees. Option C is wrong because Azure Event Hubs is a big data streaming platform and event ingestion service optimized for high-throughput telemetry, not for message queuing with FIFO ordering or transactional delivery. Option D is wrong because Azure Event Grid is a serverless event routing service that uses a publish-subscribe model with automatic retries but does not provide FIFO ordering or message queuing semantics like peek-lock or sessions.

385
MCQmedium

Which Azure service provides an enterprise messaging service with advanced features like topics, subscriptions, and dead-letter queues?

A.Azure Queue Storage
B.Azure Event Grid
C.Azure Service Bus
D.Azure Event Hubs
AnswerC

Service Bus provides enterprise messaging with topics, subscriptions, dead-letter queues, and FIFO guarantees.

Why this answer

Azure Service Bus is a fully managed enterprise message broker that supports advanced messaging patterns including topics (publish/subscribe), subscriptions (filtered message delivery), and dead-letter queues (for handling undeliverable messages). It is designed for reliable, ordered message delivery with features like sessions, transactions, and duplicate detection, making it the correct choice for this question.

Exam trap

The trap here is that candidates confuse Azure Service Bus with Azure Queue Storage because both offer queue-like functionality, but only Service Bus provides the advanced enterprise features (topics, subscriptions, dead-letter queues) explicitly mentioned in the question.

How to eliminate wrong answers

Option A is wrong because Azure Queue Storage is a simple, cost-effective message queue service that does not support topics, subscriptions, or dead-letter queues; it offers basic FIFO (best-effort) ordering and no pub/sub capabilities. Option B is wrong because Azure Event Grid is a serverless event routing service that uses event subscriptions and filters, but it does not provide message queues, topics, or dead-letter queues; it is designed for reactive event-driven architectures, not persistent messaging. Option D is wrong because Azure Event Hubs is a big data streaming platform and event ingestion service optimized for high-throughput telemetry and log data; it does not support topics, subscriptions, or dead-letter queues, and it lacks the broker-style features like sessions and transactions.

386
MCQeasy

Which Azure service enables you to synchronize your on-premises Active Directory with Azure Active Directory?

A.Azure AD Domain Services
B.Azure AD B2C
C.Azure AD Connect
D.Azure Multi-Factor Authentication
AnswerC

Azure AD Connect synchronizes on-premises Active Directory identities to Azure AD for hybrid identity.

Why this answer

Azure AD Connect is the correct service because it is specifically designed to synchronize on-premises Active Directory identities with Azure Active Directory, enabling hybrid identity scenarios. It handles password hash synchronization, pass-through authentication, and federation integration, ensuring users have a single identity for both on-premises and cloud resources.

Exam trap

The trap here is that candidates often confuse Azure AD Connect (synchronization tool) with Azure AD Domain Services (managed domain services), as both involve Active Directory, but they serve entirely different purposes.

How to eliminate wrong answers

Option A is wrong because Azure AD Domain Services provides managed domain services like group policy and domain join for Azure VMs, not synchronization of on-premises AD with Azure AD. Option B is wrong because Azure AD B2C is a customer identity and access management service for external users (e.g., social logins), not for synchronizing enterprise on-premises directories. Option D is wrong because Azure Multi-Factor Authentication is a security feature that adds an extra layer of authentication, not a directory synchronization tool.

387
MCQmedium

Which Azure service replicates on-premises virtual machines and physical servers to Azure for disaster recovery?

A.Azure Backup
B.Azure Site Recovery
C.Azure Migrate
D.Azure Archive Storage
AnswerB

Site Recovery continuously replicates on-premises VMs to Azure for disaster recovery with automated failover.

Why this answer

Azure Site Recovery (ASR) is the correct service because it is specifically designed for disaster recovery (DR) by orchestrating replication, failover, and failback of on-premises virtual machines and physical servers to Azure. It uses continuous replication to maintain data consistency and supports planned/unplanned failover, ensuring business continuity during outages.

Exam trap

The trap here is that candidates confuse Azure Backup (point-in-time backups) with Azure Site Recovery (continuous replication and failover), as both involve data protection but serve fundamentally different purposes in the Azure resilience portfolio.

How to eliminate wrong answers

Option A is wrong because Azure Backup is a backup service that creates point-in-time recovery copies of data, not a disaster recovery solution that replicates entire workloads for failover. Option C is wrong because Azure Migrate is a tool for assessing and migrating on-premises servers to Azure, not for ongoing replication and failover in a DR scenario. Option D is wrong because Azure Archive Storage is a low-cost storage tier for rarely accessed data, not a replication or recovery service for virtual machines or physical servers.

388
MCQmedium

Which Azure service enables you to securely connect remote users to Azure and on-premises resources using an SSL-based VPN?

A.Azure ExpressRoute
B.Azure Bastion
C.Azure VPN Gateway
D.Azure Application Gateway
AnswerC

VPN Gateway provides encrypted IPsec/SSL VPN connections for site-to-site and point-to-site connectivity.

Why this answer

Azure VPN Gateway supports site-to-site, point-to-site, and VNet-to-VNet connections. Point-to-site (P2S) VPN uses SSTP (Secure Socket Tunneling Protocol) or IKEv2 VPN, and when configured with SSTP, it provides an SSL-based VPN tunnel (TCP port 443) that allows remote users to securely connect to Azure and on-premises resources through the gateway.

Exam trap

The trap here is that candidates often confuse Azure VPN Gateway (which does support SSL-based P2S VPN) with Azure Application Gateway (a Layer 7 load balancer) or Azure Bastion (a secure RDP/SSH jump server), mistakenly thinking those services provide VPN connectivity.

How to eliminate wrong answers

Option A is wrong because Azure ExpressRoute provides a dedicated, private, high-bandwidth connection from on-premises to Azure using MPLS or similar Layer 2/3 technologies, not an SSL-based VPN. Option B is wrong because Azure Bastion is a fully managed PaaS service that provides secure RDP/SSH connectivity to virtual machines directly in the Azure portal over TLS, but it does not function as a VPN gateway for remote user connectivity to Azure or on-premises resources. Option D is wrong because Azure Application Gateway is a Layer 7 load balancer and web application firewall (WAF) that routes HTTP/HTTPS traffic, not a VPN service for remote user connectivity.

389
MCQeasy

Which Azure service provides a globally distributed, multi-model database service with single-digit millisecond read latency?

A.Azure SQL Database
B.Azure Database for MySQL
C.Azure Cosmos DB
D.Azure Cache for Redis
AnswerC

Cosmos DB is globally distributed, multi-model, with single-digit millisecond latency and 99.999% availability SLA.

Why this answer

Azure Cosmos DB is a globally distributed, multi-model database service that guarantees single-digit millisecond read latency at the 99th percentile, regardless of the region or consistency level. It supports multiple data models (document, key-value, graph, column-family) and provides turnkey global distribution across any number of Azure regions.

Exam trap

The trap here is that candidates often confuse Azure Cache for Redis (a low-latency cache) with a globally distributed multi-model database, but Redis is not a multi-model database and does not provide turnkey global distribution with multiple consistency models like Cosmos DB does.

How to eliminate wrong answers

Option A is wrong because Azure SQL Database is a relational database service that does not natively support multi-model data or offer single-digit millisecond read latency globally; its latency depends on the region and query complexity. Option B is wrong because Azure Database for MySQL is a managed relational database service based on the MySQL engine, which is not multi-model and does not provide guaranteed single-digit millisecond read latency across global distributions. Option D is wrong because Azure Cache for Redis is an in-memory caching service based on the Redis engine, not a multi-model database; while it offers low latency, it is primarily a cache layer, not a fully managed globally distributed database with multiple data models.

390
MCQmedium

A company wants to proactively identify Azure resources that are misconfigured and could lead to security vulnerabilities, such as virtual machines with open management ports or unencrypted storage accounts. They also need to get prioritized recommendations for remediating these issues. Which Azure service should the company use?

A.Microsoft Defender for Cloud (formerly Azure Security Center)
B.Azure Advisor
C.Azure Policy
D.Azure Blueprints
AnswerA

This service is designed specifically to assess and improve the security posture of Azure resources. It continuously monitors for misconfigurations (like open management ports, unencrypted data) and provides prioritized recommendations to remediate them.

Why this answer

Microsoft Defender for Cloud (formerly Azure Security Center) is the correct service because it continuously assesses the security posture of Azure resources, identifies misconfigurations such as open management ports (e.g., RDP/SSH) or unencrypted storage accounts, and provides prioritized, actionable recommendations for remediation. It integrates with Azure Policy to enforce security standards and offers a secure score to track improvement over time.

Exam trap

The trap here is that candidates often confuse Azure Advisor's general recommendations with Defender for Cloud's security-specific assessments, but Azure Advisor does not detect misconfigurations like open management ports or unencrypted storage—it focuses on cost, performance, and reliability instead.

How to eliminate wrong answers

Option B (Azure Advisor) is wrong because it provides general best-practice recommendations for cost, performance, reliability, and operational excellence, but it does not specialize in security misconfigurations or vulnerability detection like open ports or encryption status. Option C (Azure Policy) is wrong because it enforces compliance rules by creating, assigning, and managing policies (e.g., requiring encryption), but it does not proactively identify existing misconfigurations or provide prioritized security recommendations—it is a governance tool, not a security assessment service. Option D (Azure Blueprints) is wrong because it is used to define a repeatable set of Azure resources and policies for deploying environments (e.g., templates for compliance), but it does not perform ongoing security scanning or vulnerability identification.

391
MCQmedium

A company plans to deploy a three-tier web application in Azure. The application consists of web servers, application servers, and database servers. The company wants to protect the virtual machines (VMs) from planned maintenance events (e.g., OS updates) and unplanned hardware failures. They want to ensure that at least one VM in each tier remains available during such events. The solution should be deployed entirely within a single Azure region. What should the company use for the VMs?

A.Deploy the VMs across three Availability Zones (Zone 1, Zone 2, and Zone 3) within the region.
B.Create an Availability Set containing two VMs per tier, configured with two fault domains and five update domains.
C.Configure a single Virtual Machine Scale Set that includes all the VMs for all three tiers.
D.Use a Virtual Machine Scale Set with autoscale configured to always keep a minimum number of VMs running.
AnswerB

This is correct. An Availability Set protects VMs from failures within a single Azure datacenter by isolating them across fault domains (separate power and network) and update domains (sequential maintenance). Two fault domains ensure that not all VMs are affected by a single hardware failure. Five update domains ensure that only 20% of VMs are taken offline during planned maintenance. With two VMs per tier, at least one VM in each tier remains available during an event.

Why this answer

Option B is correct because an Availability Set with two fault domains and five update domains ensures that VMs are distributed across separate physical hardware (fault domains) and that planned maintenance (update domains) is staggered, so at least one VM per tier remains available during both planned and unplanned events. This meets the requirement of high availability within a single Azure region without needing multiple zones.

Exam trap

The trap here is that candidates often confuse Availability Zones (which protect against datacenter-level failures) with Availability Sets (which protect against rack-level failures within a single datacenter), and fail to recognize that the question explicitly limits the solution to a single Azure region, making Availability Sets the appropriate choice for the described planned and unplanned events.

How to eliminate wrong answers

Option A is wrong because deploying across three Availability Zones provides high availability but is typically used for region-level resilience against zone failures, not specifically optimized for the single-region, per-tier availability requirement described; it also introduces cross-zone latency and cost. Option C is wrong because a single Virtual Machine Scale Set (VMSS) would combine all tiers into one group, losing the tier-specific availability guarantees and making it impossible to ensure at least one VM per tier remains available independently. Option D is wrong because a VMSS with autoscale focuses on scaling based on load, not on protecting against planned maintenance or hardware failures through fault and update domain distribution; it does not inherently guarantee that at least one VM per tier stays available during such events.

392
MCQmedium

Which Azure identity feature automatically assigns permissions when a user joins a specific group, and removes them when they leave?

A.Azure AD Privileged Identity Management
B.Azure AD Dynamic Groups
C.Azure AD Conditional Access
D.Azure AD Identity Protection
AnswerB

Dynamic Groups automatically add/remove members based on attribute rules, enabling automatic permission assignment.

Why this answer

Azure AD Dynamic Groups automatically manage user membership based on rules defined using user or device attributes. When a user meets the rule criteria (e.g., department equals 'Sales'), they are added to the group and receive the associated permissions; when they no longer meet the criteria, they are removed, and permissions are revoked. This is the only Azure identity feature that directly ties group membership and permission assignment to attribute-based rules without manual intervention.

Exam trap

The trap here is that candidates confuse Privileged Identity Management (PIM) with dynamic group membership because both involve 'automatic' actions, but PIM focuses on time-bound role activation, not attribute-driven group membership changes.

How to eliminate wrong answers

Option A is wrong because Azure AD Privileged Management (PIM) provides just-in-time privileged access and approval workflows for roles, not automatic permission assignment based on group membership changes. Option C is wrong because Azure AD Conditional Access enforces access policies (e.g., requiring MFA) at sign-in based on conditions like location or device state, not by assigning or removing permissions when joining or leaving a group. Option D is wrong because Azure AD Identity Protection detects and responds to identity risks (e.g., leaked credentials) using risk policies, but does not manage group membership or permission assignment.

393
MCQmedium

A company needs to share a set of files between multiple Azure VMs using the SMB protocol. They require a managed file share that can be mounted simultaneously by multiple VMs with permissions managed via Active Directory. Which Azure storage service should they use?

A.Azure Files
B.Azure Blob Storage
C.Azure Disk Storage
D.Azure NetApp Files
AnswerA

Correct. Azure Files offers managed SMB file shares that can be accessed concurrently by multiple VMs and supports Azure AD authentication.

Why this answer

Azure Files provides fully managed SMB file shares in the cloud that can be mounted concurrently by multiple Azure VMs. It supports Active Directory (AD) authentication and access control lists (ACLs), making it the correct choice for sharing files via SMB with AD-managed permissions.

Exam trap

The trap here is that candidates often confuse Azure Blob Storage's NFS support (which is not SMB) or Azure Disk Storage's ability to be attached to multiple VMs (which requires shared disks with specific configurations, not general-purpose file sharing), leading them to overlook Azure Files as the only managed SMB file share service.

How to eliminate wrong answers

Option B (Azure Blob Storage) is wrong because it is an object storage service designed for unstructured data (e.g., images, logs) and does not support the SMB protocol or simultaneous mounting as a file system; it uses REST APIs or NFS (preview) but not SMB. Option C (Azure Disk Storage) is wrong because it provides block-level storage volumes attached to a single VM (as a virtual disk) and cannot be shared simultaneously by multiple VMs; it is intended for OS/data disks, not shared file access.

394
MCQeasy

A company needs to store large amounts of unstructured data, such as images and videos, for a web application. They need to access data from anywhere via HTTP/HTTPS. Which Azure storage service should they use?

A.A) Azure Blob Storage
B.B) Azure File Storage
C.C) Azure Queue Storage
D.D) Azure Table Storage
AnswerA

Blob Storage is designed for unstructured data like images, videos, and documents, accessible via HTTP/HTTPS.

Why this answer

Azure Blob Storage is designed for storing large amounts of unstructured data, such as images and videos, and provides REST-based access over HTTP/HTTPS from anywhere. It supports scalable object storage with global accessibility, making it ideal for web application content delivery.

Exam trap

The trap here is that candidates may confuse Azure File Storage (which also supports HTTP/HTTPS via REST API) with Blob Storage, but File Storage is primarily for SMB-based file shares, not optimized for large-scale unstructured data like images and videos.

How to eliminate wrong answers

Option B (Azure File Storage) is wrong because it provides fully managed file shares accessible via SMB protocol, not optimized for unstructured data like images and videos, and is designed for lift-and-shift scenarios rather than HTTP/HTTPS-based web access. Option C (Azure Queue Storage) is wrong because it is a messaging service for asynchronous communication between application components, not for storing large unstructured data. Option D (Azure Table Storage) is wrong because it is a NoSQL key-value store for structured, semi-structured data, not for large binary objects like images and videos.

395
MCQmedium

Which Azure service provides pre-built AI capabilities like language understanding, vision, and speech without requiring custom model training?

A.Azure Machine Learning
B.Azure Cognitive Services
C.Azure Databricks
D.Azure Bot Service
AnswerB

Cognitive Services offers pre-built AI capabilities (vision, speech, language, decision) via API without custom training.

Why this answer

Azure Cognitive Services is the correct answer because it provides a suite of pre-built, pre-trained AI models accessible via REST APIs and SDKs for tasks such as language understanding (e.g., LUIS), computer vision (e.g., Computer Vision API), and speech recognition (e.g., Speech-to-Text). These services require no custom model training or machine learning expertise, allowing developers to integrate AI capabilities directly into applications.

Exam trap

The trap here is that candidates may confuse Azure Machine Learning (a custom model training platform) with Cognitive Services (pre-built AI APIs), especially since both fall under the 'AI' umbrella, but the question explicitly requires 'without requiring custom model training'.

How to eliminate wrong answers

Option A is wrong because Azure Machine Learning is a platform for building, training, and deploying custom machine learning models, not for consuming pre-built AI capabilities. Option C is wrong because Azure Databricks is an Apache Spark-based analytics platform for big data processing and machine learning pipelines, not a service for pre-built AI APIs. Option D is wrong because Azure Bot Service is a framework for building conversational bots that can leverage Cognitive Services but does not itself provide pre-built AI capabilities like vision or speech.

396
MCQmedium

A company runs a web application in two Azure regions: East US and West US. The company wants to route users automatically to the region that provides the lowest network latency. If one region becomes unavailable, all traffic should be rerouted to the healthy region. The company does not need to offload Transport Layer Security (TLS) or perform URL-based routing. Which Azure service should the company use to distribute traffic at the DNS level?

A.Azure Traffic Manager
B.Azure Load Balancer
C.Azure Application Gateway
D.Azure Front Door
AnswerA

Correct. Azure Traffic Manager is a DNS-based global traffic router that can direct users to the nearest region (performance routing) and automatically fail over to another region if one becomes unavailable.

Why this answer

Azure Traffic Manager operates at the DNS level, using DNS responses to direct user traffic to the region with the lowest network latency based on the Performance traffic-routing method. It also supports automatic failover: if a region becomes unavailable, Traffic Manager detects the endpoint health probe failure and reroutes all traffic to the healthy region. This matches the requirement exactly, as the company needs DNS-level distribution without TLS offloading or URL-based routing.

Exam trap

The trap here is that candidates often confuse Azure Traffic Manager (DNS-level, cross-region) with Azure Load Balancer (transport-level, single-region) or Azure Application Gateway (application-level, with TLS/URL features), failing to recognize that only Traffic Manager provides global latency-based routing at the DNS layer without requiring TLS offloading or URL path inspection.

How to eliminate wrong answers

Option B is wrong because Azure Load Balancer operates at Layer 4 (transport layer) and distributes traffic within a single region, not across multiple Azure regions, and it does not use DNS-level routing or latency-based cross-region failover. Option C is wrong because Azure Application Gateway operates at Layer 7 (application layer) and provides features like TLS offloading and URL-based routing, which the company explicitly does not need; it is also primarily designed for regional traffic distribution, not global DNS-level routing with latency-based steering.

397
MCQmedium

Which Azure AI service provides the ability to search, query, and extract insights from large document collections using AI?

A.Azure Cognitive Services Text Analytics
B.Azure Cognitive Search
C.Azure Form Recognizer
D.Azure Machine Learning text classification
AnswerB

Cognitive Search indexes document collections with AI enrichment and provides fast, intelligent search with semantic ranking.

Why this answer

Azure Cognitive Search (now part of Azure AI Search) is the correct service because it is specifically designed to index, search, and extract insights from large document collections using built-in AI capabilities like OCR, entity recognition, key phrase extraction, and language detection. It integrates with Azure Cognitive Services to enrich documents during indexing, enabling powerful search and query experiences over unstructured data.

Exam trap

The trap here is that candidates confuse Azure Cognitive Search (a search/indexing service with AI enrichment) with Azure Cognitive Services Text Analytics (a pure text analysis API), because both involve AI and text, but only Cognitive Search provides the ability to search and query over large document collections.

How to eliminate wrong answers

Option A is wrong because Azure Cognitive Services Text Analytics is a pre-built API for extracting sentiment, key phrases, entities, and language from text, but it does not provide a search index or query engine for large document collections. Option C is wrong because Azure Form Recognizer is specialized for extracting structured data (e.g., key-value pairs, tables) from forms and documents, not for general-purpose search and query across large collections. Option D is wrong because Azure Machine Learning text classification is a custom model training service for classifying text into categories, not a search or indexing service for querying document collections.

398
MCQmedium

Which Azure service provides a way to automatically extract and load data from external SaaS applications like Salesforce and ServiceNow into Azure data stores?

A.Azure Logic Apps
B.Azure Data Factory
C.Azure Event Grid subscriptions
D.Azure Service Bus
AnswerB

Data Factory has 90+ connectors for extracting data from SaaS apps (Salesforce, ServiceNow) into Azure data stores.

Why this answer

Azure Data Factory (ADF) is the correct answer because it is a cloud-based ETL (Extract, Transform, Load) and data integration service specifically designed to ingest data from a wide variety of sources—including SaaS applications like Salesforce and ServiceNow—and load it into Azure data stores such as Azure SQL Database, Azure Data Lake Storage, or Azure Synapse Analytics. ADF provides built-in connectors for these SaaS platforms, enabling automated, scheduled, or event-triggered data movement without requiring custom code.

Exam trap

The trap here is that candidates confuse Azure Logic Apps (a workflow/API integration tool) with Azure Data Factory (a dedicated ETL service), because both use connectors and can automate tasks, but only ADF is purpose-built for large-scale data extraction and loading into data stores.

How to eliminate wrong answers

Option A is wrong because Azure Logic Apps is a workflow automation service focused on orchestrating business processes and integrating applications via connectors, but it is not designed for large-scale data extraction and loading into data stores; it lacks the native ETL capabilities and data movement orchestration of Azure Data Factory. Option C is wrong because Azure Event Grid is a serverless event routing service that handles event-driven architectures (e.g., reacting to blob storage events), not a tool for extracting and loading data from external SaaS applications into data stores. Option D is wrong because Azure Service Bus is a message broker for decoupling applications and handling reliable message queues or pub/sub patterns, not a data integration or ETL service for moving data from SaaS sources to Azure storage.

399
MCQmedium

Which Azure storage redundancy option provides the highest durability by replicating data across two paired Azure regions?

A.Zone-Redundant Storage (ZRS)
B.Locally Redundant Storage (LRS)
C.Geo-Redundant Storage (GRS)
D.Geo-Zone-Redundant Storage (GZRS)
AnswerC

GRS replicates within the primary region (LRS) plus asynchronously to a secondary paired region for highest durability.

Why this answer

Geo-Redundant Storage (GRS) replicates data synchronously three times within a single primary region using LRS, then asynchronously copies that data to a paired secondary region, which is hundreds of kilometers away. This cross-region replication provides the highest durability among the listed options, as it protects against a complete regional outage by maintaining three additional replicas in the secondary region, achieving 16 nines (99.99999999999999%) durability over a given year.

Exam trap

The trap here is that candidates often confuse Geo-Redundant Storage (GRS) with Geo-Zone-Redundant Storage (GZRS), mistakenly thinking GZRS always provides higher durability, but the question explicitly asks for the option that replicates across two paired regions, and GRS is the fundamental cross-region replication tier that achieves the highest durability through that specific mechanism.

How to eliminate wrong answers

Option A is wrong because Zone-Redundant Storage (ZRS) replicates data synchronously across three Azure availability zones within a single region, protecting against zone-level failures but not against a full regional outage, so it does not provide the highest durability across paired regions. Option B is wrong because Locally Redundant Storage (LRS) replicates data three times within a single datacenter in a single region, offering the lowest durability (11 nines) and no protection against datacenter or regional failures. Option D is wrong because Geo-Zone-Redundant Storage (GZRS) combines ZRS within the primary region with asynchronous replication to a secondary region, but it is not the highest durability option listed; GRS is the baseline cross-region option, and while GZRS offers zone-level resilience in the primary region, the question specifically asks for the option that provides the highest durability by replicating across two paired regions, and GRS is the standard answer for that scenario.

400
MCQmedium

A startup frequently deploys identical environments for development, testing, and production. They want to ensure all deployments are consistent and follow best practices without manual configuration. They need a declarative JSON-based method to define the entire infrastructure (virtual machines, databases, networking) so that the same template can be reused across environments. Which Azure service should the startup use?

A.Azure Resource Manager templates
B.Azure PowerShell scripts
C.Azure CLI commands
D.Azure Blueprints
AnswerA

Correct. ARM templates are declarative JSON files that define the Azure resources to be deployed, enabling consistent and repeatable deployments across environments.

Why this answer

Azure Resource Manager (ARM) templates are the correct choice because they provide a declarative JSON-based syntax to define and deploy entire Azure infrastructures consistently. This allows the startup to reuse the same template across development, testing, and production environments, ensuring identical configurations without manual intervention. ARM templates also enforce idempotent deployments, meaning the same template can be applied repeatedly to achieve the same state.

Exam trap

The trap here is that candidates confuse Azure Blueprints (a governance/compliance wrapper) with the actual declarative JSON template (ARM template) that defines the infrastructure, leading them to choose Blueprints even though it is not the JSON-based method itself.

How to eliminate wrong answers

Option B is wrong because Azure PowerShell scripts are imperative, not declarative, and require manual coding of each step, which increases the risk of drift and inconsistency across environments. Option C is wrong because Azure CLI commands are also imperative and executed sequentially, lacking the declarative, repeatable infrastructure-as-code approach needed for consistent deployments. Option D is wrong because Azure Blueprints is a higher-level orchestration service that packages ARM templates, policies, and role assignments for compliance and governance, but it is not a JSON-based method for defining infrastructure; the core declarative definition is still done via ARM templates.

401
MCQmedium

A company uses Azure Blob Storage to store archival backups of financial records. The company requires that the data is protected against a complete regional outage by replicating it to another Azure region. However, they do not need to access the replicated copy unless the primary region fails. The company wants to minimize storage costs while meeting this requirement. Which type of storage replication should the company configure?

A.Locally redundant storage (LRS)
B.Geo-redundant storage (GRS)
C.Zone-redundant storage (ZRS)
D.Read-access geo-redundant storage (RA-GRS)
AnswerB

GRS replicates data asynchronously to a paired secondary region. It provides protection against a complete regional outage without offering read access to the secondary copy, which keeps costs lower than RA-GRS. This meets the company's requirement.

Why this answer

Geo-redundant storage (GRS) replicates your data synchronously three times within the primary region using LRS, then asynchronously to a secondary region hundreds of miles away. This meets the requirement of protecting against a complete regional outage while minimizing costs, because the secondary copy is not accessible for reads unless Microsoft initiates a failover, and GRS is less expensive than RA-GRS which includes read-access to the secondary region.

Exam trap

The trap here is that candidates often confuse GRS with RA-GRS, assuming that geo-replication automatically provides read access to the secondary copy, but RA-GRS is a separate, more expensive SKU that enables continuous read access, which is not required when you only need failover capability.

How to eliminate wrong answers

Option A is wrong because Locally redundant storage (LRS) replicates data only within a single datacenter in the primary region, providing no protection against a complete regional outage. Option C is wrong because Zone-redundant storage (ZRS) replicates data across availability zones within the same region, which protects against zone failures but not against a full regional outage. Option D is wrong because Read-access geo-redundant storage (RA-GRS) provides the same geo-replication as GRS but additionally allows read access to the secondary region at all times, which increases cost and is unnecessary given the requirement to only access the replicated copy when the primary fails.

402
MCQmedium

A company needs to run a large-scale batch processing job that runs daily for several hours. The job can tolerate interruptions if compute capacity is reclaimed. They want to minimize compute costs. Which Azure compute service is most cost-effective for this scenario?

A.Azure Virtual Machines
B.Azure Batch with low-priority VMs
C.Azure Functions
D.Azure Container Instances
AnswerB

Azure Batch is designed for batch processing and low-priority VMs provide deep discounts by using spare capacity, making it the most cost-effective option.

Why this answer

Azure Batch with low-priority VMs is the most cost-effective option because it allows you to run large-scale batch jobs using surplus Azure capacity at a significantly reduced cost (up to 80% less than dedicated VMs). The job can tolerate interruptions, and low-priority VMs can be preempted when Azure needs the capacity back, making this a perfect fit for the scenario.

Exam trap

The trap here is that candidates often choose Azure Functions thinking it is always the cheapest serverless option, but they overlook its execution time limits and unsuitability for long-running batch jobs, while Azure Batch with low-priority VMs is specifically designed for cost-effective, interruptible batch processing.

How to eliminate wrong answers

Option A is wrong because Azure Virtual Machines (standard VMs) are billed at full pay-as-you-go rates and do not offer the cost savings of low-priority VMs, making them less cost-effective for interruptible batch workloads. Option C is wrong because Azure Functions is a serverless compute service designed for event-driven, short-lived executions (typically under 10 minutes) and is not suitable for long-running batch processing jobs that run for several hours daily.

403
MCQmedium

Which Azure service provides a managed Apache Kafka-compatible event streaming service for ingesting millions of events per second?

A.Azure Service Bus
B.Azure Event Grid
C.Azure Event Hubs
D.Azure Queue Storage
AnswerC

Event Hubs is the managed Kafka-compatible service for high-throughput event streaming at millions of events per second.

Why this answer

Azure Event Hubs is a fully managed, real-time data ingestion service that is natively compatible with Apache Kafka, allowing you to use existing Kafka clients and tooling to stream millions of events per second. It provides a partitioned consumer model, high throughput, and low-latency event ingestion, making it the correct choice for a managed Kafka-compatible event streaming service.

Exam trap

The trap here is that candidates often confuse Azure Event Hubs with Azure Service Bus because both handle messages, but Service Bus is a broker for enterprise messaging with features like dead-letter queues and sessions, whereas Event Hubs is a streaming platform optimized for high-throughput, Kafka-compatible event ingestion.

How to eliminate wrong answers

Option A is wrong because Azure Service Bus is a fully managed enterprise message broker that supports queues and publish-subscribe topics, but it is not Apache Kafka-compatible and is designed for reliable message delivery with features like sessions and transactions, not high-throughput event streaming. Option B is wrong because Azure Event Grid is a serverless event routing service that uses a publish-subscribe model for reacting to discrete events (e.g., resource state changes), but it does not support Apache Kafka protocol or provide a streaming buffer for ingesting millions of events per second. Option D is wrong because Azure Queue Storage is a simple, cost-effective message queue service for storing and retrieving messages via HTTP/HTTPS, but it lacks Kafka compatibility, high-throughput streaming capabilities, and is not designed for real-time event ingestion at scale.

404
MCQmedium

Company A deploys several Linux virtual machines (VMs) across multiple Azure availability zones in the West US region. The VMs run a cluster application that needs to read and write data concurrently to a shared file system. The solution must support the Server Message Block (SMB) protocol and must be accessible from all zones with low latency. Which Azure storage service should the company use?

A.Azure Files
B.Azure Blob Storage
C.Azure Managed Disks
D.Azure Queue Storage
AnswerA

Azure Files offers fully managed file shares accessible via SMB, which can be mounted by multiple VMs concurrently across availability zones, meeting the requirement for shared access.

Why this answer

Azure Files provides fully managed file shares in the cloud that support the SMB protocol, making it the correct choice for a shared file system accessible from multiple Azure availability zones with low latency. It allows concurrent read/write access from Linux VMs across zones, meeting the cluster application's requirements.

Exam trap

The trap here is that candidates often confuse Azure Blob Storage with Azure Files because both are storage services, but Blob Storage does not support the SMB protocol or concurrent file-level access from multiple VMs.

How to eliminate wrong answers

Option B (Azure Blob Storage) is wrong because it is an object storage service that does not support the SMB protocol or a traditional file system interface; it uses REST APIs or SDKs for access. Option C (Azure Managed Disks) is wrong because it provides block-level storage volumes attached to a single VM, not a shared file system accessible concurrently from multiple VMs across zones. Option D (Azure Queue Storage) is wrong because it is a messaging service for asynchronous communication between application components, not a file storage solution.

405
MCQmedium

Which Azure service allows developers to build, train, and deploy machine learning models at scale using a managed cloud environment?

A.Azure Cognitive Services
B.Azure Machine Learning
C.Azure Bot Service
D.Azure Databricks
AnswerB

Azure Machine Learning is the managed platform for the complete ML lifecycle: data prep, training, deployment, and monitoring.

Why this answer

Azure Machine Learning is the correct service because it provides a fully managed cloud environment specifically designed for the end-to-end machine learning lifecycle, including building, training, and deploying models at scale. It offers capabilities like automated ML, pipeline orchestration, and integration with MLOps tools, which are not available in the other listed services.

Exam trap

The trap here is that candidates often confuse Azure Cognitive Services (pre-built AI) with Azure Machine Learning (custom model building), or they mistakenly think Azure Databricks is the primary ML service because of its Spark MLlib capabilities, but Azure Machine Learning is the dedicated managed service for the full ML lifecycle.

How to eliminate wrong answers

Option A is wrong because Azure Cognitive Services provides pre-built AI APIs for vision, speech, language, and decision-making, but it does not allow developers to build and train custom machine learning models from scratch. Option C is wrong because Azure Bot Service is a platform for creating conversational AI bots, not for building or training machine learning models. Option D is wrong because Azure Databricks is an Apache Spark-based analytics platform focused on big data processing and data engineering, and while it can be used for ML workloads, it is not a managed environment dedicated to the full ML lifecycle like Azure Machine Learning.

406
MCQmedium

Which Azure service provides secure access to Azure virtual machines using an HTML5 browser-based RDP and SSH connection without requiring public IP addresses?

A.Azure VPN Gateway
B.Azure Bastion
C.Azure Private Link
D.Azure Active Directory Application Proxy
AnswerB

Bastion provides browser-based RDP/SSH to VMs via TLS without requiring public IP addresses on the VMs.

Why this answer

Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH connectivity to Azure virtual machines directly through the Azure portal using an HTML5-based browser. It eliminates the need for public IP addresses on the VMs, as the connection is established over TLS within the same virtual network, bypassing exposure to the internet.

Exam trap

The trap here is that candidates often confuse Azure Bastion with Azure VPN Gateway or Azure AD Application Proxy, assuming any remote access solution can provide browser-based RDP/SSH without public IPs, but only Bastion is designed specifically for this purpose within Azure.

How to eliminate wrong answers

Option A is wrong because Azure VPN Gateway creates an encrypted tunnel between an on-premises network and Azure over the public internet, but it does not provide browser-based RDP/SSH access and still requires VMs to have private IP reachability, not eliminating the need for public IPs. Option C is wrong because Azure Private Link enables private connectivity to Azure services via private endpoints, but it does not offer RDP/SSH session management or a browser-based interface for VM access. Option D is wrong because Azure Active Directory Application Proxy provides secure remote access to on-premises web applications, not to Azure VMs via RDP/SSH, and it relies on public endpoints for the proxy service.

407
MCQmedium

Which Azure feature provides Just-In-Time (JIT) VM access to reduce the attack surface of management ports?

A.Azure Bastion
B.JIT VM Access in Microsoft Defender for Cloud
C.Azure AD Privileged Identity Management
D.Azure Key Vault Certificate access
AnswerB

JIT VM Access temporarily opens management ports only when needed, closing them automatically after the session.

Why this answer

Just-In-Time (JIT) VM access in Microsoft Defender for Cloud reduces the attack surface by locking down inbound traffic to VMs, only opening management ports (e.g., RDP port 3389 or SSH port 22) when requested and for a specific time window. This is the correct feature because it directly implements JIT access to management ports, as described in the question.

Exam trap

The trap here is confusing Azure Bastion (which provides persistent secure access) with JIT VM Access (which dynamically opens and closes ports on demand), as both relate to securing VM management but solve different problems.

How to eliminate wrong answers

Option A is wrong because Azure Bastion provides secure, seamless RDP/SSH connectivity to VMs over TLS without exposing public IP addresses, but it does not implement Just-In-Time access or dynamically open/close ports. Option C is wrong because Azure AD Privileged Identity Management (PIM) manages just-in-time privileged role assignments for Azure AD and Azure resources, not VM-level network port access. Option D is wrong because Azure Key Vault Certificate access manages certificate lifecycle and secrets, not network-level access control to VM management ports.

408
MCQmedium

A company's data engineering team needs to process CSV files that are uploaded to an Azure Blob Storage container. For each uploaded file, the team must run a custom Python script to clean and transform the data. The team wants a solution that automatically triggers the script upon file upload, does not require them to manage any virtual machines or containers, and charges only when code executes. Which Azure service should the team use?

A.Azure Logic Apps
B.Azure Functions
C.Azure Container Instances
D.Azure Batch
AnswerB

Azure Functions is a serverless compute service that supports multiple languages, including Python. It can be triggered by Azure Blob Storage events (e.g., a new blob created) to automatically run the function code. The consumption plan bills only for the execution time, and there is no infrastructure to manage. This matches all the requirements perfectly.

Why this answer

Azure Functions is the correct choice because it provides a serverless compute service that can be triggered directly by an HTTP request or a Blob Storage event (via an Event Grid subscription or a Blob trigger). This allows the custom Python script to execute automatically when a CSV file is uploaded, without provisioning or managing any virtual machines or containers. The consumption plan ensures you are charged only for the duration of code execution, meeting all stated requirements.

Exam trap

The trap here is that candidates often confuse Azure Logic Apps with Azure Functions because both can respond to blob uploads, but Logic Apps cannot natively execute arbitrary Python code without an intermediate service, and its pricing model charges per action execution rather than per compute time.

How to eliminate wrong answers

Option A is wrong because Azure Logic Apps is a workflow orchestration service that uses connectors and built-in actions; while it can trigger on blob uploads, it is not designed to run arbitrary custom Python scripts natively—you would need to call an Azure Function or another service to execute the script, adding complexity and cost. Option C is wrong because Azure Container Instances requires you to package your Python script into a container image and manage the container lifecycle; it does not provide a built-in blob trigger, and you are charged for the container's running time, not just when code executes, which contradicts the 'charge only when code executes' requirement.

409
MCQhard

A company plans to use Azure Site Recovery to replicate on-premises virtual machines to Azure for disaster recovery. Due to regulatory restrictions, they cannot use the paired region and must replicate to a specific Azure region in the same continent. Can they select this non-paired region as the recovery target?

A.Yes, you can select any Azure region as the target for replication.
B.No, replication is only allowed to the paired region.
C.Yes, but only if both regions are within the same availability zone.
D.No, only to regions that are within the same geography.
AnswerA

Correct. Azure Site Recovery does not restrict you to paired regions; you can choose any region as the recovery target.

Why this answer

Azure Site Recovery allows you to replicate on-premises virtual machines to any Azure region that supports the service, not just the paired region. The paired region is a default recommendation for cost and latency optimization, but it is not a mandatory requirement. Therefore, you can select a non-paired region as the recovery target as long as it is within the same continent and meets regulatory restrictions.

Exam trap

The trap here is that candidates often assume Azure's paired region is mandatory for disaster recovery replication, but Azure Site Recovery explicitly allows selection of any supported region, making paired regions a recommendation rather than a requirement.

How to eliminate wrong answers

Option B is wrong because Azure Site Recovery does not restrict replication to only the paired region; you can choose any supported Azure region. Option C is wrong because availability zones are within a single Azure region, not across different regions, and they are irrelevant to cross-region replication. Option D is wrong because replication is not limited to regions within the same geography; you can replicate to any Azure region globally, subject to data residency and compliance requirements.

← PreviousPage 6 of 6 · 409 questions total

Ready to test yourself?

Try a timed practice session using only Describe Azure architecture and services questions.