AZ-301 Practice Test Free

Table of Contents

AZ-301 Practice Test Free – 50 Real Exam Questions to Boost Your Confidence

Preparing for the AZ-301 exam? Start with our AZ-301 Practice Test Free – a set of 50 high-quality, exam-style questions crafted to help you assess your knowledge and improve your chances of passing on the first try.

Taking a AZ-301 practice test free is one of the smartest ways to:

Get familiar with the real exam format and question types
Evaluate your strengths and spot knowledge gaps
Gain the confidence you need to succeed on exam day

Below, you will find 50 free AZ-301 practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level. You can click on each Question to explore the details.

Question 1

HOTSPOT -
You deploy several Azure SQL Database instances.
You plan to configure the Diagnostics settings on the databases as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Question 2

You have a .NET web service named Service1 that has the following requirements:
✑ Must read and write temporary files to the local file system.
✑ Must write to the Windows Application event log.
You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:
✑ Minimize maintenance overhead.
✑ Minimize costs.
What should you include in the recommendation?

A. an Azure virtual machine scale set

B. an Azure function

C. an App Service Environment

D. an Azure web app

Suggested Answer: A

Question 3

You have 100 Microsoft SQL Server Integration Services (SSIS) packages that are configured to use 10 on-premises SQL Server databases as their destinations.
You plan to migrate the 10 on-premises databases to Azure SQL Database.
You need to recommend a solution to host the SSIS packages in Azure. The solution must ensure that the packages can target the SQL Database instances as their destinations.
What should you include in the recommendation?

A. SQL Server Migration Assistant (SSMA)

B. Azure Data Factory

C. Data Migration Assistant

D. Azure Data Catalog

Suggested Answer: C

Question 4

HOTSPOT -
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 5

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Does the solution meet the goal?

A. Yes

B. No

Suggested Answer: A

The Network Watcher Network performance monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of
Azure ExpressRoute.
Note:
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen,
IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
IP flow verify looks at the rules for all Network Security Groups (NSGs) applied to the network interface, such as a subnet or virtual machine NIC. Traffic flow is then verified based on the configured settings to or from that network interface. IP flow verify is useful in confirming if a rule in a Network Security Group is blocking ingress or egress traffic to or from a virtual machine.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Question 6

You plan to deploy 200 Microsoft SQL Server databases to Azure by using Azure SQL Database and Azure SQL Database Managed Instance.
You need to recommend a monitoring solution that provides a consistent monitoring approach for all deployments. The solution must meet the following requirements:
✑ Support current-state analysis based on metrics collected near real-time, multiple times per minute, and maintained for up to one hour
✑ Support longer term analysis based on metrics collected multiple times per hour and maintained for up to two weeks.
✑ Support monitoring of the number of concurrent logins and concurrent sessions.
What should you include in the recommendation?

A. dynamic management views

B. trace flags

C. Azure Monitor

D. SQL Server Profiler

Suggested Answer: C

Question 7

DRAG DROP -
Your company identifies the following business continuity and disaster recovery objectives for virtual machines that host sales, finance, and reporting applications in the company's on-premises data center:
✑ The finance application requires that data be retained for seven years. In the event of a disaster, the application must be able to run from Azure. The recovery time objective (RTO) is 10 minutes.
✑ The reporting application must be able to recover point-in-time data at a daily granularity. The RTO is eight hours.
✑ The sales application must be able to fail over to a second on-premises data center.
You need to recommend which Azure services meet the business continuity and disaster recovery objectives. The solution must minimize costs.
What should you recommend for each application? To answer, drag the appropriate services to the correct applications. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Suggested Answer:

Question 8

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
✑ Provide access to the full .NET framework.
✑ Provide redundancy if an Azure region fails.
✑ Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you create a Traffic Manager profile.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: A

Question 9

HOTSPOT -
You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 10

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that wants to move a .NET Core web application from an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016 database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in a Premium App Service plan. Configure VNET Integration for the App Service plan.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: A

VNet Integration gives your web app access to resources in your virtual network. VNet Integration is often used to enable access from apps to a databases and web services running in your VNet.
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

Question 11

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
✑ The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
✑ Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
✑ Whenever possible, minimize management overhead for the migrated databases.
✑ Minimize the number of database changes required to facilitate the migration.
✑ Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?

A. Azure SQL Database single databases

B. Azure SQL Database Managed Instance

C. Azure SQL Database elastic pools

D. SQL Server 2016 on Azure virtual machines

Suggested Answer: B

Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance

Question 12

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains a resource group named RG1.
You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.
You need to recommend a solution that meets the following requirements:
✑ The researchers must be allowed to create Azure virtual machines.
The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.

Solution: Create a lab in Azure DevTest Lab. Configure the DevTest Labs settings. Assign the DevTest Labs User role to the ResearchUsers group.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: B

Instead: On RG1, assign the Contributor role to the ResearchUsers group. Create a custom Azure Policy definition and assign the policy to RG1.

Question 13

You plan to deploy a payroll system to Azure. The payroll system will use Azure virtual machines that run SUSE Linux Enterprise Server and Windows.
You need to recommend a business continuity solution for the payroll system. The solution must meet the following requirements:
✑ Minimize costs.
✑ Provide business continuity if an Azure region fails.
✑ Provide a recovery time objective (RTO) of 120 minutes.
✑ Provide a recovery point objective (RPO) of five minutes.
What should you include in the recommendation?

A. Microsoft System Center Data Protection Manager (DPM)

B. Azure Site Recovery

C. unmanaged disks that use geo-redundant storage (GRS)

D. Azure Backup

Suggested Answer: C

If your storage account has GRS enabled, then your data is durable even in the case of a complete regional outage or a disaster in which the primary region isn't recoverable.
Note: The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.
Incorrect Answers:
B: Azure Site Recovery would not protect against an Azure region failure.
Azure Site Recovery guarantees a two-hour Recovery Time Objective.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs
https://azure.microsoft.com/en-us/support/legal/sla/site-recovery/v1_0/

Question 14

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure traffic analytics solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?

A. Yes

B. No

Suggested Answer: B

Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Question 15

You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubernetes Service (AKS) clusters. Each cluster will be deployed to a separate Azure region.
The application deployment must meet the following requirements:
✑ Ensure that the applications remain available if a single AKS cluster fails.
✑ Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container instance.
Which Azure service should you include in the recommendation?

A. Azure Front Door

B. Azure Traffic Manager

C. Azure Load Balancer

D. AKS ingress controller

Suggested Answer: A

Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft's global network for improving global connectivity.
Incorrect Answers:
B: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview

Question 16

Your company has an on-premises Windows HPC cluster. The cluster runs an intrinsically parallel, compute-intensive workload that performs financial risk modelling.
You plan to migrate the workload to Azure Batch.
You need to design a solution that will support the workload. The solution must meet the following requirements:
✑ Support the large-scale parallel execution of Azure Batch jobs.
✑ Minimize cost.
What should you include in the solution?

A. Basic A-series virtual machines

B. low-priority virtual machines

C. burstable virtual machines

D. Azure virtual machine sizes that support the Message Passing Interface (MPI) API

Suggested Answer: B

References:
https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview

Question 17

HOTSPOT -
You have a web application that uses a MongoDB database. You plan to migrate the web application to Azure.
You must migrate to Cosmos DB while minimizing code and configuration changes.
You need to design the Cosmos DB configuration.
What should you recommend? To answer, select the appropriate values in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

MongoDB compatibility: API -
API: MongoDB API -
Azure Cosmos DB comes with multiple APIs:
✑ SQL API, a JSON document database service that supports SQL queries. This is compatible with the former Azure DocumentDB.
✑ MongoDB API, compatible with existing Mongo DB libraries, drivers, tools and applications.
✑ Cassandra API, compatible with existing Apache Cassandra libraries, drivers, tools, and applications.
✑ Azure Table API, a key-value database service compatible with existing Azure Table Storage.
✑ Gremlin (graph) API, a graph database service supporting Apache Tinkerpop's graph traversal language, Gremlin.
References:
https://docs.microsoft.com/en-us/azure/cosmos-db/create-mongodb-dotnet

Question 18

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has custom ASP.NET and Java applications that run on old versions of Windows and Linux. The company plans to place applications in containers.
You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration.
Solution: You deploy each application to an Azure Web App that has container support.
Does the solution meet the goal?

A. Yes

B. No

Suggested Answer: B

Question 19

You are developing a sales application that will contain several Azure cloud services and will handle different components of a transactions. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.
What would you include in the recommendation?

A. Traffic Manager

B. Azure Notification Hubs

C. Azure Blob storage

D. Azure Queue storage

Suggested Answer: D

Question 20

You have Azure virtual machines that run a custom line-of-business web application.
You plan to use a third-party solution to parse event logs from the virtual machines stored in an Azure storage account.
You need to recommend a solution to save the event logs from the virtual machines to the Azure Storage account. The solution must minimize costs and complexity.
What should you include in the recommendation?

A. Azure VM Diagnostics Extension

B. Azure Monitor

C. event log subscriptions

D. Azure Log Analytics

Suggested Answer: A

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-diagnostics

Question 21

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: A

Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the data non-erasable and non-modifiable for a user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available for general-purpose v2 and Blob storage accounts in all Azure regions.
Note: Set retention policies and legal holds
1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general- purpose v2 or Blob storage account.
2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
Either -
3a. To enable legal holds, select Add Policy. Select Legal hold from the drop-down menu.
Or -
3b. To enable time-based retention, select Time-based retention from the drop-down menu.
4. Enter the retention interval in days (acceptable values are 1 to 146000 days).
References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage

Question 22

HOTSPOT -
You have 20 Azure virtual machines that run Windows Server 2016 based on a custom virtual machine image. Each virtual machine hosts an instance of a VSS- capable web app that was developed in-house. Each instance is accessed by using a public endpoint. Each instance uses a separate database. The average database size is 200 GB.
You need to design a disaster recovery solution for individual instances. The solution must meet the following requirements:
✑ Provide a recovery time objective (RTO) of six hours
✑ Provide a recovery point objective (RPO) of eight hours
✑ Support recovery to a different Azure region
✑ Support VSS-based backups
✑ Minimize costs
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 23

A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to use Azure services. The partner deploys a virtual appliance.
All network traffic that is directed to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Configure Azure Traffic Manager

B. Implement an Azure virtual network

C. Configure a routing table with forced tunneling

D. Implement Azure ExpressRoute

Suggested Answer: CD

C: Forced tunneling lets you redirect or "force" all Internet-bound traffic back to your on-premises location via a Site-to-Site VPN tunnel for inspection and auditing.
This is a critical security requirement for most enterprise IT policies. Without forced tunneling, Internet-bound traffic from your VMs in Azure always traverses from
Azure network infrastructure directly out to the Internet, without the option to allow you to inspect or audit the traffic.
Forced tunneling in Azure is configured via virtual network user-defined routes.
D: ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With
ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co- location facility. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

Question 24

HOTSPOT -
You have the application architecture shown in the following exhibit.

Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

Question 25

You are designing an Azure web app.
You need to ensure that users who have impaired vision can use the app.
Which reference material should you use when designing the app?

A. Accessibility in Windows Dev Center

B. Azure Application Architecture Guide

C. Web Content Accessibility Guidelines

D. Cloud Application Architecture Guide

Suggested Answer: C

How Microsoft integrates accessibility
Microsoft's obligation to accessibility is guided by three main principles: transparency, inclusivity and accountability. In developing our products and services, we take into account leading global accessibility standards, including:
EN 301 549 -
U.S. Section 508 -
Web Content Accessibility Guidelines (WCAG)
References:
https://www.microsoft.com/en-us/trust-center/compliance/accessibility

Question 26

DRAG DROP -
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux.
You need to use Azure Log Analytics design an alerting strategy for security-related events.
Which Log Analytics tables should you query? To answer, drag the appropriate tables to the correct log types. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Suggested Answer:

Question 27

HOTSPOT -
Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure Key Vault to store several authentication, storage account, and data encryption keys. Several departments have the following requests to support the applications:

You need to recommend the appropriate Azure service for each department request.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 28

You manage a solution in Azure.
You must collect usage data including MAC addresses from all devices on the network.
You need to recommend a monitoring solution.
What should you recommend?

A. Activity Log Analytics

B. Azure Network Security Group Analytics

C. Network Performance Monitor

D. Azure Application Gateway Analytics

E. Azure Wire Data

Suggested Answer: B

A network security group (NSG) includes rules that allow or deny traffic to a virtual network subnet, network interface, or both. When you enable diagnostic logging for an NSG, you can log the following categories of information:
Event: Entries are logged for which NSG rules are applied to VMs, based on MAC address. The status for these rules is collected every 60 seconds.
Rule counter: Contains entries for how many times each NSG rule is applied to deny or allow traffic.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log

Question 29

HOTSPOT -
You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy

Question 30

DRAG DROP -
A company has an existing web application that runs on virtual machines (VMs) in Azure.
You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.
What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Suggested Answer:

Box 1: Azure Application Gateway
Azure Application Gateway provides an application delivery controller (ADC) as a service. It offers various layer 7 load-balancing capabilities for your applications.
Box 2: Web Application Firwewall (WAF)
Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits.
This is done through rules that are defined based on the OWASP core rule sets 3.0 or 2.2.9.
There are rules that detects SQL injection attacks.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview

Question 31

HOTSPOT -
Your company has two on-premises sites in New York and Los Angeles and Azure virtual networks in the East US Azure region and the West US Azure region.
Each on-premises site has Azure ExpressRoute circuits to both regions.
You need to recommend a solution that meets the following requirements:
✑ Outbound traffic to the Internet from workloads hosted on the virtual networks must be routed through the closest available on-premises site.
✑ If an on-premises site fails, traffic from the workloads on the virtual networks to the Internet must reroute automatically to the other site.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 32

You use a virtual network to extend an on-premises IT environment into the cloud. The virtual network has two virtual machines (VMs) that store sensitive data.
The data must only be available using internal communication channels. Internet access to those VMs is not permitted.
You need to ensure that the VMs cannot access the Internet.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. network interface (NIC)

B. Source Network Address Translation (SNAT)

C. Azure ExpressRoute

D. Network Security Groups (NSG)

Suggested Answer: CD

Question 33

You are designing an Azure solution.
The network traffic for the solution must be securely distributed by providing the following features:
✑ HTTPS protocol
✑ Round robin routing
✑ SSL offloading
You need to recommend a load balancing option.
What should you recommend?

A. Azure Load Balancer

B. Azure Traffic Manager

C. Azure Internal Load Balancer (ILB)

D. Azure Application Gateway

Suggested Answer: D

If you are looking for Transport Layer Security (TLS) protocol termination ("SSL offload") or per-HTTP/HTTPS request, application-layer processing, review
Application Gateway.
Application Gateway is a layer 7 load balancer, which means it works only with web traffic (HTTP, HTTPS, WebSocket, and HTTP/2). It supports capabilities such as SSL termination, cookie-based session affinity, and round robin for load-balancing traffic. Load Balancer load-balances traffic at layer 4 (TCP or UDP).
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq

Question 34

You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a
Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster hosts 3 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines

B. Create a virtual machine scale set that uses autoscaling

C. Configure a spending limit in the Azure account center

D. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab

E. Activate Azure Hybrid Benefit for the Azure virtual machines

Suggested Answer: AE

Question 35

HOTSPOT -
You are building an application that will run in a virtual machine (VM). The application will use Managed Service Identity (MSI).
The application uses Azure Key Vault, Azure SQL Database, and Azure Cosmos DB.
You need to ensure the application can use secure credentials to access these services.
Which authorization methods should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 36

You use Azure Application Insights.
You plan to use continuous export.
You need to store Application Insights data for five years.
Which Azure service should you use?

A. Azure SQL Database

B. Azure Storage

C. Azure Monitor Logs

D. Azure Backup

Suggested Answer: B

Create a Continuous Export.
1. In the Application Insights resource for your app under configure on the left, open Continuous Export and choose Add:
2. Choose the telemetry data types you want to export.
3. Create or select an Azure storage account where you want to store the data.
Click Add, Export Destination, Storage account, and then either create a new store or choose an existing store.
4. Create or select a container in the storage.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/export-telemetry#continuous-export-advanced-storage-configuration

Question 37

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains a resource group named RG1.
You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.
You need to recommend a solution that meets the following requirements:
✑ The researchers must be allowed to create Azure virtual machines.
✑ The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.
Solution: On RG1, assign a custom role-based access control (RBAC) role to the ResearchUsers group.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: B

Instead: On RG1, assign the Contributor role to the ResearchUsers group. Create a custom Azure Policy definition and assign the policy to RG1.

Question 38

Your network contains an on-premises Active Directory forest.
You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job.
You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage.
What should you include in the recommendation?

A. Azure AD access reviews

B. Tenant Restrictions

C. Azure AD Identity Protection

D. conditional access policies

Suggested Answer: A

References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Question 39

You have an on-premises application named App1 that uses an Oracle database.
You plan to use Azure Databricks to load data from App1 to an Azure SQL Data Warehouse instance.
You need to ensure that the App1 data is available to Databricks.
Which two Azure services should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Azure Import/Export service

B. Azure Data Box Gateway

C. Azure Data Box Edge

D. Azure Data Lake Storage

E. Azure Data Factory

Suggested Answer: DE

Automate data movement using Azure Data Factory, then load data into Azure Data Lake Storage, transform and clean it using Azure Databricks, and make it available for analytics using Azure Synapse Analytics. Modernize your data warehouse in the cloud for unmatched levels of
Note: Integrate data silos with Azure Data Factory, a service built for all data integration needs and skill levels. Easily construct ETL and ELT processes code-free within the intuitive visual environment, or write your own code. Visually integrate data sources using more than 90+ natively built and maintenance-free connectors at no added cost. Focus on your data""the serverless integration service does the rest.
Reference:
https://azure.microsoft.com/en-us/services/databricks/#capabilities
https://azure.microsoft.com/en-us/services/data-factory/

Question 40

HOTSPOT -
You need to recommend a solution for the data store of the historical transaction query system.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 41

You have an on-premises deployment of MongoDB.
You plan to migrate MongoDB to an Azure Cosmos DB account that uses the MongoDB API.
You need to recommend a solution for migrating MongoDB to Azure Cosmos DB.
What should you include in the recommendation?

A. mongorestore

B. Data Migration Assistant

C. Azure Storage Explorer

D. Azure Cosmos DB Data Migration Tool

Suggested Answer: A

References:
https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-migrate

Question 42

You plan to create an Azure Cosmos DB account that uses the SQL API. The account will contain data added by a web application. The web application will send data daily.
You need to recommend a notification solution that meets the following requirements:
✑ Sends email notification when data is received from IoT devices.
✑ Minimizes compute cost.
What should you include in the recommendation?

A. Deploy an Azure logic app that has the Azure Cosmos DB connector configured to use a SendGrid action.

B. Deploy a function app that is configured to use the Consumption plan and a SendGrid binding.

C. Deploy an Azure logic app that has a SendGrid connector configured to use an Azure Cosmos DB action.

D. Deploy a function app that is configured to use the Consumption plan and an Azure Event Hubs binding.

Suggested Answer: B

Question 43

You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?

A. Azure Analysis Services

B. Azure Activity Log

C. Azure Monitor action groups

D. Azure Advisor

E. Azure Monitor metrics

F. Azure Log Analytics

G. Application Insights

Suggested Answer: B

Through activity logs, you can determine:
✑ what operations were taken on the resources in your subscription
✑ who started the operation
✑ when the operation occurred
✑ the status of the operation
✑ the values of other properties that might help you research the operation
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit

Question 44

You manage on-premises networks and Azure virtual networks.
You need a secure private connection between the on-premises networks and the Azure virtual networks. The connection must offer a redundant pair of cross connections to provide high availability.
What should you recommend?

A. ExpressRoute

B. Azure Load Balancer

C. virtual network peering

D. VPN Gateway

Suggested Answer: A

Question 45

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Advisor to analyze the network traffic.
Does the solution meet the goal?

A. Yes

B. No

Suggested Answer: B

Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Note: Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.
With Advisor, you can:
Get proactive, actionable, and personalized best practices recommendations.
Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend.
Get recommendations with proposed actions inline.
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Question 46

You need to recommend a strategy for migrating the database content of WebApp1 to Azure.
What should you include in the recommendation?

A. Use Azure Site Recovery to replicate the SQL servers to Azure

B. Use SQL Server transactional replication

C. Copy the VHD that contains the Azure SQL database files to Azure Blob storage

D. Copy the BACPAC file that contains the Azure SQL database files to Azure Blob storage

Suggested Answer: B

Question 47

HOTSPOT -
You are designing an access policy for the sales department at your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
✑ Provide permissions only when needed.
✑ Use the principle of least privilege.
Minimize costs.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 48

HOTSPOT -
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Resource to create in Azure: Dependency Agent
The Map feature in Azure Monitor for VMs gets its data from the Microsoft Dependency agent. The Dependency agent relies on the Log Analytics agent for its connection to Log Analytics. So your system must have the Log Analytics agent installed and configured with the Dependency agent.
Whether you enable Azure Monitor for VMs for a single Azure VM or you use the at-scale deployment method, use the Azure VM Dependency agent extension to install the agent as part of the experience.
In a hybrid environment, you can download and install the Dependency agent manually. If your VMs are hosted outside Azure, use an automated deployment method
Configuration to perform on the virtual machines: Enable Virtual Machine Scale Set
To set up Azure Monitor for VMs:
✑ Enable a single Azure VM or virtual machine scale set by selecting Insights (preview) directly from the VM or virtual machine scale set.
✑ Enable two or more Azure VMs and virtual machine scale sets by using Azure Policy. This method ensures that on existing and new VMs and scale sets, the required dependencies are installed and properly configured. Noncompliant VMs and scale sets are reported, so you can decide whether to enable them and to remediate them.
Enable two or more Azure VMs or virtual machine scale sets across a specified subscription or resource group by using PowerShell.

References: alt="Reference Image" />
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-enable-overview

Question 49

HOTSPOT -
You manage a network that includes an on-premises Active Directory Domain Services domain and an Azure Active Directory (Azure AD).
Employees are required to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. The solution must implement an identity provider.
You need provide guidance on the different identity providers.
How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Box1: User management occurs on-premises. Azure AD authenticates employees by using on-premises passwords.
Azure AD Domain Services for hybrid organizations
Organizations with a hybrid IT infrastructure consume a mix of cloud resources and on-premises resources. Such organizations synchronize identity information from their on-premises directory to their Azure AD tenant. As hybrid organizations look to migrate more of their on-premises applications to the cloud, especially legacy directory-aware applications, Azure AD Domain Services can be useful to them.
Example: Litware Corporation has deployed Azure AD Connect, to synchronize identity information from their on-premises directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, their credential hashes for authentication (password hash sync) and group memberships.

User accounts, group memberships, and credentials from Litware's on-premises directory are synchronized to Azure AD via Azure AD Connect. These user accounts, group memberships, and credentials are automatically available within the managed domain.
Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.
You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises.

References: alt="Reference Image" />
User accounts, group memberships, and credentials from Litware's on-premises directory are synchronized to Azure AD via Azure AD Connect. These user accounts, group memberships, and credentials are automatically available within the managed domain.
Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.
You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises.
<img src="https://www.examtopics.com/assets/media/exam-media/02744/0006200001.png" alt="Reference Image" />
References:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overview
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

Question 50

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Create a new subscription for each department.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: B

Instead, create a resources group for each resource type. Assign tags to each resource
Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

Free Access Full AZ-301 Practice Test Free Questions

If you're looking for more AZ-301 practice test free questions, click here to access the full AZ-301 practice test.

We regularly update this page with new practice questions, so be sure to check back frequently.

Good luck with your AZ-301 certification journey!