microsoft Azure certification practice exam — 200 Questions and
Answers Already Graded A+ Premium Exam Tested And
Verified
Subject Area Microsoft Azure Cloud Computing
Description This practice exam assesses advanced proficiency in designing, implementing,
and managing Microsoft Azure solutions. It covers core infrastructure, security,
governance, data storage, networking, and monitoring, aligned with the Azure
Solutions Architect Expert and Azure Administrator Associate certifications.
Expected Grade A+
Total Questions 200
Duration 3 hours
Learning Outcomes 1. Design and implement scalable, resilient, and secure Azure architectures
2. Manage Azure identities, governance, and compliance using Azure Policy,
RBAC, and Blueprints
3. Optimize cost, performance, and reliability of Azure storage and compute
resources
4. Configure and troubleshoot advanced networking scenarios including hybrid
connectivity and traffic management
Accreditation This exam adheres to the rigorous standards of US university graduate-level
professional certification exams, equivalent to Stanford's advanced cloud
computing courses.
Page 1
,1. You are designing a multi-region disaster recovery strategy for a critical
application deployed on Azure Virtual Machines. The application requires a
Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective
(RTO) of 1 hour. You have chosen to use Azure Site Recovery (ASR) for replication.
Which combination of replication policy settings and failover options meets the
requirements?
A. Replicate with 5-minute frequency and use planned failover.
B. Replicate with 15-minute frequency and use test failover.
C. Replicate with 30-minute frequency and use unplanned failover.
D. Replicate with 5-minute frequency and use unplanned failover.
Answer: A. Replicate with 5-minute frequency and use planned failover.
Planned failover ensures zero data loss by synchronizing disks before failover, meeting
RPO=0 effectively. With 5-minute replication, the actual RPO is "d5 min, satisfying the
15-min requirement. Unplanned failover may cause data loss up to the replication
frequency. Test failover does not actually fail over. 30-minute frequency exceeds the
RPO.
2. An Azure subscription contains a virtual network (VNet) with a subnet named
'GatewaySubnet'. You deploy a Point-to-Site (P2S) VPN gateway using IKEv2 and
OpenVPN. The P2S VPN client address pool is 192.168.0.0/24. The VNet address
space is 10.0.0.0/16. You need to ensure that clients using the P2S VPN can resolve
the private IP addresses of Azure VMs via the default Azure DNS (168.63.129.16).
What must be configured?
A. Set the P2S VPN client DNS server to 168.63.129.16 in the VPN gateway configuration.
B. Add a custom DNS server to the VNet and configure the P2S VPN client to use it.
C. Configure the VPN client to use Azure Private DNS zones.
D. No additional configuration is needed; Azure DNS is automatically used by P2S clients.
Answer: A. Set the P2S VPN client DNS server to 168.63.129.16 in the VPN
gateway configuration.
By default, P2S VPN clients do not use Azure DNS. You must explicitly specify the DNS
server IP address (168.63.129.16) in the VPN gateway's Point-to-Site configuration.
Option D is incorrect because the default behavior does not propagate Azure DNS.
Custom DNS (B) is unnecessary. Private DNS zones (C) are for custom domains, not
default resolution.
Page 2
,3. You are designing a cost-optimized storage solution for a large-scale data lake.
The data is accessed frequently for the first 30 days, then rarely after 90 days, and
must be retained for 7 years for compliance. The data is append-only and never
modified. You need to minimize storage costs while ensuring durability and
low-latency access during the first 30 days. Which Azure Storage account type and
tier lifecycle strategy should you implement?
A. General-purpose v2 (GPv2) with Blob Storage, and a lifecycle management policy to
move blobs from Hot to Cool after 30 days, then to Archive after 90 days.
B. BlockBlobStorage account with Premium tier, and a lifecycle policy to move blobs to
Cool after 30 days, then to Archive after 90 days.
C. General-purpose v2 (GPv2) with Blob Storage, and a lifecycle policy to move blobs from
Hot to Cool after 30 days, then delete after 7 years.
D. BlobStorage account (legacy) with Hot tier, and a lifecycle policy to move blobs to Cool
after 30 days, then to Archive after 90 days.
Answer: A. General-purpose v2 (GPv2) with Blob Storage, and a lifecycle
management policy to move blobs from Hot to Cool after 30 days, then to Archive
after 90 days.
GPv2 accounts support all storage tiers and lifecycle management. Hot tier provides
low-latency access for the first 30 days. Moving to Cool after 30 days reduces cost for
infrequent access, and Archive after 90 days minimizes cost for long-term retention (7
years). Premium (B) is unnecessary and costly. Deleting (C) violates retention
requirement. Legacy BlobStorage (D) is deprecated and lacks features.
Page 3
, 4. You have an Azure subscription with 200 virtual machines (VMs) running
Windows Server and Linux. You need to ensure that all VMs are automatically
patched with the latest security updates every month. The patching must occur
during a maintenance window defined in a schedule. You want to minimize
administrative overhead and avoid manual updates. Which solution should you
implement?
A. Configure Azure Automation Update Management for each VM using a single Azure
Automation account with a schedule linked to a Log Analytics workspace.
B. Deploy a custom script extension on each VM that checks for updates and installs them
via Windows Update or apt-get.
C. Use Azure Policy to enforce that VMs are patched by assigning the 'Deploy prerequisites
for automatic VM patching' initiative.
D. Enable automatic VM guest patching on each VM through the Azure portal, and
configure a maintenance configuration for the schedule.
Answer: A. Configure Azure Automation Update Management for each VM using
a single Azure Automation account with a schedule linked to a Log Analytics
workspace.
Azure Automation Update Management provides a centralized, schedule-driven
patching solution with compliance reporting, ideal for large-scale environments. Option
D (automatic guest patching) is only available for VMs created from certain
marketplace images and does not support custom schedules; it uses the platform's
default maintenance window. Custom scripts (B) are not scalable. Azure Policy (C) can
only audit or deploy prerequisites, not schedule patching.
Page 4
Answers Already Graded A+ Premium Exam Tested And
Verified
Subject Area Microsoft Azure Cloud Computing
Description This practice exam assesses advanced proficiency in designing, implementing,
and managing Microsoft Azure solutions. It covers core infrastructure, security,
governance, data storage, networking, and monitoring, aligned with the Azure
Solutions Architect Expert and Azure Administrator Associate certifications.
Expected Grade A+
Total Questions 200
Duration 3 hours
Learning Outcomes 1. Design and implement scalable, resilient, and secure Azure architectures
2. Manage Azure identities, governance, and compliance using Azure Policy,
RBAC, and Blueprints
3. Optimize cost, performance, and reliability of Azure storage and compute
resources
4. Configure and troubleshoot advanced networking scenarios including hybrid
connectivity and traffic management
Accreditation This exam adheres to the rigorous standards of US university graduate-level
professional certification exams, equivalent to Stanford's advanced cloud
computing courses.
Page 1
,1. You are designing a multi-region disaster recovery strategy for a critical
application deployed on Azure Virtual Machines. The application requires a
Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective
(RTO) of 1 hour. You have chosen to use Azure Site Recovery (ASR) for replication.
Which combination of replication policy settings and failover options meets the
requirements?
A. Replicate with 5-minute frequency and use planned failover.
B. Replicate with 15-minute frequency and use test failover.
C. Replicate with 30-minute frequency and use unplanned failover.
D. Replicate with 5-minute frequency and use unplanned failover.
Answer: A. Replicate with 5-minute frequency and use planned failover.
Planned failover ensures zero data loss by synchronizing disks before failover, meeting
RPO=0 effectively. With 5-minute replication, the actual RPO is "d5 min, satisfying the
15-min requirement. Unplanned failover may cause data loss up to the replication
frequency. Test failover does not actually fail over. 30-minute frequency exceeds the
RPO.
2. An Azure subscription contains a virtual network (VNet) with a subnet named
'GatewaySubnet'. You deploy a Point-to-Site (P2S) VPN gateway using IKEv2 and
OpenVPN. The P2S VPN client address pool is 192.168.0.0/24. The VNet address
space is 10.0.0.0/16. You need to ensure that clients using the P2S VPN can resolve
the private IP addresses of Azure VMs via the default Azure DNS (168.63.129.16).
What must be configured?
A. Set the P2S VPN client DNS server to 168.63.129.16 in the VPN gateway configuration.
B. Add a custom DNS server to the VNet and configure the P2S VPN client to use it.
C. Configure the VPN client to use Azure Private DNS zones.
D. No additional configuration is needed; Azure DNS is automatically used by P2S clients.
Answer: A. Set the P2S VPN client DNS server to 168.63.129.16 in the VPN
gateway configuration.
By default, P2S VPN clients do not use Azure DNS. You must explicitly specify the DNS
server IP address (168.63.129.16) in the VPN gateway's Point-to-Site configuration.
Option D is incorrect because the default behavior does not propagate Azure DNS.
Custom DNS (B) is unnecessary. Private DNS zones (C) are for custom domains, not
default resolution.
Page 2
,3. You are designing a cost-optimized storage solution for a large-scale data lake.
The data is accessed frequently for the first 30 days, then rarely after 90 days, and
must be retained for 7 years for compliance. The data is append-only and never
modified. You need to minimize storage costs while ensuring durability and
low-latency access during the first 30 days. Which Azure Storage account type and
tier lifecycle strategy should you implement?
A. General-purpose v2 (GPv2) with Blob Storage, and a lifecycle management policy to
move blobs from Hot to Cool after 30 days, then to Archive after 90 days.
B. BlockBlobStorage account with Premium tier, and a lifecycle policy to move blobs to
Cool after 30 days, then to Archive after 90 days.
C. General-purpose v2 (GPv2) with Blob Storage, and a lifecycle policy to move blobs from
Hot to Cool after 30 days, then delete after 7 years.
D. BlobStorage account (legacy) with Hot tier, and a lifecycle policy to move blobs to Cool
after 30 days, then to Archive after 90 days.
Answer: A. General-purpose v2 (GPv2) with Blob Storage, and a lifecycle
management policy to move blobs from Hot to Cool after 30 days, then to Archive
after 90 days.
GPv2 accounts support all storage tiers and lifecycle management. Hot tier provides
low-latency access for the first 30 days. Moving to Cool after 30 days reduces cost for
infrequent access, and Archive after 90 days minimizes cost for long-term retention (7
years). Premium (B) is unnecessary and costly. Deleting (C) violates retention
requirement. Legacy BlobStorage (D) is deprecated and lacks features.
Page 3
, 4. You have an Azure subscription with 200 virtual machines (VMs) running
Windows Server and Linux. You need to ensure that all VMs are automatically
patched with the latest security updates every month. The patching must occur
during a maintenance window defined in a schedule. You want to minimize
administrative overhead and avoid manual updates. Which solution should you
implement?
A. Configure Azure Automation Update Management for each VM using a single Azure
Automation account with a schedule linked to a Log Analytics workspace.
B. Deploy a custom script extension on each VM that checks for updates and installs them
via Windows Update or apt-get.
C. Use Azure Policy to enforce that VMs are patched by assigning the 'Deploy prerequisites
for automatic VM patching' initiative.
D. Enable automatic VM guest patching on each VM through the Azure portal, and
configure a maintenance configuration for the schedule.
Answer: A. Configure Azure Automation Update Management for each VM using
a single Azure Automation account with a schedule linked to a Log Analytics
workspace.
Azure Automation Update Management provides a centralized, schedule-driven
patching solution with compliance reporting, ideal for large-scale environments. Option
D (automatic guest patching) is only available for VMs created from certain
marketplace images and does not support custom schedules; it uses the platform's
default maintenance window. Custom scripts (B) are not scalable. Azure Policy (C) can
only audit or deploy prerequisites, not schedule patching.
Page 4
