Technical Lab: Create a Virtual Machine
Questionsβ
Question 1 β Multiple Choiceβ
When creating a virtual machine in Azure, an administrator needs to ensure it has high availability within the same region, tolerating physical hardware failures and planned maintenance independently. Which resource should be configured during VM creation to meet this requirement?
A) Availability Zone with zone pinned to "Zone 1"
B) Availability Set with fault domains and update domains
C) Scale Set with manual scaling policy
D) Proximity Placement Group associated with a single rack
Question 2 β Technical Scenarioβ
An administrator created a VM with the following command:
az vm create \
--resource-group rg-producao \
--name vm-app01 \
--image Ubuntu2204 \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--no-wait
After execution, the administrator immediately tries to connect via SSH and cannot. They verify that the VM appears in the portal but with status "Creating". What is the most likely cause of the problem?
A) The --generate-ssh-keys parameter prevents connections until the key is manually synchronized.
B) The --no-wait option causes the command to return before the VM is provisioned, and the connection was attempted before completion.
C) The Standard_B2s size does not support native SSH connections; Azure Bastion is required.
D) The Ubuntu2204 image requires the diagnostic extension to be installed before accepting network connections.
Question 3 β True or Falseβ
When creating a virtual machine in Azure without explicitly specifying a virtual network, the portal automatically creates a new VNet, a subnet, a public IP address, and a network security group, all with the same lifecycle as the VM, being automatically deleted when the VM is deleted.
Question 4 β Technical Scenarioβ
A team needs to deploy a Windows Server 2022 VM in production. The security requirement mandates that the VM must not have an exposed public IP address and that administrative RDP access should only be possible from within the corporate network connected via ExpressRoute. During creation in the portal, which combination of configurations meets this requirement?
A) Remove the public IP during creation and create an inbound rule in the NSG allowing RDP only from the corporate network IP range.
B) Keep the public IP but configure the NSG to block port 3389 from any source.
C) Use the "Just-in-time VM access" option from Microsoft Defender for Cloud as the only control, without changing the public IP.
D) Select "No public IP" during creation and do not configure NSG, since the absence of public IP already completely isolates external access.
Question 5 β Multiple Choiceβ
An administrator needs to create a VM that supports temporary disk with high I/O performance for in-memory data processing, but without the need for persistence between reboots. Which statement correctly describes the behavior of the temporary disk in Azure VMs?
A) The temporary disk is managed by Azure Storage and survives deallocations but is erased in case of hardware failure.
B) The temporary disk physically resides on the host where the VM is running and its content is lost on deallocations but can survive simple reboots.
C) The temporary disk is identical to an unmanaged data disk and can be converted to a managed disk at any time.
D) The temporary disk persists between deallocations because it is stored in the same storage context as the operating system disk.
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
The Availability Set distributes VMs across fault domains, which isolate VM groups on distinct physical racks, and update domains, which ensure that planned maintenance reboots do not affect all VMs simultaneously. This is the correct mechanism to protect against hardware failures and maintenance within the same region.
Alternative A describes Availability Zones, which protect against entire datacenter failures, but pinning to a single zone offers no redundancy. Alternative C deals with scaling, not single instance availability. Alternative D, Proximity Placement Group, has the opposite objective: physically bringing VMs closer to reduce latency, increasing the risk of shared failure.
Answer Key β Question 2β
Answer: B
The --no-wait parameter instructs the CLI to return control to the terminal immediately after submitting the creation request, without waiting for provisioning completion. The VM is still being created when the administrator tries to connect. The "Creating" status in the portal confirms this behavior.
The other distractors represent common misconceptions: --generate-ssh-keys only creates the key pair locally if it doesn't exist, without interfering with connection; Standard_B2s supports SSH normally; and the absence of diagnostic extension does not block network connectivity.
Answer Key β Question 3β
False
Azure automatically creates the VNet, subnet, public IP, and NSG when creating a VM without specifying them, which is correct. However, these resources are not automatically deleted when the VM is deleted. They are independent resources in the resource group and persist even after VM deletion. The administrator needs to remove them manually or use explicit deletion policies. Confusing automatic creation with coupled deletion is a common operational error that results in orphaned resources generating cost.
Answer Key β Question 4β
Answer: A
Removing the public IP during creation eliminates the direct external access vector. The NSG rule allowing RDP only from the corporate network range adds layer 3/4 control, ensuring that even within the VNet, only authorized sources reach port 3389. This combination is technically defensible and aligned with the principle of least privilege.
Alternative B maintains the attack surface by exposing a public IP, even with a blocked port. Alternative C relies exclusively on temporary access control without removing network exposure, which doesn't meet the isolation requirement. Alternative D commits the most critical error: the absence of public IP does not replace the NSG; internal VNet traffic or via ExpressRoute can still reach the VM without additional restrictions.
Answer Key β Question 5β
Answer: B
The temporary disk resides in the local storage of the physical host where the VM runs. Its content can survive simple reboots (when the VM remains on the same host) but is lost on deallocations (when the VM is moved to another host) and hardware failures. Therefore, it is suitable for transient data like page files, caches, or intermediate processing data.
Alternative A is wrong because the temporary disk does not use managed Azure Storage. Alternative C confuses temporary disk with unmanaged disk, which are distinct concepts. Alternative D reverses the correct behavior: deallocation is precisely the scenario that guarantees temporary content loss.