Microsoft Practice Questions, Discussions & Exam Topics by our Authors
You have the Azure Synapse Analytics pipeline shown in the following exhibit. You need to add a set variable activity to the pipeline to ensure that after the pipeline's completion, the status of the ...To ensure that the Azure Synapse Analytics pipeline completes successfully, regardless of any failure in its activities, you need to configure the Set Variable activity in a way that forces the pipeline to end successfully. Reasoning: A) A skipped dependency on the Upon Failure activity: - This option involves setting a skipped dependency on an activity that runs in case of failure. If you use a skipped dependency on a failure condition, the pipeline might skip certain actions, which does not ensure that the pipeline will complete successfully. In this scenario, if the pipeline fails and the "Upon Failure" activity is skipped, it does not force a successful completion. - Use case: Skipped dependencies typically allow an activity to be skipped under certain conditions, but this does not guarantee a successful pipeline outcome. B) A skipped dependency on the Upon Success activity: - Setting a skipped dependency on the Upon Success activity would allow the pipeline to skip a task or action if the pipeline is successful. However, this would not ensure the pipeline is forced to complete successfully if any errors occur in the activities. A skipped dependency on a success condition might inadvertently skip important tasks and won't address a failure scenario. - Use case: This would be useful when skipping a task if the pipeline is successful, but not for guaranteeing success in case of failure. C) A success dependency on the Business Activity That Fails activity: - A success de... Author: Vikram · Last updated May 27, 2026 |
You have an on-premises Linux server that contains a database named DB1. You have an Azure subscription that contains an Azure data factory named ADF1 and an Azure Data Lake Storage account named ADLS1. You need to create a pipeline in ADF1 that wi...To copy data from the on-premises Linux server (DB1) to Azure Data Lake Storage (ADLS1) using Azure Data Factory (ADF1), you should use a self-hosted integration runtime. Reasoning: A) Self-hosted integration runtime: - Self-hosted integration runtime (IR) is specifically designed to bridge the gap between on-premises data sources (like DB1) and Azure services (like ADLS1). This integration runtime allows Azure Data Factory to securely access and transfer data from on-premises sources to cloud destinations. - In this scenario, since DB1 is located on an on-premises Linux server, the self-hosted IR is required to securely access and read data from the on-premises database, and then copy it to Azure Data Lake Storage (ADLS1). - The self-hosted IR can be installed on a machine in your on-premises environment, which would allow it to connect to DB1 and perform the data transfer to ADLS1. - Use case: Used when the data source is on-premises (in this case, a Linux server) and the destination is in the cloud (Azure Data Lake Storage). B) Azure integration runtime: - Azure integration runtime (IR) is used for moving data between cloud-based data stores or services within Azure. It does not support access to on-premises data sourc... Author: Ella · Last updated May 27, 2026 |
DRAG DROP - You have an Azure Data Lake Storage account named account1. You use an Azure Synapse Analytics serverless SQL pool to access sales data stored in account1. You need to create a bar chart that displays sales by product. The solution must minimize development effort. In which order should ...Author: Aditya · Last updated May 27, 2026 |
DRAG DROP - You have an Azure Synapse Analytics dedicated SQL pool. You need to create a copy of the data warehouse and make the copy available for 28 days. The solution must minimize costs. Which three actions should you perform in sequence? To answer...Author: NebulaEagle11 · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Synapse Analytics workspace that contains an Apache Spark pool named Pool1. You need to read data from a CSV file and write the data to a Delta table by using Pool1. How should you complete the PySpark code? To an...Author: Deepak · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Data Lake Storage account that contains one CSV file per hour for January 1, 2020, through January 31, 2023. The files are partitioned by using the following folder structure. You need to query the files by using an Azure Synapse Analytics serverless SQL pool. The solution must return the row count of each ...Author: Nia · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Synapse Analytics dedicated SQL pool named Pool1 that contains an external table named Sales. Sales contains sales data. Each row in Sales contain data on a single sale, including the name of the salesperson. You need to implement row-level security (RLS). The solution must ensure that the salespeople can access only their...Author: VioletCheetah55 · Last updated May 27, 2026 |
You have an Azure Data Factory pipeline named P1. You need to schedule P1 to run at 10:15 AM, 12:15 PM, 2:15 PM, and 4:15 PM every day. Which freq...To schedule the Azure Data Factory pipeline P1 to run at specific times (10:15 AM, 12:15 PM, 2:15 PM, and 4:15 PM) every day, you should select the appropriate frequency and interval for the trigger. Reasoning: A) Frequency: Month - Interval: 1: - The Monthly frequency with an interval of 1 would cause the pipeline to run every month, not every day. This option doesn't meet the requirement to run multiple times a day. - Use case: This is used when you want to schedule a pipeline to run monthly, not daily. B) Frequency: Day - Interval: 1: - The Daily frequency with an interval of 1 is the correct option. This setup ensures that the pipeline will run once every day. However, the times you specified (10:15 AM, 12:15 PM, 2:15 PM, and 4:15 PM) suggest multiple runs per day. While this option enables daily scheduling, you still need to specify the times for the trigger. - Use case: This is ideal for daily schedules, but you would also need to define the specific times for the schedule (e.g., 10:15 AM, 12:15 PM, etc.) under the trigger’s advanced schedule settings. C) Frequency: Minute - Interval: 60: - The Minute frequency with an interval of 60 would trig... Author: Liam · Last updated May 27, 2026 |
You are creating an Azure Data Factory pipeline. You need to add an activity to the pipeline. The activity must execute a Transact-SQL stored procedure that has the following characteristics: * Returns the number of sales invoi...When working with Azure Data Factory (ADF) and needing to execute a Transact-SQL stored procedure that meets the specified criteria, you must choose the correct type of activity based on the nature of the stored procedure and its requirements. Let’s analyze each option in detail: Option A: Stored Procedure - Description: The Stored Procedure activity in ADF is designed to execute a stored procedure in a database. This activity allows for the execution of a Transact-SQL stored procedure, and it can be configured to run a procedure that doesn’t take any parameters or returns results. - Why it fits: Since the stored procedure returns the number of sales invoices for a current date and does not require input parameters, the Stored Procedure activity is the most appropriate choice. You can directly run this stored procedure, and it’s suited for executing T-SQL procedures that return values or perform other operations. - Conclusion: This option directly matches the task requirements. Option B: Get Metadata - Description: The Get Metadata activity is used to retrieve metadata information about a specific data source, such as tables, files, or columns. It can be used to check the existence of data or to get properties like row count, file size, etc. - Why it’s rejected: The Get Metadata activity is used for metadata retrieval, not for executing stored procedures. This activity cannot execute SQL queries or procedures, so it’s not suitable for the scenario. - Conclusion: This option is irrelevant to the task. Option C: Append Variable - Description: The ... Author: ElectricLionX · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Synapse Analytics workspace that contains three pipelines and three triggers named Trigger1, Trigger2, and Trigger3. Trigger3 has the following definition. For each of the following statements, select...Author: Ethan Smith · Last updated May 27, 2026 |
DRAG DROP - You have an Azure Databricks deployment and a local file named /tmp/file1 that contains the following code. You need to read /tmp/file1 into a data frame by using Scala. How should you complete the code? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once...Author: FrozenWolf2022 · Last updated May 27, 2026 |
You have an Azure subscription that contains a Microsoft Purview account. You need to search the Microsoft Purview Data Catalog to identify assets that have a...To search the Microsoft Purview Data Catalog for assets that have an assetType property of Table or View, it’s important to understand how queries are constructed in Purview's search engine. Let’s analyze each option: Option A: assetType IN ('Table', 'View') - Description: The IN operator is typically used in query languages to filter results where a field matches any one of the listed values. This is a common and effective way to check if a field (like assetType) is either "Table" or "View". - Why it fits: The IN operator is the correct syntax to match multiple values in a single query. Using this format ensures you are querying assets where the assetType is either "Table" or "View", which aligns with the requirement. - Conclusion: This option is syntactically correct and matches the task perfectly. Option B: assetType:Table OR assetType:view - Description: This option uses the OR operator to combine two conditions: assetType:Table and assetType:view. - Why it’s rejected: In Purview queries, the use of OR between conditions is valid, but the proper syntax requires matching the exact field and value format. assetType:Table is valid, but assetType:view is not because the correct capitalization for assetType values in Purview is "View" (case-sensitive). - Conclusion: This option is incorrect due to ... Author: Charlotte · Last updated May 27, 2026 |
You have an Azure subscription that contains an Azure Synapse Analytics account. The account is integrated with an Azure Repos repository named Repo1 and contains a pipeline named Pipeline1. Repo1 contains the branches shown in the following table. From featu...To publish changes to a pipeline in Azure Synapse Analytics that is integrated with an Azure Repos repository, the workflow must follow proper version control practices within the context of the repository and the environment. Let's break down each option: Option A: From featuredev, create a pull request. - Description: A pull request (PR) is used to merge changes from one branch to another. If you're working in the featuredev branch and you need to publish changes, the typical approach would be to create a pull request to merge your featuredev branch changes into the main branch or another designated branch, assuming the changes have been tested and are ready for integration. - Why it's rejected: While creating a pull request from featuredev to main is a common practice when you're ready to merge changes, you cannot directly publish changes from featuredev without switching to the appropriate environment first (live mode, for example). This step of creating a pull request itself is part of the workflow, but it's not sufficient to publish the changes to the live environment. - Conclusion: This option is partially correct but doesn't address the first step needed to publish. Option B: From main, create a pull request. - Description: In this option, you'd create a pull request from the main branch to another branch (e.g., featuredev or another feature branch). - Why it's rejected: Creating a pull request from main to another branch is not a correct approach to publish changes because the main branch typically contains the stable production code. If you're working in a featuredev branch, you would usually want to merge featuredev into main. So, starting from main in this context isn't the right approach. - Conclusion: This option doesn't align with the goal of publishing changes from a development branch to the main or production branch. Option C: Ad... Author: Sofia2021 · Last updated May 27, 2026 |
DRAG DROP - You have an Azure subscription that contains an Azure Data Factory account named ADF1 and an Azure Data Lake Storage Gen2 account named storage1. ADF1 contains the objects shown in the following table. You need to configure DailyIngestion to perform the following actions: * Ingest 2,000 small files into storage1 once every 24 hours. * Output one large file once every 24 hours. ...Author: Liam123 · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Synapse Analytics pipeline named pipeline1 that has concurrency set to 1. To run pipeline1, you create a new trigger as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes eac...Author: Oliver · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Data Factory pipeline that has the logic flow shown in the following exhibit. For each of the following statements, select Yes if the statement is...Author: Noah · Last updated May 27, 2026 |
DRAG DROP - You have an Azure subscription that contains an Azure Synapse Analytics workspace named Workspace1. Workspace1 contains an Apache Spark pool named spark1 and a pipeline named Pipeline1. You need to add an activity to Pipeline1 that will run a notebook. The solution must ensure that the activity overrides the value of a variable named inputFile when the notebook runs. Which five acti...Author: MysticJaguar44 · Last updated May 27, 2026 |
You have an Azure subscription that contains an Azure SQL database named SQLDB1 and an Azure Synapse Analytics dedicated SQL pool named Pool1. You need to replicate data from SQLDB1 to Pool1. The solution must meet the following requirements: * Minimize performance i...Let's review the options and analyze which one best meets the requirements for replicating data from an Azure SQL Database (SQLDB1) to an Azure Synapse Analytics Dedicated SQL Pool (Pool1) while minimizing performance impact, supporting near-real-time (NRT) analytics, and minimizing administrative effort. Option A: Azure Synapse Link - Description: Azure Synapse Link is specifically designed to integrate Azure SQL databases with Azure Synapse Analytics for near-real-time analytics. It allows you to seamlessly replicate data from Azure SQL Database to a dedicated SQL pool in Synapse Analytics, without requiring complex data movement or transformations. Data is replicated with minimal performance impact and typically in near-real-time. - Why it fits: - Minimizes performance impact: Azure Synapse Link is designed to be efficient and optimized, minimizing the performance impact on the source database (SQLDB1). - Supports near-real-time (NRT) analytics: This is one of the primary benefits of using Synapse Link—data is replicated almost instantly into the Synapse dedicated SQL pool. - Minimizes administrative effort: Once set up, Azure Synapse Link is relatively hands-off in terms of administration, requiring little manual intervention after the initial configuration. - Conclusion: This option is the best fit for the requirements since it is designed to replicate data from SQLDB1 to Pool1 with minimal impact and in near-real-time. Option B: Azure Private Link - Description: Azure Private Link provides private connectivity between Azure services over the Azure backbone network. It allows you to access Azure services like Azure SQL Database or Synapse Analytics securely and privately. - Why it’s rejected: While Azure Private Link is beneficial for secure communication between services, it is not a data replication solution. It does not provide the mechanism to move or replicate data between SQLDB1 and Pool1. - Conclusion: This option does not meet the requirement for replicating data and is irrelevant to the scenario. Option C: SQL Data Sync for Azure - Description: SQL Data ... Author: StarlightBear · Last updated May 27, 2026 |
DRAG DROP - You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You have an Azure Synapse Analytics dedicated SQL pool named dw1 that contains a schema named schema1. You need to grant Group1 read-only permissions to all the tables and views in schema1. The solution must use the principle of least privilege. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of acti...Author: Jack · Last updated May 27, 2026 |
HOTSPOT - You have an Azure subscription that contains a logical Microsoft SQL server named Server1. Server1 hosts an Azure Synapse Analytics SQL dedicated pool named Pool1. You need to recommend a Transparent Data Encryption (TDE) solution for Server1. The solution must meet the following requirements: * Track the usage of encryption keys. Maintain the access of client apps to Pool1 in the event of an Azure datacenter outage that affects the availabili...Author: Liam · Last updated May 27, 2026 |
You plan to create an Azure Synapse Analytics dedicated SQL pool. You need to minimize the time it takes to identify queries that return confidential information as defined by the company's data privacy regulations and the users who executed the queues. Which two components should you i...To address the scenario where you need to minimize the time it takes to identify queries that return confidential information in an Azure Synapse Analytics dedicated SQL pool, and the users who executed the queries, let's analyze the given options: Option A: Sensitivity-classification labels applied to columns that contain confidential information - Description: Sensitivity labels are used to classify sensitive data in a database, including columns that contain confidential or sensitive information. These labels help identify which data is sensitive, making it easier to track and enforce compliance with data privacy regulations. - Why it fits: - Identifying confidential data: Applying sensitivity-classification labels to columns ensures that you can quickly identify which parts of the database contain sensitive information, such as personally identifiable information (PII) or financial data. This is critical for minimizing the time to identify confidential information. - Compliance: Labels help ensure compliance with regulations by providing an auditable trail of where confidential data is stored. - Conclusion: This option is highly relevant and effective for identifying confidential information. Option B: Resource tags for databases that contain confidential information - Description: Resource tags in Azure are metadata labels that help organize and manage resources. They can be applied to Azure resources like databases to track their purpose or classification (e.g., sensitive data or compliance). - Why it’s rejected: - Not directly related to query execution or data identification: While resource tags can help with organizing and managing resources, they do not provide a mechanism for identifying or tracking confidential data at the column level or for tracking which queries return sensitive data. - Limited use in this context: Resource tags alone cannot help identify confidential data in the context of query execution or logging user activity. - Conclusion: This option is not as effective as other options for the specific requirement of identifying confidential data returned by queries. Option C: Audit logs sent to a Log Analytics workspace - Description: ... Author: John · Last updated May 27, 2026 |
You are designing an enterprise data warehouse in Azure Synapse Analytics that will contain a table named Customers. Customers will contain credit card information. You need to recommend a solution to provide salespeople with the ability to view all the entries in Customers. The solution must pr...To meet the requirements of allowing salespeople to view the entries in the Customers table while preventing them from viewing or inferring credit card information, let's evaluate the options provided: Option A: Data Masking - Description: Dynamic Data Masking (DDM) is a feature in Azure Synapse Analytics that automatically masks sensitive data in query results. It can be used to prevent unauthorized users from viewing sensitive data, such as credit card numbers, while still allowing authorized users to see the full data. - Why it fits: - Prevents unauthorized viewing: DDM allows you to apply a mask to sensitive data like credit card information, showing masked values (e.g., `XXXX-XXXX-XXXX-1234`) to salespeople and only revealing the full data to authorized users. - Simple to implement: This is an efficient solution to prevent salespeople from viewing or inferring credit card information. - Conclusion: Data Masking is a suitable choice for this scenario, as it prevents salespeople from seeing credit card information while still allowing them to view the rest of the customer data. Option B: Always Encrypted - Description: Always Encrypted is a feature in SQL Server and Azure SQL Database that encrypts sensitive data in the database and ensures that the data is never visible in an unencrypted form, even to database administrators. The encryption keys are stored outside of the database. - Why it’s rejected: - Complexity: While Always Encrypted is a strong solution for data encryption, it is more suited for protecting data at rest or during transmission. It would be overkill for this specific scenario where the primary goal is to prevent unauthorized access to a specific column (credit card data) while still allowing access to other columns. - Access control: This solution does not allow for the same flexibility as Dynamic Data Masking, where data can be partially visible based on user roles. - Conclusion: Always Encrypted is more complex and might not be the most appropriate solution for this use case, especially when the goal is to provide a simpler means of preventing unauthorized access to credit card information. Option C: ... Author: Kai99 · Last updated May 27, 2026 |
You develop data engineering solutions for a company. A project requires the deployment of data to Azure Data Lake Storage. You need to implement role-based access control (RBAC) so that project members can manage the Azure Data Lake Storage resources. Which three actions s...To implement Role-Based Access Control (RBAC) for Azure Data Lake Storage (ADLS) so that project members can manage resources, let's analyze each option and determine which actions should be taken: Option A: Create security groups in Azure Active Directory (Azure AD) and add project members - Description: Creating security groups in Azure Active Directory (Azure AD) allows you to group users based on roles or teams. Once these groups are created, project members can be added to these groups. - Why it fits: - RBAC relies on associating users or groups with specific roles. By creating Azure AD security groups and adding project members, you can manage access at the group level. This simplifies access management and ensures that the correct permissions are granted to all members of the project. - This is a foundational step in implementing RBAC. - Conclusion: This option is a correct and necessary action in implementing RBAC for Azure Data Lake Storage. Option B: Configure end-user authentication for the Azure Data Lake Storage account - Description: End-user authentication typically refers to methods like Azure AD authentication or managed identities to authenticate users when they access data in Azure Data Lake Storage. - Why it’s rejected: - While authentication is necessary for users to access the Data Lake, the focus of the question is on implementing RBAC, which deals with authorization (granting permissions). Authentication ensures that users are who they say they are, but RBAC controls what those authenticated users can do. This is an important step, but it's not directly related to RBAC configuration. - Conclusion: Authentication is a prerequisite for RBAC, but it is not the central task for setting up RBAC in this context. It’s not one of the primary actions required for RBAC implementation. Option C: Assign Azure AD security groups to Azure Data Lake Storage - Description: Assigning security groups to Azure Data Lake Storage is a core part of implementing RBAC. This involves granting specific roles to the security groups, which will define what actions members of those groups can perform on the Data Lake resources. - Why it fits: - RBAC is about assigning roles to users or groups. By assigning Azure AD security groups to Azure Data Lake Storage, you are controlling who can access the storage and what they can do with it (e.g., read, write, manage). - This directly relates to the... Author: Mia · Last updated May 27, 2026 |
You have an Azure Data Factory version 2 (V2) resource named Df1. Df1 contains a linked service. You have an Azure Key vault named vault1 that contains an encryption key nam...To address the need to encrypt Azure Data Factory (ADF) version 2 (V2) resource Df1 using an encryption key from Azure Key Vault (key1), we need to determine the best approach based on Azure's encryption and access control mechanisms. Let's evaluate each option: Option A: Add a private endpoint connection to vault1 - Description: A private endpoint connection allows a secure connection between an Azure resource (in this case, Azure Data Factory) and an Azure Key Vault over a private network. It restricts access to the Key Vault to only resources that are connected to the private endpoint. - Why it’s rejected: - While a private endpoint connection provides secure access to a Key Vault, it’s not the first necessary step to enable encryption for Azure Data Factory using the key from the Key Vault. - The need to encrypt Azure Data Factory with a key requires proper Key Vault access configuration, but adding a private endpoint is more about network configuration and doesn't directly address the first step in securing ADF with the Key Vault encryption key. - Conclusion: This is not the first action to take for encryption, but it could be useful in securing access if needed later. Option B: Enable Azure role-based access control (RBAC) on vault1 - Description: Azure RBAC controls access to Azure resources by assigning roles to users, groups, or managed identities. In this case, enabling RBAC on vault1 would ensure that Azure Data Factory can access key1 within the Key Vault. - Why it fits: - RBAC is essential for granting Azure Data Factory permissions to access the Key Vault and use its keys for encryption. This is the first step in ensuring that Azure Data Factory can interact with the Key Vault to use the encryption key. Without proper RBAC configurations, Azure Data Factory wouldn't be able to access the Key Vault and use the encryption key. - RBAC roles such as "Key Vault Reader" and "Key Vault Crypto Operator" would grant the required permissions. - Conclusion: This opt... Author: Evelyn · Last updated May 27, 2026 |
You are designing an Azure Synapse Analytics dedicated SQL pool. You need to ensure that you can audit access to Personally Identifiable ...When designing an Azure Synapse Analytics dedicated SQL pool to audit access to Personally Identifiable Information (PII), the goal is to ensure that access to PII data is properly controlled and monitored. Let’s evaluate each of the options: A) Column-Level Security - Description: Column-level security (CLS) in Azure Synapse allows restricting access to specific columns in a database table. It is useful when you need to prevent users from accessing certain sensitive data columns (such as PII columns) unless they have the required permissions. - Pros: Effective for preventing unauthorized access to sensitive columns. - Cons: While it can restrict access, it does not provide auditing capabilities. CLS is more about controlling access to data but not about tracking or auditing access. - Use case: CLS can be used when you need to enforce access control to specific columns containing PII. However, it is not sufficient on its own for auditing access. - Conclusion: Not ideal for auditing access to PII as it doesn’t directly support auditing. B) Dynamic Data Masking (DDM) - Description: Dynamic Data Masking (DDM) hides sensitive data in the result sets of queries, applying a mask to PII data. It’s used to obfuscate data for non-privileged users while allowing authorized users to view unmasked data. - Pros: Useful for protecting data privacy at the query level by masking sensitive columns. - Cons: DDM is not an auditing solution; it is focused on data visibility and privacy. It doesn’t provide detailed logs or records of who accessed sensitive data. - Use case: Ideal for ensuring that PII data is masked for unauthorized users, but it doesn’t support audit tracking of access to PII. - Conclusion: While useful for protecting data privacy, it is not an appropriate solution for auditing access to PII. C) Row-Level Security (RLS) - Description: Row-Level Security (RLS) allows you to control access to rows in a table based on the characteristics of the user executing a query. For example, RLS can be used to limit access to specific rows of data, which is... Author: Olivia · Last updated May 27, 2026 |
HOTSPOT - You are designing an Azure Synapse Analytics dedicated SQL pool. Groups will have access to sensitive data in the pool as shown in the following table. You have policies for the sensitive data. The policies vary be region as shown in the following table. You have a table of patients for each region. The tables contain the following potentially sensitive columns. You are designing dynamic data masking...Author: Ella · Last updated May 27, 2026 |
DRAG DROP - You have an Azure Synapse Analytics SQL pool named Pool1 on a logical Microsoft SQL server named Server1. You need to implement Transparent Data Encryption (TDE) on Pool1 by using a custom key named key1. Which five actions should you perform in sequence? To answer, move t...Author: Isabella · Last updated May 27, 2026 |
You have a data warehouse in Azure Synapse Analytics. You need to ensure that the data in the data warehouse...When ensuring that data in a data warehouse in Azure Synapse Analytics is encrypted at rest, the most appropriate option should provide built-in encryption to protect data stored within the system. Let’s evaluate each option: A) Advanced Data Security for this database - Description: Advanced Data Security provides features like vulnerability assessments, data discovery, and advanced threat protection. While it enhances security by identifying potential threats and securing your environment, it does not directly handle encryption of data at rest. - Pros: Useful for overall security management and proactive threat detection. - Cons: Does not directly address the need for encryption at rest. It’s more about security monitoring and threat protection, not data encryption. - Use case: Advanced Data Security is ideal for managing and improving the overall security posture of your database but not for encryption at rest. - Conclusion: Not suitable for the specific requirement of encrypting data at rest. B) Transparent Data Encryption (TDE) - Description: Transparent Data Encryption (TDE) automatically encrypts SQL data files at rest, providing encryption for data stored on disk. This encryption is transparent to the application and users, meaning no changes are needed to access the data. - Pros: TDE is the recommended solution for encrypting data at rest in Azure Synapse Analytics. It ensures that all data stored in the data warehouse is encrypted, fulfilling the requirement for encryption at rest. - Cons: It does not encrypt data in transit or manage access control. - Use case: TDE is the appropriate solution for data encryption at rest in Azure Synapse Analytics. It provides seamless encryption for data stored within the system, making it the best fit for the given scenario. - Conclusion: Ideal for ensuring data is encrypted at rest in Azur... Author: Kai99 · Last updated May 27, 2026 |
You are designing a streaming data solution that will ingest variable volumes of data. You need to ensure that you can change the partition count a...When designing a streaming data solution that will ingest variable volumes of data and require the ability to change the partition count after creation, it's important to consider the scalability, flexibility, and partitioning mechanisms of each service. Here's a breakdown of each option: A) Azure Event Hubs Dedicated - Key Features: Azure Event Hubs allows you to ingest real-time data at massive scale, including the ability to adjust partition counts after creation. - Partition Count Flexibility: Event Hubs Dedicated provides more control over partitioning and allows you to change the partition count dynamically as your data volume grows or shrinks. However, this flexibility is a feature of Event Hubs Dedicated (as opposed to Event Hubs Standard), which is an essential factor in your requirement. - Use Case: Best for scenarios with high ingestion rates and variable data volumes where partition count scalability is a necessity. - Rejection Reason for Other Options: - Azure Stream Analytics doesn't allow dynamic partition scaling like Event Hubs. - Azure Data Factory and Azure Synapse Analytics are better suited for batch data processing or ETL pipelines, not real-time streaming ingestion. B) Azure Stream Analytics - Key Features: Azure Stream Analytics is a real-time analytics service designed to process and analyze data streams. - Partition Count Flexibility: Stream Analytics does not directly manage partitions. It works with data sources like Event Hubs or IoT Hub for data ingestion, bu... Author: Amira · Last updated May 27, 2026 |
You are designing a date dimension table in an Azure Synapse Analytics dedicated SQL pool. The date dimension table will be used by all the fact tables. Which distribu...When designing a date dimension table in an Azure Synapse Analytics dedicated SQL pool, the goal is to minimize data movement during queries, especially since the date dimension will be referenced by multiple fact tables. To ensure efficient query performance, understanding the different distribution types and their behavior is critical. Here's a breakdown of each option: A) HASH Distribution - Key Features: With hash distribution, data is distributed across multiple distributions based on a hash function applied to a specified column (often a foreign key). This ensures that rows with the same hash key end up on the same distribution. - Use Case: Best used when you want to distribute data based on the values of a column that is commonly used in join or query conditions. However, date dimension tables are typically not large enough to require hash distribution. Moreover, fact tables often join on the foreign key, but a date dimension table will be used by all fact tables, and the distribution strategy needs to minimize cross-distribution joins, which hash distribution doesn’t optimize for in this scenario. - Rejection Reason: Hash distribution is best suited for large tables with a specific join key, like fact tables with a foreign key. Date dimension tables tend to be smaller and are commonly referenced across multiple fact tables, making hash distribution not the ideal choice in this case. B) REPLICATE Distribution - Key Features: Replicate distribution duplicates the entire table on every distribution node. This means that the entire date dimension table is available locally on each distribution, making it extremely efficient for queries involving the date dimension. - Use Case: Best suited for smaller tables, like dimension tables, that are frequently joined with fact tables. In this case, since the date dimension is often small (a few rows per y... Author: SilverBear · Last updated May 27, 2026 |
HOTSPOT - You develop a dataset named DBTBL1 by using Azure Databricks. DBTBL1 contains the following columns: * SensorTypeID * GeographyRegionID * Year * Month * Day * Hour * Minute * Temperature * WindSpeed * Other You need to store the data to support daily incremental load pipelines that vary for each GeographyRegionID. The solution must minimize stor...Author: Leo · Last updated May 27, 2026 |
You are designing a security model for an Azure Synapse Analytics dedicated SQL pool that will support multiple companies. You need to ensure that users from each company can view only the data of their respective company. Which two objects should you include in ...When designing a security model in Azure Synapse Analytics dedicated SQL pool to ensure that users from each company can view only their respective company data, it’s important to use appropriate mechanisms to control data access. Below is an analysis of each option: A) Security Policy - Key Features: A security policy in Azure Synapse Analytics can help enforce data access rules, but it does not directly solve the issue of restricting access to data based on the company of the user. Security policies are typically used for row-level security, which could be used for restricting access to rows in a table based on conditions (e.g., company identifier). - Use Case: While a security policy could be useful for row-level security, it needs to be implemented in conjunction with a predicate function that applies specific conditions (e.g., a company ID) for restricting access. - Rejection Reason: While important in securing data, it alone isn’t enough to limit data access by company. It needs additional components like a predicate function to implement the logic. B) Custom Role-Based Access Control (RBAC) Role - Key Features: Custom RBAC roles in Azure can be used to grant or restrict access to specific resources. While RBAC is typically used to control access to Azure resources (e.g., databases, storage), it does not inherently support row-level security within the database to filter data by a specific column (such as company). - Use Case: Custom RBAC roles are useful for granting permissions to resources at the Azure level but not for data-level security within a SQL pool. - Rejection Reason: RBAC is more for resource-level access control rather than data-level access control within the database. It can't be directly used to filter data based on the company. C) Predicate Function - Key Features: A predicate function can be used in conjunction with row-level security (RLS) policies to restrict access to specific rows of data. The predicate function can enforce rules, such as filtering out rows that belong to other companies, based o... Author: Aditya · Last updated May 27, 2026 |
You have a SQL pool in Azure Synapse that contains a table named dbo.Customers. The table contains a column name Email. You need to prevent nonadministrative users from seeing the full email addresses in the Email...In this scenario, the goal is to prevent nonadministrative users from seeing the full email addresses in the Email column while allowing them to view the values in a masked format (e.g., [email protected]). Let’s review the options and their suitability: A) From Microsoft SQL Server Management Studio, set an email mask on the Email column. - Key Features: SQL Server Management Studio (SSMS) allows you to define Dynamic Data Masking (DDM) on a column. This feature can be used to mask sensitive data, and the mask will automatically apply to nonadministrative users querying the column. For example, you can mask the email so that users see a pattern like [email protected] instead of the full email. - Use Case: This is the correct solution because Dynamic Data Masking works at the database level to restrict sensitive data visibility without affecting the underlying data. The masked value is only visible to users who do not have specific permissions (like administrative roles). - Conclusion: This option is ideal because it ensures that users only see a masked version of the email address, fulfilling the requirement. B) From the Azure portal, set a mask on the Email column. - Key Features: While you can set Dynamic Data Masking through the Azure portal, it is typically done using T-SQL commands or SSMS. The Azure portal UI is not directly used to configure masks for individual columns like this. - Rejection Reason: The Azure portal doesn't provide a straightforward way to apply a dynamic mask directly to the column itself in this case. It's more of a management interface for the overall Azure Synapse environment, and applying a mask is typically done via SQL commands or SSMS. ... Author: Amira · Last updated May 27, 2026 |
You have an Azure Data Lake Storage Gen2 account named adls2 that is protected by a virtual network. You are designing a SQL pool in Azure Synapse that will ...When designing a SQL pool in Azure Synapse that will use an Azure Data Lake Storage Gen2 (ADLS2) account as a source, the best authentication method is D) a managed identity. Let’s go through each of the options and explain why D) managed identity is the best choice, and why the other options are rejected. A) Azure Active Directory (Azure AD) user - Explanation: Azure AD users can authenticate and access Azure resources using their credentials. However, an Azure AD user is typically used for accessing resources via Azure AD-based applications or for administrative tasks. - Why rejected: In the context of SQL pool integration with ADLS2, authentication using an Azure AD user requires explicitly managing access and assigning roles. This approach is more cumbersome and less seamless for service-to-service authentication. It is better suited for individual or administrative access, not for a SQL pool using a managed service like Synapse. B) Shared key - Explanation: A shared key provides direct access to Azure Storage accounts by using a storage account key. This is generally used for programmatic access or when direct access to the storage is needed by external systems. - Why rejected: Using a shared key is not the recommended approach because it involves handling keys manually, which presents security risks and management challenges (e.g., rotating keys). Moreover, it doesn’t integrate well with managed services and doesn't provide the granularity of control that a managed identity offers in Azure. C) Shared Access Signature (SAS) - Explanation: A SAS token is a URL-encoded string that provides restricted access to Azure resources. It can define permissions (e.g., read, write) and an expiration date for a specific resource in the sto... Author: Sam · Last updated May 27, 2026 |
HOTSPOT - You have an Azure Synapse Analytics SQL pool named Pool1. In Azure Active Directory (Azure AD), you have a security group named Group1. You need to control the access of Group1 to specific columns and rows in a table in Pool1. Which Transact-SQL commands should you use? ...Author: Noah Williams · Last updated May 27, 2026 |
HOTSPOT - You need to implement an Azure Databricks cluster that automatically connects to Azure Data Lake Storage Gen2 by using Azure Active Directory (Azure AD) integration. How should you configure the new cluster? To answer, select t...Author: Olivia Johnson · Last updated May 27, 2026 |
You are designing an Azure Synapse solution that will provide a query interface for the data stored in an Azure Storage account. The storage account is only accessible from a virtual network. You need to recommend an authentica...In the given scenario, where Azure Storage is only accessible from a virtual network, the best authentication mechanism to ensure secure access to the source data is A) a managed identity. Here’s a breakdown of why this is the optimal choice, along with reasons for rejecting the other options: A) Managed Identity - Explanation: A managed identity provides seamless, secure authentication for Azure resources like Azure Synapse to access Azure Storage accounts. It uses Azure Active Directory (Azure AD) to authenticate the identity and allows services to access resources securely without requiring hard-coded credentials. Since the Azure Storage account is accessible only from a virtual network, the managed identity is the best approach as it allows the Synapse service to authenticate within the Azure environment, ensuring secure access. - Why selected: Managed identities are fully integrated with Azure services and ensure secure, automated access without managing secrets. With a managed identity, you can configure role-based access control (RBAC) to grant permissions to Synapse for accessing the storage account, and it also eliminates the need to handle credentials manually. It's a highly recommended solution for secure and efficient service-to-service authentication in this context. B) Anonymous Public Read Access - Explanation: Anonymous public read access would allow anyone, even outside the virtual network, to read data from the Azure Storage account. - Why rejected: Since the Azure Storage account is restricted to a virtu... Author: Daniel · Last updated May 27, 2026 |
You are developing an application that uses Azure Data Lake Storage Gen2. You need to recommend a solution to grant permissions to a specific application for a...In the scenario where you need to grant permissions to a specific application for a limited time period on Azure Data Lake Storage Gen2, the best option is B) Shared Access Signatures (SAS). Here’s an explanation of why SAS is the ideal solution and why the other options are less suitable. A) Role Assignments - Explanation: Role-based access control (RBAC) in Azure uses role assignments to assign permissions to Azure resources. You can assign roles (like Contributor, Reader, or Storage Blob Data Contributor) to users, groups, or applications through Azure AD identities. - Why rejected: While role assignments are useful for managing long-term access, they are not ideal for granting permissions for a limited time period. Role assignments require managing the user or application’s access rights over a longer term and don’t inherently support time-bound permissions. For temporary access, a more controlled, time-limited mechanism like SAS would be more appropriate. B) Shared Access Signatures (SAS) - Explanation: A Shared Access Signature (SAS) allows you to grant time-bound, granular permissions to specific resources in Azure Storage (including Azure Data Lake Storage Gen2) without giving full access to the storage account. You can define the start and expiry times for the SAS token, specify the permissions (read, write, delete, etc.), and restrict access to particular resources (such as specific files or directories). - Why selected: SAS is the best solution when you need to provide temporary access to an application or service. You can specify the exact start and expiry time, making it ideal for scenarios where you only want to grant permissions for a limited period. SAS tokens are secure, flexible, and enable fine-grained control over what the application can do. C) Azure Active Direct... Author: Krishna · Last updated May 27, 2026 |
HOTSPOT - You use Azure Data Lake Storage Gen2 to store data that data scientists and data engineers will query by using Azure Databricks interactive notebooks. Users will have access only to the Data Lake Storage folders that relate to the projects on which they work. You need to recommend which authentication methods to use for Databricks and Data Lake Storage to provide the users with the appropriate access. The solution must minimize administrative effort and developmen...Author: Andrew · Last updated May 27, 2026 |
You have an Azure Synapse Analytics dedicated SQL pool that contains a table named Contacts. Contacts contains a column named Phone. You need to ensure that users in a specific role only see the last four digits...In this scenario, where you need to ensure that users in a specific role can only see the last four digits of a phone number when querying the `Phone` column in a table in Azure Synapse Analytics, the best solution is E) dynamic data masking. Here’s an explanation of why this is the best choice, along with the reasoning for rejecting the other options. A) Table Partitions - Explanation: Table partitions are used to improve the performance and management of large datasets by dividing a table into smaller, more manageable parts, often based on a key column. - Why rejected: Partitions don’t address the need for controlling access to specific data in a column. They’re primarily used for query optimization and data management, not for restricting visibility of sensitive data within a column. B) A Default Value - Explanation: A default value in a column is a predefined value that is automatically inserted when a new row is added, if no value is specified. - Why rejected: Setting a default value would not help in restricting access to data based on user roles or limiting visibility to only part of a column. It is used to ensure that a column has a consistent value when no value is provided, but it doesn't control what users can see in existing data. C) Row-Level Security (RLS) - Explanation: Row-Level Security (RLS) allows for restricting access to specific rows of a table based on the user's role or other conditions. - Why rejected: RLS controls access to specific rows, not specific columns or parts of a column. RLS is suitable if you wanted to restrict access to data at the row level (e.g., by user or department), but it doesn't directly address the requirement of showing only the last four digits of a phone number. D) Column Encryption - Explanation: Column encryption encrypts data at the column level, ensuring that the data is stored in an encrypted format and can only be decrypted by authorized users or applicatio... Author: CrimsonViperX · Last updated May 27, 2026 |
You are designing database for an Azure Synapse Analytics dedicated SQL pool to support workloads for detecting ecommerce transaction fraud. Data will be combined from multiple ecommerce sites and can include sensitive financial information such as credit card numbers. You need to recommend a solution that meets the following requirements: Users must be able to identify potentially fraudulent transactions. * Users m...To meet the requirements of ensuring that users can identify potentially fraudulent transactions while not accessing the actual credit card numbers, the best solution is C) column-level encryption. Here's the reasoning behind this recommendation and why the other options are not suitable. A) Transparent Data Encryption (TDE) - Explanation: TDE is a feature that encrypts the entire database at the storage level. It ensures that data is encrypted at rest, but it does not provide control over which users can access specific pieces of sensitive data. - Why rejected: TDE is primarily designed to protect data at rest and doesn’t address the requirement of preventing users from accessing specific sensitive information, such as credit card numbers, during queries. With TDE, sensitive data can still be accessed in its original form by users with appropriate permissions. B) Row-Level Security (RLS) - Explanation: Row-Level Security (RLS) restricts access to rows in a table based on user roles and conditions. It is useful for limiting access to data based on specific user attributes, such as filtering rows for a particular department or region. - Why rejected: RLS operates at the row level and doesn't control access to specific columns or parts of data. In this case, you need to prevent users from accessing the actual credit card numbers in the `credit_card_number` column, regardless of which rows they can access. RLS alone won't prevent users from seeing sensitive columns even if they can only view specific rows. C) Column-Level Encryption - Explanation: Column-level encryption allows you to encrypt specific columns in a table, ensuring that sensitive data like credit card numbers is encrypted while still being accessible for analysis in a protected form. Only users with the proper decryption key or permissions can... Author: Leah Davis · Last updated May 27, 2026 |
You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant that contains a service principal named ServicePrincipal1. The subscription contains an Azure Data Lake Storage account named adls1. Adls1 contains a folder named Folder2 that has a URI of https://adls1.dfs.core.windows.net/ container1/Folder1/Folder2/. ServicePrincipal1 has the access control list (ACL) permissions shown in the following table. You need to ensure that ServicePrincipal1 can perform the following actions: * Traverse child items that are created in Folder2. * Read files that a...To ensure that ServicePrincipal1 can perform the required actions of traversing child items and reading files in Folder2 within adls1, we need to select the appropriate permissions from the Access Control List (ACL) for Folder2. Let’s review the requirements and explain which permissions should be granted: Requirements: - Traverse child items: This means ServicePrincipal1 needs permission to list or navigate the directory structure (i.e., be able to access subfolders or files). - Read files: This means ServicePrincipal1 needs permission to open and read the files stored in Folder2. Permission Analysis: - A) Access = Read - Explanation: The "Read" permission allows for the ability to read files and list directories in a folder. This permission is critical for reading the files within Folder2. - Why selected: Since ServicePrincipal1 needs to read files from Folder2, granting Read permission will allow it to open and read files stored in the folder. - B) Access = Write - Explanation: The "Write" permission allows for writing, modifying, or deleting data, but it is not necessary for the requirement of reading or traversing files. This permission would allow ServicePrincipal1 to create, overwrite, or delete files, which is not needed for this scenario. - Why rejected: This permission is not required for traversing child items or reading files, so granting it would violate the principle of least privilege. - C) Access = Execute - Explanation: The "Execute" permission allows for the ability to traverse directories (navigate through folders) but does not grant the ability to read files. It is essential for traversing child items, but does not allow reading files directly. - Why selected: Execute permission is necessary for ServicePrincipal1 to traverse the folder structure and access child items (subfolders or files), which is a part of the requirement. - D) Default = Read - Explanation: This permission appli... Author: Sofia2021 · Last updated May 27, 2026 |
HOTSPOT - You have an Azure subscription that is linked to a hybrid Azure Active Directory (Azure AD) tenant. The subscription contains an Azure Synapse Analytics SQL pool named Pool1. You need to recommend an authentication solution for Pool1. The solution must support multi-factor authentication (MFA) and database-level authentication. Which authentication solution or solutions...Author: Oscar · Last updated May 27, 2026 |
DRAG DROP - You have an Azure data factory. You need to ensure that pipeline-run data is retained for 120 days. The solution must ensure that you can query the data by using the Kusto query language. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the ...Author: Evelyn · Last updated May 27, 2026 |
You have an Azure Synapse Analytics dedicated SQL pool. You need to ensure that data in the pool is encrypted at rest. The solution must NOT require...In this scenario, the goal is to ensure that data in the Azure Synapse Analytics dedicated SQL pool is encrypted at rest, without modifying applications that query the data. The best solution in this case is B) Enable Transparent Data Encryption (TDE) for the pool. Here’s an explanation of why TDE is the correct choice and why the other options are not suitable. A) Enable encryption at rest for the Azure Data Lake Storage Gen2 account - Explanation: Azure Data Lake Storage Gen2 (ADLS Gen2) encryption at rest ensures that data stored in ADLS Gen2 is encrypted when it's not being actively used. This encryption is typically managed by Azure, and it applies to data that is written to the storage account. - Why rejected: While this would encrypt the storage account itself, it doesn’t apply directly to the Azure Synapse Analytics dedicated SQL pool. You are concerned with encrypting data within the SQL pool specifically, and enabling encryption for ADLS Gen2 would not impact the data in the Synapse dedicated SQL pool or change the way it's encrypted at rest. B) Enable Transparent Data Encryption (TDE) for the pool - Explanation: Transparent Data Encryption (TDE) is a built-in feature of Azure Synapse Analytics (as well as other Azure SQL services) that automatically encrypts data at rest. With TDE, all the data in the SQL pool is encrypted without needing any changes to the applications that query the data. It also protects the data from unauthorized access by encrypting it when stored on disk. - Why selected: TDE works automatically and does not require changes to applications that query the data, making it the best solution for this scenario. It is the built-in encryption solution for Azure SQL pools and ensures that data is encrypted at rest without additional configuration. C) Use a customer-managed key to enable double encryption for the Azure Synapse workspace - Explanation: Using a customer-managed key (CMK) allows you to control the encryption keys used to encrypt th... Author: Ming88 · Last updated May 27, 2026 |
DRAG DROP - You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1. Storage1 contains a container named container1. Container1 contains a directory named directory1. Directory1 contains a file named file1. You have an Azure Active Directory (Azure AD) user named User1 that is assigned the Storage Blob Data Reader role for storage1. You need to ensure that User1 can append data to file1. The solution must use the principle of least privilege. Which permissions should you grant? ...Author: Sophia · Last updated May 27, 2026 |
HOTSPOT - You have an Azure subscription that contains an Azure Databricks workspace named databricks1 and an Azure Synapse Analytics workspace named synapse1. The synapse1 workspace contains an Apache Spark pool named pool1. You need to share an Apache Hive catalog of pool1 with databricks1. What shoul...Author: Lina Zhang · Last updated May 27, 2026 |
HOTSPOT - You have an Azure subscription. You need to deploy an Azure Data Lake Storage Gen2 Premium account. The solution must meet the following requirements: * Blobs that are older than 365 days must be deleted. * Administrative effort must be minimized. * Costs must be minimized. What should ...Author: Oscar · Last updated May 27, 2026 |
HOTSPOT - You are designing an application that will use an Azure Data Lake Storage Gen 2 account to store petabytes of license plate photos from toll booths. The account will use zone-redundant storage (ZRS). You identify the following usage patterns: * The data will be accessed several times a day during the first 30 days after the data is created. The data must meet an availability SLA of 99.9%. * After 90 days, the data will be accessed infrequently but must be available within 30 seconds. * After 365 days, the data will be accessed infrequently but must be available within five minutes. You ...Author: Zara1234 · Last updated May 27, 2026 |
DRAG DROP - You have an Azure Data Lake Storage Gen 2 account named storage1. You need to recommend a solution for accessing the content in storage1. The solution must meet the following requirements: * List and read permissions must be granted at the storage account level. * Additional permissions can be applied to individual objects in storage1. * Security principals from Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra, must be used for authentication. What should you use? To answer, drag the appropria...Author: Alexander · Last updated May 27, 2026 |