Microsoft Certified: Azure Administrator Associate Practice Exam 2025: Latest Questions

You create a new Azure Storage account and want to ensure that only HTTPS requests are allowed to access it. What should you configure?

A user reports they cannot start/stop Azure virtual machines in a subscription. You confirm the user can sign in and can view resources in the subscription. You need to grant the minimum permissions required to start and stop VMs. Which Azure role should you assign?

You need to run a PowerShell script on an existing Azure VM without opening inbound management ports such as RDP or SSH. Which feature should you use?

You have a virtual network with two subnets: SubnetA and SubnetB. You need to prevent VMs in SubnetA from initiating connections to VMs in SubnetB, but allow SubnetB to initiate connections to SubnetA. What should you use?

Your company wants all new resources in a subscription to include the tags CostCenter and Owner. Existing resources are not required to be updated. What should you implement?

You host an internal web app on an Azure VM. The app must be reachable only from the corporate public IP range 198.51.100.0/24. You need to restrict inbound access to TCP port 443. What should you configure?

You need to ensure that a set of VMs continues to run during a planned datacenter maintenance event that affects the underlying host. You want Azure to automatically move the VMs to a healthy host with minimal operator intervention. What should you use?

A storage account must allow access from only specific virtual networks and deny all other network traffic by default. Additionally, administrators must still be able to manage the account from the Azure portal. What should you configure?

You must centralize logs and metrics from multiple subscriptions into a single place for querying with Kusto Query Language (KQL). You want resources from all subscriptions to send platform logs to the same destination. What should you deploy?

You have two virtual networks in different regions. You need private connectivity between them with low latency and without using the public internet. The solution must support transitive routing through a hub network later. What should you implement?

You create a new Azure Storage account and need to allow users to upload blobs by using time-limited URLs without sharing the storage account key. What should you use?

You have multiple Azure subscriptions. You need to ensure that all new resource groups created in any subscription automatically require the tags Environment and CostCenter. What should you use?

You need to view which Azure resources are affected by a planned platform maintenance event for your virtual machines. Where should you look?

You deploy an Azure VM that must have a fixed private IP address that will not change across reboots. What should you configure?

Your company requires that Azure virtual machines retrieve secrets from Azure Key Vault without storing any credentials in code or configuration files. What should you configure on the VM?

A VM in a subnet must accept inbound RDP only from a specific on-premises public IP address. You must minimize exposure. What should you implement?

You need to copy data from an on-premises SMB file share to Azure Files regularly. You want to cache frequently accessed files locally and reduce latency for branch office users. What should you deploy?

You need to ensure a VM can only be deployed in regions approved by your organization. Users should be blocked from deploying VMs outside the approved regions. What should you use?

You have an Azure Monitor alert that should open an ITSM incident only during business hours. Outside business hours, it should notify an on-call team by SMS. You must implement this with minimal custom code. What should you configure?

Your security team requires that all newly created Azure VMs use only approved VM images and that non-approved images are blocked at deployment time across all subscriptions. What should you implement?

You manage an Azure subscription with multiple resource groups. You need to ensure that all newly created resources have the tags CostCenter and Owner. If either tag is missing, the deployment must be blocked. What should you use?

A storage account has a blob container named data. An application running on an Azure VM must read blobs from the container without storing account keys or using a SAS token. You enable a system-assigned managed identity on the VM. What is the minimum configuration required to allow the application to read blobs?

You have a virtual network with two subnets: Web and App. You deploy a Network Security Group (NSG) associated to the App subnet. Users report that the web tier cannot connect to the app tier on TCP port 443. You confirm routing is correct. Which configuration is most likely to fix the issue?

You have an Azure VM that uses a system-assigned managed identity. The VM needs to retrieve a secret from an Azure Key Vault at runtime. You grant the managed identity the Key Vault Secrets User role at the Key Vault scope, but the application still receives authorization errors. The Key Vault uses the vault access policy permission model (not Azure RBAC for vault data plane). What should you do?

You need to ensure that a set of Azure VMs automatically installs critical security patches on a defined schedule and that you can review patch compliance across the VMs. Which solution should you use?