Skip to main content

Technical Lab: Deploy virtual machines to availability zones and availability sets

Questions​

Question 1 β€” Multiple Choice​

An infrastructure team needs to ensure that two VMs running distinct layers of a critical application are protected against rack-level hardware failures within a single Azure region. The budget does not allow additional infrastructure costs beyond the VMs themselves.

Which resource meets this requirement with the lowest additional cost?

A) Availability Zone, as it distributes VMs across physically separated datacenters within the region

B) Availability Set, as it distributes VMs across Fault Domains and Update Domains within the same datacenter, with no additional infrastructure cost

C) Scale Set with zone distribution policy, as it guarantees automatic physical isolation

D) Azure Site Recovery, as it replicates VMs between different regions in case of rack failure

Question 2 β€” Technical Scenario​

An administrator executes the following command to create a VM:

az vm create \
  --resource-group rg-prod \
  --name vm-web01 \
  --image Ubuntu2204 \
  --size Standard_D2s_v3 \
  --availability-set myAvailSet \
  --zone 2

After executing the command, Azure returns an error. What is the most likely cause?

A) The Standard_D2s_v3 size is not compatible with Availability Sets

B) You cannot combine --availability-set and --zone in the same command, as they are mutually exclusive mechanisms

C) The --zone parameter requires the Availability Set to be configured as "zonal"

D) The Ubuntu2204 image cannot be used in Availability Sets

Question 3 β€” True or False​

A VM deployed in an Availability Zone automatically receives a higher uptime SLA than a VM deployed in an Availability Set, because Availability Zones isolate failures at the entire datacenter level, while Availability Sets only isolate rack and update failures within a single datacenter.

True or False?

Question 4 β€” Technical Scenario​

A company has an Availability Set called as-backend configured with 2 Fault Domains and 5 Update Domains. There are currently 6 VMs distributed across this set. During a planned maintenance window by Azure, what is the expected behavior?

A) All 6 VMs are restarted simultaneously, as Azure does not respect Update Domains in emergency maintenance

B) VMs are restarted in sequential groups by Update Domain, ensuring that at most 1 group is unavailable at a time

C) VMs are restarted in pairs by Fault Domain, ensuring that half the capacity remains available

D) Azure waits for manual approval from the administrator before restarting any VM in the Availability Set

Question 5 β€” Multiple Choice​

When planning VM deployment in Availability Zones, which of the following statements correctly describes a relevant limitation or characteristic for the administrator?

A) All Azure regions support Availability Zones, so region choice does not affect the availability of this resource

B) A VM can be moved between Availability Zones after creation using the "redeploy" feature in the Azure portal

C) Not all Azure regions support Availability Zones, and a VM cannot be moved to a different zone after creation without recreating the resource

D) Availability Zones guarantee protection against disasters between regions, eliminating the need for geo-replication for critical applications

Answer Key and Explanations​

Answer Key β€” Question 1​

Answer: B

Explanations:

  • Availability Sets are a resource with no additional infrastructure cost: you only pay for the VMs. By distributing VMs across Fault Domains (rack, power, and network isolation) and Update Domains (grouping for planned maintenance), Azure ensures that an isolated hardware failure won't bring down all VMs simultaneously.
  • Alternative A describes Availability Zones, which indeed offer stronger isolation but introduce latency between zones and data transfer costs between zones, plus require the region to support the feature.
  • Alternative D describes disaster recovery between regions, a completely different scope from the presented requirement.
  • The central conceptual error of the distractors is confusing the isolation level (rack vs. datacenter vs. region) with the actual scenario requirement.

Answer Key β€” Question 2​

Answer: B

Explanations:

  • In Azure, Availability Sets and Availability Zones are mutually exclusive mechanisms. A VM belongs to one or the other, never both simultaneously. Attempting to specify --availability-set and --zone at the same time results in a validation error from the Azure API.
  • This restriction exists because the two mechanisms solve problems at different layers: Availability Sets work within a datacenter; Availability Zones work between datacenters within the same region.
  • Alternatives A and D are incorrect because size and image compatibility are verified independently of this restriction and would not be the cause of the error in this scenario.
  • Alternative C describes a non-existent concept: there is no "zonal" mode for Availability Sets.

Answer Key β€” Question 3​

Answer: True

Explanations:

  • Azure's SLA for a VM in an Availability Zone is 99.99% uptime. For VMs in an Availability Set (with at least 2 VMs), the SLA is 99.95%. The difference directly reflects the scope of failure isolation.
  • Availability Zones correspond to physically separated datacenters within the same region, with independent power, cooling, and networking. A catastrophic failure in an entire datacenter does not affect VMs in other zones.
  • Availability Sets protect against rack and update failures, but all VMs still reside in the same datacenter. A datacenter-level failure can impact the entire set.
  • The non-obvious point here is that the higher SLA of Availability Zones comes with additional requirements: the region must support zones, and associated resources (managed disks, public IPs, load balancers) also need to be configured as "zonal" or "zone-redundant" for the benefit to apply end-to-end.

Answer Key β€” Question 4​

Answer: B

Explanations:

  • The role of Update Domains is precisely to control the sequence of planned maintenance. Azure ensures that only one Update Domain at a time is restarted, waiting for recovery before advancing to the next group.
  • With 5 Update Domains and 6 VMs, the VMs are distributed cyclically: UDs 0 and 1 will have 2 VMs each, and the others will have 1. At any point during maintenance, at most 1 or 2 VMs will be unavailable.
  • Alternative C confuses the role of Fault Domains (which protect against unplanned hardware failures, not planned maintenance) with the role of Update Domains.
  • Alternative A is incorrect because Azure respects Update Domains even in non-emergency maintenance; only unexpected physical failures ignore this sequence.

Answer Key β€” Question 5​

Answer: C

Explanations:

  • Availability Zones are not available in all Azure regions. When choosing a region for deployment, the administrator must explicitly verify if the region supports zones before planning the architecture.
  • After creation, a VM cannot be migrated to a different zone. The "redeploy" feature reallocates the VM within the same zone or datacenter, not between zones. To change zones, it's necessary to recreate the VM, including its disks and network configurations.
  • Alternative D represents a critical misconception: Availability Zones protect against failures within a region but do not replace geo-replication or Azure Site Recovery for protection against entire region failures.
  • The central conceptual error of alternatives A and D is unduly expanding the scope of Availability Zones protection beyond what the resource actually offers.