Microsoft Practice Questions, Discussions & Exam Topics by our Authors
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
To ensure that visitors are serviced by the same web server for each request, the focus should be on session persistence, which ensures that requests from the same client are consistently routed to the same backend virtual machine (VM) for the duration of the user's session.
Let's evaluate each option:
A) A health probe:
- Explanation: Health probes are used to check the health of backend VMs and ensure that traffic is only sent to healthy servers. However, they do not ensure session persistence, meaning that they do not guarantee a client will always be directed to the same server for subsequent requests.
- Why it's rejected: A health probe ensures availability, but does not handle session persistence. This is not the correct option to ensure users are always routed to the same web server.
- Scenario: This would be useful in ensuring that traffic is only directed to healthy servers, but not for keeping users on the same server for each request.
B) Floating IP (direct server return) to Enabled:
- Explanation: The Floating IP option enables direct server return (DSR) mode, where the client connects directly to the backend VM, bypassing the load balancer for the response. This is useful in specific scenarios where you want to reduce load on the load balancer and improve performance.
- Why it's rejected: While this can help with improving load balancing performance, it does not ensure that a client is directed to the same server for each request. It primarily affects the way the traffic flow is handled between the client and backend servers, not session persistence.
- Scenario: It is useful when you want to improve the performance of traffic routing by bypassing the load balancer, but it doesn't address session persistence.
C) Session persistence to Client IP and protocol:
- Explanation: ...
Author: Rahul · Last updated Jun 25, 2026
You have an Azure subscription that contains 10 virtual machines and the resources shown in the following table.
You need to ensure that Bastion1 can support 100 concurrent SSH user...
In this scenario, you need to ensure that Bastion1 can support 100 concurrent SSH users. The key requirement here is to ensure that Bastion1 has sufficient resources to handle the desired number of concurrent SSH sessions. Let's evaluate the options:
A) Resize the subnet of Bastion1
- Explanation: Resizing the subnet would involve changing the range of IP addresses available within the subnet. However, resizing the subnet doesn't directly affect the performance or capacity of Azure Bastion itself in terms of handling concurrent users. The capacity of Azure Bastion is related to its SKU and other resource allocations, not the size of the subnet.
- Why it’s rejected: Resizing the subnet is not related to the capacity of Azure Bastion to handle a specific number of concurrent SSH sessions. This action doesn't directly address the issue of supporting 100 concurrent SSH users.
- Scenario: This would be relevant if there was a need to allocate more IPs, but it's not the right action to improve Bastion's scalability or session capacity.
B) Configure host scaling
- Explanation: Host scaling refers to adjusting the number of backend VMs or scaling an infrastructure to handle increased load. While this could be relevant in certain contexts for scaling applications or virtual machines, Azure Bastion does not use a scaling approach based on the number of backend VMs. Instead, it relies on the SKU for scaling capacity.
- Why it’s rejected: Azure Bastion doesn't require manual scaling of VMs to handle more SSH users. The scaling of Bastion itself is controlled by the SKU, not by scaling the hosts. Therefore, configuring host scaling is not the correct approach for this situation.
- Scenario: Host scaling could be relevant for other types of Azure services but not for Azure Bastion's S...
Author: Sophia · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
To ensure that visitors are serviced by the same web server for each request, session persistence (also called "stickiness") must be configured. This ensures that a client’s subsequent requests are routed to the same backend server, maintaining consistency in the session.
Let's evaluate each option:
A) Session persistence to Client IP and protocol:
- Explanation: This setting ensures that all requests from the same client (identified by their IP address and protocol) are routed to the same backend server. This is known as "session affinity" or "stickiness," which guarantees that users remain connected to the same server throughout their session.
- Why it’s selected: This option directly addresses the need for ensuring that visitors are serviced by the same web server for each request. The configuration uses the client’s IP address and the protocol to maintain consistency in routing, which is ideal for web applications that require sticky sessions.
- Scenario: This is the best option when you need to ensure that users are consistently connected to the same server during the session, which is crucial for applications that maintain session data.
B) Protocol to UDP:
- Explanation: UDP (User Datagram Protocol) is a connectionless protocol that does not guarantee reliability or session persistence. It is generally used for real-time applications, like video streaming or gaming, where low latency is prioritized over maintaining a session.
- Why it’s rejected: UDP does not provide mechanisms for session persistence and is not suitable for web applications that require session affinity or sticky connections. For web servers, typically TCP (Transmission Control Protocol) is used, which can support session persistence.
- Scenario: UDP is useful for applications that do not require session state or reliability but is not applicable for maintaining persistent connections to web servers.
C) Session persiste...
Author: Nia · Last updated Jun 25, 2026
DRAG DROP
-
You have a Windows 11 device named Device and an Azure subscription that contains the resources shown in the following table.
Device1 has Azure PowerShell and Azure Command-Line Interface (CLI) installed.
From Device1, you need to establish a Remote Desktop connection to VM1.
Which three actions should you...
Author: Michael · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
To ensure that visitors are serviced by the same web server for each request, the correct configuration is Session persistence. Let’s walk through each option to explain why:
A) Floating IP (direct server return) to Enabled
- Floating IP is used when you have a scenario where traffic needs to bypass the load balancer after the first request and be sent directly to the backend VM. This is common in scenarios where you want a more efficient network path for high-performance workloads or when there is a need for direct server return (DSR) to optimize network traffic.
- Why it’s not suitable: This option does not help with maintaining session persistence for a specific visitor across multiple requests. It is mainly focused on network traffic optimization and server communication, not on ensuring that the same web server handles the session consistently.
B) Session persistence to Client IP
- Session persistence (also known as "sticky sessions") ensures that traffic from the same client (based on their IP address) is directed to the same backend server for each request. This is typically used in scenarios where the web application maintains state or sessions (such as login information, cart data, etc.) that need to be handled by the same server throughout the session.
- Why it’s the right choice: This option will ensure that a visitor is serviced by the same web server for each request. The load balancer will recognize the client's IP address and direct them to the same VM, ensuring consistency for the visitor's session.
C) Protocol to UDP
- UDP (User Datagram Protocol) is a connectionless protocol, wh...
Author: Benjamin · Last updated Jun 25, 2026
You have an Azure subscription that has the public IP addresses shown in the following table.
You plan to deploy an Azure Bastion Basi...
When selecting an IP address for the Azure Bastion Basic SKU host, it is important to understand the requirements for the public IP address. Specifically, the Azure Bastion Basic SKU has some constraints regarding the type of IP address it can use.
Key Points:
- Azure Bastion Basic SKU requires a Static Public IP Address. A dynamic public IP address cannot be used with the Basic SKU.
- Azure Bastion needs the IP to be in the Standard SKU type (not Basic).
- Private IPs or other types of public IP addresses like dynamic or basic-tier IPs are not supported with the Bastion service.
Evaluating the options based on the public IP characteristics:
A) IP1 only
- Reason for rejection: The public IP address IP1 would only be valid if it is a static IP address of the Standard SKU type.
- If IP1 is dynamic or of the Basic SKU, it cannot be used.
B) IP1 and IP2 only
- Reason for rejection: This option only allows IP1 and IP2, but both need to be static and of Standard SKU...
Author: David · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
In this scenario, the requirement is to ensure that visitors are serviced by the same web server for each request. This can be achieved through session persistence or "sticky sessions," where a user's requests are always routed to the same backend server.
Let’s analyze each option:
A) Floating IP (direct server return) to Disabled
- Floating IP is typically used when there’s a need for direct server return (DSR), where the load balancer is bypassed after the initial request, and the backend server directly responds to the client. This is not related to session persistence or routing requests to the same server for the duration of a session.
- Why it’s not suitable: While disabling floating IP might be useful for other scenarios, it doesn’t help in ensuring that a visitor is serviced by the same web server across multiple requests.
B) Floating IP (direct server return) to Enabled
- Floating IP (direct server return) allows the backend server to respond directly to the client after the first request, bypassing the load balancer. This is used for optimizing traffic flow in certain high-performance scenarios, but it does not help with maintaining session persistence for a visitor.
- Why it’s not suitable: This setting doesn't ensure that the same server is servicing requests from the same client. Floating IP is more about traffic routing and is not related to session consistency.
C) A health probe
- A health probe is used by the load balancer to check the health of backend servers (VMs). If a server fails the health check, it will be r...
Author: Harper · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
In this scenario, you need to ensure that visitors are consistently directed to the same web server for each request. This can be achieved through session persistence, also known as "sticky sessions," which ensures that a user's requests are routed to the same backend server for the duration of the session.
Let's analyze each option:
A) Floating IP (direct server return) to Enabled
- Floating IP allows for direct server return (DSR) where after the initial request, traffic is routed directly from the client to the backend server, bypassing the load balancer. This is commonly used for high-performance scenarios but does not guarantee session persistence. It is more about optimizing traffic flow between the client and server.
- Why it’s not suitable: This option does not address the need for keeping a visitor’s requests on the same backend server. It focuses on traffic management, not session consistency.
B) Idle Time-out (minutes) to 20
- Idle Time-out refers to how long the load balancer will maintain a session for a connection that is inactive (i.e., no data is transmitted during this time). The default time is usually 4-5 minutes, but it can be increased to avoid session termination too soon.
- Why it’s not suitable: While adjusting idle timeout can help manage long sessions, it does not address the core requirement of routing requests from the same visitor to the same backend server consistently. This setting only determines when idle connections are closed but does not ensure session persistence to the same server.
C) A health probe
- A health probe is used to monitor the health of ...
Author: Leah · Last updated Jun 25, 2026
You have two Azure subscriptions named Sub1 and Sub2.
Sub1 contains a virtual machine named VM1 and a storage account named storage1.
VM1 is associated to the resources shown in the following t...
To move VM1 to Sub2, you need to consider all the resources associated with the virtual machine that are required for its operation. Let's analyze the resources shown in the table and review the options:
Key Considerations:
- VM1 relies on several resources to function, such as the virtual machine itself, its disks, and associated networking components.
- When moving a virtual machine across Azure subscriptions, all resources that the VM depends on (such as disks, network interfaces, and virtual networks) must be moved to the destination subscription. This is essential for the VM to function correctly after the move.
Analyzing Each Option:
A) VM1, Disk1, and NetInt1 only
- Why it’s not suitable: NetInt1 refers to a Network Interface (network interface card), but NetInt1 is part of the networking configuration. The move does not include VNet1, which is the Virtual Network the VM is connected to. A virtual machine cannot operate without being part of a virtual network, so not moving the VNet1 would break connectivity.
- Rejected because: VNet1 is missing in this option, which is required for VM1's connectivity.
B) VM1, Disk1, and VNet1 only
- Why it’s not suitable: This option includes the VM1, Disk1, and VNet1 but does not include the network interface (NetInt1). The network interface is necessary for the VM to communicate with the virtual network. Without moving the network interface, the VM would not have network connectivity, making it unusable.
- Rejected because: The network interface is required for connectivity and must be included in the move.
C) VM1, Disk1, and storage1 on...
Author: Olivia · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
To ensure that visitors are serviced by the same web server for each request, the ideal solution is to use session persistence (also known as sticky sessions). This setting ensures that once a client is directed to a specific web server, they will continue to be routed to that same server for the duration of their session. Now, let's analyze the options:
A) Session persistence to Client IP and protocol
- Explanation: This option ensures that requests from the same client IP and protocol (HTTP or HTTPS) are consistently directed to the same virtual machine (VM) by the load balancer. This is the best choice in this scenario because it will "stick" a client to the same server throughout their session, making sure the web server consistently services them.
- Reasoning: This is the most suitable option because the load balancer will direct all requests from a given client IP to the same backend server, fulfilling the requirement of ensuring visitors are serviced by the same web server during their session.
- Selected option: A is optimal for maintaining session consistency.
B) Idle Time-out (minutes) to 20
- Explanation: The idle timeout setting controls how long the load balancer waits before considering an idle session to be closed. Setting this to 20 minutes would mean that the session will persist for a maximum of 20 minutes without any activity. This is not the primary mechanism for session persistence.
- Reasoning: While it could affect session behavior, it doesn’t guarantee the sticky session to the same server. It's more about keeping idle sessions alive, not ensuring they are routed to the same server.
- Rejec...
Author: Lina Zhang · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
To ensure that visitors are serviced by the same web server for each request, the correct solution is to configure session persistence. This setting ensures that once a client connects to a specific web server, they will continue to be directed to that same server for the duration of their session. Now, let’s analyze the options:
A) Floating IP (direct server return) to Disabled
- Explanation: The Floating IP (direct server return) setting allows the load balancer to forward traffic directly to the backend server without passing through the load balancer after the initial connection. This can be beneficial for reducing load balancer overhead and improving performance for specific scenarios (e.g., high-traffic applications).
- Reasoning: Disabling floating IP does not directly solve the problem of session persistence. It merely ensures that the traffic is routed through the load balancer for every request. It doesn't guarantee that requests from the same visitor will always go to the same server. This option isn't intended for maintaining session stickiness.
- Rejected option: This is useful in different network configurations but doesn't solve the session persistence issue.
B) Idle Time-out (minutes) to 20
- Explanation: The idle timeout setting controls how long the load balancer waits before closing an inactive session. Setting this to 20 minutes means the load balancer will wait for up to 20 minutes of inactivity before considering the session closed.
- Reasoning: While the idle timeout can keep sessions active for a specified time, it doesn’t ensure that a visitor stays on the same server for each request. It doesn’t establish session persistence in terms of routing requests to the same server.
- Rejected option: This is useful for maintaining session state when idle but doesn’t gua...
Author: FrozenWolf2022 · Last updated Jun 25, 2026
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to...
To ensure that visitors are serviced by the same web server for each request, the correct configuration is session persistence. This ensures that a client will consistently be directed to the same web server during their session. Let's go through the options to find the best fit for this requirement.
A) Session persistence to Client IP
- Explanation: Session persistence to Client IP ensures that requests from the same client IP address are consistently routed to the same backend server (virtual machine). This option guarantees that once a visitor connects to a web server, subsequent requests from that visitor will continue to be serviced by the same server, which is precisely the goal.
- Reasoning: This is the most suitable choice, as it directly addresses the requirement to ensure that visitors are serviced by the same web server for each request.
- Selected option: A is the best solution for maintaining session consistency.
B) Idle Time-out (minutes) to 20
- Explanation: The idle timeout setting defines how long the load balancer should wait before closing an idle session. Setting it to 20 minutes means that if there is no activity for 20 minutes, the load balancer will terminate the session.
- Reasoning: While this setting helps control session lifetimes, it does not guarantee that a client will stay connected to the same server during their session. It only affects session expiry due to inactivity but doesn’t ensure session persistence.
- Rejected option...
Author: NightmareDragon2025 · Last updated Jun 25, 2026
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is a...
To ensure that NGINX is available on all the virtual machines in your virtual machine scale set (VMSS) after deployment, you need a solution that automates the installation and configuration of NGINX on each virtual machine within the scale set. Let's review the options:
A) the Publish-AzVMDscConfiguration cmdlet
- Explanation: The Publish-AzVMDscConfiguration cmdlet is used to publish a Desired State Configuration (DSC) script to Azure, specifically for automating configurations on Windows virtual machines. However, this cmdlet by itself does not install or manage NGINX directly; rather, it is part of the broader DSC infrastructure.
- Reasoning: While it can be used to deploy a DSC configuration, the process needs to involve setting up a DSC extension on the virtual machines to apply the configurations. The cmdlet alone does not address the installation of software like NGINX.
- Rejected option: This cmdlet is a part of the DSC management process but not the right solution for directly ensuring NGINX is installed on VMSS instances.
B) A Microsoft Endpoint Manager device configuration profile
- Explanation: Microsoft Endpoint Manager is a management platform for managing devices like PCs, mobile devices, and servers. It allows you to configure policies, deploy software, and manage devices in an enterprise environment.
- Reasoning: This is not the right tool for configuring virtual machines in an Azure VMSS, especially when you want to automate the installation of software like NGINX. Endpoint Manager is typically used for managing client devices, not for configuring Azure virtual machines directly.
- Rejected option: This is useful for managing end-user devices but not for configuring software installation on Azu...
Author: Aria · Last updated Jun 25, 2026
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is a...
To ensure that NGINX is available on all the virtual machines (VMs) in a Virtual Machine Scale Set (VMSS) after they are deployed, the most appropriate solution should automate the installation and configuration of NGINX across all VMs in the scale set.
Let’s review each option:
A) Azure Custom Script Extension
- Explanation: The Azure Custom Script Extension allows you to run custom scripts on Azure virtual machines. This can be used to install and configure software, such as NGINX, during or after the VM deployment. You can use this extension in the Azure Resource Manager (ARM) template to deploy and configure NGINX on each VM in the scale set.
- Reasoning: This is the best option for this scenario. The Custom Script Extension can run PowerShell or Bash scripts to install and configure NGINX on each VM. It’s commonly used to execute tasks like software installation and system configuration across all instances in a scale set.
- Selected option: This option directly addresses the requirement by enabling the automation of software installation and configuration.
B) Deployment Center in Azure App Service
- Explanation: The Deployment Center in Azure App Service is used to deploy applications (such as web apps) to Azure App Services using continuous integration or other deployment mechanisms. It is designed for use with Azure App Services and is not suitable for VM-based deployments.
- Reasoning: The Deployment Center is specifically designed for deploying applications to App Services, not for deploying software to virtual machines. It cannot be used to install NGINX on VMs in a VMSS.
- Rejected option: This option is not applicable for VM deployments.
C) the New-AzConfigurationAssignment cm...
Author: Liam · Last updated Jun 25, 2026
You have an Azure subscription that contains a Recovery Services vault named Vault1.
You need to enable multi-user authorization (M...
To enable multi-user authorization (MAU) for a Recovery Services vault in Azure, the first resource that needs to be created is C) a resource guard.
Reasoning:
- Multi-user Authorization (MAU) is a security feature that helps to ensure that a single user cannot perform actions like deleting or modifying recovery points without the approval of other authorized users. It requires a resource guard to enforce this requirement for the Recovery Services vault.
Here’s why other options are rejected:
- A) An administrative unit: Administrative units are used to manage and delegate administrative access at a finer granularity within Azure Active Directory (Azure AD). However, administrative units are not directly related to the process of enabling multi-user authorization for Recovery Services vaults. This is more for organizing resources in Azure AD, not for implementing security features in the vault.
- B) A managed identity: Managed identities are used to au...
Author: Siddharth · Last updated Jun 25, 2026
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You ve...
Solution Analysis:
In this scenario, you need to ensure that connections to App1 on VM2 can be established successfully from the IP address 131.107.100.50 over TCP port 443. The goal is to confirm if the proposed solution (creating an inbound security rule allowing traffic from the AzureLoadBalancer source on TCP port 443) meets this objective.
Step-by-Step Breakdown:
- Network Security Group (NSG) rules are controlling the inbound traffic to VM2. Based on the exhibit (which isn’t available here but can be inferred), the traffic from 131.107.100.50 likely does not match any existing rules.
- Azure Load Balancer's Role: In this context, the Azure Load Balancer is managing the connections. Typically, when a load balancer distributes traffic to backend virtual machines (VMs), it uses its own AzureLoadBalancer source IP in security rules. Therefore, allowing traffic from AzureLoadBalancer ensures that traffic coming from the Load Balancer to VM2 is permitted, which is essential for correct load balancing.
Why the Solution Might...
Author: Ahmed97 · Last updated Jun 25, 2026
You have an Azure subscription that contains the resources shown in the following table.
You create a route table named RT1 in the East...
Scenario Breakdown:
In this scenario, we are working with an Azure route table, RT1, created in the East US region. The goal is to determine to which resources we can associate RT1. The resources mentioned are:
- VNet1 (Virtual Network)
- Subnet1 (Subnet within a Virtual Network)
- NIC1 (Network Interface Card)
Explanation of Options:
1. VNet1:
- You cannot directly associate a route table with a virtual network (VNet). Route tables are associated with subnets, not the entire VNet. The VNet itself is a container for subnets and networking resources, but the route table cannot be applied at the VNet level.
2. Subnet1:
- Route tables are associated with subnets in Azure. When you associate a route table with a subnet, the routes defined in the route table apply to all resources within that subnet. Therefore, associating RT1 with Sub...
Author: Arjun · Last updated Jun 25, 2026
You create an Azure VM named VM1 that runs Windows Server 2019.
VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You need to enab...
To enable Desired State Configuration (DSC) on VM1, we need to understand how DSC works and what prerequisites must be met.
Explanation of Options:
1. A) Connect to VM1:
- Connecting to VM1 is an essential step to configure DSC, as it requires direct access to the virtual machine. However, just connecting to the VM does not fulfill the prerequisite for enabling DSC. We would typically connect to VM1 to configure DSC after ensuring that the VM is running.
2. B) Start VM1:
- Starting VM1 might be necessary if the VM is not running, but from the question context, we assume that VM1 is already created and could be in a stopped state. To enable DSC, the VM must be running. Thus, starting the VM is a logical first step if it is not already active, as you cannot configure DSC on a stopped VM.
3. C) Capture a snapshot of VM1:
- Capturing a snapshot is typically used for backup or creating restore points. This is not a required step for enabling DSC o...
Author: CrimsonViperX · Last updated Jun 25, 2026
SNAPSHOT
-
You have an Azure subscription that contains the virtual networks shown in the following table.
The subnets have the IP address spaces shown in the following table.
You plan to create a container app named contapp1 in the East US Azure region.
You need to create a container app environment named con-env1 that meets the following requirements:
* Uses its own virtual network.
* Uses its own subnet.
* Is connected to the smallest possible subnet...
Author: Daniel · Last updated Jun 25, 2026
You have an Azure subscription that contains the virtual networks shown in the following table.
All the virtual networks are peered. Each virtual network contains nine virtual machines.
You need to configure secure RDP connections ...
To determine the minimum number of Azure Bastion hosts required for secure RDP connections, we need to consider the following key factors:
1. Azure Bastion Deployment: Azure Bastion is deployed in a specific virtual network (VNet), and it can provide RDP and SSH access to virtual machines (VMs) in the same virtual network. In addition, Bastion can access VMs in other peered virtual networks.
2. Peering and Access Across Networks: Since the virtual networks are peered, a Bastion host deployed in one virtual network can be used to connect to VMs in other peered virtual networks. This means we do not need a separate Bastion host for each virtual network; a single Bastion host can serve multiple virtual networks if they are properly peered.
3. Number of Virtual Networks and VMs: The question mentions that each virtual network contains nine virtual machines (VMs), and there are multiple virtual networks that are peered. However, the number of VMs doesn’t directly impact the number of Bastion hosts required, as Bastion provides access to the entire VNet and all of its VMs.
Analysis of Options:
- Option A: 1 Bastion Host – Possible: One Bastion host...
Author: Daniel · Last updated Jun 25, 2026
SNAPSHOT
-
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
Each virtual machine contains only a private IP address.
You create an Azure bastion for VNet1 as shown in the following exhibit.
F...
Author: FrostFalcon88 · Last updated Jun 25, 2026
SNAPSHOT
-
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a service endpoint policy named Policy1 in the South Central US Azure region to allow connectivity to all the storage acco...
Author: Isabella1 · Last updated Jun 25, 2026
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is a...
To ensure that NGINX is available on all the virtual machines (VMs) after they are deployed in an Azure Virtual Machine Scale Set (VMSS), you need to use a method that automatically configures and installs NGINX on the VMs during or after deployment. Let's review each option:
Analysis of the Options:
- Option A: the New-AzConfigurationAssignment cmdlet – This cmdlet is used to assign a configuration to a resource (like an Azure Policy or custom configuration), but it is not specifically designed to deploy software or configure VMs. It is mainly used for assigning policies or configurations rather than ensuring software installation, so it wouldn't be the best choice for ensuring NGINX is installed on VMs.
- Option B: Azure Application Insights – Azure Application Insights is a monitoring service designed to track and analyze the performance and usage of applications. It does not handle VM configuration or software deployment, so it is irrelevant to the task of ensuring NGINX is installed.
- Option C: the Publish-AzVMDscConfiguration cmdlet – The `Publish-AzVMDscConfiguration` cmdlet is used to publish a Desired State Configuration (DSC) configuration to Azure Automation. While DSC can be used...
Author: Lina Zhang · Last updated Jun 25, 2026
You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1.
You plan to create an Azure container instance named container1.
You need to be able to configu...
In this scenario, you're planning to create an Azure Container Instance (ACI) named `container1` and need to configure DNS name label scope reuse. DNS name label scope reuse ensures that a DNS name is reused across multiple container instances without conflicts. To achieve this, let's analyze the available options:
Analysis of the Options:
- Option A: the private networking type – The private networking type for an Azure Container Instance involves creating an instance within a private virtual network. While this option is useful for scenarios where the container instance needs to have private IP addresses and communicate with other resources in the same virtual network, DNS name label scope reuse typically requires a public IP and is more related to the public networking type, not private networking. Therefore, this option is not appropriate for DNS name label reuse.
- Option B: the public networking type – The public networking type allows Azure Container Instances to have a public IP address, which can be used for DNS name label configuration. When using public networking, you can configure a DNS name label to allow the container instance to be reachable by a unique DNS name. This option is r...
Author: Samuel · Last updated Jun 25, 2026
SNAPSHOT
-
You have the Azure virtual machines shown in the following table.
VNET1, VNET2, and VNET3 are peered.
VM4 has a DNS server that is authoritative for a zone named contoso.com and contains the records shown in the following table.
The virtual networks are configured to use the DNS servers shown in the following table.
...
Author: ElectricLionX · Last updated Jun 25, 2026
DRAG DROP
-
You have an Azure subscription that contains a resource group named RG1.
You plan to create an Azure Resource Manager (ARM) template to deploy a new virtual machine named VM1. VM1 must support the capture of performance data.
You need to specify resource dependencies for the ARM template.
In which order sho...
Author: Matthew · Last updated Jun 25, 2026
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is a...
To ensure that NGINX is installed on all virtual machines (VMs) in a Virtual Machine Scale Set (VMSS) running Windows Server 2019, we need to choose a solution that automates the installation and configuration process across all VMs when they are deployed. Let's analyze the available options:
Analysis of the Options:
- Option A: a Desired State Configuration (DSC) extension – Correct choice: The Desired State Configuration (DSC) extension is a powerful tool to automate the configuration of Windows VMs. It ensures that software (like NGINX) is installed and configured on all VMs in the scale set according to a defined DSC configuration script. DSC is widely used to enforce desired configurations on VMs, and it allows you to install and manage software like NGINX in an automated and repeatable way. You can create a DSC script to install NGINX and apply it using the DSC extension to all VMs in the scale set. This is the most appropriate solution for the scenario.
- Option B: a Microsoft Intune device configuration profile – Microsoft Intune is a cloud-based service that focuses on managing and securing mobile devices, apps, and other endpoints. While it can manage some settings on VMs, it is not designed for configuring software installations like NGINX on VMs, especially in the context of Azure VMSS. Intune is...
Author: Aria · Last updated Jun 25, 2026
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
All the virtual machines have only private IP addresses.
You deplo...
To determine which virtual machines (VMs) you can connect to through Azure Bastion, let's review the key facts and reasoning:
Key Considerations:
1. Azure Bastion Access: Azure Bastion provides secure RDP and SSH access to virtual machines within a virtual network (VNet) that Bastion is deployed in. For Bastion to connect to virtual machines, the virtual machines must be located in the same VNet or in a peered VNet. However, Bastion only works with private IPs, as it is intended for secure access without exposing VMs to the public internet.
2. Virtual Machine Placement: The table provided in the question is assumed to show that:
- VM1 is located in VNet1, where Bastion1 is deployed.
- VM2 and VM3 are located in other VNets (possibly peered or not) and have only private IPs.
3. Virtual Network Peering: If VM2 and VM3 are in peered VNets, Bastion can connect to them because Bastion in VNet1 can reach the VMs in the peered networks via their private IPs.
Scenario Analysis:
- Option A: VM1 only – This option suggests that Bastion can only connect to VM1, which is in the same VNet as Bastion1. If VM2 and VM3 are in different VNets that are not peered...
Author: Joseph · Last updated Jun 25, 2026
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is a...
To ensure that NGINX is available on all virtual machines (VMs) in a Virtual Machine Scale Set (VMSS) running Windows Server 2019 after they are deployed, we need a method to automate the installation and configuration of NGINX on each VM. Let’s evaluate each of the options provided:
Analysis of the Options:
- Option A: a Microsoft Intune device configuration profile – Not applicable: Microsoft Intune is a tool for managing and securing devices, apps, and endpoints, particularly for mobile devices and PCs. While it can manage some configurations and security settings for Azure VMs, Intune is not designed for installing server-side software like NGINX on VMs in a scale set. Intune is more focused on managing user and device configurations and wouldn't be the appropriate choice for configuring software installation across VMs in a scale set.
- Option B: a Desired State Configuration (DSC) extension – Correct choice: The Desired State Configuration (DSC) extension is a powerful automation tool in Azure that can be used to configure and manage the state of Windows machines. DSC ensures that the system configuration (such as software installation) is consistent across VMs. You can create a DSC configuration script to install NGINX on all VMs in the scale set, and use the DSC extension to apply this configuration when the VMs are deployed. This is the ideal solution for ensurin...
Author: Vikram · Last updated Jun 25, 2026
You have an Azure subscription.
You plan to migrate 50 virtual machines from VMware vSphere to the subscription.
You creat...
To migrate virtual machines (VMs) from VMware vSphere to an Azure subscription, it's essential to follow a process that ensures the VMs can be successfully replicated and restored in the Azure environment.
Here's an explanation of the available options:
A) Configure an extended network
- This option is typically used when you're extending your on-premises network to Azure using Azure Site-to-Site VPN or ExpressRoute. It's useful if you need to keep communication between on-premises and Azure networks after migration. However, it is not the immediate next step for migrating VMs from VMware to Azure. It’s more relevant when setting up hybrid connectivity but not part of the initial migration process.
- Rejected: Not directly related to the VM migration process at this stage.
B) Create a recovery plan
- A recovery plan is used in Azure Site Recovery (ASR) when setting up failover strategies for disaster recovery. While recovery plans are essential for planning failover and recovery of VMs in the event of a disaster, they are not required at the initial stage of migration. You need to set up replication and migration first.
- Rejected: Recovery plans are used for disaster recovery, not for the initial migration of VMs.
C) Deploy an Open Virtualization Application (OVA) ...
Author: James · Last updated Jun 25, 2026
SNAPSHOT
-
You have an Azure subscription that contains the virtual networks shown in the following table.
Each virtual network has 50 connected virtual machines.
You need to implement Azure Bastion. The solution must meet the fallowing requirements:
* Support host scaling.
* Support uploading and downloading files.
* Support the virtual machines on both VNet1 and VNet2.
* Minimize the number of ...
Author: Amelia · Last updated Jun 25, 2026
You have an Azure subscription that contains the virtual networks shown in the following table.
You need to ensure that all the traffic between VNet1 and VNet2...
To ensure that all traffic between VNet1 and VNet2 traverses the Microsoft backbone network, the appropriate configuration must route traffic through Azure's private and secure backbone rather than the public internet or using other network paths. Let’s analyze the options:
A) A private endpoint
- A private endpoint is used to provide secure, private connectivity to Azure services over the Azure backbone network. However, private endpoints are typically used for accessing specific Azure services (like Azure Storage, Azure SQL, etc.) securely. It doesn’t directly apply to routing traffic between two VNets.
- Rejected: This option is used for connecting to Azure services securely, not for connecting VNets or routing traffic between them.
B) Peering
- VNet Peering allows you to connect two VNets in the same or different regions to allow traffic to flow between them. By default, traffic between peered VNets can traverse either the Microsoft backbone network (if configured as such) or use public routing depending on how the peering is configured.
- When you configure VNet peering, if you select the option "Use remote gateways" and "Allow forwarded traffic," this can ensure that traffic flows over the Microsoft backbone network rather than the public internet. In this case, VNet peering can be configured to ensure traffic between VNets goes over the private network.
- Selected: This is the most suitable option to connect the VNets and ensure traffic flows over the Azure backbone network.
C) Exp...
Author: Max · Last updated Jun 25, 2026
You have the Azure virtual networks shown in the following table.
Which virtual networks can ...
To determine which virtual networks VNet1 can peer with, we need to analyze the following key factors for VNet peering in Azure:
1. Same Region or Different Region: If the VNets are in the same region, peering can be set up easily. If they are in different regions, Global VNet Peering can be used, but it may incur additional costs.
2. Address Space Overlap: VNets can only be peered if their address spaces do not overlap. This is crucial as overlapping IP ranges can cause routing issues.
3. Peering Policies: For peering to work, certain policies must be allowed (such as enabling traffic forwarding, remote gateways, etc.) during the peering configuration.
Now, let’s analyze the options:
A) VNet2, VNet3, and VNet4
- This option assumes that VNet1 can peer with VNet2, VNet3, and VNet4.
- Reason to reject: If VNet1 is not allowed to peer with any of these VNets due to address space overlap or any other limitations, then this option cannot be correct.
B) VNet2 only
- This option assumes that VNet1 can only peer with VNet2.
- Reason to reject: If VNet1 can peer with more than just VNet2, then this option is too restrictive.
C) VNet3 and VNet4 only
- ...
Author: Ahmed · Last updated Jun 25, 2026
You have an Azure subscription that has a Recovery Services vault named Vault1. The subscription contains the virtual machines shown in the following table:
You plan to schedule backups to occur...
To determine which virtual machines can be backed up using Azure Backup, we need to evaluate the key requirements and characteristics of each VM. Azure Backup can back up VMs that meet certain conditions, such as:
1. Operating System: The VM must be running a supported operating system (Windows or Linux).
2. Azure VM: The VM must be an Azure VM. If it's an on-premises VM or a VM that’s not registered with Azure Backup, it cannot be backed up using the service.
3. Backup Availability: The VM should not be excluded from backup due to specific configurations or constraints like disk types or VM sizes.
Given these key factors, let’s evaluate the virtual machines:
A) VM1 and VM3 only
- If VM1 and VM3 meet the requirements (correct operating system, Azure-based, no exclusions), they can be backed up, while other VMs may have restrictions.
- Reason to reject: If VM2 and VM4 do not have any restrictions preventing backup, this option would be incomplete.
B) VM1, VM2, VM3, and VM4
- This option suggests that all four VMs are eligible for backup, meaning there are no operating system, configuration, or other restrictions prev...
Author: Alexander · Last updated Jun 25, 2026
You have the Azure virtual machines shown in the following table:
You have a Recovery Services vault that protects VM1 and VM2.
You need to protect ...
To protect VM3 and VM4 using Recovery Services, we need to evaluate each option based on its relevance to the setup and requirements for backing up virtual machines.
Key Factors for Evaluation:
- Azure Recovery Services Vault: A Recovery Services vault is the container used to manage backup data and restore points for protected Azure VMs. Each set of VMs must be backed up using a Recovery Services vault.
- Backup Policy: A backup policy defines when and how backups are taken for the VMs. Without a backup policy, no backups can be scheduled.
- Storage Account: A storage account is used to store backup data, but creating a storage account is not necessary to use Recovery Services Vault, since it manages storage internally.
- VM Extensions: Extensions are used to configure VMs for specific services like monitoring or backup, but this is not the first step in setting up Recovery Services protection.
Option Breakdown:
1. A) Create a new Recovery Services vault:
- This option could be relevant if a separate Recovery Services vault is needed for VM3 and VM4, but typically, you would want to use the same vault if you're managing backups for multiple VMs, provided it’s already set up for VM1 and VM2.
- If the existing Recovery Services vault alread...
Author: Victoria · Last updated Jun 25, 2026
SNAPSHOT -
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert r...
Author: John · Last updated Jun 25, 2026
You have an Azure subscription that contains the identities shown in the following table.
User1, Principal1, and Group1 are assigned the Monitoring Reader role.
An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role.
You create an alert rul...
Let's break down the question step by step to determine who will receive the email notification when Alert1 is triggered, based on the given scenario.
Key Factors:
- Monitoring Reader Role: This role grants the ability to view monitoring data in Azure, but it does not grant the ability to modify resources or create alerts.
- Action Group (AG1): This action group is configured to send email notifications for Azure Resource Manager (ARM) role notifications.
- Alert Rule (Alert1): The alert rule triggers the action group AG1, which is set to notify by email.
- Assigned Roles:
- User1, Principal1, and Group1 are assigned the Monitoring Reader role.
- The action group AG1 is configured to notify the Monitoring Reader role by email when triggered.
Step-by-Step Evaluation:
1. Who can be notified?
- Since the action group AG1 is configured to notify the Monitoring Reader role, it will send email notifications to any users or identities who have the Monitoring Reader role.
2. Who has the Monitoring Reader role?
- User1: Assigned the Monitoring Reader role.
- Principal1: Assigned the Monitoring Reader role.
- Group1: Members of Group1 have the Monitoring Reader role, so any users within this group are also eligible for the notification.
3. Email Notification Criteria:
- The email notifications will be sent to any identity or user associated with User1, Principal1, or Group1.
- The email notification is being sent to the identitie...
Author: Nathan · Last updated Jun 25, 2026
SNAPSHOT -
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup policy named Policy1 as shown in the exhibit. (Click the Exhibit tab.)
You configure the backup of VM1 to use Policy1 on Thursday, January 1 at 1:00 AM.
You need to identify the number of available recovery points for VM1.
How many recovery points are...
Author: Leah · Last updated Jun 25, 2026
SNAPSHOT -
You have the web apps shown in the following table.
You need to monitor the performance and usage of the apps by using Azure Application Insights. The solution must minimize modifications to the application code.
What should you do on each app? To answ...
Author: Amira · Last updated Jun 25, 2026
You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1.
After creating Backup1, you perform the following changes to VM1:
* Modify the size of VM1.
* Copy a file named Budget.xls to a folder named Data.
* Reset the password for the built-in administrator account.
* Add a data disk to VM1.
An administrator us...
Let's analyze the situation and determine which change should be performed again after restoring VM1 from Backup1.
Key Information:
- Backup1: This is the backup created of VM1 before any changes were made to it.
- Changes to VM1:
1. Modify the size of VM1: The size of the virtual machine was modified after the backup.
2. Copy a file named Budget.xls to a folder named Data: A file was added to the virtual machine.
3. Reset the password for the built-in administrator account: The password for the built-in administrator account was reset.
4. Add a data disk: A new data disk was added to the VM.
Restore Scenario:
- An administrator uses the Replace existing option to restore VM1 from Backup1. The Replace existing option will restore VM1 to its state at the time the backup was taken, meaning all the changes that occurred after the backup (like the modifications listed above) will be undone.
Evaluating the Changes:
1. Modify the size of VM1:
- When restoring a VM from a backup, the size of the virtual machine is also restored to the configuration at the time the backup was taken. So, the size of VM1 will revert to its original state from before the backup. Therefore, the size will need to be modified again after the restore.
- This change needs to be performed again because the restored VM will have the original size from Backup1, not the modified size.
2. R...
Author: Kai99 · Last updated Jun 25, 2026
SNAPSHOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit. (Click the Password Reset tab.)
You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authenticati...
Author: Isabella1 · Last updated Jun 25, 2026
Your company has a main office in London that contains 100 client computers.
Three years ago, you migrated to Azure Active Directory (Azure AD).
The company's security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home networ...
To ensure that User1 can join a personal device to Azure AD from their home network, let’s break down the key factors and evaluate the options provided:
Key Factors:
- User1 previously could join devices to Azure AD, but is now unable to do so.
- The security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
- The issue occurs from a home network, so it suggests there might be restrictions or configurations that affect User1's ability to join devices remotely.
Evaluation of the Options:
1. A) Assign the User administrator role to User1:
- The User administrator role would allow User1 to manage user settings and some aspects of devices in Azure AD, but it is not required to join a device to Azure AD. The ability to join devices is controlled by the device settings in Azure AD.
- This option is not relevant, as User1’s inability to join a device is more likely related to device registration settings, not administrative privileges.
2. B) From the Device settings blade, modify the Maximum number of devices per user setting:
- The Maximum number of devices per user setting defines how many devices a user can register or join to Azure AD. If User1 has reached the limit, they would be unable to join additional devices.
- However, this is not likely the issue in this case, as User1 was able to join devices in the past. The problem is more related to the permission or policy settings regarding device joining, not the number of devices.
3. C) Create a point-to-site VPN from the home n...
Author: Krishna · Last updated Jun 25, 2026
SNAPSHOT -
You have two Azure App Service app named App1 and App2. Each app has a production deployment slot and a test deployment slot.
The Backup Configuration settings for the production slots are shown in the following table.
For each of the following statements, s...
Author: FrostFalcon88 · Last updated Jun 25, 2026
SNAPSHOT -
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active
Directory domain. The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
* Number of methods required to reset: 2
* Methods available to users: Mobile phone, Security questions
* Number of questions required to register: 3
* Number of questions required to reset: 3
You select the following security questions:
...
Author: BlazingPhoenix22 · Last updated Jun 25, 2026
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
Use...
Let's break down the scenario and evaluate the solution:
Key Information:
- Azure Active Directory (Azure AD) tenant: There are two Azure AD tenants:
1. contoso.onmicrosoft.com
2. external.contoso.onmicrosoft.com
- User1 is creating the second tenant external.contoso.onmicrosoft.com.
- The task is to create new user accounts in the external.contoso.onmicrosoft.com tenant.
Understanding the Role of User1:
- User1's Role in contoso.onmicrosoft.com: User1 is an existing user in the contoso.onmicrosoft.com tenant. However, being a member of the contoso.onmicrosoft.com tenant does not automatically grant User1 the ability to create users in a different tenant (in this case, external.contoso.onmicrosoft.com).
- Creating Users in Another Tenant: In order to create users in external.contoso.onmicrosoft.com, User1 must be a global administrator or have the User administrator role in the external.contoso.onmicrosoft.com tenant.
Analysis of the Solution:
-...
Author: Olivia · Last updated Jun 25, 2026
You have an existing Azure subscription that contains 10 virtual machines.
You need to monitor the latency between your on-premise...
Let's analyze the options based on the requirement to monitor the latency between your on-premises network and the Azure virtual machines:
Key Considerations:
- The goal is to monitor latency, which refers to the time taken for data to travel between two points (in this case, your on-premises network and Azure VMs).
- The solution needs to be capable of assessing the network performance, specifically related to latency, between on-premises resources and Azure VMs.
Option Evaluation:
1. A) Service Map:
- Service Map provides insights into the communication and dependencies between applications and services in your environment. It tracks the relationships between processes and services on virtual machines, but it does not directly measure latency.
- Rejected: Service Map is not designed for monitoring network latency between on-premises and Azure.
2. B) Connection troubleshoot:
- Connection troubleshoot is useful for diagnosing network connectivity issues (e.g., determining if a VM is reachable or if a specific port is open), but it is not designed to continuously monitor or report latency.
- Rejected: While it is useful for troubleshooting, it does not meet the goal ...
Author: Noah · Last updated Jun 25, 2026
SNAPSHOT -
You have an Azure App Service plan named ASP1.
CPU usage for ASP1 is shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the infor...
Author: VioletCheetah55 · Last updated Jun 25, 2026
DRAG DROP -
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.
Which four actions should you perform in sequence? To a...
Author: VenomousSerpent42 · Last updated Jun 25, 2026
SNAPSHOT -
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you d...
Author: Zara · Last updated Jun 25, 2026
You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the Syst...
To determine the correct target resource for the alert rule in Azure Monitor, let's evaluate each option based on the goal of monitoring the System event log of VM1 for errors.
Key Considerations:
- The goal is to trigger an alert based on events logged in the System event log of VM1. Azure Monitor alerts can be set up to monitor specific resources and log data.
- Azure's ability to collect event logs (like the System event log) depends on having the appropriate monitoring setup in place, such as using Log Analytics to store logs and events.
Option Evaluation:
1. A) Virtual machine extension:
- Virtual machine extensions are small software components that can be installed on a VM to perform specific functions (e.g., the Azure Monitor agent, Log Analytics agent, etc.). These extensions collect and send data (including event logs) to Azure Monitor or Log Analytics.
- Rejected: While extensions are involved in collecting logs, they themselves are not the target resource for setting up the alert. The alert should be set at the level of the data source (VM or Log Analytics) rather than the extension itself.
2. B) Virtual machine:
- A virtual machine in Azure can be a direct resource monitored for alerts. If the Azure Monitor agent is installed on the VM (which sends event logs to Log Analytics), you can create an alert rule directly on the VM for the logs or events.
- Selected: This is the correct op...