Describe Azure architecture and services

A company is planning to migrate its on-premises applications to Azure. They have a mix of monolithic and microservices-based applications. Which Azure compute service should they choose for a microservices architecture that requires independent scaling and deployment of components?

A solutions architect is designing a storage solution for a large media company. The company needs to store video files that are accessed infrequently but must be retained for several years for compliance. Which two Azure storage options meet these requirements? (Select two.)

A developer is building a serverless application that requires integration with an on-premises SQL Server database for real-time data processing. The on-premises network is connected to Azure via a site-to-site VPN. Which Azure service would allow the function to securely access the on-premises database without exposing it to the public internet?

A company is designing a multi-tier application on Azure. The web tier needs to scale out based on CPU usage, while the database tier requires high-performance storage for transactional data. Which combination of Azure services should they choose?

A company is deploying a mission-critical application that must remain available even if a physical Azure datacenter within a region fails. The application will run on multiple virtual machines. Which Azure feature should they use to protect against this specific failure scenario?

A company deploys a web application on Azure App Service. During a marketing campaign, they expect traffic to double. The app uses a Standard tier App Service plan. They want to ensure that the additional load is handled without performance degradation while keeping costs minimal. Which action should they take?

A company wants to deploy a custom Linux-based application in Azure. They need full control over the operating system, including installing custom software and configuration. Which Azure compute service should they choose?

A company uses Azure and wants to organize all their virtual machines, databases, and storage accounts into logical containers for management and billing purposes. Which Azure component should they use to group these resources?

Which Azure region feature provides fault tolerance by isolating failures within a single region? It consists of physically separate datacenters with independent power, cooling, and networking.

A healthcare organization stores patient records in Azure Blob Storage. They require that data remains available even if an entire Azure datacenter fails, and they also need to ensure data is replicated within the same region for low latency. Which storage redundancy option should they choose?

A development team wants to deploy a microservices-based application using containers. They want to orchestrate the containers with automatic scaling and rolling updates, but they want to avoid managing the underlying infrastructure such as virtual machines. Which Azure compute service meets these requirements?

A company wants to migrate an on-premises SQL Server database to Azure. They require full administrative control over the database engine, including the ability to configure SQL Server Agent jobs and use cross-database queries. They also want to avoid patching the operating system. Which Azure service should they choose?

A company wants to run a containerized application in Azure without managing the underlying virtual machines. Which Azure service should they use?

A company is designing a disaster recovery solution for a multi-tier application hosted in Azure. They need to ensure that if an entire Azure region becomes unavailable, the application can fail over to another region. The application uses Azure SQL Database. Which Azure feature should they use to replicate the database across regions?

A company has a virtual machine running a legacy application that needs high-performance, low-latency storage for transactional data. They need to attach a storage solution that provides the highest IOPS and throughput. Which Azure managed disk type should they choose?

A company needs to store large amounts of unstructured data, such as images and videos, for a web application. They need to access data from anywhere via HTTP/HTTPS. Which Azure storage service should they use?

A company deploys virtual machines in Azure. They want to ensure that the VMs are distributed across multiple fault domains and update domains within an Azure datacenter to protect against hardware failures and maintenance. Which Azure construct should they use?

A company deploys a multi-tier application using Azure virtual machines. The web tier VMs must be evenly distributed across two distinct data centers within an Azure region to avoid a single point of failure from an infrastructure outage. Which Azure construct should they use to meet this requirement?

A company wants to migrate an on-premises application to Azure. The application requires consistently high disk throughput for database files. They plan to use Azure virtual machines with managed disks. Which disk type should they choose to get the highest possible IOPS and throughput at a premium cost?

A company plans to run a large-scale batch processing job on Azure that runs for 10 hours every night. The job is fault-tolerant and can be interrupted. They want to minimize cost as much as possible. Which Azure virtual machine pricing option should they use?

A company wants to run a containerized microservices application on Azure. The application requires automatic scaling, service discovery, and rolling updates without manual intervention. They prefer not to manage the underlying virtual machines. Which Azure compute service should they choose?

A company wants to store large amounts of unstructured data (e.g., images, videos, documents) that will be accessed from multiple applications over HTTP/HTTPS. The data needs to be highly durable and available. Which Azure storage service should they use?

A company needs to run a custom-built Windows application that requires full administrative access to the operating system, including the ability to install custom software and configure firewall rules. They also need to ensure the application is highly available by running multiple instances. Which Azure compute service should they use?

A company plans to deploy a critical application across multiple physical locations within a single Azure region to ensure that if one datacenter fails, the application remains available. Which Azure feature should they use to distribute virtual machines across these locations?

A company needs to store large amounts of unstructured data, such as images and videos, which will be accessed by multiple applications over the internet. The data must be highly durable and available. Which Azure storage service should they use?

A company wants to run a containerized microservices application on Azure. They need automatic scaling based on demand, service discovery, and rolling updates without manual intervention. They want to avoid managing the underlying virtual machines. Which Azure compute service should they choose?

A company wants to deploy a virtual machine in Azure and needs to ensure that the VM is placed in a location that provides the lowest network latency to its users in Europe. Which Azure construct should they consider to meet this requirement?

A company deploys a critical application on Azure virtual machines. They want to ensure that the VMs are distributed across physically separate datacenters within a single Azure region to protect against a single datacenter failure. Which Azure feature should they use?

A company wants to run a containerized application in Azure without managing any virtual machines. They need automatic scaling, load balancing, and service discovery. Which Azure compute service should they choose?

A company needs to store massive amounts of unstructured data, such as videos and images, that will be accessed over the internet. The data must be highly durable and available. Which Azure service should they use?

A company uses Azure to run a virtual machine for development. They want to ensure that if the physical server hosting the VM fails, the VM is automatically restarted on another server within the same Azure datacenter. Which Azure SLA does this scenario relate to?

A company deploys a web application on Azure VMs across two different physical locations within the same Azure region. These locations are isolated from each other in terms of power, cooling, and networking. If one location fails, the application remains available from the other location. Which feature achieves this?

A company wants to ensure its Azure resources are deployed in a geographic location that is paired with another region for disaster recovery. If a regional outage occurs, they plan to failover to the paired region. Which concept does this describe?

A team uses Docker containers to run microservices. They need a service that automatically manages the cluster, scales containers based on demand, and provides load balancing without requiring them to manage the underlying VMs. Which Azure compute service should they choose?

A company stores billions of image files that are accessed frequently via HTTP from a web application. They need a highly scalable and durable storage solution with global accessibility. Which Azure storage service should they use?

A company wants to segregate their Azure resources into logical groups based on department and environment. They also want to apply access control and management at these group levels. Which Azure construct should they use?

A company deploys a web application on Azure Virtual Machines across multiple availability zones within a single region. They need to distribute incoming network traffic across these VM instances to ensure high availability. Which Azure service should they use?

A company plans to use Azure Site Recovery to replicate on-premises virtual machines to Azure for disaster recovery. Due to regulatory restrictions, they cannot use the paired region and must replicate to a specific Azure region in the same continent. Can they select this non-paired region as the recovery target?

A company wants to host a static website (HTML, CSS, JavaScript) that is accessed by users worldwide. They need a low-cost solution that provides high availability and global reach without managing servers. Which Azure service is most cost-effective for this scenario?

A company runs a large data analytics job for a few hours each week. They want to use Azure virtual machines with the lowest possible cost, accepting that the VMs may be reclaimed by Azure at any time. Which pricing option should they choose?

A company's development team wants to deploy a containerized application without worrying about the underlying virtual machines or Kubernetes control plane. They need a service that automatically manages the container orchestration, scales, and provides rolling updates. Which Azure compute service should they choose?

An application deployed on Azure Virtual Machines needs to be resilient to failures within a single Azure region. The VMs are placed across multiple physically separate locations within the region, each with independent power, cooling, and networking. What is this feature called?

A company runs a containerized application on Azure. They want to use Kubernetes for orchestration but do not want to manage the control plane nodes. They need a managed Kubernetes service. Which Azure service should they choose?

A web application needs to store large amounts of unstructured data (images, documents) that will be accessed via HTTP from anywhere in the world. The data must be highly durable and scalable. Which Azure storage solution is most appropriate?

A company has multiple on-premises sites that need to connect to Azure over high-throughput, low-latency private connections. They want a dedicated private connection that does not traverse the internet. Which Azure service should they use?

A company wants to deploy a web app that scales automatically based on demand. They do not want to manage any virtual machines or the underlying infrastructure. They only want to upload their code and let the platform handle everything. Which Azure compute service should they choose?

A company deploys a multi-tier web application on Azure. The web tier and database tier must be in the same region for low latency, but the database tier must be in a different subnet and have restricted network access from the web tier only. Which Azure network solution should they use?

A company needs to run a simple background job that runs every hour for 10 minutes. They want to containerize the job but do not want to manage a container orchestration platform. Which Azure service is simplest and most cost-effective?

A company runs a critical application on Azure VMs. They need to ensure that if one VM fails, the application continues to serve users with another VM. The VMs should be placed in a configuration that protects against failures within a single datacenter. Which feature should they use?

A company needs to share a set of files between multiple Azure VMs using the SMB protocol. They require a managed file share that can be mounted simultaneously by multiple VMs with permissions managed via Active Directory. Which Azure storage service should they use?

A company wants to encrypt data at rest in Azure SQL Database using customer-managed keys stored in Azure Key Vault. They also need to be able to rotate the keys without downtime. Which feature should they use?

A company runs a web application on Azure App Service. They want to route users to the nearest regional deployment based on DNS queries to minimize latency. Which Azure service should they use for this global traffic routing?

A company is deploying a critical application on Azure Virtual Machines. They need to ensure that the application remains available during Azure platform updates. They also want to distribute the VMs across fault domains within an availability set. What is the primary purpose of fault domains?

A company runs a web application on Azure App Service. They want to improve performance by caching static content and frequently accessed data closer to users in different geographic locations. Which Azure service should they use?

A company wants to migrate a set of on-premises databases to Azure. They require high compatibility with SQL Server features, including cross-database queries and SQL Agent jobs. They want a PaaS solution. Which Azure service is most appropriate?

A company wants to run a containerized application that responds to HTTP requests. They want to deploy it without managing any virtual machines or orchestration. Which Azure service is the simplest option?

A company needs to store backup data that must be retained for 7 years. They want to store the data as cheaply as possible, and access may be rare. Which Azure Storage access tier is most cost-effective?

A company deploys a critical application across two Azure regions for disaster recovery. They want to automatically failover traffic to the secondary region if the primary becomes unavailable. They also want to improve performance by routing users to the closest region. Which Azure service should they use?

A company needs to run a legacy application that requires full control over the operating system, including custom kernel modules. They also need to ensure high availability with multiple instances. Which Azure compute service should they use?

A company uses Azure SQL Database for a web application. They need to ensure that the database can automatically scale to handle sudden spikes in traffic without downtime. Which feature should they enable?

A company wants to connect an on-premises network to Azure with a dedicated private connection that bypasses the internet. Which service should they use?

A company needs to run a large-scale batch processing job that runs daily for several hours. The job can tolerate interruptions if compute capacity is reclaimed. They want to minimize compute costs. Which Azure compute service is most cost-effective for this scenario?

A company needs to store log files from multiple applications. The logs are accessed infrequently for compliance audits but must be retained for 10 years. Storage cost must be minimized. Which Azure Storage access tier should they use for the blob storage?

A global e-commerce platform runs on Azure App Service in multiple regions. They need to route user traffic to the nearest region based on geographic location, and also provide automatic failover if a region becomes unavailable. Which Azure service includes these capabilities with integrated Web Application Firewall (WAF)?

A company wants to ensure that all Azure resources they deploy are created in the Europe West region to comply with data sovereignty requirements. They want to block creation of resources in any other region. Which Azure service should they use?

A company wants to protect their application against a failure that affects an entire data center within an Azure region. Which feature should they use to distribute their VMs across multiple physical locations within that region?

A company is designing a disaster recovery solution for an application hosted on Azure VMs. They want to replicate the VMs to a secondary Azure region and automatically failover if the primary region fails. Which Azure service should they use?

A company runs a web application on Azure VMs. They want to distribute incoming traffic evenly across multiple VMs to ensure no single VM is overwhelmed. Which Azure load balancing solution should they use?

A company needs to run a containerized application without managing any virtual machines or cluster orchestration. Which Azure service is best suited for this?

A company wants to connect their on-premises data center to Azure with a dedicated, private connection that does not traverse the internet. They also need to ensure high availability by having two active connections. Which Azure service and configuration should they use?

A company wants to deploy a web application that automatically scales based on traffic, without managing any virtual machines. They need high availability and support for multiple development frameworks. Which Azure service should they use?

A company needs to store archival data for 10 years with the lowest possible storage cost. Data may be accessed once a year for compliance audits. Which Azure Storage access tier should they choose?

A company has an application running on Azure VMs across multiple availability zones to protect against data center failures. They need to distribute incoming traffic evenly across all VMs in a single region. Which Azure load balancing solution should they use?

A company needs to connect their on-premises network to Azure with a dedicated, private, and high-bandwidth connection that does not traverse the public internet. They require an SLA for availability and performance. Which Azure service should they use?

A company wants to run a containerized application quickly without managing any virtual machines or orchestration infrastructure. They just need to start a container and have it run. Which Azure service is best suited for this?

A company has virtual machines in a virtual network that run a critical internal application. IT administrators need to securely connect to these VMs from the internet for management purposes. They must not assign public IP addresses to the VMs, and they want to avoid managing SSH or RDP endpoints. Which Azure service should they use?

A finance company is migrating a mission-critical trading application to Azure. The application must be resilient to a complete datacenter failure within the same Azure region. The solution should provide low-latency replication between separate physical locations with independent power, cooling, and networking. Which Azure feature should they use?

A company is deploying a critical internal application in Azure. The application will run on two virtual machines. The solution must guarantee that the virtual machines are placed on separate physical servers and separate racks to minimize the impact of hardware failures. Which Azure feature should the company use?

A company has five Azure subscriptions, each managed by a different department. The IT governance team needs to enforce a single set of compliance policies (e.g., allowed VM SKUs) and assign a specific role to a central security team across all subscriptions. The goal is to minimize administrative overhead. Which Azure component should the governance team use as the scope for these assignments?

A company is deploying a web application in Azure. The application consists of an Azure App Service, an Azure SQL Database, and a Storage account. The development team maintains three separate environments: development, test, and production. The team wants to be able to delete all resources associated with a specific environment (e.g., development) in a single action, without affecting the other environments. The solution must also allow applying role-based access control (RBAC) and tags consistently to all resources within each environment. Which Azure component should the team use to achieve these requirements?

A multinational bank operates a critical financial application that must remain available even if an entire Azure region experiences a prolonged outage. The bank's compliance team mandates that the disaster recovery data must reside in a separate geographic location that is at least 300 miles away from the primary region to reduce the risk of correlated failures. The solution must use Azure's built-in data replication feature without requiring manual pairing of regions. Which Azure feature meets these requirements?

A global e-commerce company has deployed its web application in two Azure regions: West US and East US. The company wants to automatically route end users to the region that provides the lowest latency, and if an entire region becomes unavailable, gracefully redirect all traffic to the remaining healthy region. Which Azure service should the company use?

A financial services company runs a critical trading application in its on-premises data center. The company is migrating some workloads to Azure and requires a dedicated, private network connection between its on-premises network and Azure. The connection must not use the public internet, must provide consistent latency and higher bandwidth than a typical internet-based VPN, and must be backed by a service-level agreement (SLA) for availability. Which Azure service should the company use to meet these requirements?

A company has a large dataset of historical financial records that must be retained for 10 years to comply with regulatory requirements. The data is accessed only a few times per year during audits. When accessed, a retrieval delay of up to 15 hours is acceptable. The company wants to minimize storage costs for this dataset. Which Azure Blob storage access tier should the company use?

A company plans to deploy two Azure virtual machines that host a critical web application. Both VMs will be in the same Azure region and the same virtual network. The company’s requirements are: 1) During Azure platform-initiated maintenance (e.g., OS updates), at least one VM must remain running. 2) If a hardware failure occurs in the server rack that hosts one VM, the other VM must not be affected. 3) The solution must not incur additional costs beyond the VMs themselves. Which Azure feature should the company configure?

A company has a simple containerized web application that runs in a single container. The application processes a workload for a few minutes every hour and remains idle the rest of the time. The company wants to deploy the container in Azure without managing any virtual machines or container orchestrators. They also want to pay only for the time the container is actually running, with no cost when idle. Which Azure compute service should the company use?

A company deploys two Azure virtual machines in an availability set. The application requires that at least one VM remains running during Azure platform-initiated maintenance, such as operating system updates to the underlying host. Which component of the availability set directly ensures that the VMs are not updated at the same time?

A company runs a mission-critical application on Azure virtual machines. The application must remain available even if an entire Azure datacenter in a region experiences a complete outage (e.g., power failure). The company wants all VMs to be located in the same Azure region to minimize latency. Which Azure feature should the company use to deploy the VMs?

A company has two Azure virtual networks: VNet-A in the East US region and VNet-B in the West US region. Each VNet hosts a set of virtual machines that run a distributed application. The application requires private, low-latency communication between the VMs in VNet-A and VNet-B. The company wants to minimize operational complexity and avoid any additional billing for data transfer between the two VNets beyond the standard Azure data transfer charges. Which Azure service should the company use to connect the two virtual networks?

A company runs a web application on two Azure virtual machines in the same region. The application must be accessible from the internet, and incoming traffic should be distributed evenly across both VMs. Additionally, the company needs to offload Transport Layer Security (TLS) termination to a single service and route requests based on the URL path (e.g., /images to one set of VMs, /api to another). Which Azure service should the company use?

A company is developing a web application that will be deployed to Azure App Service. The application experiences unpredictable spikes in traffic, and the company wants the number of instances to automatically increase during high demand and decrease during low demand to optimize costs. The company also needs to use a custom domain name and ensure the application is accessible over HTTPS. Which App Service plan tier should the company choose?

A company stores critical business data in an Azure Storage account. The data must remain available if a single Azure datacenter experiences a failure (e.g., fire, power outage). The company wants to minimize storage costs. Which storage redundancy option should they choose?

A company runs a web application in two Azure regions: East US and West US. The company wants to route users automatically to the region that provides the lowest network latency. If one region becomes unavailable, all traffic should be rerouted to the healthy region. The company does not need to offload Transport Layer Security (TLS) or perform URL-based routing. Which Azure service should the company use to distribute traffic at the DNS level?

A company runs a production web application on Azure App Service. The development team is working on a new version of the application and wants to deploy it to a staging environment to perform validation tests. After testing, they need to gradually shift a percentage of live user traffic to the new version while monitoring for issues. If any problems occur, they must be able to instantly send all traffic back to the original version with zero downtime. Which Azure App Service feature should the team use to achieve this?

A company has deployed several Windows and Linux virtual machines in an Azure virtual network. For security reasons, the virtual machines have no public IP addresses assigned. The IT administrators need to securely connect to these VMs using Remote Desktop Protocol (RDP) for Windows and Secure Shell (SSH) for Linux without deploying any additional agents on the VMs. The connection must be established directly from the Azure portal, and the service must provide protection against port scanning and brute-force attacks. Which Azure service should the company use?

A financial services company must migrate a critical application to Azure. Regulatory compliance requires that the virtual machines (VMs) hosting this application run on physical servers that are dedicated solely to the company and not shared with any other Azure customer. The company needs full control over server hardware maintenance, including the ability to schedule updates and isolate the environment at the physical layer. Which Azure compute solution should the company use?

A company plans to deploy a critical web application on Azure virtual machines in the West US region. The application must remain available if a single datacenter within that region experiences a complete outage. The company also requires the virtual machines to be connected to each other with low-latency network connectivity. Which Azure feature should the company use to deploy the virtual machines?

A company hosts a web application in the West US region on two Azure virtual machines that are in the same virtual network. The application handles user sessions that must persist on the same virtual machine for the duration of a checkout process. The company needs to load balance incoming HTTP traffic across the two virtual machines. If one virtual machine becomes unhealthy, the load balancer must automatically stop sending new traffic to that machine. Which Azure service should the company use?

Company A deploys several Linux virtual machines (VMs) across multiple Azure availability zones in the West US region. The VMs run a cluster application that needs to read and write data concurrently to a shared file system. The solution must support the Server Message Block (SMB) protocol and must be accessible from all zones with low latency. Which Azure storage service should the company use?

A company has two on-premises data centers connected to each other via a high-speed MPLS link. They plan to migrate several critical workloads to Azure. The network team requires a dedicated, private connection from each on-premises site to Azure that does not traverse the public internet. The connection must provide high bandwidth, low latency, and a Service Level Agreement (SLA) for availability. Which Azure service should the network team provision to meet these requirements?

A company uses Azure Blob Storage to store backup files that must survive a complete regional outage. The company needs the data to be automatically accessible from a secondary region if the primary region becomes unavailable, without any manual failover. Which storage redundancy option should the company use?

A company uses Azure Blob Storage to store compliance documents that are required to be kept for 10 years. The documents are very rarely accessed; on average, only 2-3 requests per year are made, usually for audits. The company needs the lowest possible storage cost. When a document is requested, the company can tolerate a retrieval time of up to 15 hours. Which Azure Blob Storage access tier should the company use?

A company stores sensitive customer transaction records in Azure Blob Storage. The records must be available for read access at all times, even if the primary Azure region becomes unavailable. The company initially configured geo-redundant storage (GRS). During a disaster recovery test, the operations team discovers that although data is replicated to a secondary region, they cannot read the data from the secondary region until a Microsoft-initiated failover occurs. The team needs a solution that provides immediate, continuous read access to the replicated data in the secondary region without waiting for a failover. Which Azure Storage replication option should the company use?

A company plans to deploy a three-tier web application in Azure. The application consists of web servers, application servers, and database servers. The company wants to protect the virtual machines (VMs) from planned maintenance events (e.g., OS updates) and unplanned hardware failures. They want to ensure that at least one VM in each tier remains available during such events. The solution should be deployed entirely within a single Azure region. What should the company use for the VMs?

A company plans to deploy a critical application across two Azure regions for disaster recovery. The compliance team requires that planned maintenance updates (such as OS patches to the underlying Azure infrastructure) must never be applied to both regions at the same time. The company also needs the data stored in the primary region to be automatically replicated to the secondary region. Which Azure architecture feature should the company rely on to meet the requirement of non-simultaneous updates?

A company deploys web servers across Azure regions East US and West Europe. The application must automatically direct each user to the region that provides the lowest network latency, and if an entire region becomes unavailable, traffic must be seamlessly redirected to the remaining healthy region. Which Azure service should the company use?

A company runs a customer-facing e-commerce platform on multiple Azure virtual machines behind a load balancer. The platform experiences unpredictable traffic spikes during promotions. The operations team needs a solution that automatically adds new virtual machines when CPU utilization exceeds 80% and removes virtual machines when utilization drops below 30%. The solution must also ensure that if a virtual machine fails, the load balancer immediately stops routing traffic to it. Which Azure compute service should the team use?

A company manages 50 Azure SQL Databases, each used by a different department. Each database experiences low average usage (less than 5 DTU on average) but unpredictable hourly peaks that can reach up to 50 DTU for short bursts. The company wants to minimize total cost while ensuring every database can handle its peak load without performance degradation. Which Azure SQL Database deployment option should the company choose?

A company runs a critical application on multiple Azure virtual machines (VMs) in the East US region. The application requires that the VMs are physically separated from any other customer's workloads and that the underlying physical servers are dedicated to this company alone. The compliance team mandates that no other customer's VMs can run on the same physical hardware. Which Azure compute offering should the company use to meet this requirement?

A company has deployed several Azure virtual machines in a VNet. The security policy requires that no VM has a public IP address. However, administrators need to connect to the VMs using RDP and SSH for management. The administrators currently use the Azure portal and must not install any additional client software on their local workstations. Which Azure service should they use to meet these requirements?

A multinational company runs a web application that must serve users from around the world with low latency. The application is deployed in multiple Azure regions. The company also requires built-in protection against distributed denial-of-service (DDoS) attacks at the network layer. The solution must automatically route users to the closest healthy endpoint based on geographic location. Which Azure service should the company use?

A company has deployed applications in two separate Azure virtual networks (VNets) in the East US and West Europe regions. Each VNet contains multiple subnets with application servers and databases. The network team needs to enable direct, private IP connectivity between the VNets, ensuring that all traffic stays within the Azure backbone network and never traverses the public internet. The solution must also provide low latency for cross-region communication. They currently do not need a dedicated private connection to an on-premises datacenter. Which Azure service should they use?

A company runs a multi-tier application on Azure virtual machines in a virtual network. The web tier VMs are in a front-end subnet, and the database tier VMs are in a back-end subnet. Currently, outbound internet traffic from the VMs goes directly to the internet without any inspection or logging. The security team needs a centralized service to inspect all outbound traffic from the virtual network, log the destinations, and reject traffic to malicious domains based on threat intelligence feeds. The solution must also allow rules based on fully qualified domain names (FQDNs) instead of only IP addresses. Which Azure service should the security team deploy?

A company runs a web application on Azure App Service. The application experiences variable traffic patterns with occasional sudden spikes. The company wants to automatically increase the number of instances during high demand and decrease them during low demand to optimize cost and performance. The solution must require no manual intervention after initial configuration. Which Azure App Service feature should the company enable?

A company runs a web application on two Azure virtual machines (VMs) in different availability zones within the same region. The application maintains user session state in memory on the VMs. The company needs a load balancing solution that distributes incoming HTTP requests across both VMs, ensures all requests from a specific user session are routed to the same VM (session persistence), and terminates SSL/TLS to offload encryption from the VMs. Which Azure service should the company use?

A company operates a global e-commerce API that serves customers worldwide. The development team needs a solution that provides the following capabilities: global load balancing across deployed instances in multiple Azure regions, web application firewall (WAF) protection against common exploits like SQL injection and cross-site scripting, TLS termination at the edge to reduce backend processing, and caching of static API responses to improve response times for repeated requests. The team wants a single Azure service that integrates all these features natively. Which Azure service should they use?

A company plans to migrate a legacy application to Azure virtual machines. The application requires a shared file store that can be mounted simultaneously from multiple VMs using the Server Message Block (SMB) protocol. The company needs a fully managed cloud file share that supports SMB 3.0 and integrates with Active Directory Domain Services for authentication. Which Azure service should the company use?

A company hosts a public-facing web application on Azure Virtual Machines in two separate Azure regions for disaster recovery. The application's domain is managed by a third-party registrar. The company needs a solution that can route user traffic to the nearest healthy regional endpoint based on geographic location and provides automatic failover if an entire region becomes unavailable. The solution should not inspect or modify the HTTP traffic (no SSL termination or web application firewall). Which Azure service should the company use?

A startup frequently deploys identical environments for development, testing, and production. They want to ensure all deployments are consistent and follow best practices without manual configuration. They need a declarative JSON-based method to define the entire infrastructure (virtual machines, databases, networking) so that the same template can be reused across environments. Which Azure service should the startup use?

A company stores critical financial data in Azure Blob Storage. The data must remain available even if an entire Azure region becomes unavailable. Additionally, the company needs the ability to read the data from the secondary region immediately during a regional outage, without waiting for Microsoft to initiate a failover. Which storage redundancy option should the company configure?

A global company is designing a disaster recovery solution for a critical application. They plan to deploy the application to two Azure regions. The company wants to minimize the risk of both regions failing simultaneously due to a major platform update or a widespread natural disaster. Which Azure feature provides a specific pairing of regions to meet this goal?

A company has deployed several Azure virtual machines that host a critical internal application. The IT team needs to provide secure remote desktop access to these VMs for system administrators without assigning public IP addresses to the VMs or maintaining a VPN connection. The solution must provide seamless, browser-based RDP connectivity using SSL. Which Azure service should the IT team use?

A company has an on-premises datacenter with critical line-of-business applications. They plan to migrate some workloads to Azure but need a reliable, high-bandwidth, and low-latency connection that does not traverse the public internet. The connection must be dedicated and guaranteed for a consistent network experience. Which Azure service should the company use?

A company deploys three Azure virtual machines (VMs) that host a critical line-of-business application. All three VMs are located in the same Azure region. The company notices that during planned maintenance events triggered by the Azure platform, such as host OS updates, all three VMs are updated simultaneously, causing the application to become unavailable. The company requires that during such maintenance, at least two VMs remain running to preserve application uptime. Which Azure feature should the company implement to logically group the VMs and ensure they are updated in separate batches?

A company's data engineering team needs to process CSV files that are uploaded to an Azure Blob Storage container. For each uploaded file, the team must run a custom Python script to clean and transform the data. The team wants a solution that automatically triggers the script upon file upload, does not require them to manage any virtual machines or containers, and charges only when code executes. Which Azure service should the team use?

A company plans to deploy a web application on Azure Virtual Machines. The solution must remain available even if a physical datacenter in the region experiences a complete outage. The company wants to use the simplest and most cost-effective architecture that meets this requirement within a single Azure region. What should the company configure?

A company is designing a highly available application deployment in Azure. The solution must ensure that virtual machines are placed in physically separate data centers within the same Azure region to protect against a single data center failure. Which Azure feature should the company use?

A manufacturing company is building a web-based dashboard to display real-time production metrics from sensors. The development team wants to deploy the application without managing the underlying infrastructure, including the web server and operating system. The application uses ASP.NET Core. Which Azure service should they use?

A company is designing a disaster recovery solution for a critical application. The solution must ensure that if an entire Azure region becomes unavailable due to a natural disaster, the application can fail over to a different region. The company wants to minimize latency between the primary and secondary regions for data replication. Which Azure feature should the company use?

An international e-commerce company has deployed its web application in two Azure regions to serve customers globally. The solution must automatically route users to the region with the lowest latency, provide high availability with automatic failover if one region becomes unavailable, and protect the application from common web exploits such as SQL injection and cross-site scripting at the edge. Which Azure service should the company use?

A software company develops a microservices application using Docker containers. The application consists of multiple services that need to be deployed, scaled, and managed together. The company wants to use Azure to orchestrate and manage these containers without provisioning or managing the underlying virtual machines. Which Azure service should they use?

A company runs a latency-sensitive application on Azure virtual machines and needs to connect its on-premises data center to Azure. The connection must offer high reliability, predictable performance, and a service-level agreement (SLA) from the connectivity provider. It must also bypass the public internet for security and performance reasons. Which Azure service should the company use?

A company uses Azure Blob Storage to store archival backups of financial records. The company requires that the data is protected against a complete regional outage by replicating it to another Azure region. However, they do not need to access the replicated copy unless the primary region fails. The company wants to minimize storage costs while meeting this requirement. Which type of storage replication should the company configure?

A company has deployed several virtual machines in an Azure virtual network. The IT administrators need to connect to these VMs using RDP and SSH from the internet. However, the company's security policy prohibits assigning any public IP addresses to the VMs and also prohibits exposing the VMs directly to the internet. The solution must be fully managed by Azure and require no additional infrastructure in the virtual network. Which Azure service should the company use?

A company has an on-premises data center with a site-to-site VPN connection to Azure. The company wants to ensure that the connection remains secure by encrypting all traffic between the on-premises network and Azure virtual network. The connection must be established over the public internet. Which Azure service should the company use to create this encrypted tunnel?

A company runs an e-commerce application on multiple Azure virtual machines in a single region. The IT team needs to distribute incoming web traffic across the VMs, offload SSL/TLS termination to improve VM performance, and route requests based on URL path (for example, /images to one pool of VMs and /api to another). The solution must handle these requirements within a single Azure region. Which Azure service should the company use?

A company is migrating a legacy on-premises application to Azure. The application runs on multiple Windows Server virtual machines and requires a shared file system that multiple servers can mount simultaneously using the SMB protocol. The data must also be accessible from on-premises servers in a hybrid configuration. The IT team wants to minimize management overhead and avoid provisioning additional servers solely for file sharing. Which Azure service should they use?

A company is deploying two Azure virtual machines that host a critical line-of-business application. The application is stateful and requires that the VMs are located in the same datacenter but on separate physical hardware to protect against a rack-level failure. Additionally, the VMs must be updated during Azure platform maintenance in a staggered manner to ensure the application remains available. Which Azure feature should the company configure for these VMs?

A company hosts a public-facing e-commerce website on Azure virtual machines deployed in two Azure regions (East US and West Europe). The company wants to automatically route users to the region that provides the lowest network latency based on their geographic location. The solution must use DNS-based traffic routing and does not require terminating HTTP traffic at the load balancer. Which Azure service should the company use?

A company develops a data processing application that runs only when new files are uploaded to an Azure Blob Storage container. The application must scale automatically to handle hundreds of simultaneous file uploads and must not incur cost when no files are being processed. The development team wants the simplest solution that requires no infrastructure management. Which Azure compute service should they use?

A company is migrating a customer-facing web application to Azure. The application requires a relational database with built-in high availability, automatic backups, and automatic patching of the database engine. The development team is familiar with SQL Server and wants to minimize administrative overhead. They do not want to manage virtual machines or operating systems. Which Azure database service should the team choose?

A company stores historical sales data in Azure Blob Storage. The data is accessed frequently during the first 30 days after upload, but after that, it is rarely accessed. The company wants to automatically move blobs to a lower-cost storage tier after 30 days without any manual scripting or custom code. Which Azure feature should they use?

A company runs a critical application on-premises and plans to extend its data center to Azure. The company needs a dedicated, private network connection between the on-premises network and Azure that bypasses the public internet. The connection must provide higher bandwidth and more reliable, lower-latency connectivity than a site-to-site VPN. The company also requires a Service Level Agreement (SLA) for the connection's availability. Which Azure service should the company use?

A company is deploying a business-critical application on Azure virtual machines in the East US region. The application's managed disks must remain available even if an entire Azure datacenter experiences an outage. The company does not require cross-region disaster recovery. Which storage redundancy option should they select for the managed disks?

A company plans to deploy a mission-critical application on Azure virtual machines. The application must remain available if a single Azure datacenter fails. The company chooses to deploy the VMs in the East US Azure region. The solution should provide the highest availability within that single region. What should the company configure?

A company plans to migrate a multi-tier web application to Azure. The frontend web tier must automatically scale out based on CPU utilization, and Microsoft must manage the underlying virtual machines and operating system. The backend tier requires a relational database with built-in high availability and automatic backups. The company wants to minimize administrative overhead. Which two Azure services should the company use?

A company has three Azure subscriptions: one for the engineering department, one for marketing, and one for finance. The central IT team needs to apply a common set of Azure Policy definitions (e.g., allowed locations for resources) that must be enforced across all three subscriptions. Additionally, each department manager must be able to apply custom policies that only affect their own subscription. The IT team wants to organize the subscriptions into a hierarchy where they can assign the common policy at the top level and delegate custom policy assignment at the subscription level. Which Azure feature should the IT team use to create this hierarchical structure?

A company has a global web application deployed on Azure virtual machines in three separate Azure regions: West US, West Europe, and Southeast Asia. The application must automatically direct each user to the region that is geographically closest to the user's location in order to minimize latency. The solution must expose a single DNS name that does not change if regions are added or removed. The company does not need to offload SSL certificates or perform URL-based routing at the global level. Which Azure service should the company use to meet these requirements?

A company plans to use an infrastructure-as-code approach to deploy its Azure resources. The company wants to define all resources (virtual networks, virtual machines, storage accounts) in a declarative JSON file. This file must ensure that resources are created in the correct order, handle dependencies automatically, and allow the same configuration to be deployed to multiple environments (dev, test, production) with parameterized values. The solution should be a native Azure feature. Which Azure feature should the company use?

A company is developing a REST API that processes incoming HTTP requests. The API usage is highly unpredictable; sometimes it receives thousands of requests per minute, and at other times it receives zero requests for hours. The company wants to pay only for the compute time consumed when the API code is actually executing. They also want Microsoft to automatically handle scaling and maintenance of the underlying server infrastructure. Which Azure compute service should the company use?

A company stores a critical database in Azure Blob Storage. The data must remain available even if an entire Azure datacenter fails. The company uses the East US region, which supports availability zones. They want the lowest-cost storage redundancy option that protects against a full datacenter failure while keeping all data within the East US region. Which redundancy option should they choose?

A global e-commerce company needs to store product catalog data that must be available for reads and writes from multiple Azure regions simultaneously. The application requires consistently low latency (single-digit milliseconds) for writes from any region, and the database must automatically replicate all changes across regions with conflict resolution. The company wants a fully managed database service with native multi-region write support. Which Azure database service should the company use?

A company plans to deploy a critical application in two Azure regions to ensure disaster recovery. The company wants to guarantee that during a major regional outage, the recovery region is physically separated from the primary region and that planned maintenance updates are rolled out sequentially to minimize downtime. Which Azure feature should the company leverage when selecting the secondary region?

A company runs a critical ERP system on-premises and plans to extend the application to Azure IaaS VMs for burst capacity. The network team requires a dedicated, private connection between the on-premises data center and Azure that does not traverse the public internet. The connection must offer consistent latency, high bandwidth options up to 10 Gbps, and a financially backed SLA for availability. Which Azure service should the team provision to meet these requirements?

A global e-commerce company has web applications deployed on Azure virtual machines in the West US and West Europe regions. The company needs a single, global HTTP-based entry point that can perform SSL offloading, route requests based on the URL path (e.g., /api to one backend pool, /images to another), and provide a web application firewall (WAF) to protect against common web attacks. Additionally, the solution must automatically direct users to the closest regional deployment to minimize latency. Which Azure service should the company use?

A company plans to containerize a legacy web application and run it on Azure. The application experiences variable traffic volumes, with periodic spikes during lunch hours and weekends. The company wants the solution to automatically increase the number of running container instances during high demand and reduce them during low demand, without requiring any manual intervention or management of server infrastructure. Which Azure compute service should the company use?

A company plans to migrate its on-premises SQL Server database to Azure. The database uses many features including SQL Server Agent jobs, cross-database queries, and CLR integration. The company wants a fully managed PaaS service that minimizes application code changes and supports native virtual network (VNet) integration without requiring a private endpoint. Which Azure service should the company use?

A company runs a critical order-processing application on two Azure virtual machines in the West US region. The application must remain available even if an entire datacenter in that region experiences a complete outage. The company wants to place the two VMs in separate physical locations within the same region to provide fault tolerance against a datacenter-level failure. Which Azure feature should they use?

A company stores critical customer data in Azure Blob Storage. The compliance team requires that the data remains available for read operations even if the primary Azure region experiences a complete outage. They plan to use an Azure storage redundancy option that automatically replicates data to a secondary region and allows read access from that secondary region during an outage, without requiring any manual failover action. Which storage redundancy option should they configure on the storage account?

A company runs its line-of-business application on a virtual machine in an on-premises data center. The business continuity team wants to replicate the entire server (including operating system, applications, and data) to Azure so that if the on-premises site fails, the workload can be quickly started in an Azure region. The team also needs the ability to perform non-disruptive disaster recovery drills to validate the failover process. Which Azure service should the team use?

A company wants to proactively identify Azure resources that are misconfigured and could lead to security vulnerabilities, such as virtual machines with open management ports or unencrypted storage accounts. They also need to get prioritized recommendations for remediating these issues. Which Azure service should the company use?

A company plans to migrate their on-premises file server to Azure. The file server stores shared documents that are accessed by multiple Windows and Linux virtual machines using the SMB protocol. The company wants a fully managed cloud file share that can be mounted simultaneously by multiple VMs, and they want to minimize management overhead. Which Azure service should they use?

A company develops a web API that runs on Azure App Service. The development team wants to deploy a new version of the API to a staging environment, run integration tests against it, and then gradually shift production traffic to the new version. If any issues are detected, they want to immediately roll back to the previous version without redeploying. Which Azure App Service feature should the team use to meet these requirements?

A company has deployed several Azure virtual machines in a virtual network. The security policy requires that administrators must be able to connect to these VMs using Remote Desktop Protocol (RDP) from the Azure portal, but the VMs must not have any public IP addresses assigned. The company wants to minimize management overhead and avoid deploying additional jump-box virtual machines. Which Azure service should they use?

A company plans to deploy a mission-critical application on three Azure virtual machines. The application must remain available even if an entire Azure datacenter becomes unavailable due to a catastrophic event like a fire or flood. The company wants to deploy the VMs across multiple physical locations within a single Azure region, with each location having independent power, cooling, and networking. Which Azure feature should the company use?

A company runs an Azure SQL Database that stores sensitive customer data. The security team mandates that all traffic to the database must remain entirely within the Microsoft Azure backbone network and never traverse the public internet. The database can only be accessed by a specific application running on virtual machines in a specific Azure virtual network. Which Azure feature should they configure to meet this requirement?

A multinational e-commerce company runs its customer-facing web application on Azure virtual machines deployed in two Azure regions: East US and West Europe. The company wants to automatically route user traffic to the nearest regional deployment based on the user's geographic location. Additionally, if one region becomes unavailable, all traffic should automatically be redirected to the remaining healthy region. The company wants a solution that works at the DNS level and does not require terminating HTTPS traffic at the routing layer. Which Azure service should they use?

A development team is building a proof-of-concept microservice that is packaged as a Docker container. They want to deploy it to Azure with the fastest provisioning time and the least operational overhead. The team does not need to manage virtual machines, orchestrate multiple containers, or configure scaling rules. Which Azure compute service should they use?

A US-based financial services company must ensure that all customer data remains within the United States at all times to comply with regulatory requirements. The company plans to replicate its Azure SQL database between two Azure regions for disaster recovery. The solution must guarantee that if a region experiences a major outage, the paired region is prioritized for recovery. Additionally, the solution should ensure that during planned maintenance, only one region in the pair is updated at a time. Which Azure architecture feature should the company use?

A company deploys two Azure virtual machines (VMs) into the same availability set. The first VM runs a web server and the second runs a database server. The company's primary concern is that during Azure platform maintenance events (e.g., OS updates to the underlying host) or in the event of a hardware failure in the datacenter, both VMs should not be impacted at the same time. Which benefit does placing the VMs in the same availability set provide?

A company is building a mobile app backend that handles HTTP requests from thousands of users. The traffic pattern is highly unpredictable: there can be sudden spikes to hundreds of requests per second followed by long periods of no activity. The development team wants a solution that automatically scales from zero to hundreds of instances based on demand, and they want to pay only for the compute time consumed when the code is actually executing. They do not want to manage any underlying infrastructure, such as virtual machines or containers. Which Azure compute service should they choose?

A company runs a critical transaction-processing application on Azure virtual machines in the East US region. The application writes data to Azure managed disks and also stores files in Azure Blob Storage. The company's disaster recovery policy requires that all storage data must survive a complete failure of an Azure availability zone within the same region without any data loss. The solution must use synchronous replication and must not replicate data to a different Azure region. Which Azure storage redundancy option should the company configure for the Blob Storage account?

A company has multiple on-premises file servers that store user home directories and department shares. The company wants to migrate these file shares to Azure Files to eliminate on-premises server maintenance. However, users frequently access large files, and the company wants to cache the most frequently accessed files locally on a small Windows Server machine at each branch office to minimize latency and bandwidth usage. The company also wants a single unified namespace so users can access files using the same path regardless of whether the files are cached locally or stored in Azure. Which Azure service should the company use?

A company has two Azure virtual networks: VNet-A in the East US region and VNet-B in the West US region. Both virtual networks use non-overlapping IP address spaces and are deployed in different resource groups. The company needs to enable communication between resources in VNet-A and VNet-B using private IP addresses only, with low latency and without any traffic traversing the public internet. The solution must not require deploying a virtual network gateway or any additional network appliance. Which Azure service should the company use?

A company runs several Azure virtual machines (VMs) in a virtual network. Administrators need to connect to these VMs using Remote Desktop Protocol (RDP) to perform maintenance tasks. The security team mandates that the VMs must not have any public IP addresses assigned. All RDP traffic must be routed through a fully managed Azure service that provides secure TLS-based access directly from the Azure portal, without requiring any client software installation on the administrator's workstation. Which Azure service should the company use?

A company runs an on-premises line-of-business application that uses a SQL Server database. The database currently has 500 GB of data and is accessed by 50 users simultaneously. The company is planning to migrate this database to Azure. The IT team wants to minimize administrative overhead for patching the operating system and database engine, and for performing automated backups with point-in-time restore. The team also wants the ability to scale compute and storage independently without managing virtual machines. Which Azure service should they choose?

A company deploys a critical application on Azure virtual machines across three different availability zones in the East US region. The application is designed to handle the failure of one zone by automatically failing over to the remaining healthy zones. Which type of failure does this architecture primarily protect against?

A global e-commerce company runs its website on Azure virtual machines in two different Azure regions: West US and East US. The company wants to distribute incoming web traffic to the region that provides the lowest latency for each user. Additionally, if one region becomes unavailable, all traffic should automatically fail over to the healthy region. The solution must not require any changes to the web application code. Which Azure service should the company use?

A company is migrating its on-premises batch processing jobs to Azure. The jobs are triggered by file uploads to an on-premises file share. After migration, the files will be uploaded to Azure Blob Storage. The company wants a solution where code runs automatically whenever a new blob is created, with no requirement to manage servers or containers. The code must process the blob and then terminate. Compute resources should be used only when there is a file to process. Which Azure compute service should the company use?

A company stores sensitive customer data in an Azure Blob Storage account. The company's security policy requires that all data traffic between the virtual network (VNet) and the storage account must never traverse the public internet. Additionally, the storage account must remain accessible from an on-premises data center through a Site-to-Site VPN connection. Which Azure feature should the company configure on the storage account?

A global retail company hosts its e-commerce web application on Azure virtual machines in three Azure regions: West Europe, East US, and Southeast Asia. The application must provide a single HTTPS entry point for customers worldwide. The company requires the solution to: route each user to the region that provides the best performance (lowest latency), automatically redirect traffic to a healthy region if one becomes unavailable, and protect the application from common web vulnerabilities such as SQL injection and cross-site scripting (XSS) by inspecting all incoming HTTP/HTTPS traffic at the edge. Which Azure service should the company use?

A company is migrating a legacy application to Azure. The application stores data on a network file share that is accessed using the SMB protocol. After migration, multiple Azure virtual machines must be able to mount the same file share simultaneously. The company wants a fully managed service that eliminates the need to maintain a file server. Which Azure storage service should the company use?

A company stores compliance logs in Azure Blob Storage. The logs must remain available even if an entire Azure datacenter within the primary region fails. The company is cost-conscious and wants to minimize storage costs while meeting this availability requirement. The company does not need to access the data from a secondary location during a disaster. Which storage replication option should the company choose?