50 Microsoft Certified: Azure Database Administrator Associate Practice Questions: Question Bank 2025

You deploy an Azure SQL Managed Instance for a line-of-business application. The security team requires that all connections use Azure AD authentication and that SQL logins be disabled for the instance. What should you do?

You need to migrate a SQL Server database to Azure with minimal changes and near-100% SQL Server feature compatibility (SQL Agent jobs, cross-database queries). Which target should you choose?

You want to ensure that a user can SELECT data from a table but cannot see rows that belong to other departments. The filtering must be enforced even if the user queries the table directly. What should you implement?

A database in Azure SQL Database has Query Store enabled. You notice a sudden regression after a deployment: a frequently used query now has much higher duration. You want a quick mitigation while you investigate. What should you do?

You manage an Azure SQL Managed Instance used by multiple applications. You need to grant a group of developers the ability to create and modify stored procedures in a specific database, but you must prevent them from changing server-level settings. What is the best approach?

A workload on Azure SQL Database experiences periodic CPU spikes and increased query latency. You suspect parameter sniffing and plan instability. Which feature is most directly intended to automatically mitigate this in Azure SQL Database?

You need to implement automated backups with a long-term retention policy for an Azure SQL Database so that monthly backups are retained for several years. Where is this configured?

You want to run a T-SQL maintenance job nightly on an Azure SQL Database (not Managed Instance) to rebuild indexes for selected tables. What is the recommended automation approach?

You are configuring a failover group between two Azure SQL Managed Instances in different regions. You need to ensure that after failover, application connections automatically route to the new primary without changing connection strings. What should you use in the connection string?

A mission-critical database on Azure SQL Managed Instance has unpredictable workload bursts. During bursts, you observe high PAGEIOLATCH waits and slower queries even though CPU is moderate. You want to reduce I/O latency without overprovisioning CPU for steady state. What should you do?

You manage an Azure SQL Database. Developers report that their connection strings in Azure App Service intermittently fail after a database failover event. You want applications to automatically redirect to the current primary without changing code. What should you configure?

You need to enforce that all connections to an Azure SQL Database use encryption in transit. Which setting should you enable at the server level?

You need to quickly identify which queries are consuming the most CPU on an Azure SQL Database over the last day, without installing agents. Which feature should you use first?

A team wants to allow an Azure Function to connect to Azure SQL Database without storing usernames or passwords in configuration. The Function runs in Azure and must authenticate securely. What should you use?

You run Azure SQL Managed Instance. You must ensure that a specific group of auditors can view data in a table but cannot see the values in the SensitiveColumn unless explicitly permitted. The application should continue to query normally, but auditors should see masked data. What should you implement?

A critical Azure SQL Database experiences sudden performance degradation. You suspect a plan regression after a deployment. You want to identify the last known good plan and force it if needed. What should you use?

You need to schedule index maintenance on an Azure SQL Managed Instance every weekend. You want minimal custom infrastructure and centralized scheduling. Which option is most appropriate?

You are reviewing an Azure SQL Database that frequently hits high log write waits during peak periods. You need to reduce transaction log pressure without changing the application logic. Which action is most likely to help?

Your organization requires that any database export to a storage account must not traverse the public internet. You need to configure an Azure SQL Database to export a BACPAC to Azure Storage while ensuring private network connectivity. What should you implement?

A mission-critical workload uses Azure SQL Managed Instance and must withstand a zone failure with minimal downtime. You are asked to design the solution to meet this requirement at the platform level. What should you choose?

You manage an Azure SQL Database. A security requirement states that the application must connect using an Azure AD managed identity and passwords must not be stored. What should you configure to meet the requirement?

You need to copy a database from one Azure SQL Managed Instance to another in the same subscription for a one-time refresh of a non-production environment. You want a simple approach that preserves schema and data. What should you use?

A database in Azure SQL Database is experiencing blocking. You need to identify the exact sessions involved and the blocking chain in near real time. What should you use?

You are designing an Azure SQL Database solution that must minimize the risk of SQL injection and enforce least privilege. Developers currently connect using a single shared SQL login with db_owner. What is the best practice change?

An Azure SQL Database shows periodic CPU spikes and intermittent query timeouts. You suspect parameter-sensitive plan behavior where different parameter values need different plans. Which feature should you enable to help mitigate this issue with minimal code changes?

You must automate index and statistics maintenance for a SQL Server running on an Azure VM. The VM must remain isolated from the internet. Which approach best meets the requirement with centralized scheduling and minimal inbound exposure?

You administer an Azure SQL Managed Instance. Security requires restricting data exfiltration by ensuring the instance cannot send traffic to arbitrary internet endpoints while still allowing it to reach required Azure services. What should you implement?

Your application uses Azure SQL Database and must survive a regional outage with an RPO of 5 minutes and an RTO of 30 minutes. The solution must also allow read-only reporting in a secondary region during normal operations. What should you implement?

You notice TempDB contention on a busy SQL Server hosted on an Azure VM (many PAGELATCH waits on TempDB allocation pages). You must reduce contention without changing application code. What is the most effective configuration change?

You administer Azure SQL Database. A compliance requirement states: 'Security administrators must be able to manage auditing policies and view audit logs, but must not be able to read application data.' What is the best way to meet this requirement?

You manage an Azure SQL Database. You need to allow a third-party auditing system to read database audit logs stored in an Azure Storage account, without granting the vendor long-term access keys. What should you use?

You need to ensure that all newly created Azure SQL Databases across a subscription meet a baseline security standard (for example, auditing enabled and Microsoft Defender for SQL enabled). Which approach best fits this requirement?

A company uses Azure SQL Managed Instance. You need to automate periodic index maintenance (reorganize/rebuild) and update statistics. What is the most appropriate built-in capability to schedule the tasks?

Your Azure SQL Database is intermittently failing new connections with errors indicating too many connections. You want to quickly identify the number of currently blocked sessions and the queries causing blocking. Which tool is the fastest way to investigate in the database?

You are migrating an on-premises SQL Server database to Azure SQL Managed Instance. The application requires cross-database queries and SQL Server Agent. Which deployment target is the best fit?

Your Azure SQL Database shows increasing DTU/vCore usage during peak hours. You suspect inefficient queries and want Azure to automatically identify and apply safe query plan corrections. What should you enable?

You must allow a web app hosted in Azure App Service to connect to an Azure SQL Database without storing credentials in configuration files. The solution must support automatic credential rotation. What should you use?

A critical database runs on Azure SQL Managed Instance. You need to implement a DR strategy to a secondary region with minimal administrative overhead and a predictable failover process. Which approach should you use?

You use Azure SQL Database with a private endpoint. Your security team requires that all name resolution for the database uses your corporate DNS, and that clients resolve the database FQDN to the private IP address. Some clients still resolve to the public endpoint. What is the most likely cause?

A workload on Azure SQL Database experiences sporadic timeouts. You notice frequent waits on PAGEIOLATCH and high read latency from storage. You cannot change application code, but you can change the database service tier and configuration. What is the best next action to reduce IO-related waits?

You manage an Azure SQL Database. A developer needs to read data for troubleshooting but must not be able to view any production customer names or email addresses. You need a solution that minimizes ongoing administration. What should you implement?

You are deploying a new Azure SQL Managed Instance for a line-of-business application. The security team requires that all traffic to the instance stays on a private network and is not accessible from the public internet. What should you use?

You have an Azure SQL Database. Users report that queries are slower only during nightly index maintenance from an automation runbook. You want to reduce the impact on users without disabling maintenance. What should you do first?

You must ensure that only the application can connect to an Azure SQL Database. Individual developers must not use SQL logins, and secrets should not be stored in configuration files. The application is hosted on Azure App Service. What should you implement?

A critical stored procedure in Azure SQL Database regressed after a recent deployment. You want to quickly restore the previous known-good execution plan for that procedure without modifying the application code. What should you use?

You need to run the same T-SQL maintenance script against 50 Azure SQL Databases across multiple servers every night and store the execution results centrally. Which approach is best aligned with Azure SQL Database management capabilities?

Your Azure SQL Managed Instance experiences intermittent timeouts. You suspect blocking and deadlocks. You need to capture actionable diagnostics with minimal performance impact and be able to analyze them later. What should you configure?

You have an Azure SQL Database that frequently reaches high CPU during business hours. You want Azure to automatically apply safe performance improvements, such as creating and dropping indexes when beneficial. What should you enable?

You must provide a disaster recovery solution for an Azure SQL Managed Instance. The business requires failover capability to another Azure region with a recovery time objective (RTO) of minutes. Which solution should you implement?

You use Azure SQL Database and want to enforce that client connections are encrypted and that older TLS versions are not allowed. Users report they can still connect with legacy clients that negotiate older protocols. What should you configure to meet the requirement?