AZ-220 Practice Questions Free – 50 Exam-Style Questions to Sharpen Your Skills
Are you preparing for the AZ-220 certification exam? Kickstart your success with our AZ-220 Practice Questions Free – a carefully selected set of 50 real exam-style questions to help you test your knowledge and identify areas for improvement.
Practicing with AZ-220 practice questions free gives you a powerful edge by allowing you to:
- Understand the exam structure and question formats
- Discover your strong and weak areas
- Build the confidence you need for test day success
Below, you will find 50 free AZ-220 practice questions designed to match the real exam in both difficulty and topic coverage. They’re ideal for self-assessment or final review. You can click on each Question to explore the details.
HOTSPOT - You are developing an Azure IoT Edge solution that has the following requirements: • Each IoT Edge device must be deployed behind a firewall that only allows internet access over port 443. • The number of connections from each IoT Edge device to an Azure IoT hub must be minimized. • Each IoT Edge device must act as a gateway for the leaf devices on a private network. • The container solution must be supported by Microsoft in production. What should you recommend as a container solution and an upstream protocol for the IoT Edge devices? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices. All the IoT devices are provisioned automatically by using one enrollment group. You need to temporarily disable the IoT devices from the connecting to the IoT hub. Solution: From the Device Provisioning Service, you disable the enrollment group, and you disable device entries in the identity registry of the IoT hub to which the IoT devices are provisioned. Does the solution meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Stream Analytics job that receives input from an Azure IoT hub and sends the outputs to Azure Blob storage. The job has compatibility level 1.1 and six streaming units. You have the following query for the job.You plan to increase the streaming unit count to 12. You need to optimize the job to take advantage of the additional streaming units and increase the throughput. Solution: You change the compatibility level of the job to 1.2. Does this meet the goal?
A. Yes
B. No
You have 1,000 devices that connect to an Azure IoT hub. You are performing a scheduled check of deployed IoT devices. You plan to run the following command from the Azure CLI prompt. az iot hub query --hub-name hub1 --query-command "SELECT * FROM devices WHERE connectionState = 'Disconnected'" What does the command return?
A. the Device Disconnected events
B. the device twins
C. the Connections logs
D. the device credentials
You have an Azure IoT hub. You need to check whether the IoT hub was affected by an outage. What should you select in the Azure portal? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.
A. Resource health
B. Metrics
C. Alerts
D. Diagnostic settings
You plan to deploy an Azure IoT hub. The solution must ensure that when connecting to the IoT hub, IoT devices can only authenticate by presenting a certificate that is encrypted with a 256-bit AES key and uses a SHA384 hash. You need to configure the Azure Resource Manager (ARM) template to deploy the IoT hub. Which property should you configure?
A. disableLocalAuth
B. authenticationType
C. minTlsVersion
D. authorizationPolicies
You are developing an Azure IoT Central application. You add a new custom device template to the application. You need to add a fixed location value to the device template. The value must be updated by the physical IoT device, read-only to device operators, and not graphed by IoT Central. What should you add to the device template?
A. a Location property
B. a Location telemetry
C. a Cloud property
You have the devices shown in the following table.You are implementing a proof of concept (POC) for an Azure IoT solution. You need to deploy an Azure IoT Edge device as part of the POC. On which two devices can you deploy IoT Edge? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Device1
B. Device2
C. Device3
D. Device4
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains an Azure IoT hub named Hub1 and an Azure IoT Edge device named Device1. You need to configure Device1 to operate in extended offline mode and to support modifying the configuration of modules deployed to Device1 while the device offline. Solution: From Azure Cloud Shell, you run the following Azure CLI command. az lot edge set-modules --device-id Device1 --hub-name Hub1 --content deployment.json Does this meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude. You discover that a device entry in the identity registry of the IoT hub is missing the GPS location. You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device. Solution: You add the desired properties to the device twin. Does the solution meet the goal?
A. Yes
B. No
You have an Azure IoT hub that uses a Device Provisioning Service instance to automate the deployment of Azure IoT Edge devices. The IoT Edge devices have a Trusted Platform Module (TPM) 2.0 chip. From the Azure portal, you plan to add an individual enrollment to the Device Provisioning Service that will use the TPM of the IoT Edge devices as the attestation mechanism. Which detail should you obtain before you can create the enrollment?
A. the scope ID and the Device Provisioning Service endpoint
B. the primary key of the Device Provisioning Service shared access policy and the global device endpoint
C. the X.509 device certificate and the certificate chain
D. the endorsement key and the registration ID
DRAG DROP - You have an Azure subscription that contains an Azure IoT Edge device named Edge1 and an Azure container registry named Registry1. You need to configure Edge1 to connect to Registry1. How should you complete the deployment manifest? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have 1,000 devices that connect to a standard tier Azure IoT hub. All the devices are commissioned and send telemetry events to the built-in IoT Hub endpoint. You configure message enrichment on the events endpoint and set the enrichment value to $twin.tags.ipV4. When you inspect messages on the events endpoint, you discover that all the messages are stamped with a string of "$twin.tags.ipV4". What are two possible causes of the issue? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. The ipV4 tag is a restricted twin property that is unavailable for message enrichment.
B. A standard tier IoT hub does not support device twin properties in message enrichments.
C. The device sending the message has no device twin.
D. Message enrichment cannot be added to messages going to a built-in endpoint.
E. The device twin path used for the value of the enrichment does not exist.
F. The device twin property value used for message enrichment is set to “$twin.tags.ipV4”.
You have an Azure IoT solution that includes a basic tier Azure IoT hub named Hub1 and a Raspberry Pi device named Device1. Device1 connects to Hub1. You back up Device1 and restore the backup to a new Raspberry Pi device. When you start the new Raspberry Pi device, you receive the following error message in the diagnostic logs of Hub1: "409002 LinkCreationConflict." You need to ensure that Device1 and the new Raspberry Pi device can run simultaneously without error. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. On the new Raspberry Pi device, modify the connection string.
B. From Hub1, modify the device shared access policy.
C. Upgrade Hub1 to the standard tier.
D. From Hub1, create a new consumer group.
E. From Hub1, create a new IoT device.
HOTSPOT - You have an Azure IoT solution that uses Azure Digital Twins. You plan to ingest telemetry from an IoT device into a digital twin. You need to create an Azure function that will process the telemetry messages received by the Azure IoT hub and update the digital twin of the IoT device with the new values. How should you complete the code? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure IoT hub and three Azure IoT Edge devices. The device twin code for each device is shown in the following table.A standard automatic deployment is already applied. You have three layered deployments. The deployment code for each deployment is shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure IoT Edge automatic deployment named D1 that deploys a temperature module to five IoT Edge devices. D1 has a deployment priority of 10 and the following module configuration.You need to create a new layered deployment that will add a new twin property named ReportingMode. The new deployment must not overwrite the existing module configurations set by D1. How should you configure the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a remote network that contains an IoT device named Device1 and a firewall named Firewall1. You have an Azure subscription that contains an Azure IoT hub named Hub1. Device1 is registered to Hub1. Firewall1 only allows outbound traffic from Hub1 via TCP port 443. You need to build an app that will connect to Device1 by using SSH on port 22. The solution must minimize costs. What should you configure to connect to Device1?
A. IoT Hub message routing
B. shared access policies
C. Azure Private Link
D. IoT Hub device streams
You have an Azure IoT solution that contains an Azure IoT hub in the S1 - Standard-tier. The IoT hub has four built-in event endpoint partitions. You need to increase the number of partitions to eight. The solution must minimize administrative effort. What should you do?
A. From the Pricing and scale blade of the IoT hub, change the tier to S2 – Standard.
B. From the Pricing and scale blade of the IoT hub, increase the number of IoT Hub units to eight.
C. Create a new IoT hub and set Device-to-cloud partitions to eight.
D. Create a new IoT hub and set the number of IoT Hub units to eight.
You have three Azure IoT hubs named Hub1, Hub2, and Hub3, a Device Provisioning Service instance, and an IoT device named Device1. Each IoT hub is deployed to a separate Azure region. Device enrollment uses the Lowest latency allocation policy. The Device Provisioning Service uses the Lowest latency allocation policy. Device1 is auto-provisioned to Hub1 by using the Device Provisioning Service. Device1 regularly moves between regions. You need to ensure that Device1 always connects to the IoT hub that has the lowest latency. What should you do?
A. Configure device attestation that uses X.509 certificates.
B. Implement device certificate rolling.
C. Disenroll and reenroll Device1.
D. Configure the re-provisioning policy.
DRAG DROP - You have an Azure IoT hub. You plan to attach three types of IoT devices as shown in the following table.You need to select the appropriate communication protocol for each device. What should you select? To answer, drag the appropriate protocols to the correct devices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
DRAG DROP - You have an Azure subscription that contains an Azure IoT hub and 100 IoT devices. The devices connect to the IoT hub by using the Message Queuing Telemetry Transport (MQTT) protocol and authenticate to the IoT hub by using symmetric keys. You need to configure the username and password for the MQTT connection. What should you use? To answer, drag the appropriate components to the correct targets. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
DRAG DROP - You have an Azure IoT Central application. You need to connect IoT devices that use SAS tokens to the application without first registering the devices. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
DRAG DROP - You have an Azure IoT Edge solution. You plan to deploy an Azure Security Center for IoT security agent. You need to configure the security agent to meet the following requirements: ✑ Connection events must be reported as high priority. ✑ High priority events must be collected every seven minutes. How should you configure the azureiotsecurity module twin? To answer, drag the appropriate values to the correct locations. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
DRAG DROP - You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices. The IoT devices are allocated to four enrollment groups. Each enrollment group is configured to use certificate attestation. You need to decommission all the devices in a single enrollment group and the enrollment group itself. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You are deploying an Azure IoT Edge solution that includes multiple IoT Edge devices. You need to configure module-to-module routing. To which section of the deployment manifest should you add the routes?
A. storeAndForwardConfiguration
B. $edgeHub
C. modules
D. systemModules
You have an Azure IoT solution that contains 20 IoT devices. Each device typically sends five Message Queuing Telemetry Transport (MQTT) messages per minute. You need to configure an alert to detect which devices have an anomalous MQTT message send rate. What should you do?
A. Create an Azure IoT hub and an IoT alert that has the following settings:• Condition: C2D message deliveries completed• Threshold: Static• Threshold value: 15• Aggregation granularity: 5 minutes
B. Create an Azure IoT hub and an IoT alert that has the following settings:• Condition: C2D message deliveries completed• Threshold: Static• Operator: Greater than• Aggregation type: Average• Threshold value: 30
C. Enable Azure Defender for IoT and create a custom rule that has the following settings:• Custom Alert: Number of device to cloud messages (MQTT protocol) is not in allowed range• Minimal Threshold: 30• Maximum Threshold: 60• Time Window Size: 00:05:00
D. Enable Azure Defender for IoT and create a custom rule that has the following settings:• Custom Alert: Number of device to cloud messages (MQTT protocol) is not in allowed range• Minimal Threshold: 20• Maximum Threshold: 30• Time Window Size: 00:05:00
You have an Azure IoT Hub deployment. You plan to deploy 1,000 IoT devices that will have 1 MB of RAM. The devices will be deployed behind firewalls that block port 443. You need to configure the communication protocol for the devices. The solution must ensure that each device uses unique credentials. Which protocol should you use?
A. AMQP
B. MQTT over WebSockets
C. MQTT
D. AMQP over WebSockets
You have an Azure IoT hub. You need to enable Azure Defender for IoT on the IoT hub. What should you do?
A. From the Security settings of the IoT hub, select Secure your IoT solution.
B. From the Diagnostics settings of the IoT hub, select Add diagnostic setting.
C. From Defender, add a security policy.
D. From Defender, configure security alerts.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure IoT solution. You plan to register an Azure loT Edge device by using X.509 self-signed certificates. You need to provide the thumbprint for the primary and secondary certificates. Solution: You generate a 64-hex character SHA256 hash for the certificates. Does this meet the goal?
A. Yes
B. No
You have an Azure Stream Analytics job that connects to an Azure IoT hub named Hub1445 as a streaming data source. Hub1445 is configured as shown in the exhibit.The Stream Analytics job fails to receive any messages from the IoT hub. What should you do to resolve the issue?
A. Disable the Route1 route.
B. Enable the Route3 route.
C. Disable the Route2 route.
D. Enable the fallback route.
HOTSPOT - You have an Azure IoT solution that includes an IoT device named Device1. You are creating an IoT Plug and Play model for Device1. On Device1, you create a device model file in a folder named dtmi/com/source/. How should you complete the model? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure IoT hub named Hub1 and an Azure Time Series Insights environment named tsi1. Tsi1 connects to Hub1. The solution has been operational for 6 months. Tsi1 is configured as shown in the following exhibit.Hub1 receives 1 million messages per day. Each message is up to 1 KB and is formatted as JSON. Hub1 has seven days of retained telemetry. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure IoT solution that contains an Azure IoT hub and 100 IoT devices. You deploy Azure Defender for IoT to the devices. You need to configure alerts for the following events: • An X.509 certificate is expired. • Potential loss of data is detected. • The number of unauthorized operations is outside the allowed range. The solution must minimize administrative effort. Which type of alert should you configure for each event? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP - You deploy an Azure IoT hub. You need to demonstrate that the IoT hub can receive messages from a device. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have an existing Azure IoT hub. You use IoT Hub jobs to schedule long running tasks on connected devices. Which two operations do the IoT Hub jobs support directly? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Trigger Azure functions.
B. Invoke direct methods.
C. Update desired properties.
D. Send cloud-to-device messages.
E. Disable IoT device registry entries.
You have an Azure IoT hub that uses a Device Provisioning Service (DPS) instance. For 100 legacy devices, you plan to create a new device enrollment that will use symmetric key attestation. The solution must minimize administrative effort. What should you use to derive the device key?
A. the subscription ID
B. the IoT hub name
C. the group master key
D. the primary key of the DPS shared access policy
You are configuring a production environment for an Azure IoT solution. You plan to deploy 1,000 IoT devices. Each device will send one device-to-cloud message every hour. Each message will be 4 KB. You need to deploy an Azure IoT hub that will support the IoT device deployment. The solution must meet the following requirements: ✑ Perform bulk device operations such as creating multiple device identities. ✑ Minimize costs What should you deploy?
A. one unit of the B1 tier
B. one unit of the free tier
C. one unit of the S1 tier
D. one unit of the S2 tier
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Standard tier Azure IoT hub and a fleet of IoT devices. The devices connect to the IoT hub by using either Message Queuing Telemetry Transport (MQTT) or Advanced Message Queuing Protocol (AMQP). You need to send data to the IoT devices and each device must respond. Each device will require three minutes to process the data and respond. Solution: You use cloud-to-device messages and watch the cloud-to-device feedback endpoint for successful acknowledgement. Does this meet the goal?
A. Yes
B. No
You have an existing Azure IoT hub. You use IoT Hub jobs to schedule long running tasks on connected devices. Which three operations do the IoT Hub jobs support directly? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Trigger Azure functions.
B. Invoke direct methods.
C. Update desired properties.
D. Send cloud-to-device messages.
E. Disable IoT device registry entries.
F. Update tags.
You have an Azure IoT Edge device. You need to modify the credentials used to access the container registry. What should you modify?
A. the $edgeHub module twin
B. the IoT Edge module
C. the $edgeAgent module twin
D. the Azure IoT Hub device twin
Which query should you use?
A. $event.payload.Status = “Running” AND $event.payload.Alert = “True”
B. $body.event.payload.Status = “Running” AND $body.event.payload.Alert = “True”
C. MessageType.payload.Status = “Running” AND MessageType.event.payload.Alert = “True”
D. $Status = “Running” AND $Alert = “True”
You have an Azure subscription named Sub1. You need to ensure that when a new Azure IoT hub is created in Sub1, a warning appears indicating that communication must be allowed only from known networks. The solution must minimize development and administrative effort. What should you include in the solution?
A. an application security group rule
B. an Azure function
C. an Azure policy
D. an Azure Monitor alert
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have 20 IoT devices deployed across two floors of a building. The devices on the first floor must be set to 60 degrees. The devices on the second floor must be set to 80 degrees. The device twins are configured to use a tag that identifies the floor on which the twins are located. You create the following automatic configuration for the devices on the first floor.You create the following automatic configuration for the devices on the second floor.
The IoT devices on the first floor report that the temperature is set to 80 degrees. You need to ensure that the first-floor devices are set to the correct temperature. Solution: In the automatic configuration for the first-floor devices, you set targetCondition to “tags.floor=‘second’”. Does this meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains an Azure IoT hub named Hub1 and an Azure IoT Edge device named Device1. You need to configure Device1 to operate in extended offline mode and to support modifying the configuration of modules deployed to Device1 while the device offline. Solution: From Device1, you edit the/etc/iotedge/config.yaml file, you modify the ConfigSource and LocalConfigPath environment variables in the agent section, and then you restart the IoT Edge security daemon. Does this meet the goal?
A. Yes
B. No
You develop a custom Azure IoT Edge module named temperature-module. You publish temperature-module to a private container registry named mycr.azurecr.io You need to build a deployment manifest for the IoT Edge device that will run temperature-module. Which three container images should you define in the manifest? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. mcr.microsoft.com/azureiotedge-simulated-temperature-sensor:1.0
B. mcr.microsoft.com/azureiotedge-agent:1.0
C. mcr.microsoft.com/iotedgedev:2.0
D. mycr.azurecr.io/temperature-module:latest
E. mcr.microsoft.com/azureiotedge-hub:1.0
DRAG DROP - You need to add Time Series Insights to the solution to meet the pilot requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have an Azure subscription that contains a resource group named RG1. You need to deploy the Device Provisioning Service. The solution must ensure that the Device Provisioning Service can accept new device enrollments. You create a Device Provisioning Service instance. Which two actions should you perform next? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. From the Linked IoT hubs blade of the Device Provisioning Service, link an Azure IoT hub.
B. From the Azure portal, create a new Azure IoT hub.
C. From the Manage allocation policy blade of the Device Provisioning Service, configure an allocation policy.
D. From the Certificates blade of the Device Provisioning Service, upload an X.509 certificate to the Device Provisioning Service.
DRAG DROP - Your company develops a custom module and exports the module as a Linux Dockerfile. You need to deploy the module to an Azure IoT Edge device that runs Ubuntu Server 18.04. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have an Azure IoT Central solution that includes multiple IoT devices. The devices report temperature, humidity, and pressure. You need to export the sensor data captured during a 48-hour period as a CSV file. What should you use in IoT Central?
A. Devices
B. Jobs
C. Device groups
D. Analytics
Free Access Full AZ-220 Practice Questions Free
Want more hands-on practice? Click here to access the full bank of AZ-220 practice questions free and reinforce your understanding of all exam objectives.
We update our question sets regularly, so check back often for new and relevant content.
Good luck with your AZ-220 certification journey!