Question 1hardmultiple choice
Full question →hardmultiple choiceObjective-mapped
A company stores large archives of legal documents in Azure Blob Storage. The documents must remain immutable; they cannot be modified or deleted for 7 years due to regulatory requirements. The data is accessed only for compliance audits, which occur less than once a year. The company wants to minimize storage costs while ensuring immutability and data durability. Which combination of features should they configure?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
Cool access tier with a time-based retention policy
The Cool tier is more expensive than Archive for data accessed less than once a year. It meets immutability with the retention policy, but does not minimize storage costs.
B
Best answer
Archive access tier with a time-based retention policy
The Archive tier is the lowest cost storage tier for rarely accessed data. Combined with a time-based retention policy, it enforces immutability for 7 years while minimizing costs.
C
Distractor review
Hot access tier with versioning enabled
The Hot tier is expensive for data accessed infrequently. Versioning allows overwriting, which does not prevent deletion of current versions, and does not enforce a fixed retention period.
D
Distractor review
Archive access tier with legal hold
Legal hold prevents deletion indefinitely, but it does not allow a fixed 7-year policy and is intended for litigation holds. Time-based retention is a better fit for a defined retention period.
Common exam trap
Common exam trap: NAT rules depend on direction and matching traffic
NAT is not only about the public address. The inside/outside interface roles and the ACL or rule that matches traffic are just as important.
Technical deep dive
How to think about this question
NAT questions usually test address translation, overload/PAT behaviour, static mappings and whether the right traffic is being translated. Read the interface direction and address terms carefully.
KKey Concepts to Remember
- Static NAT maps one inside address to one outside address.
- PAT allows many inside hosts to share one public address using ports.
- Inside local and inside global describe the private and translated addresses.
- NAT ACLs identify traffic for translation, not always security filtering.
TExam Day Tips
- Identify inside and outside interfaces first.
- Check whether the scenario needs static NAT, dynamic NAT or PAT.
- Do not confuse NAT matching ACLs with normal packet-filtering intent.
Related practice questions
Related DP-900 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A data engineer needs to process streaming data from IoT devices and store the results in Azure Data Lake Storage for long-term analytics. The data must be processed in near real-time to detect anomalies and trigger alerts. Which Azure service should the engineer use for stream processing?
Question 2
A data engineer needs to query data stored in CSV files in Azure Data Lake Storage Gen2 using T-SQL in Azure Synapse Analytics, without loading the data into the database. Which feature should they use?
Question 3
A data engineer needs to process raw clickstream data from multiple websites that is stored in Azure Blob Storage as JSON files. The processing must run automatically every hour, transform the data into a structured format for reporting, and handle schema changes in the source data without manual intervention. Which Azure service should be used?
Question 4
A data engineer is designing a data lake architecture in Azure. They plan to first ingest raw data from various sources into a landing zone in Azure Data Lake Storage Gen2. Then they will clean, validate, and deduplicate that data in a second zone. Finally, they will create aggregated, business-ready datasets in a third zone for analysts. This layered approach is known as which architecture?
Question 5
A data engineer needs to transform large datasets stored in Azure Data Lake Storage Gen2 using Python and Apache Spark. They want a serverless compute option that automatically scales and requires no cluster management. Which Azure service should they use?
Question 6
A company collects customer feedback forms. Each form contains always-present fields like CustomerID and SubmissionDate, but also a free-text Comments field and optional fields like Rating or ProductCategory that vary between forms. How should this data be classified?
FAQ
Questions learners often ask
What does this DP-900 question test?
Static NAT maps one inside address to one outside address.
What is the correct answer to this question?
The correct answer is: Archive access tier with a time-based retention policy — To meet the 7-year immutability requirement and minimize costs, the best strategy is to use the Archive access tier (the cheapest tier for rarely accessed data) and enable immutable blob storage with a time-based retention policy. This ensures documents cannot be deleted or overwritten for the specified period and storage costs are minimized. Other options either fail the immutability requirement or result in higher costs.
What should I do if I get this DP-900 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.